Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks? Show
A. Configure Port Security on the switch Jimmy - an attacker - knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database? A. Jimmy can submit user input that executes an operating system command to compromise a target system This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive
task for IDS to reassemble all fragments itself - and on a busy system the packet will slip through the IDS onto the network. What is this technique called? If a competitor wants to cause damage to your organization - steal critical secrets - or put you out of business - they just have to find a job opening - prepare someone to pass the interview - have that person hired - and they will be in the organization. How would you prevent such type of attacks? This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do. A. UDP Scanning Joel and her team have been going through tons of garbage - recycled paper - and other rubbish in order to find some information about the target they are attempting to penetrate. How would you call this type of activity? A. Dumpster Diving In which situations would you want to use anonymizer? (Select 3 answers) A. Increase your Web browsing bandwidth speed by using Anonymizer 1. An attacker at system A sends a SYN packet to victim at system B. 2. System B sends a SYN/ACK packet to victim A. 3. As a normal three-way handshake mechanism system A should send an ACK packet to systemB - however - system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A. This status of client B is called _________________ A. "half-closed" How do you defend against Privilege Escalation? (Choose four) A. Use encryption to protect sensitive data SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains: A. The source and destination address having the same value Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network? A. Port Scanning The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user: The user is prompted to enter the name of a city on a Web form. If she enters Chicago - the query assembled by the script looks similar to the following: SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago' How will you delete the OrdersTable from the database using SQL Injection? A. Chicago' - drop table OrdersTable -- Where can Stephanie go to see past versions and pages of a website? A. She should go to the web page Samspade.org to see web pages that might no longer be on the website Dan is conducting penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However - the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session? A. Dan cannot spoof his IP address over TCP network Jason works in the sales and marketing department for a very large
advertising agency located in Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that ended up with the marketing material. The only items in the emails were attached jpg files - but nothing else. Jason's supervisor opens the picture files - but cannot find anything out of the ordinary with them. What technique has Jason most likely used? A. Stealth Rootkit Technique An attacker finds a web page for a target organization that supplies contact information for the company. Using available details to make the message seem authentic - the attacker drafts e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information - such as a network administrator. The email asks the employee to log into a bogus page that requests the employee's user name and password or click on a link that will download spyware or other malicious programming. What is this deadly attack called? A. Spear phishing attack Which of the following statements is incorrect about vulnerability scanners? A. Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned. How does traceroute map the route a packet travels from point A to point B? A. Uses a TCP timestamp packet that will
elicit a time exceeded in transit message How do you defend against DHCP Starvation attack? A. Enable ARP-Block on the switch What type of port scan is shown below? 192.5.2.92 --FIN/URG/PSH-->192.5.2.100:4079 Stephanie works as a records clerk in a large office building in downtown Chicago. On Monday - she went to a mandatory security awareness class (Security5) put on by her company's IT department. During the class - the IT department informed all employees that everyone's Internet activity was thenceforth going to be monitored. Stephanie uses alot of her day just browsing the web. What should Stephanie use so that she does not get in trouble for surfing the Internet? A. Stealth IE Neil is a network administrator working in Istanbul. Neil wants to setup a protocol analyzer on his network that will receive a copy of every packet that passes through the main office switch. What type of port will Neil need to setup in order to accomplish this? A. Neil will have to configure a Bridged port that will copy all packets to the protocol analyzer. Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this? A. Jayden can use the commanD. ip binding set. Google uses a unique cookie for each browser used by an individual user on a computer. This cookie contains information that allows Google to identify records about that user on its database. This cookie is submitted every time a user launches a Google search - visits a site using AdSense etc. The information stored in Google's database - identified by the cookie - includes - Everything you search for using Google How would you prevent Google from storing your search keywords? A. Block Google Cookie by applying Privacy and Security settings in your web browser How many bits encryption does SHA-1 use? A. 64 bits In Trojan terminology - what is required to create an executable file called chess.exe that has the chess.exe file WITH an added trojan.exe file, but looks to the user as just the chess.exe file? A. Mixer What default port Syslog daemon listens on? A. 242 This attack uses social engineering techniques to trick users into accessing a fake Web site and divulging personal information. Attackers send a legitimate-looking e-mail asking
users to update their information on the company's Web site - but the URLs in the e-mail actually point to a false A. Wiresharp attack Which of the following statements would NOT be a proper definition for a Trojan Horse? A. An authorized program that has been designed to capture keyboard keystroke while the user is unaware of
such activity being performed What is the correct command to run Netcat on a server using port 56 that spawns command shell when connected? A. nc -port 56 -s cmd.exe SNMP is a connectionless protocol that uses UDP instead of TCP packets (True or False) A. true TCP/IP Session Hijacking is carried out in which OSI layer? A. Datalink layer In which part of OSI layer - ARP Poisoning occurs? A. Transport Layer You want to hide a secret.txt document inside c:\windows\system32\tcpip.dll kernel library using A. copy secret.txt c:\windows\system32\tcpip.dll kernel>secret.txt You just purchased the latest DELL computer - which comes pre-installed with Windows 7 - McAfee antivirus software and a host of other applications. You want to connect Ethernet wire to your cable modem and start using the computer immediately. Windows is dangerously insecure when unpacked from the box - and there are a few things that you must do before you use it. A. New installation of Windows should be patched by installing the latest service packs and
hotfixes In the context of Trojans - what is the definition of a Wrapper? A. An encryption tool to protect the Trojan Which type of hacker represents the highest risk to your network? A. black hat hackers Shayla is an IT security consultant - specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics - a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security. No employees for the company - other than the IT director - know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times - Shayla is able to gain her trust and they become friends. One day - Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices. What type of insider threat would Shayla be considered? A. She would be considered an Insider Affiliate What port number is used by Kerberos protocol? A. 88 What does FIN in TCP flag define? A. Used to abort a TCP connection abruptly Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server. Why do you think this is possible? A. It works because encryption is performed at the application layer (single encryption key) This attack technique is used when a Web application is vulnerable to an SQL Injection but the results of the Injection are not visible to the attacker. A. Unique SQL Injection A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites - UPS - FEDEX - CITIBANK or a major provider of a common service. Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus. How do you ensure if the e-mail is authentic and sent from fedex.com? A. Verify the digital signature attached with the mail - the fake mail will not have Digital ID at all What file system vulnerability does the following command take advantage of? A. HFS You are the Security Administrator of Xtrinity - Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees - you discover an employee has attached cell phone 3G modem to his telephone line and workstation. He has used this cell phone 3G modem to dial in to his workstation - thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation? A. Reconfigure the firewall In what stage of Virus life does a stealth virus gets activated with the user performing certain actions such as running an infected program? A. Design What is a sniffing performed on a switched network called? A. Spoofed sniffing What privilege level does a rootkit require to infect successfully on a Victim's machine? A. User level privileges Which Steganography technique uses Whitespace to hide secret messages? A.
snow How would you detect IP spoofing? A. Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet David is a security administrator working in Boston. David has been asked by the office's manager to block all POP3 traffic at the firewall because he believes employees are spending too much time reading personal email. How can David block POP3 at the firewall?
A. David can block port 125 at the firewall. You want to capture Facebook website traffic in Wireshark. What display filter should you use that shows all TCP packets that contain the word 'facebook'? A. display==facebook How would you describe an attack where an attacker attempts to deliver the payload over multiple packets over long periods of time with the purpose of defeating simple pattern matching in IDS systems without session reconstruction? A characteristic of this attack would be a continuous stream of small packets. A. Session
Hijacking Jake works as a system administrator at Acme Corp. Jason - an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context? A. Smooth Talking While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for all the pings you have sent out. What is the most likely cause of this? A. The firewall is dropping the packets What is the countermeasure against XSS scripting? A. Create an IP access list and restrict connections based on port number In Buffer Overflow exploit - which of the following registers gets overwritten with return address of the exploit code? A. EEP Web servers often contain directories that do not need to be indexed. You create a text file with search engine indexing restrictions and place it on the root directory of the Web Server. User-agent: * What is the name of this file? A. robots.txt An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem? A. Install patches What is War Dialing? A. War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems Steven the hacker realizes the network administrator of Acme Corporation is using syskey in Windows 2008 Server to protect his resources in the organization. Syskey independently encrypts the hashes so that physical access to the server - tapes - or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to use brute force dictionary attacks on the hashes. Steven runs a program called "SysCracker"
targeting the Windows 2008 Server machine in attempting to crack the hash used by Syskey. He needs to configure the encryption level before he can launch the attack. How many bits does A. 40-bit encryption Bob waits near a secured door - holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door - Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating? A. Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card Ursula is a college student at a University in Amsterdam. Ursula originally went to college to study engineering but later changed to marine biology after spending a month at sea with her friends. These friends frequently go out to sea to follow and harass fishing fleets that illegally fish in foreign waters. Ursula eventually wants to put companies practicing illegal fishing out of business. Ursula decides to hack into the parent company's computers and destroy critical data knowing fully well that - if caught - she probably would be sent to jail for a very long time. What would Ursula be considered? A. Ursula would be considered a gray hat since she is performing an act
against illegal activities. Which of the following is NOT an example of default installation? A. Many systems come with default user accounts with well-known passwords that administrators forget to change This tool is widely used for ARP Poisoning attack. Name the tool. A. Cain and Able You receive an e-mail with the following text message. "Microsoft and HP today warned all customers that a new - highly dangerous virus has been discovered which will erase all your files at midnight. If there's a file called hidserv.exe on your computer - you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible." You
launch your antivirus software and scan the suspicious looking file hidserv.exe located in c:\windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate Windows system file "Human Interface Device What category of virus is this? A. Virus hoax One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term? A. Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process Using google hacking techniques, Which of the below Google search string brings up sites with "config.php" files? A. Search:index config/php Which of the following tool would be considered as Signature Integrity Verifier (SIV)? A. Nmap Bob has set up three web servers on Windows Server 2008 IIS 7.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of these servers because of the potential for financial loss. Bob has asked his company's firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network. Why will this not be possible? A. Firewalls cannot inspect traffic coming through port 443 Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers) A. Bogus ECHO reply packets are flooded on the network spoofing the IP and MAC address B. The ICMP packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim's network Which type of scan does NOT open a full TCP connection? A. Stealth Scan What sequence of packets is sent during the initial TCP three-way handshake? A. SYN - SYN-ACK - ACK Steve scans the network for SNMP enabled devices. Which port number Steve should scan? A. 150 You are footprinting an organization and gathering competitive intelligence. You visit the company's website for contact information and telephone numbers but do not find them listed there. You know they had the entire staff directory listed on their website 12 months ago but now it is not there. Is there any way you can retrieve information from a website that is outdated? A. Visit Google's search engine and view the cached copy Last week - 10 of your company's laptops were stolen from salesmen while at a conference in Amsterdam. These laptops contained proprietary company information. While doing damage assessment on the possible public relations nightmare this may become - a news story leaks about the stolen laptops and also that sensitive information from those computers was posted to a blog online. What built-in Windows feature could you have implemented to protect the sensitive information on these laptops? A. You should have used 3DES which is built
into Windows What is Rogue security software? A. A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites Which of the following is NOT part of CEH Scanning Methodology? A. Check for Live systems Lee is using Wireshark to log traffic on his network. He notices a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size is around 65 - 536 bytes. What is Lee seeing here? A. Lee is seeing activity indicative of a Smurf attack. This method is used to determine the Operating system and version running on a remote target system. What is it called? A. Service Degradation William has received a Chess game from someone in his computer programming class through email. William does not really know the person who sent the game very well - but decides to install the game anyway because he really likes Chess. After William installs the game - he plays it for a couple of hours. The next day - William plays the Chess game again and notices that his machine has begun to slow down. He brings up his Task What has William just installed? A. Zombie Zapper (ZoZ) John the hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct MiTM attack. What is the destination MAC address of a broadcast frame? You are gathering competitive intelligence on an organization. You notice that they have jobs listed on a few Internet job-hunting sites. There are two jobs for network and system administrators. How can this help you in foot printing the organization? A. To learn about the IP range used by the target network TCP packets transmitted in either direction after the initial three-way handshake will have which of the following bit set? A. SYN flag Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces? A. Image Hide You have chosen a 10 character word from the dictionary as your password. How long will it take to crack the password by an attacker? A. about 16 million years While testing web applications - you attempt to insert the following test script into the search area on the company's web site: <script>alert('Testing Testing Testing')</script> Later - when you press the search button - a pop up box appears on your screen with the text A. Cross Site Scripting What techniques would you use to evade IDS during a Port Scan? (Select 4 answers) A. Use fragmented IP packets Johnny is a member of the hacking group Orpheus1. He is currently working on breaking into the Department of Defense's front end Exchange Server. He was able to get into the server - located in a DMZ - by using an unused service account that had a very weak password that he was able to guess. Johnny wants to crack the administrator password - but does not have a lot of time to crack it. He wants to use a tool that already has the LM hashes computed for all possible permutations of the administrator password. What tool would be best used to accomplish this? A. SMBCrack In this type of Man-in-the-Middle attack - packets and authentication tokens are captured using a sniffer. Once the relevant information is extracted - the tokens are placed back on the network to gain access. A. Token Injection Replay attacks The FIN flag is set and sent from host A to host B when host A
has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However - host A can continue to receive data as long as the SYN sequence numbers of transmitted packets from host A. false Leesa is the senior security analyst for a publicly traded company. The IT department recently rolled out an intranet for company use only with information ranging from training - to holiday schedules - to human resources data. Leesa wants to make sure the site is not accessible from outside and she also wants to ensure the site is Sarbanes-Oxley (SOX) compliant. Leesa goes to a public library as she wants to do some Google searching to verify whether the company's intranet is accessible from outside and has been indexed by Google. Leesa wants to search for a website title of "intranet" with part of the URL containing the word "intranet" and the words "human resources" somewhere in the webpage. What Google search will accomplish this? A. related:intranet allinurl:intranet:"human resources" Bob has been hired to do a web application security test. Bob notices that
the site is dynamic and must make use of a back end database. Bob wants to see if SQL Injection would be possible. A. Semi Column LAN Manager Passwords are concatenated to 14 bytes - and split in half. The two halves are hashed individually. If the password is 7 characters or less - than the second half of the hash is always: A. 0xAAD3B435B51404EE Jess the hacker runs L0phtCrack's built-in sniffer utility that grabs SMB password hashes and stores them for offline cracking. Once cracked - these passwords can provide easy access to whatever network resources the user account has access to. But Jess is not picking up hashes from the network. Why? A. The network protocol is configured to use SMB Signing Which of the following Trojans would be considered 'Botnet Command Control Center'? A. YouKill DOOM Fred is scanning his network to ensure it is as secure as possible. Fred sends a TCP probe packet to a host with a FIN flag and he receives a RST/ACK response. What does this mean? _____________ is a type of symmetric-key encryption algorithm that transforms a fixed-length block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length. A. Stream Cipher Your company has blocked all the ports via external firewall and only allows port 80/443 to connect to the Internet.
You want to use FTP to connect to some remote server on the Internet. A. Use HTTP Tunneling You have successfully gained access to a victim's computer using Windows 2003 Server SMB Vulnerability. Which command will you run to disable auditing from the cmd? A. stoplog stoplog ? How do you defend against MAC attacks on a switch? A. Disable SPAN port on the switch In which location - SAM hash passwords are stored in Windows 7? A. c:\windows\system32\config\SAM File extensions provide information regarding the underlying server technology. Attackers can use this information to search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers? A. Use disable-eXchange Bob has a good understanding of cryptography - having worked with it for many years. A. Bob can explain that using a weak key management technique is a form of programming error One of the most common and the best way of cracking RSA encryption is to begin to derive the two prime numbers - which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _____________ process - then the private key can be derived. A. Factorization Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Servers. A. true NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use? A. 443 You send a ping request to the broadcast address 192.168.5.255. There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why? A. Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address. Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task? A. Charlie can use the commanD. ping -l 56550 172.16.0.45 -t.
What type of encryption does WPA2 use? A. DES 64 bit Attackers send an ACK probe packet with random sequence number - no response means port is filtered (Stateful firewall is present) and RST response means the port is not filtered. What type of A. RST flag scanning What is the command used to create a binary log file using tcpdump? A. tcpdump -w ./log Which port - when configured on a switch receives a copy of every packet that passes through it? A. R-DUPE Port What is the IV key size used in WPA2? A. 32 What is the default Password Hash Algorithm used by NTLMv2? A. MD4 You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don't get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next? A. Run NULL TCP hping2 against 192.168.1.10 A digital signature is simply a message that is encrypted with the public key instead of the private key. A. true Blane is a network security analyst for his company. From an outside IP - Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response? A. These ports are open because they do not illicit a response. Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours - without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction? A. They are using UDP that is always authorized at the firewall Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next? A. Take over the session "Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement. A. Vulnerability Scanning Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded - what will be the result? A. The switches will drop into hub mode if the ARP cache is successfully flooded. This TCP flag instructs the sending system to transmit all buffered data immediately. A. SYN What port number is used by LDAP protocol? A. 110 Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address - Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this? A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer. Within the context of Computer Security - which of the following statements describes Social A. Social Engineering is the act of publicly disclosing information In Trojan terminology - what is a covert channel? A. A channel that transfers information within a computer system or network in a way that violates the security policy When a normal TCP connection starts - a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host
must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK - a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching A.
Attacker generates TCP SYN packets with random destination addresses towards a victim host Yancey is a network security administrator for a large electric company. This company provides power for over 100 - 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day - Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs - viruses - Trojans - and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years - he just wants the company to pay for what they are doing to him. What would Yancey be considered? A. Yancey would be considered a Suicide Hacker Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for - what is prohibited - and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy - which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called? A. Information Audit Policy (IAP) Which type of sniffing technique is generally referred as MiTM attack? A. Password Sniffing What happens when the CAM table becomes full? A. Switch then acts as hub by broadcasting packets to all machines on the network You went to great lengths to install all the necessary technologies to prevent hacking attacks - such as expensive firewalls - antivirus software - anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer - Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about? A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain How does a denial-of-service attack work? A. A hacker prevents a legitimate user (or group of users) from accessing a service You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case - because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed? A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. %22%3E%3C/script%3E">See foobar What is this attack? A. Cross-site-scripting attack Which of the following encryption is NOT based on block cipher? A. DES
In which step does Steganography fit in the CEH System Hacking Cycle (SHC) A. Step 2: Crack the password Which definition below best describes a covert channel? A.
A server program using a port that is not well known Identify SQL injection attack from the HTTP requests shown below: A. http://www.myserver.c0m/search.asp?
Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried that adversaries might be monitoring the communication link and could inspect captured traffic. She would like to tunnel the information to the remote end but does not have VPN capabilities to do so. Which of the following tools can she use to protect the link? A. MD5 NTP allows you to set the clocks on your systems very accurately - to within 100ms and sometimes-even 10ms. Knowing the exact time is extremely important for enterprise security. Various security protocols depend on an accurate source of time information in order to prevent "playback" attacks. These protocols tag their communications with the current time - to prevent attackers from replaying the same communications - e.g. - a login/password interaction or even an entire communication - at a later date. One can circumvent this tagging - if the clock can be set back to the time the communication was recorded. An attacker attempts to try corrupting the clocks on devices on your network. You run Wireshark to detect the NTP traffic to see if there are any irregularities on the network. What port number you should enable in Wireshark display filter to view NTP packets? A. TCP Port 124 Bill is a security analyst for his company. All the switches used in the company's office are Cisco switches. Bill wants to make sure all switches are safe from ARP poisoning. How can Bill accomplish this? A. Bill can use the command: ip dhcp snooping. You generate MD5 128-bit hash on all files and folders on your computer to keep a baseline check for security reasons? What is the length of the MD5 hash? A. 32 character
Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password? A. Dictionary attack What do you call a pre-computed hash? A.
Sun tables Why do attackers use proxy servers? A. To ensure the exploits used in the attacks always flip reverse vectors The SNMP Read-Only Community String is like a password. The string is sent along with each SNMP Get-Request and allows (or denies) access to a device. Most network vendors ship their equipment with a default password of "public". This is the so-called "default public community string". How would you keep intruders from getting sensitive information regarding the network devices using SNMP? (Select 2 answers) A. Enable
SNMPv3 which encrypts username/password authentication You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which of the following countermeasures will NOT be effective against this attack? A. Configure routers to restrict the responses to Footprinting requests WWW wanderers or spiders are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. Search engines like Google - frequently spider web pages for indexing. How will you stop web spiders from crawling certain directories on your website? A. Place robots.txt file in the root of your website with listing of directories that you don't want to be crawled Which of the following is software designed to display items on your system in the form of popups or nag screens?Scareware is software specifically designed to display advertisements on a system in the form of pop-ups or nag screens. Adware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software.
Which of the following refers to software designed to alter system files and utilities on a victim's system with the intention of changing the way a system behaves?Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim's data, applications, or operating system.
Which of the following directories contains vital information about running processes on the Linux system?/proc Directory
It is a virtual or pseudo filesystem that contains vital information about running processes. It is considered the control and information center for the Linux kernel.
Which of the following are considered passive online attacks?Internet security threats/vulnerabilities are divided into passive and active attacks. Examples of passive attacks include network analysis, eavesdropping and traffic analysis.
|