New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

In which of the following attacking methods does an attacker distribute incorrect IP address?

A.

IP spoofing

B.

Mac flooding

C.

DNS poisoning

D.

Man-in-the-middle

Which of the following statements are true about session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

A.

Use of a long random number or string as the session key reduces session hijacking.

B.

It is used to slow the working of victim's network resources.

C.

TCP session hijacking is when a hacker takes over a TCP session between two machines.

D.

It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

Which of the following statements about buffer overflow is true?

A.

It manages security credentials and public keys for message encryption.

B.

It is a collection of files used by Microsoft for software updates released between major service pack releases.

C.

It is a condition in which an application receives more data than it is configured to accept.

D.

It is a false warning about a virus.

Which of the following statements are true about netcat?

Each correct answer represents a complete solution. Choose all that apply.

A.

It provides special tunneling, such as UDP to TCP, with the possibility of specifying all network parameters.

B.

It can be used as a file transfer solution.

C.

It provides outbound and inbound connections for TCP and UDP ports.

D.

The nc -z command can be used to redirect stdin/stdout from a program.

Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?

A.

Whishker

B.

Nessus

C.

SARA

D.

Nmap

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

A.

Manual penetration testing

B.

Code review

C.

Automated penetration testing

D.

Vulnerability scanning

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.

A.

IIS buffer overflow

B.

NetBIOS NULL session

C.

SNMP enumeration

D.

DNS zone transfer

Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).

What attack will his program expose the Web application to?

A.

Format string attack

B.

Cross Site Scripting attack

C.

SQL injection attack

D.

Sequence++ attack