Q1. Lee is using Wireshark to log traffic on his network. He notices a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size is around 65,536 bytes. What is Lee seeing here? 

A. Lee is seeing activity indicative of a Smurf attack. 

B. Most likely, the ICMP packets are being sent in this manner to attempt IP spoofing. 

C. Lee is seeing a Ping of death attack. 

D. This is not unusual traffic, ICMP packets can be of any size. 

View Answer

Q2. Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here? 

A. Hayden is attempting to find live hosts on her company's network by using an XMAS scan 

B. She is utilizing a SYN scan to find live hosts that are listening on her network 

C. The type of scan, she is using is called a NULL scan 

D. Hayden is using a half-open scan to find live hosts on her network 

View Answer

Q3. Smurf is a simple attack based on IP spoofing and broadcasts. A single packet (such as an ICMP Echo Request) is sent as a directed broadcast to a subnet on the Internet. All the machines on that subnet respond to this broadcast. By spoofing the source IP Address of the packet, all the responses will get sent to the spoofed IP Address. Thus, a hacker can often flood a victim with hundreds of responses for every request the hacker sends out. 

Who are the primary victims of these attacks on the Internet today? 

A. IRC servers are the primary victim to smurf attacks 

B. IDS devices are the primary victim to smurf attacks 

C. Mail Servers are the primary victim to smurf attacks 

D. SPAM filters are the primary victim to surf attacks 

View Answer

Q4. Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a technique called Search Engine Optimization. 

Once the Fake AV is downloaded into the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats. 

The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made. 

What is the risk of installing Fake AntiVirus? 

A. Victim's Operating System versions, services running and applications installed will be published on Blogs and Forums 

B. Victim's personally identifiable information such as billing address and credit card details, may be extracted and exploited by the attacker 

C. Once infected, the computer will be unable to boot and the Trojan will attempt to format the hard disk 

D. Denial of Service attack will be launched against the infected computer crashing other machines on the connected network 

View Answer

Q5. On wireless networks, a SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless network? 

A. The SSID is only 32 bits in length 

B. The SSID is transmitted in clear text 

C. The SSID is to identify a station not a network 

D. The SSID is the same as the MAC address for all vendors 

View Answer

Q6. Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption and enabling MAC filtering on hi wireless router. Paul notices when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24mbps or less. Paul connects to his wireless router’s management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router’s logs and notices that the unfamiliar machine has the same MAC address as his laptop. 

What is Paul seeing here? 

A. MAC Spoofing 

B. Macof 

C. ARP Spoofing 

D. DNS Spoofing 

View Answer

Q7. Which of the following commands runs snort in packet logger mode? 

A. ./snort -dev -h ./log 

B. ./snort -dev -l ./log 

C. ./snort -dev -o ./log 

D. ./snort -dev -p ./log 

View Answer

Q8. TCP SYN Flood attack uses the three-way handshake mechanism. 

1. An attacker at system A sends a SYN packet to victim at system B. 

2. System B sends a SYN/ACK packet to victim A. 

3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A. 

This status of client B is called _________________ 

A. "half-closed" 

B. "half open" 

C. "full-open" 

D. "xmas-open" 

View Answer

Q9. Your boss is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What would you call such an attack? 

A. SQL Input attack 

B. SQL Piggybacking attack 

C. SQL Select attack 

D. SQL Injection attack 

View Answer

Q10. Jack is conducting a port scan of a target network. He knows that his target network has a web server and that a mail server is up and running. Jack has been sweeping the network but has not been able to get any responses from the remote target. Check all of the following that could be a likely cause of the lack of response? 

A. The host might be down 

B. UDP is filtered by a gateway 

C. ICMP is filtered by a gateway 

D. The TCP window Size does not match 

E. The destination network might be down 

F. The packet TTL value is too low and can’t reach the target 

View Answer