Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Which of the following statements would NOT be a proper definition for a Trojan Horse?

A.

An authorized program that has been designed to capture keyboard keystroke while the user is unaware of such activity being performed

B.

An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user

C.

A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user

D.

Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user

In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them:

FIN = 1

SYN = 2

RST = 4

PSH = 8

ACK = 16

URG = 32

ECE = 64

CWR = 128

Jason is the security administrator of ASPEN Communications. He analyzes some traffic using Wireshark and has enabled the following filters.

What is Jason trying to accomplish here?

A.

SYN, FIN, URG and PSH

B.

SYN, SYN/ACK, ACK

C.

RST, PSH/URG, FIN

D.

ACK, ACK, SYN, URG

Consider the following code:

URL:http://www.certified.com/search.pl?

text=

If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.

What is the countermeasure against XSS scripting?

A.

Create an IP access list and restrict connections based on port number

B.

Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts

C.

Disable Javascript in IE and Firefox browsers

D.

Connect to the server using HTTPS protocol instead of HTTP

You want to capture Facebook website traffic in Wireshark. What display filter should you use that shows all TCP packets that contain the word 'facebook'?

A.

display==facebook

B.

traffic.content==facebook

C.

tcp contains facebook

D.

list.display.facebook

What is a sniffing performed on a switched network called?

A.

Spoofed sniffing

B.

Passive sniffing

C.

Direct sniffing

D.

Active sniffing

Ursula is a college student at a University in Amsterdam. Ursula originally went to college to study engineering but later changed to marine biology after spending a month at sea with her friends. These friends frequently go out to sea to follow and harass fishing fleets that illegally fish in foreign waters. Ursula eventually wants to put companies practicing illegal fishing out of business. Ursula decides to hack into the parent company's computers and destroy critical data knowing fully well that, if caught, she probably would be sent to jail for a very long time. What would Ursula be considered?

A.

Ursula would be considered a gray hat since she is performing an act against illegal activities.

B.

She would be considered a suicide hacker.

C.

She would be called a cracker.

D.

Ursula would be considered a black hat.

Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a technique called Search Engine Optimization.

Once the Fake AV is downloaded into the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats.

The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made.

What is the risk of installing Fake AntiVirus?

A.

Victim's Operating System versions, services running and applications installed will be published on Blogs and Forums

B.

Victim's personally identifiable information such as billing address and credit card details, may be extracted and exploited by the attacker

C.

Once infected, the computer will be unable to boot and the Trojan will attempt to format the hard disk

D.

Denial of Service attack will be launched against the infected computer crashing other machines on the connected network

Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It also provides devices, which would otherwise be unable to communicate a means to notify administrators of problems or performance.

What default port Syslog daemon listens on?

A.

242

B.

312

C.

416

D.

514

SNMP is a connectionless protocol that uses UDP instead of TCP packets (True or False)

A.

true

B.

false

Web servers often contain directories that do not need to be indexed. You create a text file with search engine indexing restrictions and place it on the root directory of the Web Server.

User-agent: *

Disallow: /images/

Disallow: /banners/

Disallow: /Forms/

Disallow: /Dictionary/

Disallow: /_borders/

Disallow: /_fpclass/

Disallow: /_overlay/

Disallow: /_private/

Disallow: /_themes/

What is the name of this file?

A.

robots.txt

B.

search.txt

C.

blocklist.txt

D.

spf.txt

Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges?

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

TCP/IP Session Hijacking is carried out in which OSI layer?

A.

Datalink layer

B.

Transport layer

C.

Network layer

D.

Physical layer

Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

A.

Teardrop

B.

Smurf

C.

Ping of Death

D.

SYN flood

E.

SNMP Attack

Which DNS resource record can indicate how long any "DNS poisoning" could last?

A.

MX

B.

SOA

C.

NS

D.

TIMEOUT

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack?

A.

Timestamps

B.

SMB Signing

C.

File permissions

D.

Sequence numbers monitoring

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Which type of attack is port scanning?

A.

Web server attack

B.

Information gathering

C.

Unauthorized access

D.

Denial of service attack

An attacker runs netcat tool to transfer a secret file between two hosts.

Machine A: netcat -l -p 1234 < secretfile

Machine B: netcat 192.168.3.4 > 1234

He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

A.

Machine A: netcat -l -p -s password 1234 < testfile

Machine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfile

Machine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw password

Machine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

A.

Block port 25 at the firewall.

B.

Shut off the SMTP service on the server.

C.

Force all connections to use a username and password.

D.

Switch from Windows Exchange to UNIX Sendmail.

E.

None of the above.