Day 2 87-114

Question 1

2.87 Which technique can reveal the OS of your target system?

A. UDP scanning
B. IDLE/IPID scanning
C. Banner grabbing
D. SSDP scanning

Answer 1

Answer: C Banner grabbing

Question 2

2.88 Choose the best way to protect against network traffic sniffing.

A. Use static IP addresses.
B. Use encryption protocols to secure network communications.
C. Register all machine’s MAC addresses into a centralized database.
D. Restrict physical access to server rooms hosting critical servers.

Answer 2

Answer: B. Use encryption protocols to secure network communications.

Question 3

2.89 Which protocol can secure communications between two devices using a VPN?

A. SET
B. PEM
C. IPSEC
D. PPP

Answer 3

Answer: C. IPSEC

Question 4

2.90 Which component of IPSEC performs the functions necessary to encrypt & decrypt packets?

A. IPsec driver
B. Internet Key Exchange (IKE)
C. IPsec Policy agent
D. Oakley

Answer 4

Answer: B. Internet Key Exchange (IKE)

Question 5

2.91 Your junior admin states that your company doesn’t need a DMZ if the firewall is configured to only allow access to servers and ports that can have direct internet access, and access to workstations is blocked. He says that a DMZ is only needed when a stateful firewall is used, and since your company only uses a stateless firewall, you don’t need a DMZ. Which is the true statement here:

A. He is completely wrong. A DMZ is always relevant when the company has internet servers and workstations.
B. He is partially right. You don’t need to separate networks if you can create rules by destination IP’s, one by one.
C. He is partially right. DMZ does not make sense when a stateless firewall is available.
D. He can be right since a DMZ does not make sense when combined with stateless firewalls.

Answer 5

Answer: A. He is completely wrong. A DMZ is always relevant when the company has internet servers and workstations.

Your junior admin needs more training. ANY time you let outside traffic in, you restrict it to the DMZ only. For example, if you employ answer B and only allow outside traffic to one IP, what if that server gets compromised? The attacker could then pivot and attack the rest of the network. By restricting outside traffic to the DMZ only, any compromise can’t reach the internal LAN.

Question 6

2.92 Your admins and managers at your branch offices often plug in to the various ethernet ports at those offices. You don’t want regular employees to use these wired ethernet ports though. What is the BEST way to restrict access to these ethernet ports to only admins and authorized individuals?

A. Ask everyone else to only use the wireless network.
B. Disable unused ports in the switches.
C. Separate employees into a different VLAN.
D. Use the 802.1x protocol.

Answer 6

Answer: D. Use the 802.1x protocol.

With 802.1x you can control access to the network by authorizing only specific user accounts to access these ports.

Question 7

2.93 What’s the best way to protect the data on your laptop while traveling?

A. Password protected files
B. Disk encryption
C. BIOS encryption
D. Hidden folders

Answer 7

Answer: B. Disk encryption

Question 8

2.94 At which layer of the OSI model do sniffers operate?

A. Layer 1
B. Layer 2
C. Both layer 2 & Layer 3
D. Layer 3

Answer 8

Answer: B. Layer 2

Sniffers usually work at layer 2 of the OSI model. Your NIC grabs frames off the wire. While it’s true that you can then see all the upper layer protocols, the “grabbing” of packets works via your NIC, which is layer 2. There are other types of sniffers like network-taps that operate at layer 1, but most commonly sniffing occurs at layer 2.

Question 9

2.95 SSL, IKE, and PGP are examples of which kind of cryptography?

A. Digest
B. Hash algorithm
C. Public Key
D. Secret Key

Answer 9

Answer: C. Public Key

Question 10

2.96 With one method of cryptanalysis, an attacker is able to make a bunch of interactive queries, and then choose subsequent plaintexts based on the previous encryption results. Which type of crypto-attack is this describing?

A. Chosen-plaintext attack
B. Ciphertext-only attack
C. Known-plaintext attack
D. Adaptive chosen-plaintext attack

Answer 10

Answer: D. Adaptive chosen-plaintext attack

Question 11

2.97 Which device can locate a rogue access point?

A. WIPS
B. WISS
C. NIDS
D. HIDS

Answer 11

Answer: A. WIPS

Question 12

2.98 A hacker sets up a rogue wireless access point that appears to be a legitimate company WAP. Then the attacker tricks users into connecting to it so he can snoop on the victim’s communications. What type of attack is this?

A. Sinkhole attack
B. Collision attack
C. Signal jamming attack
D. Evil Twin attack

Answer 12

Answer: D. Evil Twin attack

Question 13

2.99 There is a critical flaw with the OpenSSL cryptographic library. This flaw allows an attacker to break the encryption on data protected by the SSL/TLS encryption used to secure internet sites. What is this vulnerability called?

A. POODLE
B. Shellshock
C. Heartbleed Bug
D. SSL/TLS Renegotiation Vulnerability

Answer 13

Answer: C. Heartbleed Bug

Question 14

2.100 Hacker Joe used a rogue WAP to do a MiTM attack, where he injected malicious HTTP code whenever users accessed web pages. Which tool is Hacker Joe most likely using to inject the HTML code?

A. Aircrack-ng
B. Ettercap
C. TCPDump
D. Wireshark

Answer 14

Answer: B. Ettercap

TCPDump and Wireshark are protocol analyzers that let you inspect traffic, but they’re not for modifying traffic. Aircrack-ng is a wireless tool that can monitor the wireless network, crack the encryption and authentication, and do other useful wireless activities.

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

Question 15

2.101 Which of these Secure Hashing Algorithms (SHA) resembles MD5 and produces a 160-bit message digest?

A. SHA-0
B. SHA-1
C. SHA-2
D. SHA-3

Answer 15

Answer: B. SHA-1

Question 16

2.102 The network admin for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS.

Which type of certificate is used to encrypt and decrypt the data?

A. Non-confidential
B. Asymmetric
C. Symmetric
D. Confidential

Answer 16

Answer: B. Asymmetric

While symmetric keys are used to encrypt the session data, they are not contained in a certificate. Here, the “data” they are talking about must be the session key itself, which is encrypted by the recipient’s public key certificate, which is asymmetric.

Question 17

2.103 What should you do when you discover that your web server is being hacked?

A. Unplug the network connection on the company’s web server.
B. Determine the origin of the attack and launch a counterattack.
C. Record as much information as possible from the attack.
D. Perform a system restart on the company’s web server

Answer 17

Answer: C. Record as much information as possible from the attack.

Question 18

2.104 Which option below is the best choice to protect against privilege escalation?

A. Patch systems regularly and upgrade interactive login privileges at the system administrator level.

B. Run administrator and applications on least privileges and use a content registry for tracking.

C. Run services with least privileged accounts and implement multi-factor authentication and authorization.

D. Review user roles and administrator privileges for maximum utilization of automation services.

Answer 18

Answer: C. Run services with least privileged accounts and implement multi-factor authentication and authorization.

Question 19

2.105 Which is a common vulnerability that commonly exposes sensitive information on Windows file servers?

A. Cross-site scripting
B. SQL injection
C. Missing patches
D. CRLF injection

Answer 19

Answer: C. Missing patches

Question 20

2.106 Which process determines how well a company complies with its own security policy?

A. Vulnerability assessment
B. Penetration testing
C. Risk assessment
D. Security auditing

Answer 20

Answer: D. Security auditing

Question 21

2.107 Which of these would be two-factor authentication?

A. USB token and PIN
B. Fingerprint scanner and retina scanner
C. Password and PIN
D. Account and password

Answer 21

Answer: A. USB token and PIN

Question 22

2.108 What should your data custodian do to verify that all the data on a backup tape can be recovered?

A. Restore a random file.
B. Perform a full restore.
C. Read the first 512 bytes of the tape.
D. Read the last 512 bytes of the tape

Answer 22

Answer: B. Perform a full restore.

Question 23

2.109 What port number is used by Kerberos protocol?

A. 88
B. 44
C. 487
D. 419

Answer 23

Answer: A. 88

Question 24

2.110 What is the hexadecimal value of NOP-SLED in a buffer overflow?

A. 0x60
B. 0x80
C. 0x70
D. 0x90

Answer 24

Answer: D. 0x90

Question 25

2.111 Which best describes how companies should protect themselves with policies regarding employee surveillance activities?

A. Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

B. Employers use informal verbal communication channels to explain employee monitoring activities to employees.

C. Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

D. Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Answer 25

Answer: D. Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Question 26

2.112 What are the short concrete or metal poles called in front of a building that prevent you from driving through an area, while at the same time allowing foot traffic through?

A. Speed bumps
B. Bollards
C. Pillars
D. Block posts

Answer 26

Answer: B. Bollards

Question 27

2.113 An example of a detective control would be?

A. Smart card authentication
B. Security policy
C. Audit trail
D. Continuity of operations plan

Answer 27

Answer: C. Audit trail

Question 28

2.114 In order to get your employees to accept your new policies, who else must support them?

A. coworkers.
B. executive management.
C. the security officer.
D. a supervisor.

Answer 28

Answer: B. executive management.