Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL’s _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

A.

Relational, Hierarchical

B.

Strict, Abstract

C.

Hierarchical, Relational

D.

Simple, Complex

Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

A.

Eve is trying to connect as a user with Administrator privileges

B.

Eve is trying to enumerate all users with Administrative privileges

C.

Eve is trying to carry out a password crack for user Administrator

D.

Eve is trying to escalate privilege of the null user to that of Administrator

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

What is the purpose of DNS AAAA record?

A.

Authorization, Authentication and Auditing record

B.

Address prefix record

C.

Address database record

D.

IPv6 address resolution record

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?

A.

Take over the session

B.

Reverse sequence prediction

C.

Guess the sequence numbers

D.

Take one of the parties offline

What is GINA?

A.

Gateway Interface Network Application

B.

GUI Installed Network Application CLASS

C.

Global Internet National Authority (G-USA)

D.

Graphical Identification and Authentication DLL

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

A.

wireshark --fetch ''192.168.8*''

B.

wireshark --capture --local masked 192.168.8.0 ---range 24

C.

tshark -net 192.255.255.255 mask 192.168.8.0

D.

sudo tshark -f''net 192 .68.8.0/24''

Password cracking programs reverse the hashing process to recover passwords. (True/False.)

A.

True

B.

False

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

A.

Configure the Web Server to deny requests involving "hex encoded" characters

B.

Create rules in IDS to alert on strange Unicode requests

C.

Use SSL authentication on Web Servers

D.

Enable Active Scripts Detection at the firewall and routers

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

A.

USER, NICK

B.

LOGIN, NICK

C.

USER, PASS

D.

LOGIN, USER

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

A.

Implementing server-side PKI certificates for all connections

B.

Mandating only client-side PKI certificates for all connections

C.

Requiring client and server PKI certificates for all connections

D.

Requiring strong authentication for all DNS queries

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

A.

RC4

B.

RC5

C.

MD4

D.

MD5