New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

EC0-350 Questions and Answers

Question # 6

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Full Access
Question # 7

What are the three types of authentication?

A.

Something you: know, remember, prove

B.

Something you: have, know, are

C.

Something you: show, prove, are

D.

Something you: show, have, prove

Full Access
Question # 8

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A.

WHOIS

B.

IANA 

C.

CAPTCHA

D.

IETF

Full Access
Question # 9

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21 – no response  TCP port 22 – no response TCP port 23 – Time-to-live exceeded

A.

The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host.

B.

The lack of response from ports 21 and 22 indicate that those services are not running on the destination server.

C.

The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.

D.

The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.

Full Access
Question # 10

802.11b is considered a ____________ protocol.

A.

Connectionless

B.

Secure

C.

Unsecure

D.

Token ring based

E.

Unreliable

Full Access
Question # 11

Bob reads an article about how insecure wireless networks can be. He gets approval from his management to implement a policy of not allowing any wireless devices on the network. What other steps does Bob have to take in order to successfully implement this? (Select 2 answer.)

A.

Train users in the new policy.

B.

Disable all wireless protocols at the firewall.

C.

Disable SNMP on the network so that wireless devices cannot be configured.

D.

Continuously survey the area for wireless devices.

Full Access
Question # 12

To scan a host downstream from a security gateway, Firewalking:

A.

Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets

B.

Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway

C.

Sends an ICMP ''administratively prohibited'' packet to determine if the gateway will drop the packet without comment.

D.

Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway

Full Access
Question # 13

John wishes to install a new application onto his Windows 2000 server.

He wants to ensure that any application he uses has not been Trojaned.

What can he do to help ensure this?

A.

Compare the file's MD5 signature with the one published on the distribution media

B.

Obtain the application via SSL

C.

Compare the file's virus signature with the one published on the distribution media

D.

Obtain the application from a CD-ROM disc

Full Access
Question # 14

A denial of Service (DoS) attack works on the following principle:

A.

MS-DOS and PC-DOS operating system utilize a weaknesses that can be compromised and permit them to launch an attack easily.

B.

All CLIENT systems have TCP/IP stack implementation weakness that can be compromised and permit them to lunch an attack easily.

C.

Overloaded buffer systems can easily address error conditions and respond appropriately.

D.

Host systems cannot respond to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State).

E.

A server stops accepting connections from certain networks one those network become flooded.

Full Access
Question # 15

Exhibit:

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

A.

har.txt

B.

SAM file

C.

wwwroot

D.

Repair file

Full Access
Question # 16

What happens when one experiences a ping of death?

A.

This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the “type” field in the ICMP header is set to 18 (Address Mask Reply).

B.

This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP), the Last Fragment bit is set, and (IP offset ‘ 8) + (IP data length) >65535.

In other words, the IP offset (which represents the starting position of this fragment in the original packet, and which is in 8-byte units) plus the rest of the packet is greater than the maximum size for an IP packet.

C.

This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the source equal to destination address.

D.

This is when an the IP header is set to 1 (ICMP) and the “type” field in the ICMP header is set to 5 (Redirect).

Full Access
Question # 17

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

A.

Locate type=ns

B.

Request type=ns

C.

Set type=ns

D.

Transfer type=ns

Full Access
Question # 18

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

A.

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

B.

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

C.

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

D.

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Full Access
Question # 19

Which of the following identifies the three modes in which Snort can be configured to run?

A.

Sniffer, Packet Logger, and Network Intrusion Detection System

B.

Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System

C.

Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System

D.

Sniffer, Packet Logger, and Host Intrusion Prevention System

Full Access
Question # 20

Which of the following is a hashing algorithm?

A.

MD5

B.

PGP

C.

DES

D.

ROT13

Full Access
Question # 21

Passive reconnaissance involves collecting information through which of the following?

A.

Social engineering

B.

Network traffic sniffing

C.

Man in the middle attacks

D.

Publicly accessible sources

Full Access
Question # 22

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

A.

There is no way to completely block tracerouting into this area

B.

Block UDP at the firewall

C.

Block TCP at the firewall

D.

Block ICMP at the firewall

Full Access
Question # 23

Finding tools to run dictionary and brute forcing attacks against FTP and Web servers is an easy task for hackers. They use tools such as arhontus or brutus to break into remote servers.

A command such as this, will attack a given 10.0.0.34 FTP and Telnet servers simultaneously with a list of passwords and a single login namE. linksys. Many FTP-specific password-guessing tools are also available from major security sites.

What defensive measures will you take to protect your network from these attacks?

A.

Never leave a default password

B.

Never use a password that can be found in a dictionary

C.

Never use a password related to your hobbies, pets, relatives, or date of birth.

D.

Use a word that has more than 21 characters from a dictionary as the password

E.

Never use a password related to the hostname, domain name, or anything else that can be found with whois

Full Access
Question # 24

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

A.

USER, NICK

B.

LOGIN, NICK

C.

USER, PASS

D.

LOGIN, USER

Full Access
Question # 25

You are a Administrator of Windows server. You want to find the port number for POP3. What file would you find the information in and where?

Select the best answer.

A.

%windir%\\etc\\services

B.

system32\\drivers\\etc\\services

C.

%windir%\\system32\\drivers\\etc\\services

D.

/etc/services

E.

%windir%/system32/drivers/etc/services

Full Access
Question # 26

In this type of Man-in-the-Middle attack, packets and authentication tokens are captured using a sniffer. Once the relevant information is extracted, the tokens are placed back on the network to gain access.

A.

Token Injection Replay attacks

B.

Shoulder surfing attack

C.

Rainbow and Hash generation attack

D.

Dumpster diving attack

Full Access
Question # 27

Fingerprinting an Operating System helps a cracker because:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Full Access
Question # 28

Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack?

A.

Timestamps

B.

SMB Signing

C.

File permissions

D.

Sequence numbers monitoring

Full Access
Question # 29

One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker's source IP address.

You send a ping request to the broadcast address 192.168.5.255.

There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?

A.

Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

B.

Linux machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

C.

You should send a ping request with this command ping ? 192.168.5.0-255

D.

You cannot ping a broadcast address. The above scenario is wrong.

Full Access
Question # 30

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two.

What would you call this attack?

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

Full Access
Question # 31

What is the default Password Hash Algorithm used by NTLMv2?

A.

MD4

B.

DES

C.

SHA-1

D.

MD5

Full Access
Question # 32

Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment.

Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access the resources of the company. This process involves human interaction to fix it.

What kind of Denial of Service attack was best illustrated in the scenario above?

A.

Simple DDoS attack

B.

DoS attacks which involves flooding a network or system

C.

DoS attacks which involves crashing a network or system

D.

DoS attacks which is done accidentally or deliberately

Full Access
Question # 33

John the hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct MiTM attack. What is the destination MAC address of a broadcast frame?

A.

0xFFFFFFFFFFFF

B.

0xDDDDDDDDDDDD

C.

0xAAAAAAAAAAAA

D.

0xBBBBBBBBBBBB

Full Access
Question # 34

Blane is a security analyst for a law firm. One of the lawyers needs to send out an email to a client but he wants to know if the email is forwarded on to any other recipients. The client is explicitly asked not to re-send the email since that would be a violation of the lawyer's and client's agreement for this particular case. What can Blane use to accomplish this?

A.

He can use a split-DNS service to ensure the email is not forwarded on.

B.

A service such as HTTrack would accomplish this.

C.

Blane could use MetaGoofil tracking tool.

D.

Blane can use a service such as ReadNotify tracking tool.

Full Access
Question # 35

Gerald, the Systems Administrator for Hyped Enterprises, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, he discovers numerous remote tools were installed that no one claims to have knowledge of in his department. Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to a proxy server in Brazil. Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. What proxy tool has Gerald's attacker used to cover their tracks?

A.

ISA proxy

B.

IAS proxy

C.

TOR proxy

D.

Cheops proxy

Full Access
Question # 36

What do you conclude from the nmap results below?

Staring nmap V. 3.10ALPHA0 (www.insecure.org/map/)

(The 1592 ports scanned but not shown below are in state: closed)

Port State Service

21/tcp open ftp

25/tcp open smtp

80/tcp open http

443/tcp open https

Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed – 1 IP address (1 host up) scanned in 91.66 seconds

A.

The system is a Windows Domain Controller.

B.

The system is not firewalled.

C.

The system is not running Linux or Solaris.

D.

The system is not properly patched.

Full Access
Question # 37

What is the key advantage of Session Hijacking?

A.

It can be easily done and does not require sophisticated skills.

B.

You can take advantage of an authenticated connection.

C.

You can successfully predict the sequence number generation.

D.

You cannot be traced in case the hijack is detected.

Full Access
Question # 38

Tess King is making use of Digest Authentication for her Web site. Why is this considered to be more secure than Basic authentication?

A.

Basic authentication is broken

B.

The password is never sent in clear text over the network

C.

The password sent in clear text over the network is never reused.

D.

It is based on Kerberos authentication protocol

Full Access
Question # 39

Which of the following is not considered to be a part of active sniffing?

A.

MAC Flooding

B.

ARP Spoofing

C.

SMAC Fueling

D.

MAC Duplicating

Full Access
Question # 40

What is the algorithm used by LM for Windows2000 SAM?

A.

MD4

B.

DES

C.

SHA

D.

SSL

Full Access
Question # 41

Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain functions are executed on his local system under his privileges, which allow Kevin access to information used on the BBS. However, no executables are downloaded and run on the local system. What would you term this attack?

A.

Phishing

B.

Denial of Service

C.

Cross Site Scripting

D.

Backdoor installation

Full Access
Question # 42

You want to use netcat to generate huge amount of useless network data continuously for various performance testing between 2 hosts.

Which of the following commands accomplish this?

A.

Machine A

#yes AAAAAAAAAAAAAAAAAAAAAA | nc –v –v –l –p 2222 > /dev/null

Machine B

#yes BBBBBBBBBBBBBBBBBBBBBB | nc machinea 2222 > /dev/null

B.

Machine A

cat somefile | nc –v –v –l –p 2222

Machine B

cat somefile | nc othermachine 2222

C.

Machine A

nc –l –p 1234 | uncompress –c | tar xvfp

Machine B

tar cfp - /some/dir | compress –c | nc –w 3 machinea 1234

D.

Machine A

while true : do

nc –v –l –s –p 6000 machineb 2

Machine B

while true ; do

nc –v –l –s –p 6000 machinea 2

done

Full Access
Question # 43

What is the problem with this ASP script (login.asp)?

A.

The ASP script is vulnerable to Cross Site Scripting attack

B.

The ASP script is vulnerable to Session Splice attack

C.

The ASP script is vulnerable to XSS attack

D.

The ASP script is vulnerable to SQL Injection attack

Full Access
Question # 44

Which Type of scan sends a packets with no flags set? Select the Answer

A.

Open Scan

B.

Null Scan

C.

Xmas Scan

D.

Half-Open Scan

Full Access
Question # 45

What are the two basic types of attacks? (Choose two.

A.

DoS

B.

Passive

C.

Sniffing

D.

Active

E.

Cracking

Full Access
Question # 46

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?

A.

Fraggle

B.

MAC Flood

C.

Smurf

D.

Tear Drop

Full Access
Question # 47

A company has made the decision to host their own email and basic web services. The administrator needs to set up the external firewall to limit what protocols should be allowed to get to the public part of the company's network. Which ports should the administrator open? (Choose three.)

A.

Port 22

B.

Port 23

C.

Port 25

D.

Port 53

E.

Port 80

F.

Port 139

G.

Port 445

Full Access
Question # 48

Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most affective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer)

A.

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Full Access
Question # 49

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately.

Which organization coordinates computer crime investigations throughout the United States?

A.

NDCA

B.

NICP

C.

CIRP

D.

NPC

E.

CIA

Full Access
Question # 50

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

A.

An extensible security framework named COBIT

B.

A list of flaws and how to fix them

C.

Web application patches

D.

A security certification for hardened web applications

Full Access
Question # 51

Which of the following describes the characteristics of a Boot Sector Virus?

A.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D.

Overwrites the original MBR and only executes the new virus code

Full Access
Question # 52

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

A.

-sO

B.

-sP

C.

-sS

D.

-sU

Full Access
Question # 53

Which set of access control solutions implements two-factor authentication?

A.

USB token and PIN

B.

Fingerprint scanner and retina scanner

C.

Password and PIN

D.

Account and password

Full Access
Question # 54

Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?

A.

Port 1890 (Net-Devil Trojan)

B.

Port 1786 (Net-Devil Trojan)

C.

Port 1909 (Net-Devil Trojan)

D.

Port 6667 (Net-Devil Trojan)

Full Access
Question # 55

Which type of attack is port scanning?

A.

Web server attack

B.

Information gathering

C.

Unauthorized access

D.

Denial of service attack

Full Access
Question # 56

What did the following commands determine?

C: user2sid \earth guest

S-1-5-21-343818398-789336058-1343024091-501

C:sid2user 5 21 343818398 789336058 1343024091 500

Name is Joe

Domain is EARTH

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Full Access
Question # 57

You work as security technician at XYZ.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which of the processes listed below would be a more efficient way of doing this type of validation?

A.

Use mget to download all pages locally for further inspection.

B.

Use wget to download all pages locally for further inspection.

C.

Use get* to download all pages locally for further inspection.

D.

Use get() to download all pages locally for further inspection.

Full Access
Question # 58

Clive has been hired to perform a Black-Box test by one of his clients.

How much information will Clive obtain from the client before commencing his test?

A.

IP Range, OS, and patches installed.

B.

Only the IP address range.

C.

Nothing but corporate name.

D.

All that is available from the client site.

Full Access
Question # 59

Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to save the page locally, so that he can modify the page variables. In the context of web application security, what do you think Bubba has changes?

A.

A hidden form field value.

B.

A hidden price value.

C.

An integer variable.

D.

A page cannot be changed locally, as it is served by a web server.

Full Access
Question # 60

E-mail scams and mail fraud are regulated by which of the following?

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Full Access
Question # 61

You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe.

What caused this?

A.

The Morris worm

B.

The PIF virus

C.

Trinoo

D.

Nimda

E.

Code Red

F.

Ping of Death

Full Access
Question # 62

Which is the right sequence of packets sent during the initial TCP three way handshake?

A.

FIN, FIN-ACK, ACK

B.

SYN, URG, ACK

C.

SYN, ACK, SYN-ACK

D.

SYN, SYN-ACK, ACK

Full Access
Question # 63

Bob is a very security conscious computer user. He plans to test a site that is known to have malicious applets, code, and more. Bob always make use of a basic Web Browser to perform such testing.

Which of the following web browser can adequately fill this purpose?

A.

Internet Explorer

B.

Mozila

C.

Lynx

D.

Tiger

Full Access
Question # 64

Samantha was hired to perform an internal security test of XYZ. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.

Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)

A.

Ethernet Zapping

B.

MAC Flooding

C.

Sniffing in promiscuous mode

D.

ARP Spoofing

Full Access
Question # 65

Jackson discovers that the wireless AP transmits 128 bytes of plaintext, and the station responds by encrypting the plaintext. It then transmits the resulting ciphertext using the same key and cipher that are used by WEP to encrypt subsequent network traffic. What authentication mechanism is being followed here?

A.

no authentication

B.

single key authentication

C.

shared key authentication

D.

open system authentication

Full Access
Question # 66

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

A.

Spoofing an IP address

B.

Tunneling scan over SSH

C.

Tunneling over high port numbers

D.

Scanning using fragmented IP packets

Full Access
Question # 67

Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply.

A.

Linux passwords can be encrypted with MD5

B.

Linux passwords can be encrypted with SHA

C.

Linux passwords can be encrypted with DES

D.

Linux passwords can be encrypted with Blowfish

E.

Linux passwords are encrypted with asymmetric algrothims

Full Access
Question # 68

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

A.

Set a BIOS password.

B.

Encrypt the data on the hard drive.

C.

Use a strong logon password to the operating system.

D.

Back up everything on the laptop and store the backup in a safe place.

Full Access
Question # 69

WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux. What library does it use?

A.

LibPcap

B.

WinPcap

C.

Wincap

D.

None of the above

Full Access
Question # 70

Which of the following best describes session key creation in SSL?

A.

It is created by the server after verifying theuser's identity

B.

It is created by the server upon connection by the client

C.

It is created by the client from the server's public key

D.

It is created by the client after verifying the server's identity

Full Access
Question # 71

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

A.

tcp.src == 25 and ip.host == 192.168.0.125

B.

host 192.168.0.125:25

C.

port 25 and host 192.168.0.125

D.

tcp.port == 25 and ip.host == 192.168.0.125

Full Access
Question # 72

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

A.

Recipient's private key

B.

Recipient's public key

C.

Master encryption key

D.

Sender's public key

Full Access
Question # 73

Which types of detection methods are employed by Network Intrusion Detection Systems (NIDS)? (Choose two.)

A.

Signature

B.

Anomaly

C.

Passive

D.

Reactive

Full Access
Question # 74

Smart cards use which protocol to transfer the certificate in a secure manner?

A.

Extensible Authentication Protocol (EAP)

B.

Point to Point Protocol (PPP)

C.

Point to Point Tunneling Protocol (PPTP)

D.

Layer 2 Tunneling Protocol (L2TP)

Full Access
Question # 75

How is sniffing broadly categorized?

A.

Active and passive

B.

Broadcast and unicast

C.

Unmanaged and managed

D.

Filtered and unfiltered

Full Access
Question # 76

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?

A.

Netstat WMI Scan

B.

Silent Dependencies

C.

Consider unscanned ports as closed

D.

Reduce parallel connections on congestion

Full Access
Question # 77

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

Full Access
Question # 78

Study the log below and identify the scan type.

A.

nmap -sR 192.168.1.10

B.

nmap -sS 192.168.1.10

C.

nmap -sV 192.168.1.10

D.

nmap -sO -T 192.168.1.10

Full Access
Question # 79

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? (Choose the most appropriate statement)

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes from port 31337.

C.

The attacker wants to avoid creating a sub-carrier connection that is not normally valid.

D.

There packets were created by a tool; they were not created by a standard IP stack.

Full Access
Question # 80

An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to match too many signatures hence it cannot reliably be identified:

21 ftp

23 telnet

80 http

443 https

What does this suggest?

A.

This is a Windows Domain Controller

B.

The host is not firewalled

C.

The host is not a Linux or Solaris system

D.

The host is not properly patched

Full Access
Question # 81

_________ is one of the programs used to wardial.

A.

DialIT

B.

Netstumbler

C.

TooPac

D.

Kismet

E.

ToneLoc

Full Access
Question # 82

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Full Access
Question # 83

What is the proper response for a FIN scan if the port is closed?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

Full Access
Question # 84

Exhibit

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session.

What does the first and second column mean? Select two.

A.

The first column reports the sequence number

B.

The second column reports the difference between the current and last sequence number

C.

The second column reports the next sequence number

D.

The first column reports the difference between current and last sequence number

Full Access
Question # 85

In keeping with the best practices of layered security, where are the best places to place intrusion detection/intrusion prevention systems? (Choose two.)

A.

HID/HIP (Host-based Intrusion Detection/Host-based Intrusion Prevention)

B.

NID/NIP (Node-based Intrusion Detection/Node-based Intrusion Prevention)

C.

NID/NIP (Network-based Intrusion Detection/Network-based Intrusion Prevention)

D.

CID/CIP (Computer-based Intrusion Detection/Computer-based Intrusion Prevention)

Full Access
Question # 86

Network Administrator Patricia is doing an audit of the network. Below are some of her findings concerning DNS. Which of these would be a cause for alarm?

Select the best answer.

A.

There are two external DNS Servers for Internet domains. Both are AD integrated.

B.

All external DNS is done by an ISP.

C.

Internal AD Integrated DNS servers are using private DNS names that are

D.

unregistered.

E.

Private IP addresses are used on the internal network and are registered with the internal AD integrated DNS server.

Full Access
Question # 87

__________ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer

A.

Alternate Data Streams

B.

Merge Streams

C.

Steganography

D.

NetBIOS vulnerability

Full Access
Question # 88

What flags are set in a X-MAS scan?(Choose all that apply.

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

URG

Full Access
Question # 89

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect's workstation. He comes across a file that is just called "file.txt" but when he opens it, he finds the following:

What can he infer from this file?

A.

A picture that has been renamed with a .txt extension

B.

An encrypted file

C.

An encoded file

D.

A buffer overflow

Full Access
Question # 90

Which of the following ICMP message types are used for destinations unreachables?

A.

0

B.

3

C.

11

D.

13

E.

17

Full Access
Question # 91

You have initiated an active operating system fingerprinting attempt with nmap against a target system:

What operating system is the target host running based on the open ports shown above?

A.

Windows XP

B.

Windows 98 SE

C.

Windows NT4 Server

D.

Windows 2000 Server

Full Access
Question # 92

An attacker finds a web page for a target organization that supplies contact information for the company. Using available details to make the message seem authentic, the attacker drafts e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator.

The email asks the employee to log into a bogus page that requests the employee's user name and password or click on a link that will download spyware or other malicious programming.

Google's Gmail was hacked using this technique and attackers stole source code and sensitive data from Google servers. This is highly sophisticated attack using zero-day exploit vectors, social engineering and malware websites that focused on targeted individuals working for the company.

What is this deadly attack called?

A.

Spear phishing attack

B.

Trojan server attack

C.

Javelin attack

D.

Social networking attack

Full Access
Question # 93

Consider the following code:

URL:http://www.certified.com/search.pl?

text=

If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.

What is the countermeasure against XSS scripting?

A.

Create an IP access list and restrict connections based on port number

B.

Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts

C.

Disable Javascript in IE and Firefox browsers

D.

Connect to the server using HTTPS protocol instead of HTTP

Full Access
Question # 94

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying.  What actions should the CEH take?

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Full Access
Question # 95

Which type of hacker represents the highest risk to your network?

A.

black hat hackers

B.

grey hat hackers

C.

disgruntled employees

D.

script kiddies

Full Access
Question # 96

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

A.

Sender's public key

B.

Receiver's private key

C.

Receiver's public key

D.

Sender's private key

Full Access
Question # 97

In what stage of Virus life does a stealth virus gets activated with the user performing certain actions such as running an infected program?

A.

Design

B.

Elimination

C.

Incorporation

D.

Replication

E.

Launch

F.

Detection

Full Access
Question # 98

Bob has set up three web servers on Windows Server 2008 IIS 7.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of these servers because of the potential for financial loss. Bob has asked his company's firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network.

Why will this not be possible?

A.

Firewalls cannot inspect traffic coming through port 443

B.

Firewalls can only inspect outbound traffic

C.

Firewalls cannot inspect traffic at all, they can only block or allow certain ports

D.

Firewalls cannot inspect traffic coming through port 80

Full Access
Question # 99

Shayla is an IT security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security.

No employees for the company, other than the IT director, know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices.

What type of insider threat would Shayla be considered?

A.

She would be considered an Insider Affiliate

B.

Because she does not have any legal access herself, Shayla would be considered an Outside Affiliate

C.

Shayla is an Insider Associate since she has befriended an actual employee

D.

Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider

Full Access
Question # 100

Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It also provides devices, which would otherwise be unable to communicate a means to notify administrators of problems or performance.

What default port Syslog daemon listens on?

A.

242

B.

312

C.

416

D.

514

Full Access
Question # 101

Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a technique called Search Engine Optimization.

Once the Fake AV is downloaded into the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats.

The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made.

What is the risk of installing Fake AntiVirus?

A.

Victim's Operating System versions, services running and applications installed will be published on Blogs and Forums

B.

Victim's personally identifiable information such as billing address and credit card details, may be extracted and exploited by the attacker

C.

Once infected, the computer will be unable to boot and the Trojan will attempt to format the hard disk

D.

Denial of Service attack will be launched against the infected computer crashing other machines on the connected network

Full Access
Question # 102

Stephanie works as a records clerk in a large office building in downtown Chicago. On Monday, she went to a mandatory security awareness class (Security5) put on by her company's IT department. During the class, the IT department informed all employees that everyone's Internet activity was thenceforth going to be monitored.

Stephanie is worried that her Internet activity might give her supervisor reason to write her up, or worse get her fired. Stephanie's daily work duties only consume about four hours of her time, so she usually spends the rest of the day surfing the web. Stephanie really enjoys surfing the Internet but definitely does not want to get fired for it.

What should Stephanie use so that she does not get in trouble for surfing the Internet?

A.

Stealth IE

B.

Stealth Anonymizer

C.

Stealth Firefox

D.

Cookie Disabler

Full Access
Question # 103

Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers)

A.

Bogus ECHO reply packets are flooded on the network spoofing the IP and MAC address

B.

The ICMP packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim's network

C.

ECHO packets are flooded on the network saturating the bandwidth of the subnet causing denial of service

D.

A DDoS ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets to the victim system.

Full Access
Question # 104

Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges?

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Full Access
Question # 105

Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?

A.

Configure Port Security on the switch

B.

Configure Port Recon on the switch

C.

Configure Switch Mapping

D.

Configure Multiple Recognition on the switch

Full Access
Question # 106

When analyzing the IDS logs, the system administrator notices connections from outside of the LAN have been sending packets where the Source IP address and Destination IP address are the same. There have been no alerts sent via email or logged in the IDS. Which type of an alert is this?

A.

False positive

B.

False negative

C.

True positive

D.

True negative

Full Access
Question # 107

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Full Access
Question # 108

Which of the following examples best represents a logical or technical control?

A.

Security tokens

B.

Heating and air conditioning

C.

Smoke and fire alarms

D.

Corporate security policy

Full Access
Question # 109

Which of the following is a preventive control?

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Full Access
Question # 110

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

A.

Asymmetric

B.

Confidential

C.

Symmetric

D.

Non-confidential

Full Access
Question # 111

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

A.

Issue the pivot exploit and set the meterpreter.

B.

Reconfigure the network settings in the meterpreter.

C.

Set the payload to propagate through the meterpreter.

D.

Create a route statement in the meterpreter.

Full Access
Question # 112

Which statement best describes a server type under an N-tier architecture?

A.

A group of servers at a specific layer

B.

A single server with a specific role

C.

A group of servers with a unique role

D.

A single server at a specific layer

Full Access
Question # 113

Which security strategy requires using several, varying methods to protect IT systems against attacks?

A.

Defense in depth

B.

Three-way handshake

C.

Covert channels

D.

Exponential backoff algorithm

Full Access
Question # 114

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

A.

Usernames

B.

File permissions

C.

Firewall rulesets

D.

Passwords

Full Access
Question # 115

You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks?

A.

System services

B.

EXEC master access

C.

xp_cmdshell

D.

RDC

Full Access
Question # 116

Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?

A.

DataThief

B.

NetCat

C.

Cain and Abel

D.

SQLInjector

Full Access
Question # 117

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

A.

Perform a dictionary attack.

B.

Perform a brute force attack.

C.

Perform an attack with a rainbow table.

D.

Perform a hybrid attack.

Full Access
Question # 118

John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the log files to investigate the attack. Take a look at the following Linux log file snippet. The hacker compromised and "owned" a Linux machine. What is the hacker trying to accomplish here?

A.

The hacker is attempting to compromise more machines on the network

B.

The hacker is planting a rootkit

C.

The hacker is running a buffer overflow exploit to lock down the system

D.

The hacker is trying to cover his tracks

Full Access
Question # 119

An attacker is attempting to telnet into a corporation's system in the DMZ. The attacker doesn't want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. What could be the reason?

A.

The firewall is blocking port 23 to that system

B.

He needs to use an automated tool to telnet in

C.

He cannot spoof his IP and successfully use TCP

D.

He is attacking an operating system that does not reply to telnet even when open

Full Access
Question # 120

What command would you type to OS fingerprint a server using the command line?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 121

Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried that adversaries might be monitoring the communication link and could inspect captured traffic. She would like to tunnel the information to the remote end but does not have VPN capabilities to do so. Which of the following tools can she use to protect the link?

A.

MD5

B.

PGP

C.

RSA

D.

SSH

Full Access
Question # 122

What is the main reason the use of a stored biometric is vulnerable to an attack?

A.

The digital representation of the biometric might not be unique, even if the physical characteristic is unique.

B.

Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.

C.

A stored biometric is no longer "something you are" and instead becomes "something you have".

D.

A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Full Access
Question # 123

What is the proper response for a NULL scan if the port is closed?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Full Access
Question # 124

Data hiding analysis can be useful in

A.

determining the level of encryption used to encrypt the data.

B.

detecting and recovering data that may indicate knowledge, ownership or intent.

C.

identifying the amount of central processing unit (cpu) usage over time to process the data.

D.

preventing a denial of service attack on a set of enterprise servers to prevent users from accessing the data.

Full Access
Question # 125

Which of the following parameters enables NMAP's operating system detection feature?

A.

NMAP -sV

B.

NMAP -oS

C.

NMAP -sR

D.

NMAP -O

Full Access
Question # 126

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

A.

Firewall

B.

Honeypot

C.

Core server

D.

Layer 4 switch

Full Access
Question # 127

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions.

Full Access
Question # 128

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

Dear valued customers,

We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

Antivirus code: 5014

http://www.juggyboy/virus/virus.html

Thank you for choosing us, the worldwide leader Antivirus solutions.

Mike Robertson

PDF Reader Support

Copyright Antivirus 2010 ?All rights reserved

If you want to stop receiving mail, please go to:

http://www.juggyboy.com

or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

A.

Look at the website design, if it looks professional then it is a Real Anti-Virus website

B.

Connect to the site using SSL, if you are successful then the website is genuine

C.

Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

D.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

E.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Full Access
Question # 129

You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.

  • DNS query is sent to the DNS server to resolve www.google.com
  • DNS server replies with the IP address for Google?
  • SYN packet is sent to Google.
  • Google sends back a SYN/ACK packet
  • Your computer completes the handshake by sending an ACK
  • The connection is established and the transfer of data commences

Which of the following packets represent completion of the 3-way handshake?

A.

4th packet

B.

3rdpacket

C.

6th packet

D.

5th packet

Full Access
Question # 130

Which of the following encryption is NOT based on block cipher?

A.

DES

B.

Blowfish

C.

AES (Rijndael)

D.

RC4

Full Access
Question # 131

What port number is used by LDAP protocol?

A.

110

B.

389

C.

464

D.

445

Full Access