Q1. More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers - it basically hides the true nature of the shellcode in different disguises. 

How does a polymorphic shellcode work? 

A. They convert the shellcode into Unicode, using loader to convert back to machine code then executing them 

B. They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode 

C. They reverse the working instructions into opposite order by masking the IDS signatures 

D. They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode 

View Answer

Q2. In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. 

Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack? 

A. Do not reply to email messages or popup ads asking for personal or financial information 

B. Do not trust telephone numbers in e-mails or popup ads 

C. Review credit card and bank account statements regularly 

D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks 

E. Do not send credit card numbers, and personal or financial information via e-mail 

View Answer

Q3. Which of the following Nmap commands would be used to perform a UDP scan of the lower 1024 ports? 

A. Nmap -h -U 

B. Nmap -hU <host(s.> 

C. Nmap -sU -p 1-1024 <host(s.> 

D. Nmap -u -v -w2 <host> 1-1024 

E. Nmap -sS -O target/1024 

View Answer

Q4. You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. 

With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results? 

A. Online Attack 

B. Dictionary Attack 

C. Brute Force Attack 

D. Hybrid Attack 

View Answer

Q5. Exhibit: 

Study the following log extract and identify the attack. 

A. Hexcode Attack 

B. Cross Site Scripting 

C. Multiple Domain Traversal Attack 

D. Unicode Directory Traversal Attack 

View Answer

Q6. You have just received an assignment for an assessment at a company site. Company's management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing ? 

A. Black box testing 

B. Black hat testing 

C. Gray box testing 

D. Gray hat testing 

E. White box testing 

F. White hat testing 

View Answer

Q7. What does ICMP (type 11, code 0) denote? 

A. Unknown Type 

B. Time Exceeded 

C. Source Quench 

D. Destination Unreachable 

View Answer

Q8. Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP. Which of these are true about WEP? 

Select the best answer. 

A. Stands for Wireless Encryption Protocol 

B. It makes a WLAN as secure as a LAN 

C. Stands for Wired Equivalent Privacy 

D. It offers end to end security 

View Answer

Q9. John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the logfiles to investigate the attack. 

Take a look at the following Linux logfile snippet. The hacker compromised and "owned" a Linux machine. What is the hacker trying to accomplish here? 

[root@apollo /]# rm rootkit.c 

[root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; 

rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm - rf /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; 

rm /sbin/por359 ? 00:00:00 inetd 359 ? 00:00:00 inetd 

rm: cannot remove `/tmp/h': No such file or directory 

rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 

[root@apollo /]# ps -aux | grep portmap 

[root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm 

/sbin/portmap ; 

rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm - rf 

/usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por359 ? 00:00:00 

inetd 

rm: cannot remove `/sbin/portmap': No such file or directory 

rm: cannot remove `/tmp/h': No such file or directory 

>rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 

[root@apollo /]# rm: cannot remove `/sbin/portmap': No such file or directory 

A. The hacker is planting a rootkit 

B. The hacker is trying to cover his tracks 

C. The hacker is running a buffer overflow exploit to lock down the system 

D. The hacker is attempting to compromise more machines on the network 

View Answer

Q10. XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities. 

What is the correct code when converted to html entities? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

View Answer