Q291. Within the context of Computer Security, which of the following statements best describe Social Engineering? 

A. Social Engineering is the act of publicly disclosing information. 

B. Social Engineering is the act of getting needed information from a person rather than breaking into a system. 

C. Social Engineering is the means put in place by human resource to perform time accounting. 

D. Social Engineering is a training program within sociology studies. 

Answer: B

Explanation: Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. 


Q292. There is some dispute between two network administrators at your company. Your boss asks you to come and meet with the administrators to set the record straight. Which of these are true about PKI and encryption? 

Select the best answers. 

A. PKI provides data with encryption, compression, and restorability. 

B. Public-key encryption was invented in 1976 by Whitfield Diffie and Martin Hellman. 

C. When it comes to eCommerce, as long as you have authenticity, and authenticity, you do not need encryption. 

D. RSA is a type of encryption. 

Answer: BD

Explanation: PKI provides confidentiality, integrity, and authenticity of the messages exchanged between these two types of systems. The 3rd party provides the public key and the receiver verifies the message with a combination of the private and public key. Public-key encryption WAS invented in 1976 by Whitfield Diffie and Martin Hellman. The famous hashing algorithm Diffie-Hellman was named after them. The RSA Algorithm is created by the RSA Security company that also has created other widely used encryption algorithms. 


Q293. _______ is one of the programs used to wardial. 

A. DialIT 

B. Netstumbler 

C. TooPac 

D. Kismet 

E. ToneLoc 

Answer: E

Explanation: ToneLoc is one of the programs used to wardial. While this is considered an "old school" technique, it is still effective at finding backdoors and out of band network entry points. 


Q294. A POP3 client contacts the POP3 server: 

A. To send mail 

B. To receive mail 

C. to send and receive mail 

D. to get the address to send mail to 

E. initiate a UDP SMTP connection to read mail 

Answer:

Explanation: POP is used to receive e-mail.SMTP is used to send e-mail. 


Q295. Bill successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn in interactive shell and plans to deface the main web page. He fist attempts to use the “Echo” command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tires to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill’s problem? 

A. The system is a honeypot 

B. The HTML file has permissions of read only 

C. You can’t use a buffer overflow to deface a web page 

D. There is a problem with the shell and he needs to run the attack again 

Answer: B

Explanation: A honeypot has no interest in stopping an intruder from altering the “target” files. A buffer overflow is a way to gain access to the target computer. Once he has spawned a shell it is unlikely that it will not work as intended, but the user context that the shell is spawned in might stop him from altering the index.html file incase he doesn’t have sufficient rights. 


Q296. A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? 

Select the best answers. 

A. Use port security on his switches. 

B. Use a tool like ARPwatch to monitor for strange ARP activity. 

C. Use a firewall between all LAN segments. 

D. If you have a small network, use static ARP entries. 

E. Use only static IP addresses on all PC's. 

Answer: ABD

Explanations: 

By using port security on his switches, the switches will only allow the first MAC address that is connected to the switch to use that port, thus preventing ARP spoofing. ARPWatch is a tool that monitors for strange ARP activity. This may help identify ARP spoofing when it happens. Using firewalls between all LAN segments is possible and may help, but is usually pretty unrealistic. On a very small network, static ARP entries are a possibility. However, on a large network, this is not an realistic option. ARP spoofing doesn't have anything to do with static or dynamic IP addresses. Thus, this option won't help you. 


Q297. Which of the following is most effective against passwords ? 

Select the Answer: 

A. Dictionary Attack 

B. BruteForce attack 

C. Targeted Attack 

D. Manual password Attack 

Answer: B

Explanation: The most effective means of password attack is brute force, in a brute force attack the program will attempt to use every possible combination of characters. While this takes longer then a dictionary attack, which uses a text file of real words, it is always capable of breaking the password. 


Q298. What sequence of packets is sent during the initial TCP three-way handshake? 

A. SYN, URG, ACK 

B. FIN, FIN-ACK, ACK 

C. SYN, ACK, SYN-ACK 

D. SYN, SYN-ACK, ACK 

Answer: D

Explanation: This is referred to as a "three way handshake." The "SYN" flags are requests by the TCP stack at one end of a socket to synchronize themselves to the sequence numbering for this new sessions. The ACK flags acknowlege earlier packets in this session. Obviously only the initial packet has no ACK flag, since there are no previous packets to acknowlege. Only the second packet (the first response from a server to a client) has both the SYN and the ACK bits set. 


Q299. An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to match too many signatures hence it cannot reliably be identified: 

21 ftp 23 telnet 80 http 443 https 

What does this suggest ? 

A. This is a Windows Domain Controller 

B. The host is not firewalled 

C. The host is not a Linux or Solaris system 

D. The host is not properly patched 

Answer: D

Explanation: If the answer was A nmap would guess it, it holds the MS signature database, the host not being firewalled makes no difference. The host is not linux or solaris, well it very well could be. The host is not properly patched? That is the closest; nmaps OS detection architecture is based solely off the TCP ISN issued by the operating systems TCP/IP stack, if the stack is modified to show output from randomized ISN's or if your using a program to change the ISN then OS detection will fail. If the TCP/IP IP ID's are modified then os detection could also fail, because the machine would most likely come back as being down. 


Q300. Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data? 

A. Spoof Attack 

B. Smurf Attack 

C. Man in the Middle Attack 

D. Trojan Horse Attack 

E. Back Orifice Attack 

Answer: DE

Explanation: To compromise the data, the attack would need to be executed before the encryption takes place at either end of the tunnel. Trojan Horse and Back Orifice attacks both allow for potential data manipulation on host computers. In both cases, the data would be compromised either before encryption or after decryption, so IPsec is not preventing the attack.