Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. While doing fast scan using –F option, which file is used to list the range of ports to scan by nmap?
A. services
B. nmap-services
C. protocols
D. ports
Answer: B
Explanation: Nmap uses the nmap-services file to provide additional port detail for almost every scanning method. Every time a port is referenced, it's compared to an available description in this support file. If the nmap-services file isn't available, nmap reverts to the /etc/services file applicable for the current operating system.
Q2. This kind of attack will let you assume a users identity at a dynamically generated web page or site:
A. SQL Injection
B. Cross Site Scripting
C. Session Hijacking
D. Zone Transfer
Answer: B
Explanation: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
Q3. Fingerprinting an Operating System helps a cracker because:
A. It defines exactly what software you have installed
B. It opens a security-delayed window based on the port being scanned
C. It doesn't depend on the patches that have been applied to fix existing security holes
D. It informs the cracker of which vulnerabilities he may be able to exploit on your system
Answer: D
Explanation: When a cracker knows what OS and Services you use he also knows which exploits might work on your system. If he would have to try all possible exploits for all possible Operating Systems and Services it would take too long time and the possibility of being detected increases.
Q4. E-mail scams and mail fraud are regulated by which of the following?
A. 18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers
B. 18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices
C. 18 U.S.C. par. 1362 Communication Lines, Stations, or Systems
D. 18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication
Answer: A
Explanation: http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html
Q5. Which of the following is NOT a valid NetWare access level?
A. Not Logged in
B. Logged in
C. Console Access
D. Administrator
Answer: D
Explanation: Administrator is an account not a access level.
Q6. eter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for?
Select the best answers.
A. SNMPUtil
B. SNScan
C. SNMPScan
D. Solarwinds IP Network Browser
E. NMap
Answer: ABD
Explanations:
SNMPUtil is a SNMP enumeration utility that is a part of the Windows 2000 resource kit. With SNMPUtil, you can retrieve all sort of valuable information through SNMP. SNScan is a SNMP network scanner by Foundstone. It does SNMP scanning to find open SNMP ports. Solarwinds IP Network Browser is a SNMP enumeration tool with a graphical tree-view of the remote machine's SNMP data.
Q7. Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security.
Maintaining the security of a Web server will usually involve the following steps:
1. Configuring, protecting, and analyzing log files
2. Backing up critical information frequently
3. Maintaining a protected authoritative copy of the organization's Web content
4. Establishing and following procedures for recovering from compromise
5. Testing and applying patches in a timely manner
6. Testing security periodically.
In which step would you engage a forensic investigator?
A. 1
B. 2
C. 3
D. 4
E. 5
F. 6
Answer: D
Q8. Jess the hacker runs L0phtCrack’s built-in sniffer utility which grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to.
But Jess is not picking up hashed from the network.
Why?
A. The network protocol is configured to use SMB Signing.
B. The physical network wire is on fibre optic cable.
C. The network protocol is configured to use IPSEC.
D. L0phtCrack SMB filtering only works through Switches and not Hubs.
Answer: A
Explanation: To protect against SMB session hijacking, NT supports a cryptographic integrity mechanism, SMB Signing, to prevent active network taps from interjecting themselves into an already established session.
Q9. A simple compiler technique used by programmers is to add a terminator 'canary word' containing four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are terminated. If the canary word has been altered when the function returns, and the program responds by emitting an intruder alert into syslog, and then halts what does it indicate?
A. The system has crashed
B. A buffer overflow attack has been attempted
C. A buffer overflow attack has already occurred
D. A firewall has been breached and this is logged
E. An intrusion detection system has been triggered
Answer: B
Explanation: Terminator Canaries are based on the observation that most buffer overflows and stack smash attacks are based on certain string operations which end at terminators. The reaction to this observation is that the canaries are built of NULL terminators, CR, LF, and -1. The undesirable result is that the canary is known.
Q10. Blake is in charge of securing all 20 of his company’s servers. He has enabled hardware and software firewalls, hardened the operating systems and disabled all unnecessary service on all the servers. Unfortunately, there is proprietary AS400 emulation software that must run on one of the servers that requires the telnet service to function properly. Blake is especially concerned about his since telnet can be a very large security risk in an organization. Blake is concerned about how his particular server might look to an outside attacker so he decides to perform some footprinting scanning and penetration tests on the server. Blake telents into the server and types the following command:
HEAD/HTTP/1.0
After pressing enter twice, Blake gets the following results:
What has the Blake just accomplished?
A. Grabbed the banner
B. Downloaded a file to his local computer
C. Submitted a remote command to crash the server
D. Poisoned the local DNS cache of the server
Answer: A
Q11. Neil monitors his firewall rules and log files closely on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web sites during work hours, without consideration for others. Neil knows that he has an updated content filtering system and that such access should not be authorized.
What type of technique might be used by these offenders to access the Internet without restriction?
A. They are using UDP which is always authorized at the firewall.
B. They are using tunneling software which allows them to communicate with protocols in a way it was not intended.
C. They have been able to compromise the firewall, modify the rules, and give themselves proper access.
D. They are using an older version of Internet Explorer that allows them to bypass the proxy server.
Answer: B
Explanation: This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic.
Q12. ____________ will let you assume a users identity at a dynamically generated web page or site.
A. SQL attack
B. Injection attack
C. Cross site scripting
D. The shell attack
E. Winzapper
Answer: C
Explanation: Cross site scripting is also referred to as XSS or CSS. You must know the user is online and you must scam that user into clicking on a link that you have sent in order for this hack attack to work.
Q13. ou are gathering competitive intelligence on ABC.com. You notice that they have jobs
listed on a few Internet job-hunting sites. There are two job postings for network and system administrators. How can this help you in footprint the organization?
A. The IP range used by the target network
B. An understanding of the number of employees in the company
C. How strong the corporate security policy is
D. The types of operating systems and applications being used.
Answer: D
Explanation: From job posting descriptions one can see which is the set of skills, technical knowledge, system experience required, hence it is possible to argue what kind of operating systems and applications the target organization is using.
Q14. WEP is used on 802.11 networks, what was it designed for?
A. WEP is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what it usually expected of a wired LAN.
B. WEP is designed to provide strong encryption to a wireless local area network (WLAN) with a lever of integrity and privacy adequate for sensible but unclassified information.
C. WEP is designed to provide a wireless local area network (WLAN) with a level of availability and privacy comparable to what is usually expected of a wired LAN.
D. WEOP is designed to provide a wireless local area network (WLAN) with a level of privacy comparable to what it usually expected of a wired LAN.
Answer: A
Explanation: WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004.
Q15. One of the most common and the best way of cracking RSA encryption is to being to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _________________ process, then the private key can be derived.
A. Factorization
B. Prime Detection
C. Hashing
D. Brute-forcing
Answer: A
Explanation: In April 1994, an international cooperative group of mathematicians and computer scientists solved a 17-year-old challenge problem, the factoring of a 129-digit number, called RSA-129, into two primes. That is, RSA-129 = 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 = 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. Se more at http://en.wikipedia.org/wiki/RSA_Factoring_Challenge