QUESTION 80
John works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company uses Check Point SmartDefense to provide security to the network of the company. On the HTTP servers of the company, John defines a rule for dropping any kind of userdefined URLs. Which of the following types of attacks can be prevented by dropping the user-defined URLs?
A. Morrisworm
B. Coderedworm
C. Hybrid attacks
D. PTC worms and mutations
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 81
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. The company is aware of various types of security attacks and wants to impede them. Hence, management has assigned John a project to port scan the company's Web Server. For this, he uses the nmap port scanner and issues the following command to perform idle port scanning: nmap -PN -p- -sI IP_Address_of_Company_Server
He analyzes that the server's TCP ports 21, 25, 80, and 111 are open.
Which of the following security policies is the company using during this entire process to mitigate the risk of hacking attacks?
A. Non-disclosureagreement B. Antiviruspolicy
C. Acceptable use policy
D. Audit policy
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 82
Which of the following malicious code can have more than one type of trigger, multiple task capabilities, and can replicate itself in more than one manner?
A. Macrovirus
B. Blendedthreat C. Trojan
D. Boot sector virus
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 83
You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.
A. Eradication
B. Contamination C. Preparation
D. Recovery
E. Identification
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password? Each correct answer represents a complete solution. Choose all that apply.
A. Denial-of-service(DoS)attack B. Zero-dayattack
C. Brute force attack
D. Social engineering
E. Buffer-overflowattack F. Rainbowattack
G. Password guessing
H. Dictionary-based attack
Correct Answer: CDFGH Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using? Each correct answer represents a part of the solution. Choose all that apply.
A. Linguisticsteganography B. Perceptualmasking
C. Technical steganography D. Text Semagrams
Correct Answer: AD Section: (none)
Explanation Explanation/Reference:
QUESTION 86
You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a project to test the security of a Web site. You go to the Web site login page and you run the following SQL query:
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = '[email protected]'; DROP TABLE members; --'
What task will the above SQL query perform?
A. Deletesthedatabaseinwhichmemberstableresides.
B. Deletestherowsofmemberstablewhereemailidis'[email protected]'given. C. Performs the XSS attacks.
D. Deletes the entire members table.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 87
You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task? Each correct answer represents a complete solution. Choose two.
A. Placenikto.plfileinthe/etc/nessusdirectory.
B. Placenikto.plfileinthe/var/wwwdirectory.
C. Place the directory containing nikto.pl in root's PATH environment variable. D. Restart nessusd service.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference: QUESTION 88
Which of the following are open-source vulnerability scanners?
A. Nessus B. Hackbot C. NetRecon D. Nikto
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference: QUESTION 89
Which of the following reads and writes data across network connections by using the TCP/IP protocol?
A. Fpipe
B. NSLOOKUP C. Netcat
D. 2Mosaic
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Adam, a novice web user, is very conscious about the security. He wants to visit the Web site that is known to have malicious applets and code. Adam always makes use of a basic Web Browser to perform such testing.
Which of the following web browsers can adequately fill this purpose?
A. MozillaFirefox B. Internetexplorer C. Lynx
D. Safari
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 91
Which of the following statements is true about the difference between worms and Trojan horses?
A. Trojanhorsesareaformofmaliciouscodeswhilewormsarenot.
B. Trojanhorsesareharmfultocomputerswhilewormsarenot.
C. Worms can be distributed through emails while Trojan horses cannot. D. Worms replicate themselves while Trojan horses do not.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 92
You are hired as a Database Administrator for Jennifer Shopping Cart Inc. You monitor the server health through the System Monitor and found that there is a sudden increase in the number of logins. Which of the following types of attack has occurred?
A. Injection
B. Virus
C. Worm
D. Denial-of-service
Correct Answer: D Section: (none)
Explanation Explanation/Reference:
QUESTION 93
Which of the following US Acts emphasized a "risk-based policy for cost-effective security" and makes mandatory for agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency's information security program and report the results to Office of Management and Budget?
A. TheElectronicCommunicationsPrivacyActof1986(ECPA)
B. TheFairCreditReportingAct(FCRA)
C. The Equal Credit Opportunity Act (ECOA)
D. Federal Information Security Management Act of 2002 (FISMA)
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 94
Which of the following actions is performed by the netcat command given below? nc 55555 < /etc/passwd
A. Itchangesthe/etc/passwdfilewhenconnectedtotheUDPport55555. B. Itresetsthe/etc/passwdfiletotheUDPport55555.
C. It fills the incoming connections to /etc/passwd file.
D. It grabs the /etc/passwd file when connected to UDP port 55555.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 95
In which of the following steps of the incident handling processes does the Incident Handler make sure that all business processes and functions are back to normal and then also wants to monitor the system or processes to ensure that the system is not compromised again?
A. Eradication
B. LessonLearned C. Recovery
D. Containment
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 96
Which of the following nmap command parameters is used for TCP SYN port scanning?
A. -sF B. -sU C. -sX D. -sS
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 97
Which of the following can be used as a countermeasure against the SQL injection attack? Each correct answer represents a complete solution. Choose two.
A. mysql_real_escape_string() B. session_regenerate_id()
C. mysql_escape_string()
D. Prepared statement
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it with chess.exe. Which of the following tools are required in such a scenario? Each correct answer represents a part of the solution. Choose three.
A. NetBus
B. Absinthe
C. Yet Another Binder D. Chess.exe
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference: QUESTION 99
Adam, a malicious hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct Man-in-The-Middle attack. Which of the following is the destination MAC address of a broadcast frame?
A. 0xDDDDDDDDD B. 0x00000000000 C. 0xFFFFFFFFFFFF
D. 0xAAAAAAAAAA
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 100
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He is working on the Linux operating system. He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?
A. Hunt
B. IPChains C. Ethercap D. Tripwire
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 101
Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. Choose all that apply.
A. Cross-sitescripting B. Sessionfixation
C. ARP spoofing
D. Session sidejacking
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Adam works as a Security Administrator for the Umbrella Inc. A project has been assigned to him to strengthen the security policies of the company, including its password policies. However, due to some old applications, Adam is only able to enforce a password group policy in Active Directory with a minimum of 10 characters. He informed the employees of the company, that the new password policy requires that everyone must have complex passwords with at least 14 characters. Adam wants to ensure that everyone is using complex passwords that meet the new security policy requirements. He logged on to one of the network's domain controllers and runs the following command:
Which of the following actions will this command take?
A. DumpstheSAMpasswordhashestopwd.txt
B. DumpstheSAMpasswordfiletopwd.txt
C. Dumps the Active Directory password hashes to pwd.txt D. The password history file is transferred to pwd.txt
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 103
Which of the following refers to applications or files that are not classified as viruses or Trojan horse programs, but can still negatively affect the performance of the computers on your network and introduce significant security risks to your organization?
A. Hardware B. Grayware C. Firmware D. Melissa
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 104
Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?
A. Kernelkeylogger
B. Softwarekeylogger C. Hardware keylogger D. OS keylogger
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 105
Which of the following attacks can be overcome by applying cryptography?
A. Bufferoverflow
B. W eb ripping
C. Sniffing
D. DoS
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 106
Which of the following netcat parameters makes netcat a listener that automatically restarts itself when a connection is dropped?
A. -u B. -l C. -p D. -L
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 107
As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being used by the secureserver.com so that you could get the accurate knowledge about what services were being used by the secure server.com. Which of the following nmap switches have you used to accomplish the task?
A. nmap-vO B. nmap-sS C. nmap -sT D. nmap -sO
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 108
Which of the following is a version of netcat with integrated transport encryption capabilities?
A. Encat B. Nikto
C. Socat D. Cryptcat
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 109
A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?
A. Vulnerabilityattack
B. Impersonationattack
C. Social Engineering attack D. Denial-of-Service attack
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 110
You discover that your network routers are being flooded with broadcast packets that have the return address of one of the servers on your network. This is resulting in an overwhelming amount of traffic going back to that server and flooding it. What is this called?
A. Synflood
B. Bluejacking C. Smurf attack
D. IP spoofing
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 111
Which of the following statements are true about Dsniff?
Each correct answer represents a complete solution. Choose two.
A. ItcontainsTrojans.
B. Itisavirus.
C. It is antivirus.
D. It is a collection of various hacking tools.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 112
Which of the following attacks are examples of Denial-of-service attacks (DoS)? Each correct answer represents a complete solution. Choose all that apply.
A. Fraggleattack B. Smurfattack
C. Birthdayattack D. Ping flood attack
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 113
James works as a Database Administrator for Techsoft Inc. The company has a SQL Server 2005 computer. The computer has a database named Sales. Users complain that the performance of the database has deteriorated. James opens the System Monitor tool and finds that there is an increase in network traffic. What kind of attack might be the cause of the performance deterioration?
A. Denial-of-Service B. Injection
C. Internal attack
D. Virus
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 114
Which of the following types of scan does not open a full TCP connection?
A. FINscan
B. ACKscan C. Stealth scan D. Idle scan
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included in the hacking process?
A. Scanning
B. Preparation
C. gaining access D. Reconnaissance
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 116
Which of the following are based on malicious code?
Each correct answer represents a complete solution. Choose two.
A. Denial-of-Service(DoS) B. Biometrics
C. Trojan horse
D. Worm
Correct Answer: CD Section: (none) Explanation
Explanation/Reference: QUESTION 117
Which of the following is a process of searching unauthorized modems?
A. Espionage
B. W ar dialing
C. System auditing
D. Scavenging
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 118
You want to create an SSH tunnel for POP and SMTP protocols. Which of the following commands will you run?
A. ssh-L110:mailhost:110-L25
B. ssh-L110:mailhost:110-L25:mailhost:25-1
C. ssh -L 25:mailhost:110 -L 110
D. ssh -L 110:mailhost:110 -L 25:mailhost:25 -1 user -N mailhost
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 119
You want to use PGP files for steganography. Which of the following tools will you use to accomplish the task?
A. Blindside B. Snow
C. Image Hide D. Stealth
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 120
Which of the following attacks saturates network resources and disrupts services to a specific computer?
A. Replayattack B. Teardrop attack
C. Denial-of-Service (DoS) attack D. Polymorphic shell code attack
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 121
Which of the following applications automatically calculates cryptographic hashes of all key system files that are to be monitored for modifications?
A. Tripwire B. TCPView C. PrcView D. Inzider
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 122
Which of the following options scans the networks for vulnerabilities regarding the security of a network?
A. System enumerators
B. Portenumerators
C. Network enumerators
D. Vulnerabilityenumerators
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Which of the following statements are correct about spoofing and session hijacking? Each correct answer represents a complete solution. Choose all that apply.
A. SpoofingisanattackinwhichanattackercanspooftheIPaddressorotheridentityofthetargetandthevalidusercannotbeactive. B. SpoofingisanattackinwhichanattackercanspooftheIPaddressorotheridentityofthetargetbutthevalidusercanbeactive.
C. Session hijacking is an attack in which an attacker takes over the session, and the valid user's session is disconnected.
D. Session hijacking is an attack in which an attacker takes over the session, and the valid user's session is not disconnected.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: QUESTION 124
Which of the following attacks allows an attacker to retrieve crucial information from a Web server's database?
A. Databaseretrievalattack B. PHPinjectionattack
C. SQL injection attack
D. Server data attack
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 125
Which of the following Trojans is used by attackers to modify the Web browser settings?
A. Win32/FlyStudio
B. Trojan.Lodear
C. WMA/TrojanDownloader.GetCodec D. Win32/Pacex.Gen
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 126
Which of the following statements is true about a Trojan engine?
A. Itlimitsthesystemresourceusage.
B. Itspecifiesthesignaturesthatkeepawatchforahostoranetworksendingmultiplepacketstoasinglehostorasinglenetwork. C. It specifies events that occur in a related manner within a sliding time interval.
D. It analyzes the nonstandard protocols, such as TFN2K and BO2K.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Which of the following is an Internet mapping technique that relies on various BGP collectors that collect information such as routing updates and tables and provide this information publicly?
A. ASRouteInference
B. PathMTUdiscovery(PMTUD) C. AS PATH Inference
D. Firewalking
Correct Answer: C
Section: (none) Explanation
Explanation/Reference: QUESTION 128
The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for Examkiller Software Systems Pvt. Ltd.?
A. Providingsecurecommunicationsbetweentheoverseasofficeandtheheadquarters.
B. Implementing Certificate services on T exas office.
C. Protecting employee data on portable computers.
D. Providing two-factor authentication.
E. Ensuringsecureauthentication.
F. Preventing unauthorized network access.
G. Providing secure communications between Washington and the headquarters office.
H. Preventing denial-of-service attacks.
Correct Answer: ACEF Section: (none) Explanation
Explanation/Reference: QUESTION 129
SIMULATION
Fill in the blank with the appropriate option to complete the statement below.
You want to block all UDP packets coming to the Linux server using the portsentry utility. For this, you have to enable the ______ option in the portsentry configuration file.
Correct Answer: BLOCK_UDP Section: (none)
Explanation
Explanation/Reference:
QUESTION 130
Which of the following is the Web 2.0 programming methodology that is used to create Web pages that are dynamic and interactive?
A. UML B. Ajax C. RSS D. XML
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 131
Which of the following IP packet elements is responsible for authentication while using IPSec?
A. AuthenticationHeader(AH)
B. Layer2TunnelingProtocol(L2TP)
C. Internet Key Exchange (IKE)
D. Encapsulating Security Payload (ESP)
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 132
Which of the following tools is used for port scanning?
A. NSLOOKUP B. NETSH
C. Nmap
D. L0phtcrack
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 133
Which of the following statements about buffer overflow are true? Each correct answer represents a complete solution. Choose two.
A. Itisasituationthatoccurswhenastoragedevicerunsoutofspace.
B. Itisasituationthatoccurswhenanapplicationreceivesmoredatathanitisconfiguredtoaccept. C. It can improve application performance.
D. It can terminate an application.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: QUESTION 134
When you conduct the XMAS scanning using Nmap, you find that most of the ports scanned do not give a response. What can be the state of these ports?
A. Filtered B. Open C. Closed
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 135
Which of the following attacking methods allows the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to
impersonate another computer by changing the Media Access Control address?
A. IPaddressspoofing B. VLANhoping
C. ARP spoofing
D. MAC spoofing
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 136
Adam works as a Security Analyst for Umbrella Inc. CEO of the company ordered him to implement two-factor authentication for the employees to access their networks. He has told him that he would like to use some type of hardware device in tandem with a security or identifying pin number. Adam decides to implement smart cards but they are not cost effective.
Which of the following types of hardware devices will Adam use to implement two-factor authentication?
A. Biometricdevice
B. Securitytoken
C. Proximitycards
D. One Time Password
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 137
Which of the following hacking tools provides shell access over ICMP?
A. JohntheRipper B. Nmap
C. Nessus
D. Loki
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 138
Which of the following are used to identify who is responsible for responding to an incident?
A. Disastermanagementpolicies B. Incidentresponsemanuals
C. Disaster management manuals D. Incident response policies
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 139
You discover that all available network bandwidth is being used by some unknown service. You discover that UDP packets are being used to connect the echo service on one machine to the chargen service on another machine. What kind of attack is this?
A. Smurf
B. DenialofService C. Evil Twin
D. Virus
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 140
Which of the following is used to determine the range of IP addresses that are mapped to a live hosts?
A. Portsweep B. Pingsweep C. IP sweep
D. Telnet sweep
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 141
You are the Administrator for a corporate network. You are concerned about denial of service attacks. Which of the following would be the most help against Denial of Service (DOS) attacks?
A. Packetfilteringfirewall
B. Network surveys.
C. Honeypot
D. Stateful Packet Inspection (SPI) firewall
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 142
A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as network saturation attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a large number of protocol packets to a network. The problems caused by a DoS attack are as follows: . Saturation of network resources
Disruption of connections between two computers, thereby preventing communications between services Disruption of services to a specific computer
Failure to access a Web site Increase in the amount of spam
Which of the following can be used as countermeasures against DoS attacks? Each correct answer represents a complete solution. Choose all that apply.
A. BlockingundesiredIPaddresses
B. Applyingrouterfiltering
C. Disabling unneeded network services
D. Permitting network access only to desired traffic
Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
QUESTION 143
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?
A. RPC
B. IDLE
C. UDP
D. TCP SYN/ACK
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 144
You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe
What action do you want to perform by issuing the above command?
A. Listentheincomingdataandperformingportscanning
B. Capturedataonport53andperformingbannergrabbing
C. Capture data on port 53 and delete the remote shell
D. Listen the incoming traffic on port 53 and execute the remote shell
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 145
Your IDS discovers that an intruder has gained access to your system. You immediately stop that access, change passwords for administrative accounts, and secure your network. You discover an odd account (not administrative) that has permission to remotely access the network. What is this most likely?
A. Anexampleofprivilegeescalation.
B. Anormalaccountyousimplydidnotnoticebefore.Largenetworkshaveanumberofaccounts;itishardtotrackthemall. C. A backdoor the intruder created so that he can re-enter the network.
D. An example of IP spoofing.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 146
US Garments wants all encrypted data communication between corporate office and remote location.
They want to achieve following results:
Authentication of users Anti-replay Anti-spoofing
IP packet encryption
They implemented IPSec using Authentication Headers (AHs). Which results does this solution provide? Each correct answer represents a complete solution. Choose all that apply.
A. Anti-replay
B. IPpacketencryption C. Authentication of users D. Anti-spoofing
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 147
Which of the following types of channels is used by Trojans for communication?
A. Loopchannel B. Openchannel C. Covert channel D. Overt channel
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 148
Which of the following is the most common vulnerability that can affect desktop applications written in native code?
A. SpyWare
B. DDoSattack C. Malware
D. Buffer overflow
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 149
Which of the following types of attacks is targeting a Web server with multiple compromised computers that are simultaneously sending hundreds of FIN packets with spoofed IP source IP addresses?
A. Evasionattack B. Insertionattack C. DDoS attack
D. Dictionaryattack
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 150
Which of the following ensures that the investigation process of incident response team does not break any laws during the response to an incident?
A. InformationSecurityrepresentative B. LeadInvestigator
C. Legal representative
D. Human Resource
Correct Answer: C
Section: (none) Explanation
Explanation/Reference: QUESTION 151
Which of the following would allow you to automatically close connections or restart a server or service when a DoS attack is detected?
A. Signature-basedIDS B. Network-basedIDS C. Passive IDS
D. Active IDS
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 152
Which of the following controls is described in the statement given below?
"It ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at."
A. Role-based Access Control
B. Attribute-basedAccessControl C. Discretionary Access Control D. Mandatory Access Control
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 153
Which of the following techniques can be used to map 'open' or 'pass through' ports on a gateway?
A. Traceport B. Tracefire C. Tracegate D. Traceroute
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 154
You work as a Senior Marketing Manager for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident.
Which of the following steps of an incident handling process was performed by the incident response team?
A. Containment B. Eradication C. Preparation D. Identification
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 155
Which of the following types of attacks slows down or stops a server by overloading it with requests?
A. DoSattack
B. Impersonationattack C. Network attack
D. Vulnerabilityattack
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 156
Jane works as a Consumer Support Technician for ABC Inc. The company provides troubleshooting support to users. Jane is troubleshooting the computer of a user who has installed software that automatically gains full permissions on his computer. Jane has never seen this software before. Which of the following types of malware is the user facing on his computer?
A. Rootkits B. Viruses C. Spyware D. Adware
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 157
Maria works as the Chief Security Officer for Examkiller Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?
A. Steganography
B. Public-keycryptography C. RSA algorithm
D. Encryption
Correct Answer: A
Section: (none) Explanation
Explanation/Reference:
QUESTION 158
Which of the following Linux rootkits allows an attacker to hide files, processes, and network connections? Each correct answer represents a complete solution. Choose all that apply.
A. Phalanx2 B. Beastkit C. Adore
D. Knark
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 159
Firewalking is a technique that can be used to gather information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. Which of the following are pre-requisites for an attacker to conduct firewalking? Each correct answer represents a complete solution. Choose all that apply.
A. AnattackershouldknowtheIPaddressofahostlocatedbehindthefirewall.
B. ICMPpacketsleavingthenetworkshouldbeallowed.
C. There should be a backdoor installed on the network.
D. An attacker should know the IP address of the last known gateway before the firewall.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 160
Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it to chess.exe. The size of chess.exe was 526,895 bytes originally, and after joining this chess file to the Trojan, the file size increased to 651,823 bytes. When he gives you this new game, you install the infected chess.exe file on your computer. He now performs various malicious tasks on your computer remotely. But you suspect that someone has installed a Trojan on your computer and begin to investigate it. When you enter the netstat command in the command prompt, you get the following results:
C:\WINDOWS>netstat -an | find "UDP" UDP IP_Address:31337 *:*
Now you check the following registry address: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServic es
In the above address, you notice a 'default' key in the 'Name' field having " .exe" value in the corresponding 'Data' field. Which of the following Trojans do you think your friend may have installed on your computer on the basis of the above evidence?
A. Qaz
B. DonaldDick C. Tini
D. Back Orifice
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 161
Which of the following statements about smurf is true?
A. ItisaUDPattackthatinvolvesspoofingandflooding.
B. ItisanICMPattackthatinvolvesspoofingandflooding.
C. It is an attack with IP fragments that cannot be reassembled.
D. It is a denial of service (DoS) attack that leaves TCP ports open.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 162
Which of the following is the method of hiding data within another media type such as graphic or document?
A. Spoofing
B. Steganography C. Packet sniffing D. Cryptanalysis
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 163
Which of the following practices come in the category of denial of service attack? Each correct answer represents a complete solution. Choose three.
A. PerformingBackdoorattackonasystem
B. Disruptingservicestoaspecificcomputer
C. Sending thousands of malformed packets to a network for bandwidth consumption D. Sending lots of ICMP packets to an IP address
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference: QUESTION 164
Which of the following steps of incident response is steady in nature?
A. Containment B. Eradication C. Preparation D. Recovery
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 165
Which of the following tasks can be performed by using netcat utility? Each correct answer represents a complete solution. Choose all that apply.
A. Checkingfileintegrity
B. CreatingaBackdoor
C. Firewall testing
D. Port scanning and service identification
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 166
You enter the following URL on your Web browser: http://www.we-are-secure.com/scripts/..%co%af../..%co% af../windows/system32/cmd.exe?/c+dir+c:\ What kind of attack are you performing?
A. Directorytraversal B. Replay
C. Session hijacking D. URL obfuscating
Correct Answer: A
Section: (none) Explanation
Explanation/Reference:
QUESTION 167
An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?
A. Soften B. Rotate C. Sharpen D. Blur
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 168
Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information? Each correct answer represents a complete solution. Choose all that apply.
A. Slack space
B. Hiddenpartition C. Dumb space
D. Unused Sectors
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference: QUESTION 169
Which of the following types of skills are required in the members of an incident handling team? Each correct answer represents a complete solution. Choose all that apply.
A. Organizationalskills B. Diplomaticskills
C. Methodical skills
D. Technical skills
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 170
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint. Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?
A. nmap-sS
B. nmap-sU-p C. nmap -O -p D. nmap -sT
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
SANS Hacker Tools, Techniques, Exploits and Incident Handling Questions + Answers Part 3
-
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am