QUESTION 40
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.
A. IISbufferoverflow
B. NetBIOSNULLsession C. SNMP enumeration
D. DNS zone transfer
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 41
Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?
A. GatheringprivateandpublicIPaddresses B. Collectingemployeesinformation
C. Banner grabbing
D. Performing Neotracerouting
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 42
Which of the following Nmap commands is used to perform a UDP port scan?
A. nmap-sY B. nmap-sS C. nmap -sN D. nmap -sU
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 43
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?
A. Usetheescapeshellarg()function
B. Usethesession_regenerate_id()function
C. Use the mysql_real_escape_string() function for escaping input D. Use the escapeshellcmd() function
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 44
Which of the following Denial-of-Service (DoS) attacks employ IP fragmentation mechanism? Each correct answer represents a complete solution. Choose two.
A. Landattack
B. SYNfloodattack
C. Teardrop attack
D. Ping of Death attack
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?
A. Blockalloutgoingtrafficonport21 B. Blockalloutgoingtrafficonport53 C. Block ICMP type 13 messages
D. Block ICMP type 3 messages
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 46
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site. The we-are-secure login page is vulnerable to a __________.
A. Dictionaryattack
B. SQLinjectionattack C. Replayattack
D. Land attack
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 47
Which of the following methods can be used to detect session hijacking attack?
A. nmap B. Brutus C. ntop D. sniffer
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 48
Which of the following is the best method of accurately identifying the services running on a victim host?
A. Useofthemanualmethodoftelnettoeachoftheopenports.
B. Useofaportscannertoscaneachporttoconfirmtheservicesrunning.
C. Use of hit and trial method to guess the services and ports of the victim host.
D. Use of a vulnerability scanner to try to probe each port to verify which service is running.
Correct Answer: A
Section: (none) Explanation
Explanation/Reference: QUESTION 49
Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address.
172.16.1.254
(172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-1761.nv.nv.cox.net
(68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-1.nv.nv.cox.net
(68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv. cox.net
(68.100.0.1) 16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net
(68.100.0.137) 17.324 ms 13.933 ms 20.938 ms 5
68.1.1.4
(68.1.1.4) 12.439 ms 220.166 ms 204.170 ms 6 so-6-0-0.gar2.wdc1.Level3.net
(67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7 unknown.Level3.net
(209.247.9.173) 14.227 ms 17.553 ms 15.415 ms "Examkiller" - 8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9 so-7-0-0.gar1. NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms 10 so-4-0-0.edge1.NewYork1.Level3. net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3-oc48.NewYork1.Level3.net (209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET (152.63.21.78) 21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153) 30.929 ms 24.858 ms 23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms 33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms 49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER. NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 Examkillergw1. customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19www.examkiller.com
(65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20 www.examkiller.com
(65.195.239.22) 53.561 ms 54.121 ms 58.333 ms
Which of the following is the most like cause of this issue?
A. Anapplicationfirewall
B. IntrusionDetectionSystem C. Network Intrusion system D. A stateful inspection firewall
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 50
You work as a System Engineer for Cyber World Inc. Your company has a single Active Directory domain. All servers in the domain run Windows Server 2008. The Microsoft Hyper-V server role has been installed on one of the servers, namely uC1. uC1 hosts twelve virtual machines. You have been given the task to configure the Shutdown option for uC1, so that each virtual machine shuts down before the main Hyper-V server shuts down. Which of the following actions will you perform to accomplish the task?
A. EnabletheShutDowntheGuestOperatingSystemoptionintheAutomaticStopActionPropertiesoneachvirtualmachine. B. Manuallyshutdowneachoftheguestoperatingsystemsbeforetheservershutsdown.
C. Create a batch file to shut down the guest operating system before the server shuts down.
D. Create a logon script to shut down the guest operating system before the server shuts down.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 51
An attacker sends a large number of packets to a target computer that causes denial of service. Which of the following type of attacks is this?
A. Spoofing B. Snooping C. Phishing D. Flooding
Correct Answer: D
Section: (none) Explanation
Explanation/Reference: QUESTION 52
In which of the following attacks does an attacker spoof the source address in IP packets that are sent to the victim?
A. Dos
B. DDoS
C. Backscatter D. SQL injection
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 53
Adam is a novice Web user. He chooses a 22 letters long word from the dictionary as his password. How long will it take to crack the password by an attacker?
A. 22hours B. 23days C. 200 years D. 5 minutes
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 54
Which of the following are the automated tools that are used to perform penetration testing? Each correct answer represents a complete solution. Choose two.
A. Pwdump
B. Nessus
C. EtherApe
D. GFI LANguard
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: QUESTION 55
Which of the following viruses/worms uses the buffer overflow attack?
A. Chernobyl(CIH)virus B. Nimdavirus
C. Klezworm
D. Code red worm
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
You work as a Security Administrator for Net Perfect Inc. The company has a Windows-based network. You want to use a scanning technique which works as a reconnaissance attack. The technique should direct to a specific host or network to determine the services that the host offers. Which of the following scanning techniques can you use to accomplish the task?
A. IDLEscan
B. Nmap
C. SYN scan
D. Host port scan
Correct Answer: D Section: (none)
Explanation Explanation/Reference:
QUESTION 57
Adam works as a Penetration Tester for Umbrella Inc. A project has been assigned to him check the security of wireless network of the company. He re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Adam assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs.
Which of the following types of attack is Adam performing?
A. Replayattack
B. MACSpoofingattack C. Caffe Latte attack
D. Network injection attack
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Adam, a malicious hacker purposely sends fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes. On the basis of above information, which of the following types of attack is Adam attempting to perform?
A. Fraggleattack
B. Pingofdeathattack C. SYN Flood attack D. Land attack
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which of the following rootkits is able to load the original operating system as a virtual machine, thereby enabling it to intercept all hardware calls made by the original operating system?
A. Kernellevelrootkit B. Bootloaderrootkit C. Hypervisor rootkit D. Libraryrootkit
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Victor wants to send an encrypted message to his friend. He is using certain steganography technique to accomplish this task. He takes a cover object and changes it accordingly to hide information. This secret information is recovered only when the algorithm compares the changed cover with the original cover. Which of the following Steganography methods is Victor using to accomplish the task?
A. Thedistortiontechnique
B. Thespreadspectrumtechnique C. The substitution technique
D. The cover generation technique
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the company. He uses a tool that is a free open-source utility for network exploration. The tool uses raw IP packets to determine the following:
What ports are open on our network systems. What hosts are available on the network. Identify unauthorized wireless access points.
What services (application name and version) those hosts are offering. What operating systems (and OS versions) they are running.
What type of packet filters/firewalls are in use.
Which of the following tools is Victor using?
A. Nessus B. Kismet C. Nmap D. Sniffer
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Mark works as a Network Administrator for Perfect Inc. The company has both wired and wireless networks. An attacker attempts to keep legitimate users from accessing services that they require. Mark uses IDS/IPS sensors on the wired network to mitigate the attack. Which of the following attacks best describes the attacker's intentions?
A. Internalattack
B. Reconnaissanceattack C. Land attack
D. DoS attack
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 63
In which of the following attacks does the attacker gather information to perform an access attack?
A. Landattack
B. Reconnaissanceattack C. Vulnerabilityattack
D. DoS attack
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 64
Firekiller 2000 is an example of a __________.
A. SecuritysoftwaredisablerTrojan B. DoSattackTrojan
C. Data sending Trojan
D. Remote access Trojan
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 65
You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use?
A. Nmap B. Ethereal C. Ettercap
D. Netcraft
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 66
Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?
A. Shouldersurfing
B. Fileintegrityauditing C. Reconnaissance
D. Spoofing
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 67
In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a DNS zone transfer? Each correct answer represents a complete solution. Choose all that apply.
A. Host
B. Dig
C. DSniff
D. NSLookup
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference: QUESTION 68
Which of the following services CANNOT be performed by the nmap utility? Each correct answer represents a complete solution. Choose all that apply.
A. PassiveOSfingerprinting B. Sniffing
C. ActiveOSfingerprinting D. Port scanning
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Which of the following tools can be used as penetration tools in the Information system auditing process? Each correct answer represents a complete solution. Choose two.
A. Nmap B. Snort C. SARA D. Nessus
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 70
You are the Administrator for a corporate network. You are concerned about denial of service attacks. Which of the following measures would be most helpful in defending against a Denial-of-Service (DoS) attack?
A. Implementnetworkbasedantivirus.
B. PlaceahoneypotintheDMZ.
C. Shorten the timeout for connection attempts. D. Implement a strong password policy.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 71
Which of the following rootkits patches, hooks, or replaces system calls with versions that hide information about the attacker?
A. Libraryrootkit
B. Kernellevelrootkit C. Hypervisor rootkit D. Boot loader rootkit
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 72
SIMULATION
Fill in the blank with the appropriate name of the attack. ______ takes best advantage of an existing authenticated connection
Correct Answer: session hijacking Section: (none)
Explanation
Explanation/Reference:
QUESTION 73
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following steps of the pre-attack phase: . Information gathering
Determining network range Identifying active machines
Finding open ports and applications OS fingerprinting
Fingerprinting services
Now John wants to perform network mapping of the We-are-secure network. Which of the following tools can he use to accomplish his task? Each correct answer represents a complete solution. Choose all that apply.
A. Ettercap B. Traceroute C. Cheops
D. NeoTrace
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference: QUESTION 74
Which of the following tools uses common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures of the rootkits?
A. rkhunter B. OSSEC C. chkrootkit D. Blue Pill
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 75
What is the purpose of configuring a password protected screen saver on a computer?
A. Forpreventingunauthorizedaccesstoasystem.
B. ForpreventingasystemfromaDenialofService(DoS)attack. C. For preventing a system from a social engineering attack.
D. For preventing a system from a back door attack.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 76
Which of the following statements about reconnaissance is true?
A. ItdescribesanattempttotransferDNSzonedata.
B. Itisacomputerthatisusedtoattractpotentialintrudersorattackers.
C. It is any program that allows a hacker to connect to a computer without going through the normal authentication process. D. It is also known as half-open scanning.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 77
Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The principle of ARP spoofing is to send fake ARP messages to an Ethernet LAN. What steps can be used as a countermeasure of ARP spoofing?
Each correct answer represents a complete solution. Choose all that apply. A. Usingsmashguardutility
B. UsingARPGuardutility
C. Using static ARP entries on servers, workstation and routers
D. Using ARP watch utility
E. UsingIDSSensorstocheckcontinuallyforlargeamountofARPtrafficonlocalsubnets
Correct Answer: BCDE Section: (none) Explanation
Explanation/Reference: QUESTION 78
Which of the following types of malware does not replicate itself but can spread only when the circumstances are beneficial?
A. Massmailer B. Worm
C. Blended threat D. Trojan horse
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 79
Which of the following terms describes an attempt to transfer DNS zone data?
A. Reconnaissance B. Encapsulation
C. Dumpster diving D. Spam
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
SANS Hacker Tools, Techniques, Exploits and Incident Handling Questions + Answers Part 2
-
answerhappygod
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am