Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Passive reconnaissance involves collecting information through which of the following?

A.

Social engineering

B.

Network traffic sniffing

C.

Man in the middle attacks

D.

Publicly accessible sources

WWW wanderers or spiders are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. Search engines like Google, frequently spider web pages for indexing. How will you stop web spiders from crawling certain directories on your website?

A.

Place robots.txt file in the root of your website with listing of directories that you don't want to be crawled

B.

Place authentication on root directories that will prevent crawling from these spiders

C.

Enable SSL on the restricted directories which will block these spiders from crawling

D.

Place "HTTP:NO CRAWL" on the html pages that you don't want the crawlers to index

Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?

A.

The initial traffic from 192.168.12.35 was being spoofed.

B.

The traffic from 192.168.12.25 is from a Linux computer.

C.

The TTL of 21 means that the client computer is on wireless.

D.

The client computer at 192.168.12.35 is a zombie computer.

Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:

SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'

What will the SQL statement accomplish?

A.

If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin

B.

This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com

C.

This Select SQL statement will log James in if there are any users with NULL passwords

D.

James will be able to see if there are any default user accounts in the SQL database

Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here?

A.

Hayden is attempting to find live hosts on her company's network by using an XMAS scan

B.

She is utilizing a SYN scan to find live hosts that are listening on her network

C.

The type of scan, she is using is called a NULL scan

D.

Hayden is using a half-open scan to find live hosts on her network

Lauren is performing a network audit for her entire company. The entire network is comprised of around 500 computers. Lauren starts an ICMP ping sweep by sending one IP packet to the broadcast address of the network, but only receives responses from around five hosts. Why did this ping sweep only produce a few responses?

A.

Only Windows systems will reply to this scan.

B.

A switched network will not respond to packets sent to the broadcast address.

C.

Only Linux and Unix-like (Non-Windows) systems will reply to this scan.

D.

Only servers will reply to this scan.

Blane is a security analyst for a law firm. One of the lawyers needs to send out an email to a client but he wants to know if the email is forwarded on to any other recipients. The client is explicitly asked not to re-send the email since that would be a violation of the lawyer's and client's agreement for this particular case. What can Blane use to accomplish this?

A.

He can use a split-DNS service to ensure the email is not forwarded on.

B.

A service such as HTTrack would accomplish this.

C.

Blane could use MetaGoofil tracking tool.

D.

Blane can use a service such as ReadNotify tracking tool.

What command would you type to OS fingerprint a server using the command line?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

The SNMP Read-Only Community String is like a password. The string is sent along with each SNMP Get-Request and allows (or denies) access to a device. Most network vendors ship their equipment with a default password of "public". This is the so-called "default public community string". How would you keep intruders from getting sensitive information regarding the network devices using SNMP? (Select 2 answers)

A.

Enable SNMPv3 which encrypts username/password authentication

B.

Use your company name as the public community string replacing the default 'public'

C.

Enable IP filtering to limit access to SNMP device

D.

The default configuration provided by device vendors is highly secure and you don't need to change anything

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

A.

The victim user must open the malicious link with an Internet Explorer prior to version 8.

B.

The session cookies generated by the application do not have the HttpOnly flag set.

C.

The victim user must open the malicious link with a Firefox prior to version 3.

D.

The web application should not use random tokens.

Bank of Timbuktu is a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently. Customers can access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser.

John Stevens is in charge of information security at Bank of Timbuktu. After one month in production, several customers have complained about the Internet enabled banking application. Strangely, the account balances of many of the bank's customers had been changed! However, money hasn't been removed from the bank; instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries:

What kind of attack did the Hacker attempt to carry out at the bank?

A.

Brute force attack in which the Hacker attempted guessing login ID and password from password cracking tools.

B.

The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason's session.

C.

The Hacker used a generator module to pass results to the Web server and exploited Web application CGI vulnerability.

D.

The Hacker first attempted logins with suspected user names, then used SQL Injection to gain access to valid bank login IDs.

You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?

A.

Convert the Trojan.exe file extension to Trojan.txt disguising as text file

B.

Break the Trojan into multiple smaller files and zip the individual pieces

C.

Change the content of the Trojan using hex editor and modify the checksum

D.

Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1

You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks?

A.

System services

B.

EXEC master access

C.

xp_cmdshell

D.

RDC

When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?

A.

Drops the packet and moves on to the next one

B.

Continues to evaluate the packet until all rules are checked

C.

Stops checking rules, sends an alert, and lets the packet continue

D.

Blocks the connection with the source IP address in the packet

Which of the following types of firewall inspects only header information in network traffic?

A.

Packet filter

B.

Stateful inspection

C.

Circuit-level gateway

D.

Application-level gateway

NTP allows you to set the clocks on your systems very accurately, to within 100ms and sometimes-even 10ms. Knowing the exact time is extremely important for enterprise security. Various security protocols depend on an accurate source of time information in order to prevent "playback" attacks. These protocols tag their communications with the current time, to prevent attackers from replaying the same communications, e.g., a login/password interaction or even an entire communication, at a later date. One can circumvent this tagging, if the clock can be set back to the time the communication was recorded. An attacker attempts to try corrupting the clocks on devices on your network. You run Wireshark to detect the NTP traffic to see if there are any irregularities on the network. What port number you should enable in Wireshark display filter to view NTP packets?

A.

TCP Port 124

B.

UDP Port 125

C.

UDP Port 123

D.

TCP Port 126

Which of the following Exclusive OR transforms bits is NOT correct?

A.

0 xor 0 = 0

B.

1 xor 0 = 1

C.

1 xor 1 = 1

D.

0 xor 1 = 1

Which of the following are valid types of rootkits? (Choose three.)

A.

Hypervisor level

B.

Network level

C.

Kernel level

D.

Application level

E.

Physical level

F.

Data access level

Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?

alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msG. "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids, 485;) alert

A.

The payload of 485 is what this Snort signature will look for.

B.

Snort will look for 0d0a5b52504c5d3030320d0a in the payload.

C.

Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.

D.

From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus?

A.

Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus

B.

Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus

C.

No. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program

D.

No. June can't use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus