Q1. Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network. 

He receives the following SMS message during the weekend. 

An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with the hping command. 

Which of the following hping2 command is responsible for the above snort alert? 

A. chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118 

B. chenrocks:/home/siew # hping -F -Q -J -A -C -W 192.168.2.56 -p 22 -c 5 -t 118 

C. chenrocks:/home/siew # hping -D -V -R -S -Z -Y 192.168.2.56 -p 22 -c 5 -t 118 

D. chenrocks:/home/siew # hping -G -T -H -S -L -W 192.168.2.56 -p 22 -c 5 -t 118 

View Answer

Q2. Why would an attacker want to perform a scan on port 137? 

A. To discover proxy servers on a network 

B. To disrupt the NetBIOS SMB service on the target host 

C. To check for file and print sharing on Windows systems 

D. To discover information about a target host using NBTSTAT 

View Answer

Q3. On wireless networks, SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless networks? 

A. The SSID is only 32 bits in length. 

B. The SSID is transmitted in clear text. 

C. The SSID is the same as the MAC address for all vendors. 

D. The SSID is to identify a station, not a network. 

View Answer

Q4. What is the IV key size used in WPA2? 

A. 32 

B. 24 

C. 16 

D. 48 

E. 128 

View Answer

Q5. What type of session hijacking attack is shown in the exhibit? 

A. Session Sniffing Attack 

B. Cross-site scripting Attack 

C. SQL Injection Attack 

D. Token sniffing Attack 

View Answer

Q6. In which part of OSI layer, ARP Poisoning occurs? 

A. Transport Layer 

B. Datalink Layer 

C. Physical Layer 

D. Application layer 

View Answer

Q7. Identify SQL injection attack from the HTTP requests shown below: 

A. http://www.victim.com/example?accountnumber=67891&creditamount=999999999 

B. http://www.xsecurity.com/cgiin/bad.cgi?foo=..%fc%80%80%80%80%af../bin/ls%20-al 

C. http://www.myserver.com/search.asp?lname=smith%27%3bupdate%20usertable%20set%20pass wd%3d%27hAx0r%27%3b--%00 

D. http://www.myserver.com/script.php?mydata=%3cscript%20src=%22http%3a%2f%2fwww.yourser ver.c0m%2fbadscript.js%22% 3e%3c%2fscript%3e 

View Answer

Q8. Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic? 

A. Network aliasing 

B. Domain Name Server (DNS) poisoning 

C. Reverse Address Resolution Protocol (ARP) 

D. Port scanning 

View Answer

Q9. Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.) 

A. Install DNS logger and track vulnerable packets 

B. Disable DNS timeouts 

C. Install DNS Anti-spoofing 

D. Disable DNS Zone Transfer 

View Answer

Q10. DRAG DROP 

Drag the application to match with its correct description. 

Exhibit: 

View Answer