Incorrect Answers

Question 1

What is a Cavity Virus?

Answer 1

A cavity virus attempts to install itself inside of the file it is infecting.

Question 2

What is an Insider Affiliate

Answer 2

Somebody who is contracted to work for the company and through social engineering gains access from an actual employee.

Question 3

What does Set type=ns do?

Answer 3

It uses nslookup to query Domain Name Service (DNS).

Question 4

What does this command do? >host -t a hackeddomain.com

Answer 4

Looks for IP addresses. Perameter -t a

Question 5

What is this image?

Answer 5

The Hacker first attempted logins with suspected user names, then used SQL Injection to gain access to valid bank login IDs.

Question 6

In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?

Answer 6

EIP - EIP is a register in x86 architectures (32bit). It holds the “Extended Instruction Pointer” for the stack. In other words, it tells the computer where to go next to execute the next command and controls the flow of a program.

Question 7

Splint is a source code analyzer that is capable of detecting a _____

Answer 7

Buffer Overflow

Question 8

Attackers craft malicious probe packets and scan for services such as HTTP over SSL (HTTPS), SMTP over SSL (SMPTS) and IMAP over SSL (IMAPS) to detect honeypots in a network. Which of the following condition shows the presence of a honeypot?

Answer 8

Ports show a particular service running but deny a three-way handshake connection

Question 9

What is this 0xFFFFFFFFFFFF

Answer 9

A destination MAC address of a broadcast frame.

Question 10

Which of the following is a characteristic of Public Key Infrastructure (PKI)?

Answer 10

Public-key cryptosystems distribute public-keys within digital signatures.

Question 11

How will you stop web spiders from crawling certain directories on your website?

Answer 11

Place robots.txt file in the root of your website with listing of directories that you don’t want to be crawled

Question 12

How do you ensure if the e-mail is authentic and sent from fedex.com?

Answer 12

Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all

Question 13

What is true about ICMP flood

Answer 13

Question 14

How do you defend against DHCP Starvation attack?

Answer 14

Enable DHCP snooping on the switch

Question 15

A covert channel is a channel that:

Answer 15

transfers information over, within a computer system, or network that is outside of the security policy.

Question 16

Trojan horse attacks pose one of the most serious threats to computer security. Which are the easiest and most convincing ways to infect a computer?

Answer 16

Legitimate “shrink-wrapped” software packaged by a disgruntled employee

Question 17

Which of the following types of firewalls ensures that the packets are part of the established session?

Answer 17

Stateful inspection firewall

Question 18

Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Which of the following command can be used in UNIX environment to enumerate the shared directories on a machine?

Answer 18

showmount

Question 19

In the context of Trojans, what is the definition of a Wrapper?

Answer 19

A tool used to bind the Trojan with a legitimate file

Question 20

You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions. Which command-line utility are you most likely to use?

Answer 20

Grep

Question 21

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

Answer 21

False Positive

Question 22

Firewall implementation and design for an enterprise can be a daunting task. Choices made early in the design process can have far-reaching security implications for years to come. Which of the following firewall architecture is designed to host servers that offer public services?

Answer 22

Screened subnet

Question 23

As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?

Answer 23

tcp.port eq 25

Question 24

Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all origins and using some thresholds. In concept, the solution developed by Bob is actually:

Answer 24

Just a network monitoring tool

Question 25

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a scanned port is open, what happens?

Answer 25

The port will send a SYN

Question 26

Which of the following scan only works if the operating system’s TCP/IP implementation is based on RFC 793?

Answer 26

NULL Scan

Question 27

Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Which of the following command can be used in UNIX environment to enumerate the shared directories on a machine?

Answer 27

showmount

Question 28

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

Answer 28

Use encrypted communications protocols to transmit PII

Question 29

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named “nc.” The FTP server’s access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server’s software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible?

Answer 29

Directory traversal

Question 30

Splint is a source code analyzer that is capable of detecting a ______

Answer 30

Buffer Overflow

Question 31

What is the least important information when you analyze a public IP address in a security alert?

Answer 31

ARP Address Resolution Protocol

Question 32

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

Answer 32

Internet Firewall/Proxy log

Question 33

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

Answer 33

Maltego

Question 34

Which is the first step followed by Vulnerability Scanners for scanning a network?

Answer 34

Checking if the remote host is alive

Question 35

You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs. – 192.168.8.0/24. What command you would use?

Answer 35

wireshark –capture –local –masked 192.168.8.0 –range 24

Question 36

Firewalls are categorized into two; namely hardware firewall and software firewall. Identify the correct statement for a software firewall.

Answer 36

Software firewall is placed between the normal application and the networking components of the operating system

Question 37

Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data. Which of the following steganography technique embed secret message in the frequency domain of a signal?

Answers

Answer 37

Transform domain techniques

Question 38

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

Answer 38

openssl s_client –connect www.website.com:443

Question 39

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

Answer 39

Snort

Question 40

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

Answer 40

The password file does not contain the passwords themselves.

Question 41

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Answer 41

Transport layer port numbers and application layer headers

BB

Question 42

During a black-box pen test you attempt to pass IRC traffic (Internet Relay Chat) over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Answer 42

Application

Question 43

Which of the following act in the united states officially crimalised the transmition of unsolicitated commercial email (SMAPM)

Answer 43

2004 CANSPAM Act

Question 44

What is the step after footrpinting?

Answer 44

Scanning

Question 45

What is LACNIC

Answer 45

A directory where you can find IP addresses.

Question 46

In Ping what does -f -l mean?

Answer 46

• f = Do not fragment
• l Payload size

Question 47

In the C++ Object-oriented programming language, which of these situations can result in a buffer overflow?

Answer 47

When a program returns an incorrect output

Question 48

What’s stack smashing?

Answer 48

A buffer overflow that overwrites the return address

Question 49

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

Answer 49

TCP

Question 50

Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data. Which of the following steganography technique embed secret message in the frequency domain of a signal?

Answer 50

Transform Domain Techniques

Question 51

Which of these is the best defense against a buffer overflow attack?

Answer 51

Write Secure Code

Question 52

Which Port is NETBios?

Answer 52

137

Question 53

What systems might night respond to xmas scan?

Answer 53

Windows Server, Cisco.

Question 54

Which ICMP message types are used for destination unreachables?

Answer 54

3

Question 55

how many blocks in LM Hash

Answer 55

7 blocks

Question 56

WHat are the phases of system hacking

Answer 56

Gaining Access

Escelation of Privalge

Execute applications

Maintain Access

Clear tracks

page 164

Question 57

Where are hashes stored on microsoft

Answer 57

SAM file - system 32 /

config,

Question 58

What hash algrythem does LM hash and NTLM hash use

Answer 58

MD4

Question 59

What encryption algorythem does LM and NTLM Hash use

Answer 59

LM = DES 56bit

NTLM

= Triple 3DES - 112 bit

Question 60

What tool can you use to crack hashes

Answer 60

hashkiller.co.uk

hashsuite

Question 61

WHat are dif types of hacking

Answer 61

Non Electronic

Active Online Attacks

Passive Online Attacks

Offline Attacks

Question 62

Types of root kits

Answer 62

pg 193

Question 63

What is SynStealth also known as

Answer 63

Half Open scan

Question 64

What protocoal would be used to guess sequance number

Answer 64

TCP

Question 65

Encrypted message cycle with PKI

Answer 65

Create a hash of message, Encrypt hash with private key, Encrypt message iwth Recipients public key.

Question 66

Where are failed log in attempts logged in Linux

Answer 66

btmp

Question 67

What is a layer 3 limited broadcast address

Answer 67

255.255.255.255