Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?

A.

The ethical hacker does not use the same techniques or skills as a cracker.

B.

The ethical hacker does it strictly for financial motives unlike a cracker.

C.

The ethical hacker has authorization from the owner of the target.

D.

The ethical hacker is just a cracker who is getting paid.

Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4.

A.

UDP is filtered by a gateway

B.

The packet TTL value is too low and cannot reach the target

C.

The host might be down

D.

The destination network might be down

E.

The TCP windows size does not match

F.

ICMP is filtered by a gateway

While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:

Remote operating system guess: Too many signatures match to reliably guess the OS.

Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds

What should be your next step to identify the OS?

A.

Perform a firewalk with that system as the target IP

B.

Perform a tcp traceroute to the system using port 53

C.

Run an nmap scan with the -v-v option to give a better output

D.

Connect to the active services and review the banner information

What two things will happen if a router receives an ICMP packet, which has a TTL value of 1, and the destination host is several hops away? (Select 2 answers)

A.

The router will discard the packet

B.

The router will decrement the TTL value and forward the packet to the next router on the path to the destination host

C.

The router will send a time exceeded message to the source host

D.

The router will increment the TTL value and forward the packet to the next router on the path to the destination host.

E.

The router will send an ICMP Redirect Message to the source host

John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?

A.

nmap

B.

hping

C.

nessus

D.

make

While footprinting a network, what port/service should you look for to attempt a zone transfer?

A.

53 UDP

B.

53 TCP

C.

25 UDP

D.

25 TCP

E.

161 UDP

F.

22 TCP

G.

60 TCP

One of your team members has asked you to analyze the following SOA record. What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

3600 604800 2400.

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?

A.

Scan more slowly.

B.

Do not scan the broadcast IP.

C.

Spoof the source IP address.

D.

Only scan the Windows systems.

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

A.

IP Security (IPSEC)

B.

Multipurpose Internet Mail Extensions (MIME)

C.

Pretty Good Privacy (PGP)

D.

Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Which of the following ICMP message types are used for destinations unreachables?

A.

0

B.

3

C.

11

D.

13

E.

17

You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of which protocols are being used. You need to discover as many different protocols as possible.

Which kind of scan would you use to achieve this? (Choose the best answer)

A.

Nessus scan with TCP based pings.

B.

Nmap scan with the –sP (Ping scan) switch.

C.

Netcat scan with the –u –e switches.

D.

Nmap with the –sO (Raw IP packets) switch.

Bob has been hired to perform a penetration test on XYZ.com. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online.

Within the context of penetration testing methodology, what phase is Bob involved with?

A.

Passive information gathering

B.

Active information gathering

C.

Attack phase

D.

Vulnerability Mapping

Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

A.

CHAT rooms

B.

WHOIS database

C.

News groups

D.

Web sites

E.

Search engines

F.

Organization’s own web site

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?

A.

Netstat WMI Scan

B.

Silent Dependencies

C.

Consider unscanned ports as closed

D.

Reduce parallel connections on congestion

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

A.

WebBugs

B.

WebGoat

C.

VULN_HTML

D.

WebScarab

A security policy will be more accepted by employees if it is consistent and has the support of

A.

coworkers.

B.

executive management.

C.

the security officer.

D.

a supervisor.

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

A.

The request to the web server is not visible to the administrator of the vulnerable application.

B.

The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C.

The successful attack does not show an error message to the administrator of the affected application.

D.

The vulnerable application does not display errors with information about the injection results to the attacker.

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output:

HTTP/1.1 200 OK

Server: Microsoft-IIS/6

Expires: Tue, 17 Jan 2011 01:41:33 GMT

DatE. Mon, 16 Jan 2011 01:41:33 GMT

Content-TypE. text/html

Accept-Ranges: bytes

Last-ModifieD. Wed, 28 Dec 2010 15:32:21 GMT

ETaG. "b0aac0542e25c31:89d"

Content-Length: 7369

Which of the following is an example of what the engineer performed?

A.

Cross-site scripting

B.

Banner grabbing

C.

SQL injection

D.

Whois database query

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

A.

Passive

B.

Reflective

C.

Active

D.

Distributive