Q1. You work as security technician at ABC.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which of the processes listed below would be a more efficient way of doing this type of validation? 

A. Use mget to download all pages locally for further inspection. 

B. Use wget to download all pages locally for further inspection. 

C. Use get* to download all pages locally for further inspection. 

D. Use get() to download all pages locally for further inspection. 

Answer: B

Explanation: Wget is a utility used for mirroring websites, get* doesn’t work, as for the actual FTP command to work there needs to be a space between get and * (ie. get *), get(); is just bogus, that’s a C function that’s written 100% wrong. mget is a command used from “within” ftp itself, ruling out A. Which leaves B use wget, which is designed for mirroring and download files, especially web pages, if used with the –R option (ie. wget –R www.ABC.com) it could mirror a site, all expect protected portions of course. 

Note: GNU Wget is a free network utility to retrieve files from the World Wide Web using HTTP and FTP and can be used to make mirrors of archives and home pages thus enabling work in the background, after having logged off. 


Q2. What is a primary advantage a hacker gains by using encryption or programs such as Loki? 

A. It allows an easy way to gain administrator rights 

B. It is effective against Windows computers 

C. It slows down the effective response of an IDS 

D. IDS systems are unable to decrypt it 

E. Traffic will not be modified in transit 

Answer: D

Explanation: Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload. 


Q3. In which part of OSI layer, ARP Poisoning occurs? 

A. Transport Layer 

B. Datalink Layer 

C. Physical Layer 

D. Application layer 

Answer: B


Q4. Which of the following is most effective against passwords ? 

Select the Answer: 

A. Dictionary Attack 

B. BruteForce attack 

C. Targeted Attack 

D. Manual password Attack 

Answer: B

Explanation: The most effective means of password attack is brute force, in a brute force attack the program will attempt to use every possible combination of characters. While this takes longer then a dictionary attack, which uses a text file of real words, it is always capable of breaking the password. 


Q5. Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threat, but it does not secure the application from coding errors. It can provide data privacy, integrity and enable strong authentication but it cannot mitigate programming errors. 

What is a good example of a programming error that Bob can use to illustrate to the management that encryption will not address all of their security concerns? 

A. Bob can explain that a random generator can be used to derive cryptographic keys but it uses a weak seed value and it is a form of programming error. 

B. Bob can explain that by using passwords to derive cryptographic keys it is a form of a programming error. 

C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique. 

D. Bob can explain that by using a weak key management technique it is a form of programming error. 

Answer: C

Explanation: A buffer overflow occurs when you write a set of values (usually a string of characters) into a fixed length buffer and write at least one value outside that buffer's boundaries (usually past its end). A buffer overflow can occur when reading input from the user into a buffer, but it can also occur during other kinds of processing in a program. Technically, a buffer overflow is a problem with the program's internal implementation. 


Q6. Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in: http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL to: http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy's mailbox? 

A. This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access 

B. By changing the mailbox's name in the URL, Kevin is attempting directory transversal 

C. Kevin is trying to utilize query string manipulation to gain access to her email account 

D. He is attempting a path-string attack to gain access to her mailbox 

Answer: C


Q7. Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool “SIDExtractor”. Here is the output of the SIDs: 

s-1-5-21-1125394485-807628933-54978560-100Johns s-1-5-21-1125394485-807628933-54978560-652Rebecca s-1-5-21-1125394485-807628933-54978560-412Sheela s-1-5-21-1125394485-807628933-54978560-999Shawn s-1-5-21-1125394485-807628933-54978560-777Somia s-1-5-21-1125394485-807628933-54978560-500chang s-1-5-21-1125394485-807628933-54978560-555Micah 

From the above list identify the user account with System Administrator privileges. 

A. John 

B. Rebecca 

C. Sheela 

D. Shawn 

E. Somia 

F. Chang 

G. Micah 

Answer: F

Explanation: The SID of the built-in administrator will always follow this example: S-1-5-domain-


Q8. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common? 

A. All are hacking tools developed by the legion of doom 

B. All are tools that can be used not only by hackers, but also security personnel 

C. All are DDOS tools 

D. All are tools that are only effective against Windows 

E. All are tools that are only effective against Linux 

Answer:

Explanation: All are DDOS tools. 


Q9. How does Traceroute map the route that a packet travels from point A to point B? 

A. It uses a TCP Timestamp packet that will elicit a time exceed in transit message. 

B. It uses a protocol that will be rejected at the gateways on its way to its destination. 

C. It manipulates the value of time to live (TTL) parameter packet to elicit a time exceeded in transit message. 

D. It manipulated flags within packets to force gateways into generating error messages. 

Answer: C

Explanation: Traceroute works by increasing the "time-to-live" value of each successive batch of packets sent. The first three packets have a time-to-live (TTL) value of one (implying that they make a single hop). The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination. 


Q10. Michael is the security administrator for the for ABC company. Michael has been charged with strengthening the company’s security policies, including its password policies. Due to certain legacy applications. Michael was only able to enforce a password group policy in Active Directory with a minimum of 10 characters. He has informed the company’s employes, however that the new password policy requires that everyone must have complex passwords with at least 14 characters. Michael wants to ensure that everyone is using complex passwords that meet the new security policy requirements. Michael has just logged on to one of the network’s domain controllers and is about to run the following command: 

What will this command accomplish? 

A. Dumps SAM password hashes to pwd.txt 

B. Password history file is piped to pwd.txt 

C. Dumps Active Directory password hashes to pwd.txt 

D. Internet cache file is piped to pwd.txt 

Answer: A

Explanation: Pwdump is a hack tool that is used to grab Windows password hashes from a remote Windows computer. Pwdump > pwd.txt will redirect the output from pwdump to a text file named pwd.txt