Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

You receive an e-mail with the following text message.

"Microsoft and HP today warned all customers that a new, highly dangerous virus has been discovered which will erase all your files at midnight. If there's a file called hidserv.exe on your computer, you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible."

You launch your antivirus software and scan the suspicious looking file hidserv.exe located in c:\windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate Windows system file "Human Interface Device Service".

What category of virus is this?

A.

Virus hoax

B.

Spooky Virus

C.

Stealth Virus

D.

Polymorphic Virus

How do you defend against DHCP Starvation attack?

A.

Enable ARP-Block on the switch

B.

Enable DHCP snooping on the switch

C.

Configure DHCP-BLOCK to 1 on the switch

D.

Install DHCP filters on the switch to block this attack

In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?

A.

EEP

B.

ESP

C.

EAP

D.

EIP

Which type of scan does NOT open a full TCP connection?

A.

Stealth Scan

B.

XMAS Scan

C.

Null Scan

D.

FIN Scan

How would you describe an attack where an attacker attempts to deliver the payload over multiple packets over long periods of time with the purpose of defeating simple pattern matching in IDS systems without session reconstruction? A characteristic of this attack would be a continuous stream of small packets.

A.

Session Hijacking

B.

Session Stealing

C.

Session Splicing

D.

Session Fragmentation

This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.

A.

UDP Scanning

B.

IP Fragment Scanning

C.

Inverse TCP flag scanning

D.

ACK flag scanning

Shayla is an IT security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security.

No employees for the company, other than the IT director, know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices.

What type of insider threat would Shayla be considered?

A.

She would be considered an Insider Affiliate

B.

Because she does not have any legal access herself, Shayla would be considered an Outside Affiliate

C.

Shayla is an Insider Associate since she has befriended an actual employee

D.

Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago'

How will you delete the OrdersTable from the database using SQL Injection?

A.

Chicago'; drop table OrdersTable --

B.

Delete table'blah'; OrdersTable --

C.

EXEC; SELECT * OrdersTable > DROP --

D.

cmdshell'; 'del c:\sql\mydb\OrdersTable' //

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization.

How would you prevent such type of attacks?

A.

It is impossible to block these attacks

B.

Hire the people through third-party job agencies who will vet them for you

C.

Conduct thorough background checks before you engage them

D.

Investigate their social networking profiles

XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities.

What is the correct code when converted to html entities?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?

A.

Configure Port Security on the switch

B.

Configure Port Recon on the switch

C.

Configure Switch Mapping

D.

Configure Multiple Recognition on the switch

What does FIN in TCP flag define?

A.

Used to abort a TCP connection abruptly

B.

Used to close a TCP connection

C.

Used to acknowledge receipt of a previous packet or transmission

D.

Used to indicate the beginning of a TCP connection

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer. This program hides itself deep into an operating system for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and may be used to create a hidden directory or folder designed to keep out of view from a user's operating system and security software.

What privilege level does a rootkit require to infect successfully on a Victim's machine?

A.

User level privileges

B.

Ring 3 Privileges

C.

System level privileges

D.

Kernel level privileges

What type of session hijacking attack is shown in the exhibit?

A.

Cross-site scripting Attack

B.

SQL Injection Attack

C.

Token sniffing Attack

D.

Session Fixation Attack

Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file - emos.sys

Which step would you perform to detect this type of Trojan?

A.

Scan for suspicious startup programs using msconfig

B.

Scan for suspicious network activities using Wireshark

C.

Scan for suspicious device drivers in c:\windows\system32\drivers

D.

Scan for suspicious open ports using netstat

Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company secrets and intellectual property to competitors for monitory benefits.

Here are some of the symptoms of a disgruntled employee:

a. Frequently leaves work early, arrive late or call in sick

b. Spends time surfing the Internet or on the phone

c. Responds in a confrontational, angry, or overly aggressive way to simple requests or comments

d. Always negative; finds fault with everything

These disgruntled employees are the biggest threat to enterprise security. How do you deal with these threats? (Select 2 answers)

A.

Limit access to the applications they can run on their desktop computers and enforce strict work hour rules

B.

By implementing Virtualization technology from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security to various employees

C.

Organizations must ensure that their corporate data is centrally managed and delivered to users just and when needed

D.

Limit Internet access, e-mail communications, access to social networking sites and job hunting portals

More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically hides the true nature of the shellcode in different disguises.

How does a polymorphic shellcode work?

A.

They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode

B.

They convert the shellcode into Unicode, using loader to convert back to machine code then executing them

C.

They reverse the working instructions into opposite order by masking the IDS signatures

D.

They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode

You want to hide a secret.txt document inside c:\windows\system32\tcpip.dll kernel library using ADS streams. How will you accomplish this?

A.

copy secret.txt c:\windows\system32\tcpip.dll kernel>secret.txt

B.

copy secret.txt c:\windows\system32\tcpip.dll:secret.txt

C.

copy secret.txt c:\windows\system32\tcpip.dll |secret.txt

D.

copy secret.txt >< c:\windows\system32\tcpip.dll kernel secret.txt

In which part of OSI layer, ARP Poisoning occurs?

A.

Transport Layer

B.

Datalink Layer

C.

Physical Layer

D.

Application layer

What type of port scan is shown below?

A.

Idle Scan

B.

FIN Scan

C.

XMAS Scan

D.

Windows Scan