Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. In an attempt to secure his 802.11b wireless network, Bob decides to use strategic antenna positioning. He places the antenna for the access point near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the buildings center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Bob figures that with this and his placement of antennas, his wireless network will be safe from attack. Which of he following statements is true?
A. Bob’s network will not be safe until he also enables WEP
B. With the 300-foot limit of a wireless signal, Bob’s network is safe
C. Bob’s network will be sage but only if he doesn’t switch to 802.11a
D. Wireless signals can be detected from miles away; Bob’s network is not safe
Answer: D
Explanation: It’s all depending on the capacity of the antenna that a potential hacker will use in order to gain access to the wireless net.
Q2. You are gathering competitive intelligence on an organization. You notice that they have jobs listed on a few Internet job-hunting sites. There are two jobs for network and system administrators. How can this help you in foot printing the organization?
A. To learn about the IP range used by the target network
B. To identify the number of employees working for the company
C. To test the limits of the corporate security policy enforced in the company
D. To learn about the operating systems, services and applications used on the network
Answer: D
Q3. While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect’s workstation. He comes across a file that is called ‘file.txt’ but when he opens it, he find the following:
What does this file contain?
A. A picture that has been renamed with a .txt extension.
B. An encrypted file.
C. A uuencoded file.
D. A buffer overflow.
Answer: D
Explanation: This is a buffer overflow exploit with its “payload” in hexadecimal format.
Q4. Exhibit:
You have captured some packets in Ethereal. You want to view only packets sent from
10.0.0.22. What filter will you apply?
A. ip = 10.0.0.22
B. ip.src == 10.0.0.22
C. ip.equals 10.0.0.22
D. ip.address = 10.0.0.22
Answer: B
Explanation: ip.src tells the filter to only show packets with 10.0.0.22 as the source.
Q5. Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet.
He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out any vulnerabilities. What are some common vulnerabilities in web applications that he should be concerned about?
A. Non-validated parameters, broken access control, broken account and session management, cross-side scripting and buffer overflows are just a few common vulnerabilities
B. No IDS configured, anonymous user account set as default, missing latest security patch, no firewall filters set and visible clear text passwords are just a few common vulnerabilities
C. Visible clear text passwords, anonymous user account set as default, missing latest security patch, no firewall filters set and no SSL configured are just a few common vulnerabilities
D. No SSL configured, anonymous user account set as default, missing latest security patch, no firewall filters set and an inattentive system administrator are just a few common vulnerabilities
Answer: A
Q6. If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).
A. True
B. False
Answer: A
Explanation: When and ACK is sent to an open port, a RST is returned.
Q7. The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log given below and answer the following question:
(Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source – destination entries from log entries.)
What can you infer from the above log?
A. The system is a windows system which is being scanned unsuccessfully.
B. The system is a web application server compromised through SQL injection.
C. The system has been compromised and backdoored by the attacker.
D. The actual IP of the successful attacker is 24.9.255.53.
Answer: A
Q8. What is the expected result of the following exploit?
A. Opens up a telnet listener that requires no username or password.
B. Create a FTP server with write permissions enabled.
C. Creates a share called “sasfile” on the target system.
D. Creates an account with a user name of Anonymous and a password of noone@nowhere.com.
Answer: A
Explanation: The script being depicted is in perl (both msadc.pl and the script their using as a wrapper) -- $port, $your, $user, $pass, $host are variables that hold the port # of a DNS server, an IP, username, and FTP password. $host is set to argument variable 0 (which means the string typed directly after the command). Essentially what happens is it connects to an FTP server and downloads nc.exe (the TCP/IP swiss-army knife -- netcat) and uses nc to open a TCP port spawning cmd.exe (cmd.exe is the Win32 DOS shell on NT/2000/2003/XP), cmd.exe when spawned requires NO username or password and has the permissions of the username it is being executed as (probably guest in this instance, although it could be administrator). The #'s in the script means the text following is a comment, notice the last line in particular, if the # was removed the script would spawn a connection to itself, the host system it was running on.
Q9. This is an authentication method in which is used to prove that a party knows a password without transmitting the password in any recoverable form over a network. This authentication is secure because the password is never transmitted over the network, even in hashed form; only a random number and an encrypted random number are sent.
A. Realm Authentication
B. SSL Authentication
C. Basic Form Authentication
D. Cryptographic Authentication
E. Challenge/Response Authentication
Answer: E
Explanation: Challenge-Response Authentication The secure Challenge-Response Authentication Mechanism (CRAM-MD5) avoids passing a cleartext password over the network when you access your email account, ensuring that your login details cannot be captured and used by anyone in transit. http://www.neomailbox.com/component/content/article/212-hardware-token-authentication
Q10. Blane is a security analyst for a law firm. One of the lawyers needs to send out an email to a client but he wants to know if the email is forwarded on to any other recipients. The client is explicitly asked not to re-send the email since that would be a violation of the lawyer's and client's agreement for this particular case. What can Blane use to accomplish this?
A. He can use a split-DNS service to ensure the email is not forwarded on.
B. A service such as HTTrack would accomplish this.
C. Blane could use MetaGoofil tracking tool.
D. Blane can use a service such as ReadNotify tracking tool.
Answer: D
Q11. Melissa is a virus that attacks Microsoft Windows platforms.
To which category does this virus belong?
A. Polymorphic
B. Boot Sector infector
C. System
D. Macro
Answer: D
Explanation: The Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment.
Q12. Google uses a unique cookie for each browser used by an individual user on a computer. This cookie contains information that allows Google to identify records about that user on its database. This cookie is submitted every time a user launches a Google search, visits a site using AdSense etc. The information stored in Google's database, identified by the cookie, includes
-Everything you search for using Google -Every web page you visit that has Google Adsense ads
How would you prevent Google from storing your search keywords?
A. Block Google Cookie by applying Privacy and Security settings in your web browser
B. Disable the Google cookie using Google Advanced Search settings on Google Search page
C. Do not use Google but use another search engine Bing which will not collect and store your search keywords
D. Use MAC OS X instead of Windows 7. Mac OS has higher level of privacy controls by default.
Answer: A
Q13. Attacker forges a TCP/IP packet, which causes the victim to try opening a connection with itself. This causes the system to go into an infinite loop trying to resolve this unexpected connection. Eventually, the connection times out, but during this resolution, the machine appears to hang or become very slow. The attacker sends such packets on a regular basis to slow down the system.
Unpatched Windows XP and Windows Server 2003 machines are vulnerable to these attacks. What type of Denial of Service attack is represented here?
A. SMURF Attacks
B. Targa attacks
C. LAND attacks
D. SYN Flood attacks
Answer: C
Explanation: The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address and an open port as both source and destination.The reason a LAND attack works is because it causes the machine to reply to itself continuously.
http://en.wikipedia.org/wiki/LAND
Q14. You are doing IP spoofing while you scan your target. You find that the target has port 23 open.Anyway you are unable to connect. Why?
A. A firewall is blocking port 23
B. You cannot spoof + TCP
C. You need an automated telnet tool
D. The OS does not reply to telnet even if port 23 is open
Answer: A
Explanation: The question is not telling you what state the port is being reported by the scanning utility, if the program used to conduct this is nmap, nmap will show you one of three states – “open”, “closed”, or “filtered” a port can be in an “open” state yet filtered, usually by a stateful packet inspection filter (ie. Netfilter for linux, ipfilter for bsd). C and D to make any sense for this question, their bogus, and B, “You cannot spoof + TCP”, well you can spoof + TCP, so we strike that out.
Q15. A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.
What do you think is the most likely reason behind this?
A. There is a NIDS present on that segment.
B. Kerberos is preventing it.
C. Windows logons cannot be sniffed.
D. L0phtcrack only sniffs logons to web servers.
Answer: B
Explanation: In a Windows 2000 network using Kerberos you normally use pre-authentication and the user password never leaves the local machine so it is never exposed to the network so it should not be able to be sniffed.