Day 2 1-86 Flashcards by Bob Chaput

2.1 When dealing with a particular hashing algorithm, which property makes it less likely the algorithm will create the same hash result for multiple different source messages?

A. Collision resistance
B. Bit length
C. Key strength
D. Entropy

Answer: A Collision resistance

How well did you know this?

Not at all

Perfectly

2.2 What does a firewall inspect to stop specific ports and programs from sending traffic in to your company?

A. Application layer port numbers and the transport layer headers
B. Network layer headers and the session layer port numbers
C. Presentation layer headers and the session layer port numbers
D. Transport layer port numbers and the application layer headers

Answer: D. Transport layer port numbers and the application layer headers

How well did you know this?

Not at all

Perfectly

2.3 Bob has obtained a session ID from another user’s website session. Bob spoofs his IP address and re-plays the session ID trying to impersonate the other user. Why is Bob not able to get an interactive session here?

A. Bob cannot spoof his IP address over TCP network
B. The scenario is incorrect as Bob can spoof his IP and get responses
C. The server will send replies back to the spoofed IP address
D. Bob can establish an interactive session only if he uses a NAT

Answer: C. The server will send replies back to the spoofed IP address

How well did you know this?

Not at all

Perfectly

2.4 What must you develop to show that security at your company has improved over the last year?

A. Reports
B. Testing tools
C. Metrics
D. Taxonomy of vulnerabilities

Answer: C Metrics

How well did you know this?

Not at all

Perfectly

2.5 Which type of password attack pulls passwords from a list of commonly used passwords until the correct password is found or the list is exhausted?

A. Man-in-the-middle attack
B. Brute-force attack
C. Dictionary attack
D. Session hijacking

Answer: C. Dictionary attack

How well did you know this?

Not at all

Perfectly

2.6 Which of these is the best solution for sending encrypted e-mails if you don’t want to have to pay any money or manage a server?

A. IP Security (IPSEC)
B. Multipurpose Internet Mail Extensions (MIME)
C. Pretty Good Privacy (PGP)
D. Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Answer: C Pretty Good Privacy (PGP)

How well did you know this?

Not at all

Perfectly

2.7 How would you classify an operating-system fingerprinting method where you send traffic to the remote device and analyze the responses?

A. Passive
B. Reflective
C. Active
D. Distributive

Answer: C Active

How well did you know this?

Not at all

Perfectly

2.8 A Certificate Authority (CA) creates a pair of keys to secure data in-transit. The integrity of the encrypted data depends on the security of which of these?

A. Public key
B. Private key
C. Modulus length
D. Email server certificate

Answer: B Private key

How well did you know this?

Not at all

Perfectly

2.9 WiFi most commonly uses which antenna?

A. Omnidirectional
B. Parabolic
C. Uni-directional
D. Bi-directional

Answer: A Omnidirectional

How well did you know this?

Not at all

Perfectly

2.10 Which of these PKI components actually verifies the applicant?

A. Certificate authority
B. Validation authority
C. Registration authority
D. Verification authority

Answer: C Registration authority

How well did you know this?

Not at all

Perfectly

2.11 Which of these is the most solid example of IP spoofing?

A. SQL injections
B. Man-in-the-middle
C. Cross-site scripting
D. ARP poisoning

Answer: D ARP poisoning

How well did you know this?

Not at all

Perfectly

2.12 Which protocol do smart-cards use to transfer certificates?

A. Extensible Authentication Protocol (EAP)
B. Point to Point Protocol (PPP)
C. Point to Point Tunneling Protocol (PPTP)
D. Layer 2 Tunneling Protocol (L2TP)

Answer: A Extensible Authentication Protocol (EAP)

How well did you know this?

Not at all

Perfectly

2.13 Which of these programming languages is commonly vulnerable to buffer overflows?

A. Perl
B. C++
C. Python
D. Java

Answer: B . C++

How well did you know this?

Not at all

Perfectly

2.14 Which of the following is a symmetric cryptographic standard?

A. DSA
B. PKI
C. RSA
D. 3DES

Answer: D 3DES

How well did you know this?

Not at all

Perfectly

2.15 What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

A. Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

B. To get messaging programs to function with this algorithm requires complex configurations.

C. It has been proven to be a weak cipher, therefore, should not be trusted to protect sensitive data.

D. It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Answer: D It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

How well did you know this?

Not at all

Perfectly

2.16 Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

A. Certificate issuance
B. Certificate validation
C. Certificate cryptography
D. Certificate revocation

Answer: B Certificate validation

How well did you know this?

Not at all

Perfectly

2.17 Advanced Encryption Standard is an algorithm used for which of the following?

A. Data integrity
B. Key discovery
C. Bulk data encryption
D. Key recovery

Answer: C Bulk data encryption

How well did you know this?

Not at all

Perfectly

2.18 While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. What specific octet within the subnet does the technician see?

A. 10.10.10.10
B. 127.0.0.1
C. 192.168.1.1
D. 192.168.168.168

Answer: B 127.0.0.1

How well did you know this?

Not at all

Perfectly

2.19 After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

A. SHA1
B. Diffie-Helman
C. RSA
D. AES

Answer: A . SHA1

How well did you know this?

Not at all

Perfectly

2.20 One advantage of an application-level firewall is the ability to..

A. filter packets at the network level.
B. filter specific commands, such as http:post.
C. retain state information for each packet.
D. monitor tcp handshaking.

Answer: B filter specific commands, such as http:post.

How well did you know this?

Not at all

Perfectly

2.21 A hacker was able to sniff packets on a company’s wireless network. The following information was discovered.
The Key 10110010 01001011
The Cyphertext 01100101 01011010

Using the Exlcusive OR, what was the original message?

A. 00101000 11101110
B. 11010111 00010001
C. 00001101 10100100
D. 11110010 01011011

Answer: B 11010111 00010001

How well did you know this?

Not at all

Perfectly

2.22 Which of the following techniques will identify if computer files have been changed?

A. Network sniffing
B. Permission sets
C. Integrity checking hashes
D. Firewall alerts

Answer: C Integrity checking hashes

How well did you know this?

Not at all

Perfectly

2.23 Why shouldn’t we just use the longest possible key and strongest possible algorithm when selecting an encryption algorithm?

A. Overhead

B. If an algorithm such as Rijndael is chosen for AES it has been cracked and is probably useless.

C. The longest possible unbreakable key is a “one- time pad”, but the length of a message is not always known in advance, therefore the best solution is a passphrase that makes a longer key.

D. This question cannot be answered because there are so many variables and complicated factors involved and there just isn’t enough information provided.

Answer: A Overhead

How well did you know this?

Not at all

Perfectly

2.24 How does traceroute map the route a packet travels from point A to point B?

A. Uses a TCP timestamp packet that will elicit a time exceeded in transit message
B. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message
C. Uses a protocol that will be rejected by gateways on its way to the destination
D. Manipulates the flags within packets to force gateways into generating error messages

Answer: B Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message

How well did you know this?

Not at all

Perfectly

2.25 Which of the following countermeasures can specifically protect against both the MAC Flood and MAC Spoofing attacks? A. Configure Port Security on the switch B. Configure Port Recon on the switch C. Configure Switch Mapping D. Configure Multiple Recognition on the switch

Answer: A Configure Port Security on the switch

2.26 What does ICMP (type 11, code 0) denote? A. Source Quench B. Destination Unreachable C. Time Exceeded D. Unknown Type

Answer: C Time Exceeded

2.27 How do you defend against DHCP Starvation attack? A. Enable ARP-Block on the switch B. Enable DHCP snooping on the switch C. Configure DHCP-BLOCK to 1 on the switch D. Install DHCP filters on the switch to block this attack

Answer: B Enable DHCP snooping on the switch

2.28 Neil is a network administrator working in Istanbul. Neil wants to setup a protocol analyzer on his network that will receive a copy of every packet that passes through the main office switch. What type of port will Neil need to setup in order to accomplish this? A. Neil will have to configure a Bridged port that will copy all packets to the protocol analyzer. B. Neil will need to setup SPAN port that will copy all network traffic to the protocol analyzer. C. He will have to setup an Ether channel port to get a copy of all network traffic to the analyzer. D. He should setup a MODS port which will copy all network traffic.

Answer: B Neil will need to setup SPAN port that will copy all network traffic to the protocol analyzer.

2.29 Attackers footprint target Websites using Google Hacking techniques. (creating complex search string queries) The configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. WordPress uses config.php that stores the database Username and Password. Which of the below Google search string brings up sites with "config.php" files? A. Search:index config/php B. Wordpress:index config.php C. intitle:index.of config.php D. Config.php:index list

Answer: C intitle:index.of config.php

2.30 Which of the following Exclusive OR transforms bits is NOT correct? A. 0 xor 0 = 0 B. 1 xor 0 = 1 C. 1 xor 1 = 1 D. 0 xor 1 = 1

Answer: C 1 xor 1 = 1

2.31 What is a successful method for protecting a router from potential smurf attacks? A. Placing the router in broadcast mode B. Enabling port forwarding on the router C. Installing the router outside of the network's firewall D. Disabling the router from accepting broadcast ping messages

Answer: D Disabling the router from accepting broadcast ping messages

2.32 How do you defend against ARP Spoofing? Select three. A. Use ARPWALL system and block ARP spoofing attacks B. Tune IDS Sensors to look for large amount of ARP traffic on local subnets C. Use private VLANS D. Place static ARP entries on servers, workstations, and routers

Answer: A, C, D A. Use ARPWALL system and block ARP spoofing attacks C. Use private VLANS D. Place static ARP entries on servers, workstations, and routers

2.33 Which of the following statements about vulnerability scanners is NOT correct? A. Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned. B. Vulnerability scanners can help identify out-of-date software versions, missing patches, or system upgrades C. They can validate compliance with or deviations from the organization's security policy D. Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention

Answer: D Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention

2.34 How can you prevent MAC spoofing and/or ARP poisoning on all the Cisco switches in your network? A. Use the command ip binding set. B. Use the command no ip spoofing. C. Use the command no dhcp spoofing. D. Use the command ip dhcp snooping binding.

Answer: D Use the command ip dhcp snooping binding.

``` 2.35 How many bits is the hash value of SHA-1? A. 64 bits B. 128 bits C. 256 bits D. 160 bits ```

Answer: D 160 bits

2.36 What is a sniffing performed on a switched network called? A. Spoofed sniffing B. Passive sniffing C. Direct sniffing D. Active sniffing

Answer: D Active sniffing

2.37 While logging traffic on your network you notice a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size is around 65,536 bytes. What is going on? A. The ICMP packets are being sent in a manner that is attempting IP spoofing. B. This is a Smurf attack. C. This is not unusual; ICMP packets can be of any size. D. This is a Ping Of Death attack.

Answer: D This is a Ping Of Death attack.

2.38 In an ARP packet, what is the destination MAC address of the broadcast frame? A. 0xFFFFFFFFFFFF B. 0xDDDDDDDDDDDD C. 0xAAAAAAAAAAAA D. 0xBBBBBBBBBBBB

Answer: A 0xFFFFFFFFFFFF

2.39 While performing a ping sweep of a local subnet you receive an ICMP reply of Type 3/Code 13 for all the pings you have sent out. What is the most likely cause of this? A. The firewall is dropping the packets B. An in-line IDS is dropping the packets C. A router is blocking ICMP D. The host does not respond to ICMP packets

Answer: C A router is blocking ICMP

2.40 Which is a type of encryption algorithm that transforms a fixed-length block of plaintext data into a block of ciphertext data of the same length? A. Stream Cipher B. Block Cipher C. Bit Cipher D. Hash Cipher

Answer: B Block Cipher

2.41 What type of encryption does WPA2 use? A. DES 64 bit B. AES-CCMP 128 bit C. MD5 48 bit D. SHA 160 bit

Answer: B AES-CCMP 128 bit

2.42 A digital signature is simply a message that is encrypted with the public key instead of the private key. A. true B. false

Answer: B false

2.43 Which type of sniffing technique is generally referred to as a MiTM attack? Choose the BEST answer. A. Password Sniffing B. ARP Poisoning C. Mac Flooding D. DHCP Sniffing

Answer: B ARP Poisoning

2.44 Which of the following encryption is NOT based on block cipher? A. DES B. Blowfish C. AES (Rijndael) D. RC4

Answer: D RC4

2.45 What is the length of an MD5 hash? A. 32 character B. 64 byte C. 48 char D. 128 kb

Answer: A 32 character

2.46 How do you defend against ARP Poisoning attack? (Select 2 answers) A. Enable DHCP Snooping Binding Table B. Restrict ARP Duplicates C. Enable Dynamic ARP Inspection D. Enable MAC snooping Table

Answer: A,C A. Enable DHCP Snooping Binding Table C. Enable Dynamic ARP Inspection

2.47 A hacker gained entry into a building and was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network? A. Fraggle B. MAC Flood C. Smurf D. Tear Drop

Answer: B MAC Flood

2.48 Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.) ``` A. Port Security B. IPSec Encryption C. Network Admission Control (NAC) D. 802.1q Port Based Authentication E. 802.1x Port Based Authentication F. Intrusion Detection System (IDS) ```

Answer: A, C, E A. Port Security C. Network Admission Control (NAC) E. 802.1x Port Based Authentication

2.49 How is sniffing broadly categorized? A. Active and passive B. Broadcast and unicast C. Unmanaged and managed D. Filtered and unfiltered

Answer: A Active and passive

2.50 Which of the following is a protocol that is prone to a man-in-the-middle (MITM) attack and maps a 32-bit address to a 48-bit address? A. ICPM B. ARP C. RARP D. ICMP

Answer: B ARP

2.51 Which of the following is an example of an asymmetric encryption implementation? A. SHA1 B. PGP C. 3DES D. MD5

Answer: B. PGP

2.52 Which of the following is a characteristic of Public Key Infrastructure (PKI)? A. Public-key cryptosystems are faster than symmetric-key cryptosystems. B. Public-key cryptosystems distribute public-keys with digital signatures. C. Public-key cryptosystems do not require a secure key distribution channel. D. Public-key cryptosystems do not provide technical non-repudiation via digital signatures.

Answer: B Public-key cryptosystems distribute public-keys with digital signatures.

2.53 Symmetric key cryptography uses which of the following? A. Multiple keys for non-repudiation of bulk data B. Different keys on both ends of the transport medium C. Bulk encryption for data transmission over fiber D. The same key on each end of the transmission medium

Answer: D . The same key on each end of the transmission medium

2.54 What is it called when a copy of your private key is stored so that it can be restored if you happen to lose it, and to also provides your employer with access in case you should leave the company? A. Key registry B. Recovery agent C. Directory D. Key escrow

Answer: D Key escrow

Answer: D The same key on each end of the transmission medium

Answer: D Key escrow

2.56 TCP packets transmitted in either direction after the initial three-way handshake will have which of the following bit set? A. SYN flag B. ACK flag C. FIN flag D. XMAS flag

Answer: B ACK flag

2.57 Your company uses wireless MAC filtering to only allow company laptops to connect to the wireless network. You find that an employee has connected his personal laptop to the corporate wireless network. You perform a site survey and find no new wireless network signals. How was he able to connect to the company wireless network? A. He brute forced the MAC address ACLs His laptop shares a hardware address with a company B. laptop C. He connected to a rogue access point D. He spoofed the MAC address of a company laptop

Answer: D He spoofed the MAC address of a company laptop

2.58 How can an attacker perform a DOS with a TCP SYN attack against a victim? A. Attacker generates TCP SYN packets with random destination addresses towards a victim host B. Attacker floods TCP SYN packets with random source addresses towards a victim host C. Attacker generates TCP ACK packets with random source addresses towards a victim host D. Attacker generates TCP RST packets with random source addresses towards a victim host

Answer: B Attacker floods TCP SYN packets with random source addresses towards a victim host

2.59 Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch. In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full? A. Switch then acts as hub by broadcasting packets to all machines on the network B. The CAM overflow table will cause the switch to crash causing Denial of Service C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Answer: A Switch then acts as hub by broadcasting packets to all machines on the network

2.60 Which key does the Heartbleed bug leave exposed on a web server? A. Root B. Public C. Private D. Shared

Answer: C Private

2.61 Which of these is designed to verify and authenticate the identity of individuals taking part in a data exchange? A. SOA B. Single sign-on C. PKI D. biometrics

Answer: C PKI

2.62 PGP, SSL, and IKE are all examples of which type of cryptography? A. Public Key B. Secret Key C. Hash Algorithm D. Digest

Answer: A Public Key

2.63 Which device is the best example of operating using the concept of “separation of duties”? A. Intrusion Detection System B. Bastion host C. Honeypot D. Firewall

Answer: B Bastion host

2.64 Which asymmetric algorithm factors the product of two large prime numbers? A. RC5 B. MD5 C. RSA D. SHA

Answer: C. RSA

2.65 Your wireless NIC can see the wireless network, but can’t connect. You sniff the wireless traffic and can see that the WAP is not responding to the association requests being sent by the wireless NIC. What could the problem be? A. The client cannot see the SSID of the wireless network B. The wireless client is not configured to use DHCP C. The WAP does not recognize the client’s MAC address D. Client is configured for the wrong channel

Answer: C The WAP does not recognize the client’s MAC address

2.66 What is a "Collision attack”? A. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key B. Collision attacks try to break the hash into three parts to get the plaintext value C. Collision attacks try to find two inputs producing the same hash D. Collision attacks try to get the public key

Answer: C Collision attacks try to find two inputs producing the same hash

2.67 If you want to use IPSec within your LAN, and you want to assure the confidentiality of the data being transmitted, which mode should you use? A. ESP transport mode B. ESP confidential C. AH Tunnel mode D. AH permiscuous

Answer: A . ESP transport mode

2.68 Which wireless security protocol was made useless back in 2007 by capturing wireless packets and discovering the key in just a few seconds? A. Temporal Key Integrity Protocol (TKIP) B. Wired Equivalent Privacy (WEP) C. Wi-Fi Protected Access (WPA) D. Wi-Fi Protected Access 2 (WPA2)

Answer: B Wired Equivalent Privacy (WEP)

2.69 Which protocol would let you guess a sequence number to become a man-in-the-middle? A. UPX B. TCP C. ICMP D. UDP

Answer: B TCP

2.70 Hacker Joe tries to send IRC traffic out of the company over TCP port 80. This traffic gets blocked, however, HTTP traffic is allowed out through the firewall. What type of firewall is inspecting this traffic? A. Circuit B. Stateful C. Application D. Packet Filtering

Answer: C Application If both IRC and HTTP are using port 80, but the IRC is blocked and HTTP allowed, something must be inspecting the payload itself and not just the port numbers. An Application-layer (layer 7) firewall can do this.

2.71 What kind of firewall checks to make sure that incoming packets are part of an established session? A. Circuit-level firewall B. Application-level firewall C. Switch-level firewall D. Stateful inspection firewall

Answer: D Stateful inspection firewall

2.72 Which tool is being described here? It’s an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. A. Airguard B. WLAN-crack C. Wificracker D. Aircrack-ng

Answer: D Aircrack-ng The above description is right from http://www.aircrack-ng.org/

2.73 Which of these is the newer replacement for SSL? A. TLS B. IPSec C. GRE D. RSA

Answer: A TLS

2.74 You’ve configured your web browser to automatically delete browser cookies when you close the browser. Which attack attempt are you trying to mitigate here? A. ..to access the user and password information stored in the company SQL database B. ..to determine the user’s web browser usage patterns, including when sites were visited and for how long C. ..to access passwords stored on the user’s computer without the user’s knowledge D. ..to access web sites that trust the web browser’s user by stealing the user’s authentication credentials

Answer: D ..to access web sites that trust the web browser’s user by stealing the user’s authentication credentials

2.75 While doing online banking your URL bar has this string: “http://www.Bank.com/account?id=11256&Xamount=5265&Yamount=98” You do some testing and figure out that if you alter the Xamount and Yamount values, the web page reflects the changes. Which of these vulnerabilities does this web site have? A. Web parameter tampering B. SQL injection C. XSS reflection D. Cookie tampering

Answer: A . Web parameter tampering

2.76 Which of these commands will let you search for files using Google? A. inurl: target.com filename:xls username password email B. Site: target.com filetype:xls username password email C. Site: target.com file:xls username password email D. Domain: target.com archive:xls username password email

Answer: B Site: target.com filetype:xls username password email

2.77 Which is the best description for how ARP (Address Resolution Protocol) works? A. It sends request packets to all the network elements, asking for the MAC address from a specific IP B. It sends a reply packet for a specific IP, asking for the MAC address C. It sends a request packet to all the network elements, asking for the domain name from a specific IP D. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP

Answer: A It sends request packets to all the network elements, asking for the MAC address from a specific IP

2.78 Your large company wants to implement biometric authentication. Which of these is the least likely physical attribute to use for this? A. Fingerprints B. Height and Weight C. Voice D. Iris patterns

Answer: B Height and Weight

2.79 XOR these two binary values and select the cipher-text from the answers.10110001 00111010 A. 10111100 B. 10011101 C. 11011000 D. 10001011

Answer: D 10001011

2.80 Which does hashing provide? A. Confidentiality B. Integrity C. Availability D. Authentication

Answer: B Integrity

2.81 Which of these is a popular short-range wireless technology that allows mobile devices like phones, tablets, and laptops to communicate, while still remaining relatively secure? A. Radio-Frequency Identification (RFID) B. Infrared C. Bluetooth D. WLAN

Answer: C Bluetooth

2.82 Which of these programs could infect both your boot sector and your executable files at the same time? ``` A. Macro virus B. Stealth virus C. Multipartite virus D. Polymorphic virus E. Metamorphic virus ```

Answer: C Multipartite virus

2.83 After establishing a TCP session, computers A & B are exchanging data. You use tcpdump to intercept a packet going from A to B. The packet contains the following data: Seq.no. 17768729 (next seq.no. 17768885) Ack.no. 82980070 Window 8700 LEN = 156 bytes of data What are the next sequence and acknowledgement numbers that B will send back to A? A. Sequence number: 82980070 Acknowledgement number: 17768885 B. Sequence number: 17768729 Acknowledgement number: 82980070 C. Sequence number: 87000070 Acknowledgement number: 85320085 D. Sequence number: 82980010 Acknowledgement number: 17768885

Answer: A Sequence number: 82980070 Acknowledgement number: 17768885

2.84 IPSec is a suite of protocols that does all of the following except.. A. Authenticate B. Protect the payload and the headers C. Work at the Data Link layer D. Encrypt

Answer: C Work at the Data Link layer IPSec can work in either AH mode or ESP mode. In the older AH mode, it authenticates the sender and provides an integrity check for the data. ESP mode does all of this, but also adds encryption to the mix to protect the payload as well as the headers (if it’s in Tunnel mode).

2.85 Passive network sniffing can achieve all of the following except which? A. Capturing network traffic for analysis B. Collecting unencrypted information about usernames and passwords C. Modifying and replaying captured network traffic D. Identifying operating systems, services, protocols, and devices

Answer: C Modifying and replaying captured network traffic When you modify and then re-play the traffic back onto the wire, you’ve moved past passive sniffing and now you are doing “active” actions. Passive is merely “watching” and recording, and does not involve sending any traffic.

2.86 Digital signatures must meet which conditions? A. Must be unforgeable and has to be authentic B. Must be unique and have special characters C. Has to be the same number of characters as a physical signature and must be unique D. Has to be legible and neat

Answer: Must be unforgeable and has to be authentic