Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

NO: 72

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information.

You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

A.

Nmap

B.

Netcraft

C.

Ping sweep

D.

Dig

Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM.

NTLM and LM authentication protocols are used to securely store a user's password in the SAM database using different hashing methods.

The SAM file in Windows Server 2008 is located in which of the following locations?

A.

c:\windows\system32\config\SAM

B.

c:\windows\system32\drivers\SAM

C.

c:\windows\system32\Setup\SAM

D.

c:\windows\system32\Boot\SAM

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

A.

Filtered

B.

Stealth

C.

Closed

D.

Open

How many bits is Source Port Number in TCP Header packet?

A.

48

B.

32

C.

64

D.

16

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies.

A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces.

What could have prevented this information from being stolen from the laptops?

A.

SDW Encryption

B.

EFS Encryption

C.

DFS Encryption

D.

IPS Encryption

Why is a legal agreement important to have before launching a penetration test?

A.

Guarantees your consultant fees

B.

Allows you to perform a penetration test without the knowledge and consent of the organization's upper management

C.

It establishes the legality of the penetration test by documenting the scope of the project and the consent of the company.

D.

It is important to ensure that the target organization has implemented mandatory security policies

Besides the policy implications of chat rooms, Internet Relay Chat (IRC) is frequented by attackers and used as a command and control mechanism. IRC normally uses which one of the following TCP ports?

A.

6566 TCP port

B.

6771 TCP port

C.

6667 TCP port

D.

6257 TCP port

Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?

A.

Project Goal

B.

Success Factors

C.

Objectives

D.

Assumptions

Which one of the following architectures has the drawback of internally considering the hosted services individually?

A.

Weak Screened Subnet Architecture

B.

"Inside Versus Outside" Architecture

C.

"Three-Homed Firewall" DMZ Architecture

D.

Strong Screened-Subnet Architecture

A firewall’s decision to forward or reject traffic in network filtering is dependent upon which of the following?

A.

Destination address

B.

Port numbers

C.

Source address

D.

Protocol used