Questions

Question 1

How can you tell a UDP port is closed on a target IP?

Answer 1

Returns ICMP_PORT_UNREACHABLE

Question 2

What is a socket?

Answer 2

The combination of the IP address of the station and a port number

Question 3

What is a packet (RFC 1594 definition)

Answer 3

Self contained independent entity of data
Carries sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between source/destination computer and the transporting network

Question 4

What is a hash function

Answer 4

One way mathematical function

Can’t calculate input from the result

Question 5

What does !X mean in trace route output?

Answer 5

Communication administratively prohibited

Question 6

What is a zone?

Answer 6

A point of delegation in the DNS tree. Contains all the names from a certain point downward except those which are delegated to other zones

Question 7

How can you tell a TCP port is open on a target IP?

Answer 7

The target returns SYN/ACK

Question 8

Ports 135 139 and 445 are open. What’s the best guess at the OS

Answer 8

Windows 2000 or later (port 445 is 2k+)

Question 9

What do some firewalls try to limit by enforcing rules on how long get and post requests can be

Answer 9

Buffer overflow attacks

Question 10

What happens if you digitally sign and inject a footer on an email message in the wrong order

Answer 10

The footer will invalidate the signature

Question 11

Does the sasser worm only attack hosts running the MSSQL server

Answer 11

No

MS04-011
Starts an FTP server
Generates a list of IP addresses to target based on the hosts IP addresses
Modifies the registry so it runs on system startup

Question 12

What malware exploits XSS vulnerability and was developed to propagate over MySpace?

Answer 12

Samy

Question 13

What RPC program number represents ttdbserverd

Answer 13

100083

Question 14

What weak reversible cipher can be used by Cisco routers to encrypt passwords?

Answer 14

Type 7

Question 15

What is RIPv1 authentication method

Answer 15

Does not support authentication of messages

Routing information protocol

Allowed via insecure plaintext password or an MD5 hash for version 2

Question 16

Key size for DES

Answer 16

56

Question 17

IPSec 4 main attribute classes

Answer 17

Encryption algorithm
Hash algorithm
Authentication method
Diffie-Hellman group

Question 18

What is click jacking

Answer 18

An attacker tricks a user into performing actions on a website by hiding clickable elements in an invisible iframe

Question 19

What command displays the group membership for the current user, type of account, SID and attributes?

Answer 19

Whoami /groups

Question 20

Http status code 407

Answer 20

Proxy authentication required

Question 21

WEP uses a integrity check value (ICV) what attack would an attack be trying to achieve submitting a packet without an ICV

Answer 21

It will allow the attacker to derive the key stream

Question 22

SSH server version 1.99 supports which versions of SSH

Answer 22

Versions 1 and 2

Question 23

What is 0x0100 in an sql server password?

Answer 23

Padding, the salt value is placed after this padding

Question 24

RPORT 10,2,0,2,10,10

Answer 24

10.2.0.2 is the IP address of the client

10,10 must be converted to hex then to binary then to decimal to get the TCP port number

Question 25

RealVNC 4.1.1 is vulnerable to what attack

Answer 25

Type 1 authentication can be specified to disable authentication

Question 26

How many secret bits in a 128 bit WEP key

Answer 26

104

Question 27

TCP ports 135 and 139 open on a server. What's the best guess at the OS

Answer 27

Windows NT 4 or later

Question 28

ArcServe 5.11 is vulnerable to which attack

Answer 28

Stack based buffer overflow causing custom code to run in the processes current context

Question 29

What ports must be open on a firewall to allow IKE VPN to function

Answer 29

UDP 500, protocol 50 & 51

Question 30

What responds to an nap fin scan -sF with FIN/ACK

Answer 30

Solaris AIX HPUX Linux

Question 31

SNMP MIB 55 and 53 meaning

Answer 31

53 copies from router to the server (to the device) | 55 from the server to the router (from the device)

Question 32

Correct sequence to send SMTP mail

Answer 32

``` Help Mail from Rcpt to Subject Data ```

Question 33

Where does record route (ping -r) store the list of hops

Answer 33

In the IP header

Question 34

What device has a TTL of 255

Answer 34

Cisco

Question 35

TTL of 64

Answer 35

Linux kernel 2.4 and 2.6 Googles customised Linux Free BSD

Question 36

TTL of 128

Answer 36

Windows XP | Windows 7, vista and server 08

Question 37

TCP window size 65535

Answer 37

Free BSD | Windows XP

Question 38

TCP window size 5840

Answer 38

Linux kernel 2.4 and 2.6

Question 39

TCP window size 5720

Answer 39

Googles customised Linux

Question 40

TCP window size 8192

Answer 40

Windows 7, vista and server 08

Question 41

TCP window size 4128

Answer 41

Cisco

Question 42

Mtu max transmission unit for a PPoE point to point over Ethernet network device

Answer 42

1492

Question 43

What is used for authentication in a Microsoft active directory domain

Answer 43

RADIUS

Question 44

What is the purpose of LDAP

Answer 44

A central point for user management

Question 45

What is a method of managing the flow of network traffic by allowing or denying traffic based on ports protocols and addresses

Answer 45

Firewall rules

Question 46

What is the best choice to prevent intrusions on a individual computer

Answer 46

Host based firewall

Question 47

An organisation has a web security gateway installed. What function is this performing

Answer 47

Content filtering

Question 48

What can you do to ensure the WPA signal doesn't reach outside the building it is installed in

Answer 48

Decrease the power level

Question 49

What protocol did WEP implement incorrectly allowing it to be cracked

Answer 49

RC4

Question 50

What authentication method can provide centralised authentication for a wireless network

Answer 50

RADIUS

Question 51

What can you use to prevent company employees connecting their personal devices to the wireless network

Answer 51

MAC filtering

Question 52

If you want to segment wireless users from each other on a hotspot what should you use

Answer 52

Isolation mode

Question 53

What type of attack starts on a virtual system but can affect the physical host

Answer 53

VM escape

Question 54

What is the difference between a worm and a virus

Answer 54

A worm is self replicating a virus is not

Question 55

What type of malware is installed with USB drives

Answer 55

Trojans

Question 56

A process running on a system has system level access to the OS kernel. It has modified system files. What best describes this behaviour

Answer 56

Root kit

Question 57

Where would a security specialist look for a hooked process

Answer 57

RAM

Question 58

What will protect against a SYN attack

Answer 58

Flood guard

Question 59

An IDS detected a NOP sled. What does this indicate

Answer 59

Buffer overflow A NOP sled makes the target address bigger so the code can jump anywhere in the sled not only at the beginning of the injected code. (No-OPeration)

Question 60

What provides fault tolerance through disk mirroring

Answer 60

RAID 1 | Or disk mirroring is the technique of writing the same data to more than one disk drive

Question 61

What can remove a server as a single point of failure

Answer 61

Clustering Allows computers to work together as a computer cluster to provide failover and increased availability of applications (also parallel calculating power)

Question 62

Which encryption algorithm uses prime numbers to generate keys

Answer 62

RSA algorithm

Question 63

What is CRL

Answer 63

Certificate revocation list | List of certificates that have been revoked/ compromised and should therefore no longer be trusted

Question 64

How many bits in an IPv6 address

Answer 64

128

Question 65

IPv6 loop back address

Answer 65

Ff00:0000:0000:0000:0000

Question 66

Which algorithm is used to store cached windows domain credentials

Answer 66

MS-CACHE

Question 67

What is the purpose of port 111

Answer 67

Portmapper | To allow the lookup of RPC services that bind to dynamic ports

Question 68

What key size is recommended as minimum for a new ssl certificate

Answer 68

2048 bits

Question 69

If nap shows a port as open/filtered what does this mean

Answer 69

UDP port | Has been filtered or is listening but not responding

Question 70

Which part of an IP header contains the source and destination IP addresses

Answer 70

The next 8 bytes/ two rows of the header After the first 12 bytes/ top 3 rows of the header

Question 71

What does an ICMP smurf/packet magnification attack result in

Answer 71

A dos condition due to an attacker sending forged ICMP packets to vulnerable networks multicast addresses resulting in all systems on those networks sending ICMP Echo replies to the broadcast address

Question 72

Ping of death is what

Answer 72

ICMP Echo request larger than the maximum IP packet size is sent. This results in a fragmented message that the target system is unable to reassemble causing the OS to crash

Question 73

Http code 307

Answer 73

Address changed temporarily

Question 74

What vulnerability allows an attack to take control of an IIS we server from the Internet through a firewall

Answer 74

Microsoft server message block vulnerability

Question 75

Http code 413

Answer 75

Request entity too large

Question 76

What layer of the osi model is IPv4 considered to be at

Answer 76

Layer 3 network

Question 77

What osi later are TCP and udp considered to be at

Answer 77

Layer 4, transport

Question 78

What is an any cast address

Answer 78

A group of addresses where packets are delivered to only one member within the any cast group