Q1. Bill successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn in interactive shell and plans to deface the main web page. He fist attempts to use the “Echo” command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tires to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill’s problem? 

A. The system is a honeypot 

B. The HTML file has permissions of read only 

C. You can’t use a buffer overflow to deface a web page 

D. There is a problem with the shell and he needs to run the attack again 

View Answer

Q2. _____ is a type of symmetric-key encryption algorithm that transforms a fixed-length block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length. 

A. Bit Cipher 

B. Hash Cipher 

C. Block Cipher 

D. Stream Cipher 

View Answer

Q3. War dialing is one of the oldest methods of gaining unauthorized access to the target systems, it is one of the dangers most commonly forgotten by network engineers and system administrators. A hacker can sneak past all the expensive firewalls and IDS and connect easily into the network. Through wardialing an attacker searches for the devices located in the target network infrastructure that are also accessible through the telephone line. 

‘Dial backup’ in routers is most frequently found in networks where redundancy is required. Dial-on-demand routing(DDR) is commonly used to establish connectivity as a backup. 

As a security testers, how would you discover what telephone numbers to dial-in to the router? 

A. Search the Internet for leakage for target company’s telephone number to dial-in 

B. Run a war-dialing tool with range of phone numbers and look for CONNECT Response 

C. Connect using ISP’s remote-dial in number since the company’s router has a leased line connection established with them 

D. Brute force the company’s PABX system to retrieve the range of telephone numbers to dial-in 

View Answer

Q4. What would best be defined as a security test on services against a known vulnerability database using an automated tool? 

A. A penetration test 

B. A privacy review 

C. A server audit 

D. A vulnerability assessment 

View Answer

Q5. What type of Virus is shown here? 

A. Cavity Virus 

B. Macro Virus 

C. Boot Sector Virus 

D. Metamorphic Virus 

E. Sparse Infector Virus 

View Answer

Q6. What is War Dialing? 

A. War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems 

B. War dialing is a vulnerability scanning technique that penetrates Firewalls 

C. It is a social engineering technique that uses Phone calls to trick victims 

D. Involves IDS Scanning Fragments to bypass Internet filters and stateful Firewalls 

View Answer

Q7. Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called? 

A. Information Audit Policy (IAP) 

B. Information Security Policy (ISP) 

C. Penetration Testing Policy (PTP) 

D. Company Compliance Policy (CCP) 

View Answer

Q8. How does Traceroute map the route that a packet travels from point A to point B? 

A. It uses a TCP Timestamp packet that will elicit a time exceed in transit message. 

B. It uses a protocol that will be rejected at the gateways on its way to its destination. 

C. It manipulates the value of time to live (TTL) parameter packet to elicit a time exceeded in transit message. 

D. It manipulated flags within packets to force gateways into generating error messages. 

View Answer

Q9. You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of which protocols are being used. You need to discover as many different protocols as possible. 

Which kind of scan would you use to achieve this? (Choose the best answer) 

A. Nessus scan with TCP based pings. 

B. Nmap scan with the –sP (Ping scan) switch. 

C. Netcat scan with the –u –e switches. 

D. Nmap with the –sO (Raw IP packets) switch. 

View Answer

Q10. You are trying to compromise a Linux Machine and steal the password hashes for cracking with password brute forcing program. Where is the password file kept is Linux? 

A. /etc/shadow 

B. /etc/passwd 

C. /bin/password 

D. /bin/shadow 

View Answer