551-600

Question 1

Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port.

Which of the following wireless attacks would this address?

Answer 1

D.

Rogue access point

Question 2

Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues.

Which of the following should the technician do?

Answer 2

C.

Check the MAC address of the AP to which the users are connecting to determine if it is an imposter

Question 3

Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly.

Which of the following is MOST likely occurring?

Answer 3

D.

An attacker has installed an access point nearby in an attempt to capture company information.

Question 4

Which of the following is where an unauthorized device is found allowing access to a network?

Answer 4

B.

Rogue access point

Question 5

Which of the following attacks would cause all mobile devices to lose their association with corporate access points while the attack is underway?

Answer 5

A.

Wireless jamming

Question 6

The system administrator has been notified that many users are having difficulty connecting to the company’s wireless network. They take a new laptop and physically go to the access point and connect with no problems.

Which of the following would be the MOST likely cause?

Answer 6

D.

An unauthorized access point has been configured to operate on the same channel.

Question 7

After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points:

Corpnet
Coffeeshop
FreePublicWifi

Using this information, the attacker spoofs a response to make nearby laptops connect back to a malicious device.

Which of the following has the attacker created?

Answer 7

C.

Evil twin

Question 8

After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output:

MACSSIDENCRYPTIONPOWERBEACONS
00:10:A1:36:12:CCMYCORPWPA2 CCMP601202
00:10:A1:49:FC:37MYCORPWPA2 CCMP709102
FB:90:11:42:FA:99MYCORPWPA2 CCMP403031 00:10:A1:AA:BB:CCMYCORPWPA2 CCMP552021 00:10:A1:FA:B1:07MYCORPWPA2 CCMP306044

Given that the corporate wireless network has been standardized, which of the following attacks is underway?

Answer 8

A.

Evil twin

Question 9

Which of the following types of wireless attacks would be used specifically to impersonate another WAP in order to gain unauthorized information from mobile users?

Answer 9

B.

Evil twin

Question 10

Matt, an administrator, is concerned about the wireless network being discovered by war driving.

Which of the following can be done to mitigate this?

Answer 10

B.

Disable all SSID broadcasting.

Question 11

Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?

Answer 11

B.

Bluejacking

Question 12

Joe, an employee is taking a taxi through a busy city and starts to receive unsolicited files sent to his Smartphone.

Which of the following is this an example of?

Answer 12

B.

Bluejacking

Question 13

A user commuting to work via public transport received an offensive image on their smart phone from another commuter.

Which of the following attacks MOST likely took place?

Answer 13

B.

Bluejacking

Question 14

Which of the following is characterized by an attack against a mobile device?

Answer 14

C.

Blue jacking

Question 15

Which of the following attacks allows access to contact lists on cellular phones?

Answer 15

D.

Bluesnarfing

Question 16

An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns.

Which of the following is an example of this threat?

Answer 16

B.

Unauthorized intrusions into the phone to access data

Question 17

After a user performed a war driving attack, the network administrator noticed several similar markings where Wi-Fi was available throughout the enterprise.

Which of the following is the term used to describe these markings?

Answer 17

D.

War chalking

Question 18

Which of the following is the practice of marking open wireless access points called?

Answer 18

B.

War chalking

Question 19

Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?

Answer 19

B.

IV attack

Question 20

Sara, a security administrator, is noticing a slowdown in the wireless network response. Sara launches a wireless sniffer and sees a large number of ARP packets being sent to the AP.
Which of the following type of attacks is underway?

Answer 20

A.

IV attack

Question 21

Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO’s office with various connected cables from the office.

Which of the following describes the type of attack that was occurring?

Answer 21

B.

Packet sniffing

Question 22

Which statement is TRUE about the operation of a packet sniffer?

Answer 22

C.

The Ethernet card must be placed in promiscuous mode.

Question 23

Which of the following network devices is used to analyze traffic between various network interfaces?

Answer 23

D.

Sniffers

Question 24

Which of the following software allows a network administrator to inspect the protocol header in order to troubleshoot network issues?

Answer 24

C.

Packet sniffer

Question 25

A security administrator discovered that all communication over the company’s encrypted wireless network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted in an attempt to steal other employee’s credentials.

Which of the following technology is MOST likely in use on the company’s wireless?

Answer 25

C.

WEP128-PSK

Question 26

Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?

Answer 26

B.

WEP

Question 27

Which of the following wireless protocols could be vulnerable to a brute-force password attack? (Choose two.)

Answer 27

A.
WPA2-PSK

F.
WEP

Question 28

A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of

192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots.

Which of the following attacks MOST likely occurred?

Answer 28

B.

Cross-site request forgery

Question 29

A security administrator develops a web page and limits input into the fields on the web page as well as filters special characters in output.

Which of the following attacks is the administrator trying to prevent?

Answer 29

B.

XSS

Question 30

Pete, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board.

INSERT INTO message `source=http://evilsite

This is an example of which of the following?

Answer 30

A.

XSS attack

Question 31

Which of the following BEST describes a protective countermeasure for SQL injection?

Answer 31

C.

Validating user input in web applications

Question 32

A security administrator looking through IDS logs notices the following entry: (where email = ‘joe@joe.com’ and passwd = ‘or 1==1’)

Which of the following attacks had the administrator discovered?

Answer 32

A.

SQL injection

Question 33

Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

Answer 33

A.

SQL injection

Question 34

The string:

‘ or 1=1– -

Which of the following represents it?

Answer 34

C.

SQL Injection

Question 35

When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;–” and “or 1=1 –”) were input instead of the expected letters and numbers.

Which of the following is the MOST likely reason for the unusual results?

Answer 35

D.
The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

Question 36

Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server.

Which of the following can still result in exposure of the sensitive data in the database server?

Answer 36

A.

SQL Injection

Question 37

Which of the following BEST describes a SQL Injection attack?

Answer 37

A.
The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.

Question 38

An attacker attempted to compromise a web form by inserting the following input into the username field: admin) (|(password=*))

Which of the following types of attacks was attempted?

Answer 38

D.

LDAP injection

Question 39

Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?

Answer 39

D.

LDAP injection

Question 40

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.

Which of the following was used to perform this attack?

Answer 40

B.

XML injection

Question 41

A malicious individual is attempting to write too much data to an application’s memory.

Which of the following describes this type of attack?

Answer 41

C.

Buffer overflow

Question 42

Data execution prevention is a feature in most operating systems intended to protect against which type of attack?

Answer 42

B.

Buffer overflow

Question 43

Which of the following application attacks is used to gain access to SEH?

Answer 43

B.

Buffer overflow

Question 44

While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down.

Which of the following attacks could be this an example of?

Answer 44

B.

Buffer overflow

Question 45

A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine.

Which of the following attacks does this describe?

Answer 45

B.

Buffer overflow

Question 46

Which of the following was launched against a company based on the following IDS log?

122.41.15.252 - - [21/May/2012:00:17:20 +1200] “GET

/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A
AAA HTTP/1.1” 200 2731 “http://www.company.com/cgibin/

forum/commentary.pl/noframes/read/209” “Mozilla/4.0 (compatible;

MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)”

Answer 46

B.

Buffer overflow attack

Question 47

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90).

Which of the following attack types has occurred?

Answer 47

A.

Buffer overflow

Question 48

A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.

Which of the following BEST describes this exploit?

Answer 48

B.

Zero-day

Question 49

Using a heuristic system to detect an anomaly in a computer’s baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw.

Which of the following attacks has MOST likely occurred?

Answer 49

B.

Zero-day

Question 50

An attacker used an undocumented and unknown application exploit to gain access to a file server.

Which of the following BEST describes this type of attack?

Answer 50

C.

Zero-day