Certified Network Defender 312-38

Question 1

Question #1Topic 1
John works as a C programmer. He develops the following C program:
#incldue<stlib.h>
#include,stdio.h>
#include,string.h>
int buffer9char *str) {
char buffer1[10];
strcpu9buffer1, str);
retrun 1;
}
int main(int argc, char *argv[] {
buffer (argv[1]);
printf(" Executed \n");
return 1;
}</stlib.h>

His program is vulnerable to a __________ attack.
A. SQL injection
B. Denial-of-Service
C. Buffer overflow
D. Cross site scripting

Answer 1

C. Buffer overflow
This program takes a user-supplied string and copies it into ‘buffer1’, which can hold up to 10 bytes of data. If a user sends more than 10 bytes, it would result in a buffer overflow.

Question 2

Drag and drop the terms to match with their descriptions.
Select and Place:

Backdoor
Spamware
PingSweep
Trojan Horse

It is malicioussofware program that contains hidden code and masquerades itself as a normal program.

it is a technique used to determine which of a range of IP addresses map to love hosts.

It is software designed by or for spammers to send outautomated spame e-mail.

it is any program that allows a hacker to connect to a computer without going through the normal authentication process.

Answer 2

A Trojan horse is a malicious software program that contains hidden code and masquerades itself as a normal program. When a Trojan horse program is run, its hidden code runs to destroy or scramble data on the hard disk. An example of a Trojan horse is a program that masquerades as a computer logon to retrieve user names and password information. The developer of a Trojan horse can use this information later to gain unauthorized access to computers. Trojan horses are normally spread by e-mail attachments.
Ping sweep is a technique used to determine which of a range of IP addresses map to live hosts. It consists of ICMP
ECHO requests sent to multiple hosts. If a given address is live, it will return an ICMP ECHO reply. A ping is often used to check that a network device is functioning. To disable ping sweeps on a network, administrators can block ICMP ECHO requests from outside sources. However, ICMP TIMESTAMP and ICMP
INFO can be used in a similar manner.
Spamware is software designed by or for spammers to send out automated spam e-mail. Spamware is used to search for e-mail addresses to build lists of e-mail addresses to be used either for spamming directly or to be sold to spammers. The spamware package also includes an e- mail harvesting tool.
A backdoor is any program that allows a hacker to connect to a computer without going through the normal authentication process. The main advantage of this type of attack is that the network traffic moves from inside a network to the hacker’s computer. The traffic moving from inside a network to the outside world is typically the least restrictive, as companies are more concerned about what comes into a network, rather than what leaves it. It, therefore, becomes hard to detect backdoors.

Question 3

FILL BLANK -
Fill in the blank with the appropriate term. ________________________ is the complete network configuration and information toolkit that uses multi-threaded and multi-connection technologies in order to be very fast and efficient.

Answer 3

NetRanger
NetRanger is the complete network configuration and information toolkit that includes the following tools: a Ping tool, Trace Route tool, Host Lookup tool, Internet time synchronizer, Whois tool, Finger Unix hosts tool, Host and port scanning tool, check multiple POP3 mail accounts tool, manage dialup connections tool,
Quote of the day tool, and monitor Network Settings tool. These tools are integrated in order to use an application interface with full online help. NetRanger is designed for both new and experienced users. This tool is used to help diagnose network problems and to get information about users, hosts, and networks on the
Internet or on a user computer network. NetRanger uses multi-threaded and multi-connection technologies in order to be very fast and efficient.

Question 4

FILL BLANK -
Fill in the blank with the appropriate term. A _______________device is used for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.

Answer 4

biometric
A biometric device is used for uniquely recognizing humans based upon one or more intrinsic, physical, or behavioral traits.
Biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance.
Biometric characteristics can be divided into two main classes:
1. Physiological: These devices are related to the shape of the body. These are not limited to the fingerprint, face recognition, DNA, hand and palm geometry, and iris recognition, which has largely replaced the retina and odor/scent.
2. Behavioral: These are related to the behavior of a person. They are not limited to the typing rhythm, gait, and voice.

Question 5

Which of the following analyzes network traffic to trace specific transactions and can intercept and log traffic passing over a digital network? Each correct answer represents a complete solution. Choose all that apply.
A. Wireless sniffer
B. Spectrum analyzer
C. Protocol analyzer
D. Performance Monitor

Answer 5

AC 🗳️
Protocol analyzer (also known as a network analyzer, packet analyzer or sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is computer software or computer hardware that can intercept and log traffic passing over a digital network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes and analyzes its content according to the appropriate RFC or other specifications.
Answer option D is incorrect. Performance Monitor is used to get statistical information about the hardware and software components of a server.
Answer option B is incorrect. A spectrum analyzer, or spectral analyzer, is a device that is used to examine the spectral composition of an electrical, acoustic, or optical waveform. It may also measure the power spectrum.

Question 6

Which of the following protocols is used for exchanging routing information between two gateways in a network of autonomous systems?
A. IGMP
B. ICMP
C. EGP
D. OSPF

Answer 6

C 🗳️
EGP stands for Exterior Gateway Protocol. It is used for exchanging routing information between two gateways in a network of autonomous systems. This protocol depends upon periodic polling with proper acknowledgements to confirm that network connections are up and running, and to request for routing updates. Each router requests its neighbor at an interval of 120 to 480 seconds, for sending the routing table updates. The neighbor host then responds by sending its routing table. EGP-2 is the latest version of EGP.
Answer option B is incorrect. Internet Control Message Protocol (ICMP) is a maintenance protocol that allows routers and host computers to swap basic control information when data is sent from one computer to another. It is generally considered a part of the IP layer. It allows the computers on a network to share error and status information. An ICMP message, which is encapsulated within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed throughout the Internet.
Answer option A is incorrect. Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks.
Answer option D is incorrect. Open Shortest Path First (OSPF) is a routing protocol that is used in large networks. Internet Engineering Task Force (IETF) designates OSPF as one of the Interior Gateway Protocols. A host uses OSPF to obtain a change in the routing table and to immediately multicast updated information to all the other hosts in the network.

Question 7

Which of the following is a 16-bit field that identifies the source port number of the application program in the host that is sending the segment?
A. Sequence Number
B. Header Length
C. Acknowledgment Number
D. Source Port Address

Answer 7

D 🗳️
Source Port Address is a 16-bit field that identifies the source port number of the application program in the host that is sending the segment.
Answer option C is incorrect. This is a 32-bit field that identifies the byte number that the sender of the segment is expecting to receive from the receiver.
Answer option B is incorrect. This is a 4-bit field that defines the 4-byte words in the TCP header. The header length can be between 20 and 60 bytes. Therefore, the value of this field can be between 5 and 15.
Answer option A is incorrect. This is a 32-bit field that identifies the number assigned to the first byte of data contained in the segment.

Question 8

FILL BLANK -
Fill in the blank with the appropriate term. ______________________ is typically carried out by a remote attacker attempting to gain information or access to a network on which it is not authorized or allowed.

Answer 8

Network reconnaissance
Network reconnaissance is typically carried out by a remote attacker attempting to gain information or access to a network on which it is not authorized or allowed.
Network reconnaissance is increasingly used to exploit network standards and automated communication methods. The aim is to determine what types of computers are present, along with additional information about those computers such as the type and version of the operating system. This information can be analyzed for known or recently discovered vulnerabilities that can be exploited to gain access to secure networks and computers. Network reconnaissance is possibly one of the most common applications of passive data analysis. Early generation techniques, such as TCP/IP passive fingerprinting, have accuracy issues that tended to make it ineffective. Today, numerous tools exist to make reconnaissance easier and more effective.

Question 9

FILL BLANK -
Fill in the blank with the appropriate term. The _____________is an application layer protocol that is used between workstations and routers for transporting SNA/
NetBIOS traffic over TCP sessions.

Answer 9

DCAP
The Data Link Switching Client Access Protocol (DCAP) is an application layer protocol that is used between workstations and routers for transporting SNA/
NetBIOS traffic over TCP sessions. It was introduced in order to address a few deficiencies by the Data Link Switching Protocol (DLSw). The DLSw raises the important issues of scalability and efficiency, and since DLSw is a switch-to-switch protocol, it is not efficient when implemented on workstations. DCAP was introduced in order to address these issues.

Question 10

In which of the following conditions does the system enter ROM monitor mode? Each correct answer represents a complete solution. Choose all that apply.
A. The router does not have a configuration file.
B. There is a need to set operating parameters.
C. The user interrupts the boot sequence.
D. The router does not find a valid operating system image.

Answer 10

DC 🗳️
The system enters ROM monitor mode if the router does not find a valid operating system image, or if a user interrupts the boot sequence. From ROM monitor mode, a user can boot the device or perform diagnostic tests.
Answer option A is incorrect. If the router does not have a configuration file, it will automatically enter Setup mode when the user switches it on. Setup mode creates an initial configuration.
Answer option B is incorrect. Privileged EXEC is used for setting operating parameters.

Question 11

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:
It is a Linux-based WLAN WEP cracking tool that recovers encryption keys. It operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.
Which of the following tools is John using to crack the wireless encryption keys?
A. PsPasswd
B. Kismet
C. AirSnort
D. Cain

Answer 11

C 🗳️
AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext
Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.
Answer option B is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks:
To identify networks by passively collecting packets
To detect standard named networks

To detect masked networks -
To collect the presence of non-beaconing networks via data traffic
Answer option D is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks:

Dictionary attack -

Brute force attack -

Rainbow attack -

Hybrid attack -
Answer option A is incorrect. PsPasswd is a tool that helps Network Administrators change an account password on the local or remote system. The command syntax of PsPasswd is as follows: pspasswd [\computer[,computer[,..] | @file [-u user [-p psswd]] Username [NewPassword]

Question 12

Which of the following is a process that detects a problem, determines its cause, minimizes the damages, resolves the problem, and documents each step of response for future reference?
A. Incident response
B. Incident handling
C. Incident management
D. Incident planning

Answer 12

A 🗳️
Incident response is a process that detects a problem, determines its cause, minimizes the damages, resolves the problem, and documents each step of response for future reference. One of the primary goals of incident response is to “freeze the scene”. There is a close relationship between incident response, incident handling, and incident management. The primary goal of incident handling is to contain and repair any damage caused by an event and to prevent any further damage. Incident management manages the overall process of an incident by declaring the incident and preparing documentation and post-mortem reviews after the incident has occurred.
Answer option B is incorrect. The primary goal of incident handling is to contain and repair any damage caused by an event and to prevent any further damage.
Answer option C is incorrect. It manages the overall process of an incident by declaring the incident and preparing documentation and post-mortem reviews after the incident has occurred.
Answer option D is incorrect. This is an invalid option.

Question 13

Which of the following is designed to detect the unwanted presence of fire by monitoring environmental changes associated with combustion?
A. Fire sprinkler
B. Fire suppression system
C. Fire alarm system
D. Gaseous fire suppression

Answer 13

C 🗳️
An automatic fire alarm system is designed for detecting the unwanted presence of fire by monitoring environmental changes associated with combustion. In general, a fire alarm system is classified as either automatically actuated, manually actuated, or both. Automatic fire alarm systems are intended to notify the building occupants to evacuate in the event of a fire or other emergency, to report the event to an off-premises location in order to summon emergency services, and to prepare the structure and associated systems to control the spread of fire and smoke.
Answer option B is incorrect. A fire suppression system is used in conjunction with smoke detectors and fire alarm systems to improve and increase public safety.
Answer option D is incorrect. Gaseous fire suppression is a term to describe the use of inert gases and chemical agents to extinguish a fire.
Answer option A is incorrect. A fire sprinkler is the part of a fire sprinkler system that discharges water when the effects of a fire have been detected, such as when a predetermined temperature has been reached.

Question 14

Which of the following is an intrusion detection system that monitors and analyzes the internals of a computing system rather than the network packets on its external interfaces?
A. IPS
B. HIDS
C. DMZ
D. NIDS

Answer 14

B 🗳️
A host-based intrusion detection system (HIDS) produces a false alarm because of the abnormal behavior of users and the network. A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses the internals of a computing system rather than the network packets on its external interfaces. A host-based Intrusion Detection System (HIDS) monitors all or parts of the dynamic behavior and the state of a computer system. HIDS looks at the state of a system, its stored information, whether in RAM, in the file system, log files or elsewhere; and checks that the contents of these appear as expected.
Answer option D is incorrect. A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. A NIDS reads all the incoming packets and tries to find suspicious patterns known as signatures or rules. It also tries to detect incoming shell codes in the same manner that an ordinary intrusion detection system does.
Answer option A is incorrect. IPS (Intrusion Prevention Systems), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of “intrusion prevention systems” are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. An IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct CRC, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options.
Answer option C is incorrect. DMZ, or demilitarized zone, is a physical or logical subnetwork that contains and exposes an organization’s external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by IT professionals. It is sometimes referred to as a Perimeter Network.
The purpose of a DMZ is to add an additional layer of security to an organization’s Local Area Network (LAN); an external attacker only has access to equipment in the DMZ rather than any other part of the network.

Question 15

Which of the following types of VPN uses the Internet as its main backbone, allowing users, customers, and branch offices to access corporate network resources across various network architectures?
A. PPTP VPN
B. Remote access VPN
C. Extranet-based VPN
D. Intranet-based VPN

Answer 15

C 🗳️
An extranet-based VPN uses the Internet as its main backbone network, allowing users, customers, and branch offices to access corporate network resources across various network architectures. Extranet VPNs are almost identical to intranet VPNs, except that they are intended for external business partners.
Answer option D is incorrect. An intranet-based VPN is an internal, TCP/IP-based, password-protected network usually implemented for networks within a common network infrastructure having various physical locations. Intranet VPNs are secure VPNs that have strong encryption.
Answer option B is incorrect. A remote access VPN is one of the types of VPN that involves a single VPN gateway. It allows remote users and telecommuters to connect to their corporate LAN from various points of connections. It provides significant cost savings by reducing the burden of long distance charges associated with dial-up access. Its main security concern is authentication, rather than encryption. Answer option A is incorrect. The PPTP VPN is one of the types of VPN technology.

Question 16

Which of the following is a protocol that describes an approach to providing “streamlined” support of OSI application services on top of TCP/IP-based networks for some constrained environments?
A. Network News Transfer Protocol
B. Lightweight Presentation Protocol
C. Internet Relay Chat Protocol
D. Dynamic Host Configuration Protocol

Answer 16

B 🗳️
Lightweight Presentation Protocol (LPP) is a protocol that describes an approach to providing “streamlined” support of OSI application services on top of TCP/IP- based networks for some constrained environments. This protocol was initially derived from a requirement to run the ISO Common Management Information
Protocol (CMIP) in TCP/IP-based networks.
This protocol is designed for a particular class of OSI applications, namely those entities whose application context includes only an Association Control Service
Element (ACSE) and a Remote Operations Service Element (ROSE).
Answer option D is incorrect. The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses a client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking. DHCP is popular with ISP’s because it allows a host to obtain a temporary IP address.
Answer option A is incorrect. Answer option C is incorrect. Internet Relay Chat (IRC) is a chat service, which is a client-server protocol that supports real-time text chat between two or more users over a TCPIP network.

Question 17

You are an Administrator for a network at an investment bank. You are concerned about individuals breeching your network and being able to steal data before you can detect their presence and shut down their access. Which of the following is the best way to address this issue?
A. Implement a strong password policy.
B. Implement a strong firewall.
C. Implement a honeypot.
D. Implement network based antivirus.

Answer 17

C 🗳️
A honey pot is designed to attract intruders to a false server that has no real data (but may seem to have valuable data). The specific stated purpose of a honey pot is as a backup plan in case an intruder does gain access to your network.
Answer option B is incorrect. The firewall may help reduce the chance of an intruder gaining access, but won’t help protect you once they have gained access.

Question 18

Which of the following is the practice of sending unwanted e-mail messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients? Each correct answer represents a complete solution. Choose all that apply.
A. E-mail spam
B. Junk mail
C. Email spoofing
D. Email jamming

Answer 18

AB 🗳️
E-mail spam, also known as unsolicited bulk email (UBE), junk mail, or unsolicited commercial email (UCE), is the practice of sending unwanted e-mail messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients.
Answer option C is incorrect. Email spoofing is a fraudulent email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Email spoofing is a technique commonly used in spam and phishing emails to hide the origin of the email message. By changing certain properties of the email, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill- intentioned users can make the email appear to be from someone other than the actual sender. The result is that, although the email appears to come from the address indicated in the From field (found in the email headers), it actually comes from another source.
Answer option D is incorrect. Email jamming is the use of sensitive words in e-mails to jam the authorities that listen in on them by providing a form of a red herring and an intentional annoyance. In this attack, an attacker deliberately includes “sensitive” words and phrases in otherwise innocuous emails to ensure that these are picked up by the monitoring systems. As a result, the senders of these emails will eventually be added to a “harmless” list and their emails will be no longer intercepted, hence it will allow them to regain some privacy.

Question 19

FILL BLANK -
Fill in the blank with the appropriate word. The ____________________risk analysis process analyzes the effect of a risk event deriving a numerical value.

Answer 19

quantitative
Quantitative risk analysis is a process to assess the probability of achieving particular project objectives, to quantify the effect of risks on the whole project objective, and to prioritize the risks based on the impact to the overall project risk. The quantitative risk analysis process analyzes the effect of a risk event deriving a numerical value. It also presents a quantitative approach to build decisions in the presence of uncertainty. The inputs for quantitative risk analysis are as follows:

Organizational process assets -

Project scope statement -

Risk management plan -

Risk register -
Project management plan

Question 20

Which of the following is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic?

Answer 20

D 🗳️
PSAD is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic. It includes many signatures from the IDS to detect probes for various backdoor programs such as EvilFTP, GirlFriend, SubSeven, DDoS tools (mstream, shaft), and advanced port scans
(FIN, NULL, XMAS). If it is combined with fwsnort and the Netfilter string match extension, it detects most of the attacks described in the Snort rule set that involve application layer data.
Answer option C is incorrect. NetRanger is the complete network configuration and information toolkit that includes the following tools: Ping tool, Trace Route tool,
Host Lookup tool, Internet time synchronizer, Whois tool, Finger Unix hosts tool, Host and port scanning tool, check multiple POP3 mail accounts tool, manage dialup connections tool, Quote of the day tool, and monitor Network Settings tool. These tools are integrated in order to use an application interface with full online help. NetRanger is designed for both new and experienced users. This tool is used to help diagnose network problems and to get information about users, hosts, and networks on the Internet or on a user computer network. NetRanger uses multi-threaded and multi-connection technologies in order to be very fast and efficient.
Answer option B is incorrect. Hping is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de facto tools for security auditing and testing of firewalls and networks. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in very short time.
Like most tools used in computer security, hping is useful to both system administrators and crackers (or script kiddies).
Answer option A is incorrect. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a “map” of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows, etc.

Question 21

Which of the following is a distributed multi-access network that helps in supporting integrated communications using a dual bus and distributed queuing?
A. Logical Link Control
B. Token Ring network
C. Distributed-queue dual-bus
D. CSMA/CA

Answer 21

C 🗳️
In telecommunication, a distributed-queue dual-bus network (DQDB) is a distributed multi-access network that helps in supporting integrated communications using a dual bus and distributed queuing, providing access to local or metropolitan area networks, and supporting connectionless data transfer, connection- oriented data transfer, and isochronous communications, such as voice communications. IEEE 802.6 is an example of a network providing DQDB access methods. Answer option B is incorrect. A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. The Token
Ring protocol is the second most widely-used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version, specified as
IEEE 802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or 16 megabits per second.
Answer option A is incorrect. The IEEE 802.2 standard defines Logical Link Control (LLC). LLC is the upper portion of the data link layer for local area networks.
Answer option D is incorrect. Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) is an access method used by wireless networks (IEEE 802.11). In this method, a device or computer that transmits data needs to first listen to the channel for an amount of time to check for any activity on the channel. If the channel is sensed as idle, the device is allowed to transmit data. If the channel is busy, the device postpones its transmission. Once the channel is clear, the device sends a signal telling all other devices not to transmit data, and then sends its packets. In Ethernet (IEEE 802.3) networks that use CSMA/CD, the device or computer continues to wait for a time and checks if the channel is still free. If the channel is free, the device transmits packets and waits for an acknowledgment signal indicating that the packets were received.

Question 22

Which of the following is a distributed application architecture that partitions tasks or workloads between service providers and service requesters? Each correct answer represents a complete solution. Choose all that apply.
A. Client-server computing
B. Peer-to-peer (P2P) computing
C. Client-server networking
D. Peer-to-peer networking

Answer 22

AC 🗳️
Client-server networking is also known as client-server computing. It is a distributed application architecture that partitions tasks or workloads between service providers (servers) and service requesters, called clients. Often clients and servers operate over a computer network on separate hardware. A server machine is a high-performance host that is running one or more server programs which share its resources with clients. A client does not share any of its resources, but requests a server’s content or service function. Clients therefore initiate communication sessions with servers which await (listen to) incoming requests.
Answer options D and B are incorrect. Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the application. They are said to form a peer-to-peer network of nodes. Peer-to-peer networking (also known simply as peer networking) differs from client-server networking, where certain devices have the responsibility to provide or “serve” data, and other devices consume or otherwise act as “clients” of those servers.

Question 23

Which of the following is an attack on a website that changes the visual appearance of the site and seriously damages the trust and reputation of the website?
A. Website defacement
B. Zero-day attack
C. Spoofing
D. Buffer overflow

Answer 23

A 🗳️
Website defacement is an attack on a website that changes the visual appearance of the site. These are typically the work of system crackers, who break into a
Web server and replace the hosted website with one of their own. Sometimes, the Defacer makes fun of the system administrator for failing to maintain server security. Most times, the defacement is harmless; however, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware.
A high-profile website defacement was carried out on the website of the company SCO Group following its assertion that Linux contained stolen code. The title of the page was changed from Red Hat vs. SCO to SCO vs. World with various satirical content.
Answer option D is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. This usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the application.
Answer option B is incorrect. A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the vulnerability. User awareness training is the most effective technique to mitigate such attacks.
Answer option C is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else’s IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected.

Question 24

Which of the following cables is made of glass or plastic and transmits signals in the form of light?
A. Coaxial cable
B. Twisted pair cable
C. Plenum cable
D. Fiber optic cable

Answer 24

D 🗳️
Fiber optic cable is also known as optical fiber. It is made of glass or plastic and transmits signals in the form of light. It is of cylindrical shape and consists of three concentric sections: the core, the cladding, and the jacket. Optical fiber carries much more information than conventional copper wire and is in general not subject to electromagnetic interference and the need to retransmit signals. Most telephone company’s long-distance lines are now made of optical fiber. Transmission over an optical fiber cable requires repeaters at distance intervals. The glass fiber requires more protection within an outer cable than copper.
Answer option B is incorrect. Twisted pair cabling is a type of wiring in which two conductors (the forward and return conductors of a single circuit) are twisted together for the purposes of canceling out electromagnetic interference (EMI) from external sources. It consists of the following twisted pair cables:
Shielded Twisted Pair: Shielded Twisted Pair (STP) is a special kind of copper telephone wiring used in some business installations. An outer covering or shield is added to the ordinary twisted pair telephone wires; the shield functions as a ground. Twisted pair is the ordinary copper wire that connects home and many business computers to the telephone company. Shielded twisted pair is often used in business installations. Unshielded Twisted Pair: Unshielded Twisted Pair
(UTP) is the ordinary wire used in home. UTP cable is also the most common cable used in computer networking. Ethernet, the most common data networking standard, utilizes UTP cables. Twisted pair cabling is often used in data networks for short and medium length connections because of its relatively lower costs compared to optical fiber and coaxial cable.UTP is also finding increasing use in video applications, primarily in security cameras. Many middle to high-end cameras include a UTP output with setscrew terminals. This is made possible by the fact that UTP cable bandwidth has improved to match the baseband of television signals.
Answer option A is incorrect. Coaxial cable is the kind of copper cable used by cable TV companies between the community antenna and user homes and businesses. Coaxial cable is sometimes used by telephone companies from their central office to the telephone poles near users. It is also widely installed for use in business and corporation Ethernet and other types of local area network. Coaxial cable is called “coaxial” because it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. The outer channel serves as a ground. Many of these cables or pairs of coaxial tubes can be placed in a single outer sheathing and, with repeaters, can carry information for a great distance. It is shown in the figure below:

Answer option C is incorrect. Plenum cable is cable that is laid in the plenum spaces of buildings. The plenum is the space that can facilitate air circulation for heating and air conditioning systems, by providing pathways for either heated/conditioned or return airflows. Space between the structural ceiling and the dropped ceiling or under a raised floor is typically considered plenum. However, some drop ceiling designs create a tight seal that does not allow for airflow and therefore may not be considered a plenum air-handling space. The plenum space is typically used to house the communication cables for the building’s computer and telephone network.

Question 25

Which of the following is a network that supports mobile communications across an arbitrary number of wireless LANs and satellite coverage areas?
A. LAN
B. WAN
C. GAN
D. HAN

Answer 25

C 🗳️
A global area network (GAN) is a network that is used for supporting mobile communications across an arbitrary number of wireless LANs, satellite coverage areas, etc. The key challenge in mobile communications is handing off the user communications from one local coverage area to the next.
Answer option B is incorrect. A wide area network (WAN) is a geographically dispersed telecommunications network. The term distinguishes a broader telecommunication structure from a local area network (LAN). A wide area network may be privately owned or rented, but the term usually connotes the inclusion of public (shared user) networks. An intermediate form of network in terms of geography is a metropolitan area network (MAN). A wide area network is also defined as a network of networks, as it interconnects LANs over a wide geographical area.
Answer option D is incorrect. A home area network (HAN) is a residential LAN that is used for communication between digital devices typically deployed in the home, usually a small number of personal computers and accessories, such as printers and mobile computing devices.
Answer option A is incorrect. The Local Area Network (LAN) is a group of computers connected within a restricted geographic area, such as residence, educational institute, research lab, and various other organizations. It allows the users to share files and services, and is commonly used for intra-office communication. The LAN has connections with other LANs via leased lines, leased services, or by tunneling across the Internet using the virtual private network technologies.

Question 26

FILL BLANK -
Fill in the blank with the appropriate term. A ______________________ network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used for preventing the collision of data between two computers that want to send messages at the same time.

Answer 26

Token Ring
A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. The Token Ring protocol is the second most widely- used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version, specified as IEEE 802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or 16 megabits per second.
Working:
Empty information frames are constantly circulated on the ring. When a computer has a message to send, it adds a token to an empty frame and adds a message and a destination identifier to the frame. The frame is then observed by each successive workstation. If the workstation sees that it is the destination for the message, it copies the message from the frame and modifies the token back to 0. When the frame gets back to the originator, it sees that the token has been modified to 0 and that the message has been copied and received. It removes the message from the particular frame. The frame continues to circulate as an empty frame, ready to be taken by a workstation when it has a message to send.

Question 27

Which of the following techniques is used for drawing symbols in public places for advertising an open Wi-Fi wireless network?
A. Spamming
B. War driving
C. War dialing
D. Warchalking

Answer 27

D 🗳️
Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.
Answer option B is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.
Answer option C is incorrect. War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, BBS systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers (hackers that specialize in computer security) for password guessing.
Answer option A is incorrect. Spamming is the technique of flooding the Internet with a number of copies of the same message. The most widely recognized form of spams are e-mail spam, instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam.

Question 28

Which of the following is a standard protocol for interfacing external application software with an information server, commonly a Web server?
A. DHCP
B. IP
C. CGI
D. TCP

Answer 28

C 🗳️
The Common Gateway Interface (CGI) is a standard protocol for interfacing external application software with an information server, commonly a Web server. The task of such an information server is to respond to requests (in the case of web servers, requests from client web browsers) by returning output. When a user requests the name of an entry, the server will retrieve the source of that entry’s page (if one exists), transform it into HTML, and send the result.
Answer option A is incorrect. DHCP is a Dynamic Host Configuration Protocol that allocates unique (IP) addresses dynamically so that they can be used when no longer needed. A DHCP server is set up in a DHCP environment with the appropriate configuration parameters for the given network. The key parameters include the range or “pool” of available IP addresses, correct subnet masks, gateway, and name server addresses.
Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched inter-network using the Internet
Protocol Suite, also referred to as TCP/IP.IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4
(IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed actively worldwide.
Answer option D is incorrect. Transmission Control Protocol (TCP) is a reliable, connection-oriented protocol operating at the transport layer of the OSI model. It provides a reliable packet delivery service encapsulated within the Internet Protocol (IP). TCP guarantees the delivery of packets, ensures proper sequencing of data, and provides a checksum feature that validates both the packet header and its data for accuracy. If the network corrupts or loses a TCP packet during transmission, TCP is responsible for retransmitting the faulty packet. It can transmit large amounts of data. Application layer protocols, such as HTTP and FTP, utilize the services of TCP to transfer files between clients and servers.

Question 29

Which of the following honeypots provides an attacker access to the real operating system without any restriction and collects a vast amount of information about the attacker?
A. High-interaction honeypot
B. Medium-interaction honeypot
C. Honeyd
D. Low-interaction honeypot

Answer 29

A high-interaction honeypot offers a vast amount of information about attackers. It provides an attacker access to the real operating system without any restriction.
A high-interaction honeypot is a powerful weapon that provides opportunities to discover new tools, to identify new vulnerabilities in the operating system, and to learn how blackhats communicate with one another.
Answer option D is incorrect. A low-interaction honeypot captures limited amounts of information that are mainly transactional data and some limited interactive information. Because of simple design and basic functionality, low-interaction honeypots are easy to install, deploy, maintain, and configure. A low-interaction honeypot detects unauthorized scans or unauthorized connection attempts. A low-interaction honeypot is like a one-way connection, as the honeypot provides services that are limited to listening ports. Its role is very passive and does not alter any traffic. It generates logs or alerts when incoming packets match their patterns.
Answer option B is incorrect. A medium-interaction honeypot offers richer interaction capabilities than a low-interaction honeypot, but does not provide any real underlying operating system target. Installing and configuring a medium-interaction honeypot takes more time than a low-interaction honeypot. It is also more complicated to deploy and maintain as compared to a low-interaction honeypot. A medium-interaction honeypot captures a greater amount of information but comes with greater risk. Answer option C is incorrect. Honeyd is an example of a low-interaction honeypot.

Question 30

Which of the following representatives of the incident response team takes forensic backups of systems that are the focus of an incident?
A. Technical representative
B. Lead investigator
C. Information security representative
D. Legal representative

Answer 30

A 🗳️
A technical representative creates forensic backups of systems that are the focus of an incident and provides valuable information about the configuration of the network and target system.
Answer option B is incorrect. A lead investigator acts as the manager of the computer security incident response team.
Answer option D is incorrect. The legal representative looks after legal issues and ensures that the investigation process does not break any law.
Answer option C is incorrect. The information security representative informs about the security safeguards that may affect their ability to respond to the incident.