First 100 Flashcards
(88 cards)
At a Windows Server command prompt, which command could be used to list the running
services?
A.
Sc query type= running
B.
Sc query \servername
C.
Sc query
D.
Sc config
c
Which of the following is optimized for confidential communications, such as bidirectional voice
and video?
A.
RC4
B.
RC5
C.
MD4
D.
MD5
A
The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces
which of the following vulnerabilities?
A.
An attacker,working slowly enough,can evade detection by the IDS.
B.
Network packets are dropped if the volume exceeds the threshold.
C.
Thresholding interferes with the IDS’ ability to reassemble fragmented packets.
D.
The IDS will not distinguish among packets originating from different sources.
a
A person approaches a network administrator and wants advice on how to send encrypted email
from home. The end user does not want to have to pay for any license fees or manage server
services. Which of the following is the most secure encryption protocol that the network
administrator should recommend?
A. IP Security (IPSEC)
B.
Multipurpose Internet Mail Extensions (MIME)
C.
Pretty Good Privacy (PGP)
D.
Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)
C
Which of the following is considered an acceptable option when managing a risk?
A.
Reject the risk.
B.
Deny the risk.
C.
Mitigate the risk.
D.
Initiate the risk.
C
Which of the following countermeasure can specifically protect against both the MAC Flood and
MAC Spoofing attacks?
A.
Configure Port Security on the switch
B.
Configure Port Recon on the switch
C.
Configure Switch Mapping
D.
Configure Multiple Recognition on the switch
a
__________ is found in all versions of NTFS and is described as the ability to fork file data into
existing files without affecting their functionality, size, or display to traditional file browsing utilities
like dir or Windows Explorer
A.
Alternate Data Streams
B.
Merge Streams
C.
Steganography
D.
NetBIOS vulnerability
a
A company is legally liable for the content of email that is sent from its systems, regardless of
whether the message was sent for private or business-related purposes. This could lead to
prosecution for the sender and for the company’s directors if, for example, outgoing email was
found to contain material that was pornographic, racist, or likely to incite someone to commit an
act of terrorism. You can always defend yourself by “ignorance of the law” clause.
A.
true
B.
false
B
Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines
to create or alter SQL commands to gain access to private data or execute commands in the
database. What technique does Jimmy use to compromise a database?
A.
Jimmy can submit user input that executes an operating system command to compromise a
target system
B.
Jimmy can gain control of system to flood the target system with requests,preventing legitimate
users from gaining access
C.
Jimmy can utilize an incorrect configuration that leads to access with higher-than expected
privilege of the database
D.
Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate
a target system
D
Paul has just finished setting up his wireless network. He has enabled numerous security features
such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his
wireless router. Paul notices that when he uses his wireless connection, the speed is sometimes
54 Mbps and sometimes it is only 24Mbps or less. Paul connects to his wireless router’s
management utility and notices that a machine with an unfamiliar name is connected through his
wireless connection. Paul checks the router’s logs and notices that the unfamiliar machine has the
same MAC address as his laptop. What is Paul seeing here?
A.
MAC spoofing
B.
Macof
C.
ARP spoofing
D.
DNS spoofing
A
This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and
the IDS will not spot the true nature of the fully assembled datagram. The datagram is not
reassembled until it reaches its final destination. It would be a processor-intensive task for IDS to
reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the
network. What is this technique called?
A.
IP Routing or Packet Dropping
B.
IDS Spoofing or Session Assembly
C.
IP Fragmentation or Session Splicing
D.
IP Splicing or Packet Reassembly
C
What two things will happen if a router receives an ICMP packet, which has a TTL value of 1, and
the destination host is several hops away? (Select 2 answers)
A.
The router will discard the packet
B.
The router will decrement the TTL value and forward the packet to the next router on the path
to the destination host
C.
The router will send a time exceeded message to the source host
D.
The router will increment the TTL value and forward the packet to the next router on the path to
the destination host.
E.
The router will send an ICMP Redirect Message to the source host
A,C
If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of
business, they just have to find a job opening, prepare someone to pass the interview, have that
person hired, and they will be in the organization.
How would you prevent such type of attacks?
A.
It is impossible to block these attacks
B.
Hire the people through third-party job agencies who will vet them for you
C.
Conduct thorough background checks before you engage them
D.
Investigate their social networking profiles
C
Which of the following LM hashes represents a password of less than 8 characters?
A.
0182BD0BD4444BF836077A718CCDF409
B.
44EFCE164AB921CQAAD3B435B51404EE
C.
BA810DBA98995F1817306D272A9441BB
D.
CEC52EB9C8E3455DC2265B23734E0DAC
E.
B757BF5C0D87772FAAD3B435B51404EE
F.
E52CAC67419A9A224A3B108F3FA6CB6D
B,E
This type of Port Scanning technique splits TCP header into several packets so that the packet
filters are not able to detect what the packets intends to do.
A.
UDP Scanning
B.
IP Fragment Scanning
C.
Inverse TCP flag scanning
D.
ACK flag scanning
B
While investigating a claim of a user downloading illegal material, the investigator goes through
the files on the suspect’s workstation. He comes across a file that is just called “file.txt” but when
he opens it, he finds the following:
What can he infer from this file?
A.
A picture that has been renamed with a .txt extension
B.
An encrypted file
C.
An encoded file
D.
A buffer overflow
D
Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in
order to find some information about the target they are attempting to penetrate. How would you
call this type of activity?
A.
Dumpster Diving
B.
Scanning
C.
CI Gathering
D.
Garbage Scooping
A
Harold is the senior security analyst for a small state agency in New York. He has no other
security professionals that work under him, so he has to do all the security-related tasks for the
agency. Coming from a computer hardware background, Harold does not have a lot of experience
with security methodologies and technologies, but he was the only one who applied for the
position. Harold is currently trying to run a Sniffer on the agency’s network to get an idea of what
kind of traffic is being passed around, but the program he is using does not seem to be capturing
anything. He pours through the Sniffer’s manual, but cannot find anything that directly relates to
his problem. Harold decides to ask the network administrator if he has any thoughts on the
problem. Harold is told that the Sniffer was not working because the agency’s network is a
switched network, which cannot be sniffed by some programs without some tweaking. What
technique could Harold use to sniff his agency’s switched network?
A.
ARP spoof the default gateway
B.
Conduct MiTM against the switch
C.
Launch smurf attack against the switch
D.
Flood the switch with ICMP packets
A
Anonymizer sites access the Internet on your behalf, protecting your personal information from
disclosure. An anonymizer protects all of your computer’s identifying information while it surfs for
you, enabling you to remain at least one step removed from the sites you visit.
You can visit Web sites without allowing anyone to gather information on sites visited by you.
Services that provide anonymity disable pop-up windows and cookies, and conceal visitor’s IP
address.
These services typically use a proxy server to process each HTTP request. When the user
requests a Web page by clicking a hyperlink or typing a URL into their browser, the service
retrieves and displays the information using its own server. The remote server (where the
requested Web page resides) receives information on the anonymous Web surfing service in
place of your information.
In which situations would you want to use anonymizer? (Select 3 answers)
A.
Increase your Web browsing bandwidth speed by using Anonymizer
B.
To protect your privacy and Identity on the Internet
C.
To bypass blocking applications that would prevent access to Web sites or parts of sites that
you want to visit.
D.
Post negative entries in blogs without revealing your IP identity
B,C,D
Which Windows system tool checks integrity of critical files that has been digitally signed by
Microsoft?
A.
signverif.exe
B.
sigverif.exe
C.
msverif.exe
D.
verifier.exe
B
Botnets are networks of compromised computers that are controlled remotely and surreptitiously
by one or more cyber criminals. How do cyber criminals infect a victim’s computer with bots?
(Select 4 answers)
A.
Attackers physically visit every victim’s computer to infect them with malicious software
B.
Home computers that have security vulnerabilities are prime targets for botnets
C.
Spammers scan the Internet looking for computers that are unprotected and use these “opendoors” to install malicious software
D.
Attackers use phishing or spam emails that contain links or attachments
E.
Attackers use websites to host the bots utilizing Web Browser vulnerabilities
B,C,D,E
Jack Hacker wants to break into Brown Co.’s computers and obtain their secret double fudge
cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator
from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to
verify her password with him ”just to double check our records.” Jane does not suspect anything
amiss, and parts with her password. Jack can now access Brown Co.’s computers with a valid
user name and password, to steal the cookie recipe. What kind of attack is being illustrated here?
A.
Reverse Psychology
B.
Reverse Engineering
C.
Social Engineering
D.
Spoofing Identity
E.
Faking Identity
C
What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?
A.
The ethical hacker does not use the same techniques or skills as a cracker.
B.
The ethical hacker does it strictly for financial motives unlike a cracker.
C.
The ethical hacker has authorization from the owner of the target.
D.
The ethical hacker is just a cracker who is getting paid.
C
The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the
security breaches before a cracker does. There is nothing that says that a cracker does not get
paid for the work he does,a ethical hacker has the owners authorization and will get paid even if
he does not succeed to penetrate the target.
How do you defend against ARP Spoofing? Select three.
A.
Use ARPWALL system and block ARP spoofing attacks
B.
Tune IDS Sensors to look for large amount of ARP traffic on local subnets
C.
Use private VLANS
D.
Place static ARP entries on servers,workstation and routers
A,C,D
ARPwall is used in protecting against ARP spoofing.
Incorrect answer:
IDS option may works fine in case of monitoring the traffic from outside the network but not from
internal hosts.