Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

An attacker runs netcat tool to transfer a secret file between two hosts.

Machine A: netcat -l -p 1234 < secretfile

Machine B: netcat 192.168.3.4 > 1234

He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

A.

Machine A: netcat -l -p -s password 1234 < testfile

Machine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfile

Machine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw password

Machine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site.

One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!

From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith.

After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

H@cker Mess@ge:

Y0u @re De@d! Fre@ks!

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.

How did the attacker accomplish this hack?

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

A.

Hardware, Software, and Sniffing.

B.

Hardware and Software Keyloggers.

C.

Passwords are always best obtained using Hardware key loggers.

D.

Software only, they are the most effective.

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

A.

RSA, LSA, POP

B.

SSID, WEP, Kerberos

C.

SMB, SMTP, Smart card

D.

Kerberos, Smart card, Stanford SRP

Exhibit:

ettercap –NCLzs --quiet

What does the command in the exhibit do in “Ettercap”?

A.

This command will provide you the entire list of hosts in the LAN

B.

This command will check if someone is poisoning you and will report its IP.

C.

This command will detach from console and log all the collected passwords from the network to a file.

D.

This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

A.

Block port 25 at the firewall.

B.

Shut off the SMTP service on the server.

C.

Force all connections to use a username and password.

D.

Switch from Windows Exchange to UNIX Sendmail.

E.

None of the above.

E-mail scams and mail fraud are regulated by which of the following?

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

You want to use netcat to generate huge amount of useless network data continuously for various performance testing between 2 hosts.

Which of the following commands accomplish this?

A.

Machine A

#yes AAAAAAAAAAAAAAAAAAAAAA | nc –v –v –l –p 2222 > /dev/null

Machine B

#yes BBBBBBBBBBBBBBBBBBBBBB | nc machinea 2222 > /dev/null

B.

Machine A

cat somefile | nc –v –v –l –p 2222

Machine B

cat somefile | nc othermachine 2222

C.

Machine A

nc –l –p 1234 | uncompress –c | tar xvfp

Machine B

tar cfp - /some/dir | compress –c | nc –w 3 machinea 1234

D.

Machine A

while true : do

nc –v –l –s –p 6000 machineb 2

Machine B

while true ; do

nc –v –l –s –p 6000 machinea 2

done

A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)

A.

Invalid Username

B.

Invalid Password

C.

Authentication Failure

D.

Login Attempt Failed

E.

Access Denied

The follows is an email header. What address is that of the true originator of the message?

A.

19.25.19.10

B.

51.32.123.21

C.

168.150.84.123

D.

215.52.220.122

E.

8.10.2/8.10.2

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

A.

Overloading Port Address Translation

B.

Dynamic Port Address Translation

C.

Dynamic Network Address Translation

D.

Static Network Address Translation

While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.

What is the most likely cause behind this response?

A.

The firewall is dropping the packets.

B.

An in-line IDS is dropping the packets.

C.

A router is blocking ICMP.

D.

The host does not respond to ICMP packets.

John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?

A.

nmap

B.

hping

C.

nessus

D.

make

Bob has been hired to perform a penetration test on XYZ.com. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online.

Within the context of penetration testing methodology, what phase is Bob involved with?

A.

Passive information gathering

B.

Active information gathering

C.

Attack phase

D.

Vulnerability Mapping

Which of the following tools can be used to perform a zone transfer?

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

What are two types of ICMP code used when using the ping command?

A.

It uses types 0 and 8.

B.

It uses types 13 and 14.

C.

It uses types 15 and 17.

D.

The ping command does not use ICMP but uses UDP.

What flags are set in a X-MAS scan?(Choose all that apply.

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

URG

Exhibit

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session.

What does the first and second column mean? Select two.

A.

The first column reports the sequence number

B.

The second column reports the difference between the current and last sequence number

C.

The second column reports the next sequence number

D.

The first column reports the difference between current and last sequence number

One of your team members has asked you to analyze the following SOA record. What is the TTL?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

3600 604800 2400.

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800