Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Exhibit: * Missing*
Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?
A. Port 1890 (Net-Devil Trojan)
B. Port 1786 (Net-Devil Trojan)
C. Port 1909 (Net-Devil Trojan)
D. Port 6667 (Net-Devil Trojan)
Answer: D
Explanation: From trace, 0x1A0B is 6667, IRC Relay Chat, which is one port used. Other ports are in the 900's.
Q2. What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?
A. The ethical hacker does not use the same techniques or skills as a cracker.
B. The ethical hacker does it strictly for financial motives unlike a cracker.
C. The ethical hacker has authorization from the owner of the target.
D. The ethical hacker is just a cracker who is getting paid.
Answer: C
Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target.
Q3. Reflective DDoS attacks do not send traffic directly at the targeted host. Instead, they usually spoof the originating IP addresses and send the requests at the reflectors. These reflectors (usually routers or high-powered servers with a large amount of network resources at their disposal) then reply to the spoofed targeted traffic by sending loads and loads of data to the final target.
How would you detect these reflectors on your network?
A. Run floodnet tool to detect these reflectors
B. Look for the banner text by running Zobbie Zappers tools
C. Run Vulnerability scanner on your network to detect these reflectors
D. Scan the network using Nmap for the services used by these reflectors
Answer: A
Explanation: http://www.exterminate-it.com/malpedia/remove-floodnet
Q4. Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company secrets and intellectual property to competitors for monitory benefits.
Here are some of the symptoms of a disgruntled employee:
a. Frequently leaves work early, arrive late or call in sick
b. Spends time surfing the Internet or on the phone
c. Responds in a confrontational, angry, or overly aggressive way to simple requests or comments
d. Always negative; finds fault with everything
These disgruntled employees are the biggest threat to enterprise security. How do you deal with these threats? (Select 2 answers)
A. Limit access to the applications they can run on their desktop computers and enforce strict work hour rules
B. By implementing Virtualization technology from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security to various employees
C. Organizations must ensure that their corporate data is centrally managed and delivered to users just and when needed
D. Limit Internet access, e-mail communications, access to social networking sites and job hunting portals
Answer: BC
Q5. A program that defends against a port scanner will attempt to:
A. Sends back bogus data to the port scanner
B. Log a violation and recommend use of security-auditing tools
C. Limit access by the scanning system to publicly available ports only
D. Update a firewall rule in real time to prevent the port scan from being completed
Answer: D
Q6. What are the three phases involved in security testing?
A. Reconnaissance, Conduct, Report
B. Reconnaissance, Scanning, Conclusion
C. Preparation, Conduct, Conclusion
D. Preparation, Conduct, Billing
Answer: C
Explanation: Preparation phase - A formal contract is executed containing non-disclosure of the client's data and legal protection for the tester. At a minimum, it also lists the IP addresses to be tested and time to test. Conduct phase - In this phase the penetration test is executed, with the tester looking for potential vulnerabilities. Conclusion phase - The results of the evaluation are communicated to the pre-defined organizational contact, and corrective action is advised.
Q7. Samuel is high school teenager who lives in Modesto California. Samuel is a straight ‘A’ student who really likes tinkering around with computers and other types of electronic devices. Samuel just received a new laptop for his birthday and has been configuring it ever since. While tweaking the registry, Samuel notices a pop up at the bottom of his screen stating that his computer was now connected to a wireless network. All of a sudden, he was able to get online and surf the Internet.
Samuel did some quick research and was able to gain access to the wireless router he was connecting to and see al of its settings? Being able to hop onto someone else’s wireless network so easily fascinated Samuel so he began doing more and more research on wireless technologies and how to exploit them. The next day Samuel’s fried said that he could drive around all over town and pick up hundred of wireless networks. This really excited Samuel so they got into his friend’s car and drove around the city seeing which networks they could connect to and which ones they could not.
What has Samuel and his friend just performed?
A. Wardriving
B. Warwalking
C. Warchalking
D. Webdriving
Answer: A
Explanation: Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect the networks. It was also known (as of 2002) as "WiLDing" (Wireless Lan Driving, although this term never gained any popularity and is no longer used), originating in the San Francisco Bay Area with the Bay Area Wireless Users Group (BAWUG). It is similar to using a scanner for radio.
Topic 18, Linux Hacking
437. Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library.
What is the name of this library?
A. NTPCAP
B. LibPCAP
C. WinPCAP
D. PCAP
Q8. One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term?
A. Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process
B. Providers can increase the bandwidth on critical connections to prevent them from going down in the event of an attack
C. Replicating servers that can provide additional failsafe protection
D. Load balance each server in a multiple-server architecture
Answer: A
Q9. Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?
A. Yancey would be considered a Suicide Hacker
B. Since he does not care about going to jail, he would be considered a Black Hat
C. Because Yancey works for the company currently; he would be a White Hat
D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing
Answer: A
Q10. Lori was performing an audit of her company's internal Sharepoint pages when she came across the following code: What is the purpose of this code?
A. This JavaScript code will use a Web Bug to send information back to another server.
B. This code snippet will send a message to a server at 192.154.124.55 whenever the "escape" key is pressed.
C. This code will log all keystrokes.
D. This bit of JavaScript code will place a specific image on every page of the RSS feed.
Answer: C
Q11. Which of the following encryption is not based on Block Cipher?
A. DES
B. Blowfish
C. AES
D. RC4
Answer: D
Explanation: RC4 (also known as ARC4 or ARCFOUR) is the most widely-used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks).
Topic 22, Penetration Testing Methodologies
556. Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate.
What would you call this kind of activity?
A. CI Gathering
B. Scanning
C. Dumpster Diving
D. Garbage Scooping
Q12. The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log given below and answer the following question:
(Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source – destination entries from log entries.)
What can you infer from the above log?
A. The system is a windows system which is being scanned unsuccessfully.
B. The system is a web application server compromised through SQL injection.
C. The system has been compromised and backdoored by the attacker.
D. The actual IP of the successful attacker is 24.9.255.53.
Answer: A
Q13. Lyle is a systems security analyst for Gusteffson & Sons, a large law firm in Beverly Hills. Lyle's responsibilities include network vulnerability scans, Antivirus monitoring, and IDS monitoring. Lyle receives a help desk call from a user in the Accounting department. This user reports that his computer is running very slow all day long and it sometimes gives him an error message that the hard drive is almost full. Lyle runs a scan on the computer with the company antivirus software and finds nothing. Lyle downloads another free antivirus application and scans the computer again. This time a virus is found on the computer. The infected files appear to be Microsoft Office files since they are in the same directory as that software. Lyle does some research and finds that this virus disguises itself as a genuine application on a computer to hide from antivirus software. What type of virus has Lyle found on this computer?
A. This type of virus that Lyle has found is called a cavity virus.
B. Lyle has discovered a camouflage virus on the computer.
C. By using the free antivirus software, Lyle has found a tunneling virus on the computer.
D. Lyle has found a polymorphic virus on this computer
Answer: C
Q14. Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to save the page locally, so that he can modify the page variables. In the context of web application security, what do you think Bubba has changes?
A. A hidden form field value.
B. A hidden price value.
C. An integer variable.
D. A page cannot be changed locally, as it is served by a web server.
Answer: A
Q15. What are the main drawbacks for anti-virus software?
A. AV software is difficult to keep up to the current revisions.
B. AV software can detect viruses but can take no action.
C. AV software is signature driven so new exploits are not detected.
D. It’s relatively easy for an attacker to change the anatomy of an attack to bypass AV systems
E. AV software isn’t available on all major operating systems platforms.
F. AV software is very machine (hardware) dependent.
Answer: C
Explanation: Although there are functions like heuristic scanning and sandbox technology, the Antivirus program is still mainly depending of signature databases and can only find already known viruses.