Q391. Joe Hacker is going wardriving. He is going to use PrismStumbler and wants it to go to a GPS mapping software application. What is the recommended and well-known GPS mapping package that would interface with PrismStumbler? 

Select the best answer. 

A. GPSDrive 

B. GPSMap 

C. WinPcap 

D. Microsoft Mappoint 

Answer: A


GPSDrive is a Linux GPS mapping package. It recommended to be used to send PrismStumbler data to so that it can be mapped. GPSMap is a generic term and not a real software package. WinPcap is a packet capture library for Windows. It is used to capture packets and deliver them to other programs for analysis. As it is for Windows, it isn't going to do what Joe Hacker is wanting to do. Microsoft Mappoint is a Windows application. PrismStumbler is a Linux application. Thus, these two are not going to work well together. 

Q392. What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?(Choose all that apply. 

A. 110 

B. 135 

C. 139 

D. 161 

E. 445 

F. 1024 

Answer: BCE 

Explanation: NetBIOS traffic can quickly be used to enumerate and attack Windows computers. 

Ports 135, 139, and 445 should be blocked. 

Q393. You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250. 

Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server? 

A. 200-250 

B. 121-371 

C. 120-321 

D. 121-231 

E. 120-370 


Explanation: Package number 120 have already been received by the server and the window is 250 packets, so any package number from 121 (next in sequence) to 371 (121+250). 

Q394. A very useful resource for passively gathering information about a target company is: 

A. Host scanning 

B. Whois search 

C. Traceroute 

D. Ping sweep 


Explanation: A, C & D are "Active" scans, the question says: "Passively" 

Q395. Why attackers use proxy servers? 

A. To ensure the exploits used in the attacks always flip reverse vectors 

B. Faster bandwidth performance and increase in attack speed 

C. Interrupt the remote victim's network traffic and reroute the packets to attackers machine 

D. To hide the source IP address so that an attacker can hack without any legal corollary 

Answer: D

Q396. What is War Dialing? 

A. War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems 

B. War dialing is a vulnerability scanning technique that penetrates Firewalls 

C. It is a social engineering technique that uses Phone calls to trick victims 

D. Involves IDS Scanning Fragments to bypass Internet filters and stateful Firewalls 

Answer: A

Q397. Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction? 

A. They are using UDP that is always authorized at the firewall 

B. They are using an older version of Internet Explorer that allow them to bypass the proxy server 

C. They have been able to compromise the firewall, modify the rules, and give themselves proper access 

D. They are using tunneling software that allows them to communicate with protocols in a way it was not intended 

Answer: D

Explanation: This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic. 

Q398. File extensions provide information regarding the underlying server technology. Attackers can use this information to search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers? 

A. Use disable-eXchange 

B. Use mod_negotiation 

C. Use Stop_Files 

D. Use Lib_exchanges 

Answer: B

Q399. In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. 

Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack? 

A. Do not reply to email messages or popup ads asking for personal or financial information 

B. Do not trust telephone numbers in e-mails or popup ads 

C. Review credit card and bank account statements regularly 

D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks 

E. Do not send credit card numbers, and personal or financial information via e-mail 

Answer: A

Q400. What is the most common vehicle for social engineering attacks? 

A. Email 

B. Direct in person 

C. Local Area Networks 

D. Peer to Peer Networks 

Answer: B

Explanation: All social engineering techniques are based on flaws in human logic known as cognitive biases. 

Topic 10, Session Hijacking 

322. Bob is going to perform an active session hijack against company. He has acquired the target that allows session oriented connections (Telnet) and performs sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. 

So, what is Bob most likely to do next? 

A. Take over the session. 

B. Reverse sequence prediction. 

C. Guess the sequence numbers. 

D. Take one of the parties’ offline. 

Answer: C