Q1. Steven, a security analyst for XYZ associates, is analyzing packets captured by Ethereal on a Linux Server inside his network when the server starts to slow down tremendously. Steven examines the following Ethereal captures:
A. Smurf Attack
B. ARP Spoofing
C. Ping of Death
D. SYN Flood
Answer: A
Explanation: A perpetrator is sending a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding.
Topic 9, Social Engineering
303. Your boss at ABC.com asks you what are the three stages of Reverse Social Engineering.
A. Sabotage, advertising, Assisting
B. Sabotage, Advertising, Covering
C. Sabotage, Assisting, Billing D. Sabotage, Advertising, Covering
Q2. You are sniffing as unprotected WiFi network located in a JonDonalds Cybercafe with Ethereal to capture hotmail e-mail traffic. You see lots of people using their laptops browsing the web while snipping brewed coffee from JonDonalds. You want to sniff their email message traversing the unprotected WiFi network.
Which of the following ethereal filters will you configure to display only the packets with the hotmail messages?
A. (http contains “hotmail”) && ( http contains “Reply-To”)
B. (http contains “e-mail” ) && (http contains “hotmail”)
C. (http = “login.passport.com” ) && (http contains “SMTP”)
D. (http = “login.passport.com” ) && (http contains “POP3”)
Answer: A
Explanation: Each Hotmail message contains the tag Reply-To:<sender address> and “xxxx-xxx-xxx.xxxx.hotmail.com” in the received tag.
Q3. Neil is an IT security consultant working on contract for Davidson Avionics. Neil has been hired to audit the network of Davidson Avionics. He has been given permission to perform any tests necessary. Neil has created a fake company ID badge and uniform. Neil waits by one of the company's entrance doors and follows an employee into the office after they use their valid access card to gain entrance. What type of social engineering attack has Neil employed here?
A. Neil has used a tailgating social engineering attack to gain access to the offices
B. He has used a piggybacking technique to gain unauthorized access
C. This type of social engineering attack is called man trapping
D. Neil is using the technique of reverse social engineering to gain access to the offices of Davidson Avionics
Answer: A
Q4. What do you call a pre-computed hash?
A. Sun tables
B. Apple tables
C. Rainbow tables
D. Moon tables
Answer: C
Q5. SNMP is a protocol used to query hosts, servers and devices about performance or health status data. Hackers have used this protocol for a long time to gather great amount of information about remote hosts. Which of the following features makes this possible?
A. It is susceptible to sniffing
B. It uses TCP as the underlying protocol
C. It is used by ALL devices on the market
D. It uses a community string sent as clear text
Answer: AD
Explanation: SNMP uses UDP, not TCP, and even though many devices uses SNMP not ALL devices use it and it can be disabled on most of the devices that does use it. However SNMP is susceptible to sniffing and the community string (which can be said acts as a password) is sent in clear text.
Q6. Which of the following is an automated vulnerability assessment tool.
A. Whack a Mole
B. Nmap
C. Nessus
D. Kismet
E. Jill32
Answer: C
Explanation: Nessus is a vulnerability assessment tool.
Q7. What attack is being depicted here?
A. Cookie Stealing
B. Session Hijacking
C. Cross Site scripting
D. Parameter Manipulation
Answer: D
Explanation: Manipulating the data sent between the browser and the web application to an attacker's advantage has long been a simple but effective way to make applications do things in a way the user often shouldn't be able to. In a badly designed and developed web application, malicious users can modify things like prices in web carts, session tokens or values stored in cookies and even HTTP headers. In this case the user has elevated his rights.
Q8. NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use?
A. 443
B. 139
C. 179
D. 445
Answer: D
Q9. Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:
SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'
What will the SQL statement accomplish?
A. If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin
B. This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com
C. This Select SQL statement will log James in if there are any users with NULL passwords
D. James will be able to see if there are any default user accounts in the SQL database
Answer: A
Q10. What does the following command achieve?
Telnet <IP Address> <Port 80>
HEAD /HTTP/1.0
<Return>
<Return>
A. This command returns the home page for the IP address specified
B. This command opens a backdoor Telnet session to the IP address specified
C. This command returns the banner of the website specified by IP address
D. This command allows a hacker to determine the sites security
E. This command is bogus and will accomplish nothing
Answer: C
Explanation: This command is used for banner grabbing. Banner grabbing helps identify the service and version of web server running.