Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Which type of scan is used on the eye to measure the layer of blood vessels?

A.

Facial recognition scan

B.

Retinal scan

C.

Iris scan

D.

Signature kinetics scan

Full Access
Question # 5

How can rainbow tables be defeated?

A.

Password salting

B.

Use of non-dictionary words

C.

All uppercase character passwords

D.

Lockout accounts under brute force password cracking attempts

Full Access
Question # 6

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

A.

NMAP -PN -A -O -sS 192.168.2.0/24

B.

NMAP -P0 -A -O -p1-65535 192.168.0/24

C.

NMAP -P0 -A -sT -p0-65535 192.168.0/16

D.

NMAP -PN -O -sS -p 1-1024 192.168.0/8

Full Access
Question # 7

Which of the following problems can be solved by using Wireshark?

A.

Tracking version changes of source code

B.

Checking creation dates on all webpages on a server

C.

Resetting the administrator password on multiple systems

D.

Troubleshooting communication resets between two systems

Full Access
Question # 8

Which of the following lists are valid data-gathering activities associated with a risk assessment?

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

Full Access
Question # 9

What is the purpose of conducting security assessments on network resources?

A.

Documentation

B.

Validation

C.

Implementation

D.

Management

Full Access
Question # 10

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)

A.

ARP spoofing

B.

MAC duplication

C.

MAC flooding

D.

SYN flood

E.

Reverse smurf attack

F.

ARP broadcasting

Full Access
Question # 11

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

A.

Asymmetric

B.

Confidential

C.

Symmetric

D.

Non-confidential

Full Access
Question # 12

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

A.

Metasploit scripting engine

B.

Nessus scripting engine

C.

NMAP scripting engine

D.

SAINT scripting engine

Full Access
Question # 13

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Full Access
Question # 14

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

A.

Physical

B.

Procedural

C.

Technical

D.

Compliance 

Full Access
Question # 15

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Full Access
Question # 16

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database.

In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

A.

Semicolon

B.

Single quote

C.

Exclamation mark

D.

Double quote

Full Access
Question # 17

Fingerprinting VPN firewalls is possible with which of the following tools?

A.

Angry IP

B.

Nikto

C.

Ike-scan

D.

Arp-scan

Full Access
Question # 18

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

A.

64 bit and CCMP

B.

128 bit and CRC

C.

128 bit and CCMP

D.

128 bit and TKIP

Full Access
Question # 19

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input?

A.

Validate web content input for query strings.

B.

Validate web content input with scanning tools.

C.

Validate web content input for type, length, and range.

D.

Validate web content input for extraneous queries.

Full Access
Question # 20

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials.  The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?

A.

Using the Metasploit psexec module setting the SA / Admin credential

B.

Invoking the stored procedure xp_shell to spawn a Windows command shell

C.

Invoking the stored procedure cmd_shell to spawn a Windows command shell

D.

Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Full Access
Question # 21

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

A.

The key entered is a symmetric key used to encrypt the wireless data.

B.

The key entered is a hash that is used to prove the integrity of the wireless data.

C.

The key entered is based on the Diffie-Hellman method.

D.

The key is an RSA key used to encrypt the wireless data.

Full Access
Question # 22

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

A.

 Restore a random file.

B.

Perform a full restore.

C.

Read the first 512 bytes of the tape.

D.

Read the last 512 bytes of the tape.

Full Access
Question # 23

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

A.

Cavity virus

B.

Polymorphic virus

C.

Tunneling virus

D.

Stealth virus

Full Access
Question # 24

A company has publicly hosted web applications and an internal Intranet protected by a firewall.  Which technique will help protect against enumeration?

A.

Reject all invalid email received via SMTP.

B.

Allow full DNS zone transfers.

C.

Remove A records for internal hosts.

D.

Enable null session pipes.

Full Access
Question # 25

What results will the following command yielD. 'NMAP -sS -O -p 123-153 192.168.100.3'?

A.

A stealth scan, opening port 123 and 153

B.

A stealth scan, checking open ports 123 to 153

C.

A stealth scan, checking all open ports excluding ports 123 to 153

D.

A stealth scan, determine operating system, and scanning ports 123 to 153

Full Access
Question # 26

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

A.

Truecrypt

B.

Sub7

C.

Nessus

D.

Clamwin

Full Access
Question # 27

Steven the hacker realizes the network administrator of Acme Corporation is using syskey in Windows 2008 Server to protect his resources in the organization. Syskey independently encrypts the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to use brute force dictionary attacks on the hashes. Steven runs a program called "SysCracker" targeting the Windows 2008 Server machine in attempting to crack the hash used by Syskey. He needs to configure the encryption level before he can launch the attack. How many bits does Syskey use for encryption?

A.

40-bit encryption

B.

128-bit encryption

C.

256-bit encryption

D.

64-bit encryption

Full Access
Question # 28

What type of Virus is shown here?

A.

Cavity Virus

B.

Macro Virus

C.

Boot Sector Virus

D.

Metamorphic Virus

E.

Sparse Infector Virus

Full Access
Question # 29

Consider the following code:

URL:http://www.certified.com/search.pl?

text=

If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.

What is the countermeasure against XSS scripting?

A.

Create an IP access list and restrict connections based on port number

B.

Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts

C.

Disable Javascript in IE and Firefox browsers

D.

Connect to the server using HTTPS protocol instead of HTTP

Full Access
Question # 30

In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?

A.

EEP

B.

ESP

C.

EAP

D.

EIP

Full Access
Question # 31

Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder's IP address for a period of 24 hours' time after more than three unsuccessful attempts. He is confident that this rule will secure his network from hackers on the Internet.

But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall rule.

Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder's attempts.

Samuel wants to completely block hackers brute force attempts on his network.

What are the alternatives to defending against possible brute-force password attacks on his site?

A.

Enforce a password policy and use account lockouts after three wrong logon attempts even though this might lock out legit users

B.

Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the

Firewall manually

C.

Enforce complex password policy on your network so that passwords are more difficult to brute force

D.

You cannot completely block the intruders attempt if they constantly switch proxies

Full Access
Question # 32

Google uses a unique cookie for each browser used by an individual user on a computer. This cookie contains information that allows Google to identify records about that user on its database. This cookie is submitted every time a user launches a Google search, visits a site using AdSense etc. The information stored in Google's database, identified by the cookie, includes

  • Everything you search for using Google
  • Every web page you visit that has Google Adsense ads

How would you prevent Google from storing your search keywords?

A.

Block Google Cookie by applying Privacy and Security settings in your web browser

B.

Disable the Google cookie using Google Advanced Search settings on Google Search page

C.

Do not use Google but use another search engine Bing which will not collect and store your search keywords

D.

Use MAC OS X instead of Windows 7. Mac OS has higher level of privacy controls by default.

Full Access
Question # 33

You receive an e-mail with the following text message.

"Microsoft and HP today warned all customers that a new, highly dangerous virus has been discovered which will erase all your files at midnight. If there's a file called hidserv.exe on your computer, you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible."

You launch your antivirus software and scan the suspicious looking file hidserv.exe located in c:\windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate Windows system file "Human Interface Device Service".

What category of virus is this?

A.

Virus hoax

B.

Spooky Virus

C.

Stealth Virus

D.

Polymorphic Virus

Full Access
Question # 34

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer. This program hides itself deep into an operating system for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and may be used to create a hidden directory or folder designed to keep out of view from a user's operating system and security software.

What privilege level does a rootkit require to infect successfully on a Victim's machine?

A.

User level privileges

B.

Ring 3 Privileges

C.

System level privileges

D.

Kernel level privileges

Full Access
Question # 35

You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123.

Here is the output of your scan results:

Which of the following nmap command did you run?

A.

nmap -A -sV -p21, 110, 123 10.0.0.5

B.

nmap -F -sV -p21, 110, 123 10.0.0.5

C.

nmap -O -sV -p21, 110, 123 10.0.0.5

D.

nmap -T -sV -p21, 110, 123 10.0.0.5

Full Access
Question # 36

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization.

How would you prevent such type of attacks?

A.

It is impossible to block these attacks

B.

Hire the people through third-party job agencies who will vet them for you

C.

Conduct thorough background checks before you engage them

D.

Investigate their social networking profiles

Full Access
Question # 37

How many bits encryption does SHA-1 use?

A.

64 bits

B.

128 bits

C.

256 bits

D.

160 bits

Full Access
Question # 38

In which part of OSI layer, ARP Poisoning occurs?

A.

Transport Layer

B.

Datalink Layer

C.

Physical Layer

D.

Application layer

Full Access
Question # 39

Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file - emos.sys

Which step would you perform to detect this type of Trojan?

A.

Scan for suspicious startup programs using msconfig

B.

Scan for suspicious network activities using Wireshark

C.

Scan for suspicious device drivers in c:\windows\system32\drivers

D.

Scan for suspicious open ports using netstat

Full Access
Question # 40

This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive task for IDS to reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the network. What is this technique called?

A.

IP Routing or Packet Dropping

B.

IDS Spoofing or Session Assembly

C.

IP Fragmentation or Session Splicing

D.

IP Splicing or Packet Reassembly

Full Access
Question # 41

What file system vulnerability does the following command take advantage of?

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

A.

HFS

B.

Backdoor access

C.

XFS

D.

ADS

Full Access
Question # 42

Which of the following is an example of IP spoofing?

A.

SQL injections

B.

Man-in-the-middle

C.

Cross-site scripting

D.

ARP poisoning

Full Access
Question # 43

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

A.

Microsoft Security Baseline Analyzer

B.

Retina  

C.

Core Impact

D.

Microsoft Baseline Security Analyzer

Full Access
Question # 44

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

A.

Certificate issuance

B.

Certificate validation

C.

Certificate cryptography

D.

Certificate revocation

Full Access
Question # 45

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

A.

The request to the web server is not visible to the administrator of the vulnerable application.

B.

The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C.

The successful attack does not show an error message to the administrator of the affected application.

D.

The vulnerable application does not display errors with information about the injection results to the attacker.

Full Access
Question # 46

Which of the statements concerning proxy firewalls is correct?

A.

Proxy firewalls increase the speed and functionality of a network.

B.

Firewall proxy servers decentralize all activity for an application.

C.

Proxy firewalls block network packets from passing to and from a protected network.

D.

Computers establish a connection with a proxy firewall which initiates a new network connection for the client.

Full Access
Question # 47

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

Full Access
Question # 48

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

A.

Implementing server-side PKI certificates for all connections

B.

Mandating only client-side PKI certificates for all connections

C.

Requiring client and server PKI certificates for all connections

D.

Requiring strong authentication for all DNS queries

Full Access
Question # 49

Which tool can be used to silently copy files from USB devices?

A.

USB Grabber

B.

USB Dumper

C.

USB Sniffer

D.

USB Snoopy

Full Access
Question # 50

Which of the following is a detective control?

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Full Access
Question # 51

A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:

Untrust (Internet) – (Remote network = 217.77.88.0/24)

DMZ (DMZ) – (11.12.13.0/24)

Trust (Intranet) – (192.168.0.0/24)

The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?

A.

Permit  217.77.88.0/24  11.12.13.0/24 RDP 3389

B.

Permit  217.77.88.12    11.12.13.50     RDP 3389

C.

Permit  217.77.88.12    11.12.13.0/24 RDP 3389

D.

Permit  217.77.88.0/24  11.12.13.50     RDP 3389

Full Access
Question # 52

A program that defends against a port scanner will attempt to:

A.

Sends back bogus data to the port scanner

B.

Log a violation and recommend use of security-auditing tools

C.

Limit access by the scanning system to publicly available ports only

D.

Update a firewall rule in real time to prevent the port scan from being completed

Full Access
Question # 53

Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three)

A.

Internet Printing Protocol (IPP) buffer overflow

B.

Code Red Worm

C.

Indexing services ISAPI extension buffer overflow

D.

NeXT buffer overflow

Full Access
Question # 54

Tess King is making use of Digest Authentication for her Web site. Why is this considered to be more secure than Basic authentication?

A.

Basic authentication is broken

B.

The password is never sent in clear text over the network

C.

The password sent in clear text over the network is never reused.

D.

It is based on Kerberos authentication protocol

Full Access
Question # 55

John is discussing security with Jane. Jane had mentioned to John earlier that she suspects an LKM has been installed on her server. She believes this is the reason that the server has been acting erratically lately. LKM stands for Loadable Kernel Module.

What does this mean in the context of Linux Security?

A.

Loadable Kernel Modules are a mechanism for adding functionality to a file system without requiring a kernel recompilation.

B.

Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel after it has been recompiled and the system rebooted.

C.

Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel without requiring a kernel recompilation.

D.

Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel without requiring a kernel recompilation.

Full Access
Question # 56

Exhibit

Study the log given in the exhibit,

Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

A.

Disallow UDP 53 in from outside to DNS server

B.

Allow UDP 53 in from DNS server to outside

C.

Disallow TCP 53 in form secondaries or ISP server to DNS server

D.

Block all UDP traffic

Full Access
Question # 57

Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.

Choose the attack type from the choices given below.

A.

Database Fingerprinting

B.

Database Enumeration

C.

SQL Fingerprinting

D.

SQL Enumeration

Full Access
Question # 58

What are the differences between SSL and S-HTTP?

A.

SSL operates at the network layer and S-HTTP operates at the application layer

B.

SSL operates at the application layer and S-HTTP operates at the network layer

C.

SSL operates at the transport layer and S-HTTP operates at the application layer

D.

SSL operates at the application layer and S-HTTP operates at the transport layer

Full Access
Question # 59

You visit a website to retrieve the listing of a company's staff members. But you can not find it on the website. You know the listing was certainly present one year before. How can you retrieve information from the outdated website?

A.

Through Google searching cached files

B.

Through Archive.org

C.

Download the website and crawl it

D.

Visit customers' and prtners' websites

Full Access
Question # 60

Clive has been hired to perform a Black-Box test by one of his clients.

How much information will Clive obtain from the client before commencing his test?

A.

IP Range, OS, and patches installed.

B.

Only the IP address range.

C.

Nothing but corporate name.

D.

All that is available from the client site.

Full Access
Question # 61

Vulnerability mapping occurs after which phase of a penetration test?

A.

Host scanning

B.

Passive information gathering

C.

Analysis of host scanning

D.

Network level discovery

Full Access
Question # 62

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discover the internal structure of publicly accessible areas of the network.

How can you achieve this?

A.

Block ICMP at the firewall.

B.

Block UDP at the firewall.

C.

Both A and B.

D.

There is no way to completely block doing a trace route into this area.

Full Access
Question # 63

RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless LAN. WEP is known to be insecure even if we are using a stream cipher that is known to be secured.

What is the most likely cause behind this?

A.

There are some flaws in the implementation.

B.

There is no key management.

C.

The IV range is too small.

D.

All of the above.

E.

None of the above.

Full Access
Question # 64

What is the key advantage of Session Hijacking?

A.

It can be easily done and does not require sophisticated skills.

B.

You can take advantage of an authenticated connection.

C.

You can successfully predict the sequence number generation.

D.

You cannot be traced in case the hijack is detected.

Full Access
Question # 65

While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the access points. What would be the easiest way to circumvent and communicate on the WLAN?

A.

Attempt to crack the WEP key using Airsnort.

B.

Attempt to brute force the access point and update or delete the MAC ACL.

C.

Steel a client computer and use it to access the wireless network.

D.

Sniff traffic if the WLAN and spoof your MAC address to one that you captured.

Full Access
Question # 66

The Slammer Worm exploits a stack-based overflow that occurs in a DLL implementing the Resolution Service.

Which of the following Database Server was targeted by the slammer worm?

A.

Oracle

B.

MSSQL

C.

MySQL

D.

Sybase

E.

DB2

Full Access
Question # 67

Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well.

Which of the choices below indicate the other features offered by Snort?

A.

IDS, Packet Logger, Sniffer

B.

IDS, Firewall, Sniffer

C.

IDS, Sniffer, Proxy

D.

IDS, Sniffer, content inspector

Full Access
Question # 68

Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. What should Peter do to prevent a smurf attack?

Select the best answer.

A.

He should disable unicast on all routers

B.

Disable multicast on the router

C.

Turn off fragmentation on his router

D.

Make sure all anti-virus protection is updated on all systems

E.

Make sure his router won't take a directed broadcast

Full Access
Question # 69

This is an example of whois record.

Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)

A.

Search engines like Google, Bing will expose information listed on the WHOIS record

B.

An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record

C.

Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

D.

IRS Agents will use this information to track individuals using the WHOIS record information

Full Access
Question # 70

John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the name of this tool?

A.

hping2

B.

nessus

C.

nmap

D.

make

Full Access
Question # 71

ViruXine.W32 virus hides their presence by changing the underlying executable code. This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Here is a section of the Virus code:

What is this technique called?

A.

Polymorphic Virus

B.

Metamorphic Virus

C.

Dravidic Virus

D.

Stealth Virus

Full Access
Question # 72

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

A.

Configure the Web Server to deny requests involving "hex encoded" characters

B.

Create rules in IDS to alert on strange Unicode requests

C.

Use SSL authentication on Web Servers

D.

Enable Active Scripts Detection at the firewall and routers

Full Access
Question # 73

Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?

A.

Image Hide

B.

Snow

C.

Gif-It-Up

D.

NiceText

Full Access
Question # 74

The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence numbers of transmitted packets from host B are lower than the packet segment containing the set FIN flag.

A.

false

B.

true

Full Access
Question # 75

A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system.

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today's end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.

What is Rogue security software?

A.

A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites

B.

A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.

C.

Rogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites

D.

This software disables firewalls and establishes reverse connecting tunnel between the victim's machine and that of the attacker

Full Access
Question # 76

Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?

A.

They are using UDP that is always authorized at the firewall

B.

They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended

C.

They have been able to compromise the firewall, modify the rules, and give themselves proper access

D.

They are using an older version of Internet Explorer that allow them to bypass the proxy server

Full Access
Question # 77

Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn's physical and logical security measures including biometrics, passwords, and permissions. The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn's servers using Pwdump6 and are going to try and crack the network passwords. What method of attack is best suited to crack these passwords in the shortest amount of time?

A.

Brute force attack

B.

Birthday attack

C.

Dictionary attack

D.

Brute service attack

Full Access
Question # 78

Attackers send an ACK probe packet with random sequence number, no response means port is filtered (Stateful firewall is present) and RST response means the port is not filtered. What type of Port Scanning is this?

A.

RST flag scanning

B.

FIN flag scanning

C.

SYN flag scanning

D.

ACK flag scanning

Full Access
Question # 79

One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker's source IP address.

You send a ping request to the broadcast address 192.168.5.255.

There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?

A.

Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

B.

Linux machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

C.

You should send a ping request with this command ping ? 192.168.5.0-255

D.

You cannot ping a broadcast address. The above scenario is wrong.

Full Access
Question # 80

File extensions provide information regarding the underlying server technology. Attackers can use this information to search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers?

A.

Use disable-eXchange

B.

Use mod_negotiation

C.

Use Stop_Files

D.

Use Lib_exchanges

Full Access
Question # 81

Fred is scanning his network to ensure it is as secure as possible. Fred sends a TCP probe packet to a host with a FIN flag and he receives a RST/ACK response. What does this mean?

A.

This response means the port he is scanning is open.

B.

The RST/ACK response means the port Fred is scanning is disabled.

C.

This means the port he is scanning is half open.

D.

This means that the port he is scanning on the host is closed.

Full Access
Question # 82

Bob has been hired to do a web application security test. Bob notices that the site is dynamic and must make use of a back end database. Bob wants to see if SQL Injection would be possible. What is the first character that Bob should use to attempt breaking valid SQL request?

A.

Semi Column

B.

Double Quote

C.

Single Quote

D.

Exclamation Mark

Full Access
Question # 83

You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.

  • DNS query is sent to the DNS server to resolve www.google.com
  • DNS server replies with the IP address for Google?
  • SYN packet is sent to Google.
  • Google sends back a SYN/ACK packet
  • Your computer completes the handshake by sending an ACK
  • The connection is established and the transfer of data commences

Which of the following packets represent completion of the 3-way handshake?

A.

4th packet

B.

3rdpacket

C.

6th packet

D.

5th packet

Full Access
Question # 84

Which port, when configured on a switch receives a copy of every packet that passes through it?

A.

R-DUPE Port

B.

MIRROR port

C.

SPAN port

D.

PORTMON

Full Access
Question # 85

In which step Steganography fits in CEH System Hacking Cycle (SHC)

A.

Step 2: Crack the password

B.

Step 1: Enumerate users

C.

Step 3: Escalate privileges

D.

Step 4: Execute applications

E.

Step 5: Hide files

F.

Step 6: Cover your tracks

Full Access
Question # 86

Which of the following Exclusive OR transforms bits is NOT correct?

A.

0 xor 0 = 0

B.

1 xor 0 = 1

C.

1 xor 1 = 1

D.

0 xor 1 = 1

Full Access
Question # 87

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

A.

Usernames

B.

File permissions

C.

Firewall rulesets

D.

Passwords

Full Access
Question # 88

Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.)

A.

Port Security

B.

IPSec Encryption

C.

Network Admission Control (NAC)

D.

802.1q Port Based Authentication

E.

802.1x Port Based Authentication

F.

Intrusion Detection System (IDS)

Full Access
Question # 89

SOAP services use which technology to format information?

A.

SATA

B.

PCI

C.

XML

D.

ISDN

Full Access
Question # 90

Which of the following types of firewall inspects only header information in network traffic?

A.

Packet filter

B.

Stateful inspection

C.

Circuit-level gateway

D.

Application-level gateway

Full Access
Question # 91

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

A.

Key registry

B.

Recovery agent

C.

Directory

D.

Key escrow

Full Access
Question # 92

Bill is a security analyst for his company. All the switches used in the company's office are Cisco switches. Bill wants to make sure all switches are safe from ARP poisoning. How can Bill accomplish this?

A.

Bill can use the command: ip dhcp snooping.

B.

Bill can use the command: no ip snoop.

C.

Bill could use the command: ip arp no flood.

D.

He could use the command: ip arp no snoop.

Full Access
Question # 93

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

A.

nessus +

B.

nessus *s

C.

nessus &

D.

nessus -d

Full Access
Question # 94

Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?

A.

DataThief

B.

NetCat

C.

Cain and Abel

D.

SQLInjector

Full Access
Question # 95

Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?

A.

The initial traffic from 192.168.12.35 was being spoofed.

B.

The traffic from 192.168.12.25 is from a Linux computer.

C.

The TTL of 21 means that the client computer is on wireless.

D.

The client computer at 192.168.12.35 is a zombie computer.

Full Access
Question # 96

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

A.

SHA-1

B.

MD5

C.

HAVAL

D.

MD4

Full Access
Question # 97

Low humidity in a data center can cause which of the following problems?

A.

Heat

B.

Corrosion

C.

Static electricity

D.

Airborne contamination

Full Access
Question # 98

One way to defeat a multi-level security solution is to leak data via

A.

a bypass regulator.

B.

steganography.

C.

a covert channel.

D.

asymmetric routing.

Full Access
Question # 99

June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus?

A.

Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus

B.

Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus

C.

No. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program

D.

No. June can't use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus

Full Access
Question # 100

Harold just got home from working at Henderson LLC where he works as an IT technician. He was able to get off early because they were not too busy. When he walks into his home office, he notices his teenage daughter on the computer, apparently chatting with someone online. As soon as she hears Harold enter the room, she closes all her windows and tries to act like she was playing a game. When Harold asks her what she was doing, she acts very nervous and does not give him a straight answer. Harold is very concerned because he does not want his daughter to fall victim to online predators and the sort. Harold doesn't necessarily want to install any programs that will restrict the sites his daughter goes to, because he doesn't want to alert her to his trying to figure out what she is doing. Harold wants to use some kind of program that will track her activities online, and send Harold an email of her activity once a day so he can see what she has been up to. What kind of software could Harold use to accomplish this?

A.

Install hardware Keylogger on her computer

B.

Install screen capturing Spyware on her computer

C.

Enable Remote Desktop on her computer

D.

Install VNC on her computer

Full Access
Question # 101

Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried that adversaries might be monitoring the communication link and could inspect captured traffic. She would like to tunnel the information to the remote end but does not have VPN capabilities to do so. Which of the following tools can she use to protect the link?

A.

MD5

B.

PGP

C.

RSA

D.

SSH

Full Access
Question # 102

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

A.

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

B.

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

C.

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

D.

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Full Access
Question # 103

Fingerprinting an Operating System helps a cracker because:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Full Access
Question # 104

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? Select the best answers.

A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers

Full Access
Question # 105

_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.

A.

Canonicalization

B.

Character Mapping

C.

Character Encoding

D.

UCS transformation formats

Full Access
Question # 106

When discussing passwords, what is considered a brute force attack?

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Full Access
Question # 107

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Full Access
Question # 108

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?(Choose all that apply.

A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Full Access
Question # 109

What happens during a SYN flood attack?

A.

TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports.

B.

A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination.

C.

A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field.

D.

A TCP packet is received with both the SYN and the FIN bits set in the flags field.

Full Access
Question # 110

John wishes to install a new application onto his Windows 2000 server.

He wants to ensure that any application he uses has not been Trojaned.

What can he do to help ensure this?

A.

Compare the file's MD5 signature with the one published on the distribution media

B.

Obtain the application via SSL

C.

Compare the file's virus signature with the one published on the distribution media

D.

Obtain the application from a CD-ROM disc

Full Access
Question # 111

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters.

With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

Hybrid Attack

Full Access
Question # 112

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

For /f "tokens=1 %%a in (hackfile.txt) do net use * \\10.1.2.3\c$ /user:"Administrator" %%a

What is Eve trying to do?

A.

Eve is trying to connect as an user with Administrator privileges

B.

Eve is trying to enumerate all users with Administrative privileges

C.

Eve is trying to carry out a password crack for user Administrator

D.

Eve is trying to escalate privilege of the null user to that of Administrator

Full Access
Question # 113

A file integrity program such as Tripwire protects against Trojan horse attacks by:

A.

Automatically deleting Trojan horse programs

B.

Rejecting packets generated by Trojan horse programs

C.

Using programming hooks to inform the kernel of Trojan horse behavior

D.

Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse

Full Access
Question # 114

An attacker runs netcat tool to transfer a secret file between two hosts.

Machine A: netcat -l -p 1234 < secretfile

Machine B: netcat 192.168.3.4 > 1234

He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

A.

Machine A: netcat -l -p -s password 1234 < testfile

Machine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfile

Machine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw password

Machine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Full Access
Question # 115

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

A.

There is a NIDS present on that segment.

B.

Kerberos is preventing it.

C.

Windows logons cannot be sniffed.

D.

L0phtcrack only sniffs logons to web servers.

Full Access
Question # 116

When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

A.

macof

B.

webspy

C.

filesnarf

D.

nfscopy

Full Access
Question # 117

Exhibit:

The following is an entry captured by a network IDS.You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?

A.

The buffer overflow attack has been neutralized by the IDS

B.

The attacker is creating a directory on the compromised machine

C.

The attacker is attempting a buffer overflow attack and has succeeded

D.

The attacker is attempting an exploit that launches a command-line shell

Full Access
Question # 118

Password cracking programs reverse the hashing process to recover passwords.(True/False.

A.

True

B.

False

Full Access
Question # 119

Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the following at the command prompt.

$ nc -l -p 1026 -u -v

In response, he sees the following message.

cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.

Windows has found 47 Critical Errors.

To fix the errors please do the following:

1. Download Registry Repair from: www.reg-patch.com

2. Install Registry Repair

3. Run Registry Repair

4. Reboot your computer

FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!

What would you infer from this alert?

A.

The machine is redirecting traffic to www.reg-patch.com using adware

B.

It is a genuine fault of windows registry and the registry needs to be backed up

C.

An attacker has compromised the machine and backdoored ports 1026 and 1027

D.

It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities

Full Access
Question # 120

John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?

A.

nmap

B.

hping

C.

nessus

D.

make

Full Access
Question # 121

Which of the following Nmap commands would be used to perform a stack fingerprinting?

A.

Nmap -O -p80

B.

Nmap -hU -Q

C.

Nmap -sT -p

D.

Nmap -u -o -w2

E.

Nmap -sS -0p target

Full Access
Question # 122

Why would an attacker want to perform a scan on port 137?

A.

To discover proxy servers on a network

B.

To disrupt the NetBIOS SMB service on the target host

C.

To check for file and print sharing on Windows systems

D.

To discover information about a target host using NBTSTAT

Full Access
Question # 123

Botnets are networks of compromised computers that are controlled remotely and surreptitiously by one or more cyber criminals. How do cyber criminals infect a victim's computer with bots? (Select 4 answers)

A.

Attackers physically visit every victim's computer to infect them with malicious software

B.

Home computers that have security vulnerabilities are prime targets for botnets

C.

Spammers scan the Internet looking for computers that are unprotected and use these "open-doors" to install malicious software

D.

Attackers use phishing or spam emails that contain links or attachments

E.

Attackers use websites to host the bots utilizing Web Browser vulnerabilities

Full Access
Question # 124

When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device?

A.

ICMP ECHO_REQUEST & TCP SYN

B.

ICMP ECHO_REQUEST & TCP ACK

C.

ICMP ECHO_REPLY & TFP RST

D.

ICMP ECHO_REPLY & TCP FIN

Full Access
Question # 125

Which of the following is an automated vulnerability assessment tool?

A.

Whack a Mole

B.

Nmap

C.

Nessus

D.

Kismet

E.

Jill32

Full Access
Question # 126

You have initiated an active operating system fingerprinting attempt with nmap against a target system:

What operating system is the target host running based on the open ports shown above?

A.

Windows XP

B.

Windows 98 SE

C.

Windows NT4 Server

D.

Windows 2000 Server

Full Access
Question # 127

Which of the following is considered an acceptable option when managing a risk?

A.

Reject the risk.

B.

Deny the risk.

C.

Mitigate the risk.

D.

Initiate the risk.

Full Access
Question # 128

Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most affective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer)

A.

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Full Access
Question # 129

While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:

Remote operating system guess: Too many signatures match to reliably guess the OS.

Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds

What should be your next step to identify the OS?

A.

Perform a firewalk with that system as the target IP

B.

Perform a tcp traceroute to the system using port 53

C.

Run an nmap scan with the -v-v option to give a better output

D.

Connect to the active services and review the banner information

Full Access
Question # 130

A company is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purposes. This could lead to prosecution for the sender and for the company's directors if, for example, outgoing email was found to contain material that was pornographic, racist, or likely to incite someone to commit an act of terrorism. You can always defend yourself by "ignorance of the law" clause.

A.

true

B.

false

Full Access
Question # 131

Which of the following tools are used for footprinting? (Choose four)

A.

Sam Spade

B.

NSLookup

C.

Traceroute

D.

Neotrace

E.

Cheops

Full Access