Day 2 115-151 Flashcards
2.115 A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
A. Paros Proxy
B. BBProxy
C. BBCrack
D. Blooover
B. BBProxy
2.116 What command would you use to show the current TCP/IP connections established?
A.Netstat
B.Net use connection
C.Net use
D.Netsh
A.Netstat
2.117 Which of these security features found on switches works with the DHCP snooping database to prevent man-in-the-middle (MiTM) attacks?
A.Port security
B.Layer 2 Attack Prevention Protocol (LAPP)
C.Spanning Tree
D.Dynamic ARP Inspection (DAI)
D.Dynamic ARP Inspection (DAI)
2.118 Normally SMTP is not encrypted when it sends mail between servers, however, you can upgrade the connection to use a TLS certificate to keep the e-mail secure and encrypted. What is the command to make SMTP transmit email over TLS?
A.FORCETLS
B.STARTTLS
C.UPGRADETLS
D.OPPORTUNISTICTLS
B.STARTTLS
2.119 How is the public key distributed in an orderly, controlled fashion in order that the users can be sure of the sender’s identity?
A.Digital certificate
B.Hash value
C.Private key
D.Digital signature
A.Digital certificate
This one is very tricky! A Digital Signature certainly proves the sender’s identity, but this question is specifically asking about how the public-key is distributed, and digital signatures don’t distribute keys. A Digital Certificate, on the other hand, is your public key signed (verified) by a trusted third-party. You can now distribute your public key to others, and they can verify it’s legitimate by checking the third-party signature.
See why it’s tricky? Focusing on “how is the public key distributed..” gives us the answer (A), even though the process may involve another answer (D).
2.120 With SSL/TLS we use both symmetric and asymmetric cryptography. What is an advantage of this?
A.Asymmetric cryptography is computationally expensive in comparison. However, it’s well suited to securely negotiate keys for use with symmetric cryptography.
B.Symmetric encryption allows the server to securely transmit the session keys out-of-band.
C.Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
D.Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
A.Asymmetric cryptography is computationally expensive in comparison. However, it’s well suited to securely negotiate keys for use with symmetric cryptography.
2.121 Which of these is the plaintext attack used on DES where encrypting the plaintext with one DES key, and then encrypting it again with a second DES key, is no more secure than just using a single key?
A.Replay attack
B.Meet-in-the-middle attack
C.Man-in-the-middle attack
D.Traffic analysis attack
B.Meet-in-the-middle attack
When DES started getting old and less secure, they went to 2DES (double-DES) where they would just encrypt traffic with a DES twice, using two different keys. Unfortunately, the Meet-In-The-Middle attack was able to derive one of the keys, which then essentially reduced it back to single DES again. This is why these days we use 3DES as it avoids this problem.
2.122 Which of these tools will show you (in real time) which ports are in an listening state or some other state?
A.Nmap
B.Loki
C.TCPView
D.Netstat
D.Netstat
This is a tricky one! Nmap can tell you the port states on remote computers and Netstat can show you the port states on your own computer. Since the question doesn’t specify which, we need to look for another clue. The “in real time” phrase helps here. You can have Netstat continuously refresh the information so you can see your port states as they change from state to state, like established, listening, waiting, etc. Try running the command “netstat -an 3”. This says to show the port states, with all the information, and refresh every 3 seconds. Press ctrl+c to cancel.
2.123 Junior admin Bob is configuring a wireless router. He has disabled the SSID broadcast, set the authentication to “open”, and set the SSID to a 32-character string of random numbers and letters. Which is the best assessment of this scenario?
A.Disabling the SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging “security through obscurity”.
B.The router is still vulnerable to wireless hacking attempts, because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.
C.It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association..
D.Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.
C.It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association..
2.124 Which firewall rule would ensure devices on the 192.168.5.0/24 network can only reach a website at 10.10.5.10 using https?
A.if (source matches 192.168.5.0/24 and destination matches 10.10.5.10 and port matches 443) then permit
B.if (source matches 192.168.5.0/24 and destination matches 10.10.5.10 and port matches 80 or 443) then permit
C.If (source matches 10.10.5.10 and destination matches 192.168.5.0/24 and port matches 443) then permit
D.If (sources matches 192.168.5.0 and destination matches 10.10.5.10 and port matches 443) then permit
A.if (source matches 192.168.5.0/24 and destination matches 10.10.5.10 and port matches 443) then permit
2.125 You’re preparing for a security assessment next week. Which of these should you do to determine inconsistencies in the secure assets database and to verify that the system is compliant to the minimum security baseline?
A.Data items and vulnerability scanning
B.Source code review
C.Reviewing the firewalls configuration
D.Interviewing employees and network engineers
A.Data items and vulnerability scanning
2.126 Which of these is a tool that performs a DoS attack against web applications by starving the web server of available sessions? It does this by using continuous POST transmissions and sending large content-length header values.
A.LOIC
B.MyDoom
C.R-U-Dead-Yet? (RUDY)
D.Stacheldraht
A.R-U-Dead-Yet? (RUDY)
MyDoom is a Windows worm that sends junk e-mail. LOIC (Low-Orbit-Ion-Cannon) is a network stress-testing tool that sends many TCP, UDP, and GET requests as part of a botnet doing a DDoS attack. Stacheldraht is another botnet tool for doing DDoS attacks. R.U.D.Y. is a popular low and slow attack tool that is designed to crash a web server by submitting long form fields.
The attack is executed via a DoS tool which browses the target website and detects embedded web forms. Once the forms have been identified, R.U.D.Y. sends a legitimate HTTP POST request with an abnormally long ‘content-length’ header field. By sending numerous small packets, at a very slow rate, R.U.D.Y. creates a massive backlog of application threads, while the long ‘’Content-Length’ field prevent the server from closing the connection. Ultimately, the attack exhausts the targeted server’s connection table, causing the server to crash.
2.127 Which layer-3 protocol would give you end-to-end encryption for FTP traffic?
A.FTPS
B.SFTP
C.SSL
D.IPSec
D.IPSec
First of all, there is only one layer-3 protocol listed here, which is IPSec. If it has “IP” in the name, it’s probably layer 3! Secondly, there are many ways to secure any type of traffic, including FTP. While IPSec is most commonly used to secure VPN traffic, it has many other uses. You can create an IPSec tunnel to securely transmit your FTP traffic.
2.128 A cryptographic hash gives us which of these security services?
A.Message authentication and collision resistance
B.Integrity and computational infeasibility
C.Integrity and collision resistance
D.Integrity and ease of computation
B.Integrity and computational infeasibility
This is another very tricky question! First off, answer A is right out because by itself a hash doesn’t give us message authentication.
All of the rest of the answers could be correct! Integrity is certainly correct, but then we have to choose between computational infeasibility, collision resistance, and ease of computation. Well, we can rule that last one out because ease of computation isn’t really a security service that we look to hashing to fulfill for us.
That leaves us deciding between collision resistance and computational infeasibility. The latter gives us more mileage, because it should be computationally infeasible to A) have a collision, and B) reverse-engineer the original message back out of the message digest. Because this answer provides more services, computational infeasibility slightly wins out here.
2.129 Which of these is a way for a hacker on the outside of a network to move a protected inside host behind a firewall, and that lets the hacker see which ports are open and if the packets can pass through the packet-filtering of the firewall?
A.Network sniffing
B.Session hijacking
C.Firewalking
D.Man-in-the-middle
C.Firewalking
2.130 What’s the difference between RSA and AES?
A.Both are symmetric algorithms, but AES uses 256-bit keys.
B.AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data.
C.Both are asymmetric algorithms, but RSA uses 1024-bit keys.
D.RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
D.RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
2.131 You analyze a suspicious connection from your e-mail server to an unknown IP address, and you determine that this is a security breach. What is the first thing you should do before contacting the incident response team?
A.Disconnect the email server from the network.
B.Leave it be and contact the incident response team right away.
C.Block the connection to the suspicious IP address from the firewall.
D.Migrate the connection to the backup email server.
C.Block the connection to the suspicious IP address from the firewall.
2.132 You want to allow TCP port 80 inbound to your computer. How do you block or allow specific ports within Windows Firewall.
A.This is not possible without installing third-party software, since Windows only allows changing firewall settings for individual applications.
B.The firewall rule must be added from within the application that is using that port.
C.The only way to implement a specific rule like this is to use the “netsh” program on the command-line.
D.A rule matching these requirements can be created in “Windows Firewall with Advanced Security”, located in Control Panel
D.A rule matching these requirements can be created in “Windows Firewall with Advanced Security”, located in Control Panel
2.133 Your application developers have created a 3-tier web application for your customers out on the internet. In which network should you place the Presentation Tier (your front-end web server)?
A.Mesh network
B.Internal network
C.DMZ network
D.Isolated vlan network
C.DMZ network
2.134 Your company’s procedure for creating firewall rules is to have management approval before creating any new rules. You notice a recently created rule in your firewall, but you can’t find any management approval for the rule. What would be a good step to have in your procedures for situations like this?
A.Immediately roll back the firewall rule until a manager can approve it.
B.Don’t roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.
C.Monitor all traffic using the firewall rule until a manager can approve it.
D.Have the network team document the reason why the rule was implemented without prior manager approval.
C.Monitor all traffic using the firewall rule until a manager can approve it.
2.135 What is the name and syntax of the Linux OpenSSL tool that will test TLS by connecting to a web server?
A.openssl s_client -site www.bigcorp.com:443
B.openssl_client -site www.bigcorp.com:443
C.openssl s_client -connect www.bigcorp.com:443
D.openssl_client -connect www.bigcorp.com:443
C.openssl s_client -connect www.bigcorp.com:443
2.136 Which of these encryption algorithm is the fastest?
A.SHA-1
B.SHA-2
C.ECC
D.AES
D.AES
2.137 You are reviewing a suspicious java script, but the code is very hard to understand and all of the code is different from typical java script. What is the technique called that will hide the code and make it take longer to analyze?
A.Encryption
B.Obfuscation
C.Steganography
D.Code encoding
B.Obfuscation
2.138 You want to send Bob an e-mail and make sure it’s encrypted so only he can read it. At what layer of the OSI model does encryption and decryption of e-mails take place?
A.Application
B.Presentation
C.Session
D.Transport
B.Presentation
File encryption and, in this case, e-mail encryption, takes place at layer-6 or the Presentation Layer.
