Q181. Dave has been assigned to test the network security of Acme Corp. The test was announced to the employees. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a sand clock to mark the progress of the test. Dave successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access. How was security compromised and how did the firewall respond? 

A. The attack did not fall through as the firewall blocked the traffic 

B. The attack was social engineering and the firewall did not detect it 

C. The attack was deception and security was not directly compromised 

D. Security was not compromised as the webpage was hosted internally 

Answer: B

Explanation: This was just another way to trick the information out of the users without the need to hack into any systems. All traffic is outgoing and initiated by the user so the firewall will not react. 


Q182. Fingerprinting an Operating System helps a cracker because: 

A. It defines exactly what software you have installed 

B. It opens a security-delayed window based on the port being scanned 

C. It doesn't depend on the patches that have been applied to fix existing security holes 

D. It informs the cracker of which vulnerabilities he may be able to exploit on your system 

Answer: D

Explanation: When a cracker knows what OS and Services you use he also knows which exploits might work on your system. If he would have to try all possible exploits for all possible Operating Systems and Services it would take too long time and the possibility of being detected increases. 


Q183. What is the proper response for a X-MAS scan if the port is open? 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

E. RST 

F. No response 

Answer:

Explanation: Closed ports respond to a X-MAS scan by ignoring the packet. 


Q184. NTP allows you to set the clocks on your systems very accurately, to within 100ms and sometimes-even 10ms. Knowing the exact time is extremely important for enterprise security. Various security protocols depend on an accurate source of time information in order to prevent "playback" attacks. These protocols tag their communications with the current time, to prevent attackers from replaying the same communications, e.g., a login/password interaction or even an entire communication, at a later date. One can circumvent this tagging, if the clock can be set back to the time the communication was recorded. An attacker attempts to try corrupting the clocks on devices on your network. You run Wireshark to detect the NTP traffic to see if there are any irregularities on the network. What port number you should enable in Wireshark display filter to view NTP packets? 

A. TCP Port 124 

B. UDP Port 125 

C. UDP Port 123 

D. TCP Port 126 

Answer: C


Q185. In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network’s speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same. 

Why does this happen in the VPN over wireless implementation? 

A. The stronger encryption used by the VPN slows down the network. 

B. Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications. 

C. VPNs use larger packets then wireless networks normally do. 

D. Using a VPN on wireless automatically enables WEP, which causes additional overhead. 

Answer: B

Explanation: By applying VPN the access point will have to recalculate all headers destined for client and from clients twice. 


Q186. What does black box testing mean? 

A. You have full knowledge of the environment 

B. You have no knowledge of the environment 

C. You have partial knowledge of the environment 

Answer: B

Explanation: Black box testing is conducted when you have no knowledge of the environment. It is more time consuming and expensive. 


Q187. You want to capture Facebook website traffic in Wireshark. What display filter should you use that shows all TCP packets that contain the word 'facebook'? 

A. display==facebook 

B. traffic.content==facebook 

C. tcp contains facebook 

D. list.display.facebook 

Answer: C


Q188. What does the term “Ethical Hacking” mean? 

A. Someone who is hacking for ethical reasons. 

B. Someone who is using his/her skills for ethical reasons. 

C. Someone who is using his/her skills for defensive purposes. 

D. Someone who is using his/her skills for offensive purposes. 

Answer: C

Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills. 


Q189. What file system vulnerability does the following command take advantage of? 

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe 

A. HFS 

B. ADS 

C. NTFS 

D. Backdoor access 

Answer: B

Explanation: ADS (or Alternate Data Streams) is a “feature” in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename:stream. 


Q190. Attacker forges a TCP/IP packet, which causes the victim to try opening a connection with itself. This causes the system to go into an infinite loop trying to resolve this unexpected connection. Eventually, the connection times out, but during this resolution, the machine appears to hang or become very slow. The attacker sends such packets on a regular basis to slow down the system. 

Unpatched Windows XP and Windows Server 2003 machines are vulnerable to these attacks. What type of Denial of Service attack is represented here? 

A. SMURF Attacks 

B. Targa attacks 

C. LAND attacks 

D. SYN Flood attacks 

Answer: C

Explanation: The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address and an open port as both source and destination.The reason a LAND attack works is because it causes the machine to reply to itself continuously. 

http://en.wikipedia.org/wiki/LAND