Test 3 Main 3.0

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use? A. -sO B. -sP C. -sS D. -sU

-sO (Protocol scan)

NO.10 A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it? A. The password file does not contain the passwords themselves. B. He can open it and read the user ids and corresponding passwords. C. The file reveals the passwords to the root user only. D. He cannot read it because it is encrypted.

A. The password file does not contain the password themselves

Which of the following represents the initial two commands that an IRC client sends to join an IRC network? A. USER, NICK B. LOGIN, NICK C. USER, PASS D. LOGIN, USER

A. USER, NICK

An NMAP scan of a server shows port 69 is open. What risk could this pose? A. Unauthenticated access B. Weak SSL version C. Cleartext login D. Web portal data leak

A. Unauthenticated access

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks? A. Whisker B. tcpsplice C. Burp D. Hydra

A. Whisker

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach? A. Install Cryptcat and encrypt outgoing packets from this server. B. Install and use Telnet to encrypt all outgoing traffic from this server. C. Use Alternate Data Streams to hide the outgoing packets from this server. D. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.

A. encrypt the outgoing packets to make them undetectable to IDS

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? Select the best answers. A. SNMPUtil B. SNScan C. SNMPScan D. Solarwinds IP Network Browser E. NMap

ABD

Which of the following tools can be used to perform a zone transfer? A. NSLookup B. Finger C. Dig D. Sam Spade E. Host F. Netcat G. Neotrace

ACDE

Which of the following are well known password-cracking programs? A. L0phtcrack B. NetCat C. Jack the Ripper D. Netbus E. John the Ripper

AE

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? A. NMAP -PN -A -O -sS 192.168.2.0/24 B. NMAP -P0 -A -O -p1-65535 192.168.0/24 C. NMAP -P0 -A -sT -p0-65535 192.168.0/16 D. NMAP -PN -O -sS -p 1-1024 192.168.0/8

B.

Which of the following commands runs snort in packet logger mode? A. ./snort -dev -h ./log B. ./snort -dev -l ./log C. ./snort -dev -o ./log D. ./snort -dev -p ./log

B.

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze? A. Event logs on the PC B. Internet Firewall/Proxy log C. IDS log D. Event logs on domain controller

B.

Which type of sniffing technique is generally referred as MiTM attack? A. Password Sniffing B. ARP Poisoning C. Mac Flooding D. DHCP Sniffing

B. ARP Poisoning

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations? A. Certificate issuance B. Certificate validation C. Certificate cryptography D. Certificate revocation

B. Certificate Validation

Which of the following act requires employer's standard national numbers to identify them on standard transactions? A. SOX B. HIPAA C. DMCA D. PCI-DSS

B. HIPPA

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network? A. Fraggle B. MAC Flood C. Smurf D. Tear Drop

B. MAC Flood

Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them? A. Detective B. Passive C. Intuitive D. Reactive

B. Passive IDS cant stop threats

Why should the security analyst disable/remove unnecessary ISAPI filters? A. To defend against social engineering attacks B. To defend against webserver attacks C. To defend against jailbreaking D. To defend against wireless attacks

B. To defend against Webserver attacks

What does a type 3 code 13 represent? (Choose two.) A. Echo request B. Destination unreachable C. Network unreachable D. Administratively prohibited E. Port unreachable F. Time exceeded

BD

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem? A. Disable unused ports in the switches B. Separate students in a different VLAN C. Use the 802.1x protocol D. Ask students to use the wireless network

C.

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common? A. All are hacking tools developed by the legion of doom B. All are tools that can be used not only by hackers, but also security personnel C. All are DDOS tools D. All are tools that are only effective against Windows E. All are tools that are only effective against Linux

C. All are DDoS tools

Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address. What is the first thing that Nedved needs to do before contacting the incident response team? A. Leave it as it Is and contact the incident response team right away B. Block the connection to the suspicious IP Address from the firewall C. Disconnect the email server from the network D. Migrate the connection to the backup email server

C. Disconnect the email server from the network

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them? A. Cross-site scripting B. SQL injection C. Missing patches D. CRLF injection

C. Missing patches are a common vulnerability for Windows file servers

Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm? A. SHA-2 B. SHA-3 C. SHA-1 D. SHA-0

C. SHA-1

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF? A. Omnidirectional antenna B. Dipole antenna C. Yagi antenna D. Parabolic grid antenna

C. Yagi antenna but I have no idea why

What does the following command in netcat do? nc -l -u -p55555 < /etc/passwd A. logs the incoming connections to /etc/passwd file B. loads the /etc/passwd file to the UDP port 55555 C. grabs the /etc/passwd file when connected to UDP port 55555 D. deletes the /etc/passwd file when connected to the UDP port 55555

C. grabs the /etc/passwd file when connected to UDP port 55555

What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hours to restore OS and Software and needs further 4 hours to restore the database from the last backup to the new hard disk? Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%). A. $440 B. $100 C. $1320 D. $146

D.

An NMAP scan of a server shows port 25 is open. What risk could this pose? A. Open printer sharing B. Web portal data leak C. Clear text authentication D. Active mail relay

D. Active mail relay

What is GINA? A. Gateway Interface Network Application B. GUI Installed Network Application CLASS C. Global Internet National Authority (G-USA) D. Graphical Identification and Authentication DLL

D. Graphical Identification and Authentication DDL

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this? A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer. B. He can send an IP packet with the SYN bit and the source address of his computer. C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch. D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

D. If he sends the IP packet to the switch with the ACK bit and the source address of his machine he can trick the switch into thinking he already has an established session

What tool can crack Windows SMB passwords simply by listening to network traffic? A. This is not possible B. Netbus C. NTFSDOS D. L0phtcrack

D. L0phtcrack

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products? A. Microsoft Security Baseline Analyzer B. Retina C. Core Impact D. Microsoft Baseline Security Analyzer

D. MBSA

Why would an attacker want to perform a scan on port 137? A. To discover proxy servers on a network B. To disrupt the NetBIOS SMB service on the target host C. To check for file and print sharing on Windows systems D. To discover information about a target host using NBTSTAT

D. NBTSTAT is information via NetBIOS which is on port 137

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c What is the hexadecimal value of NOP instruction? A. 0x60 B. 0x80 C. 0x70 D. 0x90

D. NOP sled of 200 bytes is 0x90

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is A. OWASP is for web applications and OSSTMM does not include web applications B. OSSTMM is gray box testing and OWASP is black box testing. C. OWASP addresses controls and OSSTMM does not. D. OSSTMM addresses controls and OWASP does not.

D. OSSTMM addresses controls and OWASP does not

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers? A. tcp.port != 21 B. tcp.port = 23 C. tcp.port ==21 D. tcp.port ==21 || tcp.port ==22

D. Port 21 FTP and Port 22 SSH can be used for zone transfers

If an attacker uses the command SELECT*FROM user WHERE name = 'x' AND userid IS NULL; --'; which type of SQL injection attack is the attacker performing? A. End of Line Comment B. UNION SQL Injection C. Illegal/Logically Incorrect Query D. Tautology

D. Tautology

What is the following command used for? net use \targetipc$ "" /u:"" A. Grabbing the etc/passwd file B. Grabbing the SAM C. Connecting to a Linux computer through Samba. D. This command is used to connect as a null session E. Enumeration of Cisco routers

D. This command is used to connect as a null session

Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol would you implement? A. TACACS+ B. DIAMETER C. Kerberos D. RADIUS

D. You would use RADIUS

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective? A. Block port 25 at the firewall. B. Shut off the SMTP service on the server. C. Force all connections to use a username and password. D. Switch from Windows Exchange to UNIX Sendmail. E. None of the above.

E. None of the above can be done

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester? A. Terms of Engagement B. Project Scope C. Non-Disclosure Agreement D. Service Level Agreement

A.

Which of the following describes the characteristics of a Boot Sector Virus? A. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR C. Modifies directory table entries so that directory entries point to the virus code instead of the actual program D. Overwrites the original MBR and only executes the new virus code

A.

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data? A. Asymmetric B. Confidential C. Symmetric D. Non-confidential

A. Asymmetric

If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation? A. Civil B. International C. Criminal D. Common

A. Civil

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server. What should the administrator do next? A. Configure the firewall to allow traffic on TCP ports 53 and UDP port 53. B. Configure the firewall to allow traffic on TCP ports 80 and UDP port 443. C. Configure the firewall to allow traffic on TCP port 53 D. Configure the firewall to allow traffic on TCP port 8080.

A. DNS port needs to be open

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called? A. Fuzzy-testing the code B. Third party running the code C. Sandboxing the code D. String validating the code

A. Fuzzy-testing the code

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe? A. Hire a security consultant to provide direction. B. Do not back up cither the credit card numbers or then hashes. C. Back up the hashes of the credit card numbers not the actual credit card numbers. D. Encrypt backup tapes that are sent off-site.

A. Hire a security consultant to provide direction

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: "FTP on the network!";) A. An Intrusion Detection System B. A firewall IPTable C. A Router IPTable D. FTP Server rule

A. Intrusion Detection System

Using Windows CMD, how would an attacker list all the shares to which the current user context has access? A. NET USE B. NET CONFIG C. NET FILE D. NET VIEW

A. NET USE shows information on shared stuff

Jack was attempting to fingerprint all machines in the network using the following Nmap syntax: invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING! Obviously, it is not going through. What is the issue here? A. OS Scan requires root privileges B. The nmap syntax is wrong. C. The outgoing TCP/IP fingerprinting is blocked by the host firewall D. This is a common behavior for a corrupted nmap application

A. OS scan requires root privileges