Domain 4: Tools/Systems/Programs
Which of the following best describes CCleaner?
A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the name of the company requesting payment?
ACME, Inc
You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use?
Currports
A hacker finds a system that has a poorly design and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor?
Metasploit
Which of the following is also known as ZeroAccess and has virus, Trojan horse, and rootkit components?
Sirefef
Julie is looking for a honeypot detection tool that is capable of packet manipulation. Which of the following tools should she use?
Snort inline
The method of embedding data into legitimate files like graphics to hide it and then extracting the data once it reaches its destination is called:
Steganography
What port does a DNS zone transfer use?
TCP 53
You are using Wireshark to try and determine if a denial-of-service (DDoS) attack is happening on your network (128.28.1.1). You previously captured packets using the tcp.flags.syn==1 and tcp.flags.ack==1 filter, but only saw a few SYN-ACK packets. You have now changed the filter to tcp.flags.syn==1 and tcp.flags.ack==0. After examining the Wireshark results shown in the image, which of the following is the best reason to conclude that a DDoS attack is happening?
There are multiple SYN packets with different source addresses destined for 128.28.1.1.
Which of the following tools enables security professionals to audit and validate the behavior of security devices?
Traffic IQ Professional
A hacker has gained physical access to a system and has changed an administrator's account password. Which of the following tools did the hacker most likely use to accomplish this?
Ultimate Boot CD
Which of the following best describes a web application?
A web application is software that has been installed on a web server.
Daphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use?
ClamAV
Which type of web application requires a separate application to be installed before you can use the app?
Client-based web app
You work as the IT Security Administrator for a small corporate network. The employee in Office 1 is working on a very sensitive project. Management is concerned that if the hard drive in the computer were stolen, sensitive information could be compromised. As a result, you have been asked to encrypt the entire System volume. The Office1 computer has a built-in TPM on the motherboard. In this lab, your task is to configure BitLocker drive encryption as follows: Turn on TPM in the BIOS. Activate TPM in the BIOS. Turn on BitLocker for the System (C:) drive. Save the recovery key to \\CorpServer\BU-Office1. Run the BitLocker system check. Encrypt the entire System (C:) drive.
Complete this lab as follows: In the search field on the taskbar, enter Control Panel. Select System and Security. Select BitLocker Drive Encryption. Select Turn on BitLocker next to C:. Notice, at the bottom of the window, that Windows indicates that a TPM was not found. Select Cancel. Select Start. Select Power. Select Restart to restart Office1 and activate TPM. When the TestOut logo appears, press Delete to enter the BIOS. Turn on and activate TPM as follows:In the left pane, expand Security.Select TPM Security.In the right pane, select TPM Security to turn TPM security on.Select Apply.Select Activate.Select Apply.Select Exit. Turn on BitLocker as follows:After Office1 finishes rebooting, in the search field, enter Control Panel.Select System and Security.Select BitLocker Drive Encryption.Select Turn on BitLocker. Now Windows is able to begin the Drive Encryption setup.Select Next.Select Restart.Press F10.Select Next. Save the recovery key to \\CorpServer\BU-Office1 as follows:Select Save to a file to back up your recovery key to a file.Browse the network to \\CorpServer\BU-Office1.Select Save.After your recovery key is saved, click Next. Select Encrypt entire drive; then click Next. Leave the default setting selected when choosing the encryption mode and click Next. Select Run BitLocker system check; then click Continue. Select Restart now. When encryption is complete, click Close. Open File Explorer and verify that the Local Disk (C:) drive shows the lock icon.
Which of the following is a physical or virtual network device set up to masquerade as a legitimate network resource?
Honeypot
Which of the following is the correct order for a hacker to launch an attack?
Information gathering, vulnerability scanning, launch attack, gain remote access, maintain access
You suspect that an ICMP flood attack is taking place from time to time, so you have used Wireshark to capture packets using the tcp.flags.syn==1 filter. Initially, you saw an occasional SYN or ACK packet. After a short while, however, you started seeing packets as shown in the image. Using the information shown, which of the following explains the difference between normal ICMP (ping) requests and an ICMP flood?
With the flood, all packets come from the same source IP address in quick succession.
Nmap provides many commands and scripts that are used to evade firewalls and intrusion detection systems. Which of the following is the proper nmap command to use the decoy option?
nmap -D RND:25 10.10.10.1
Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command?
nmap -sV --script=banner ip_address
