NEW QUESTION 1

John works as a Security Professional. He is assigned a project to test the security of www.we-are-secure.com. John wants to get the information of all network connections and listening ports in the numerical form. Which of the following commands will he use?

• A. netstat -e
• B. netstat –r
• C. netstat -s
• D. netstat –an

Answer: D

Explanation:

According to the scenario, John will use the netstat -an command to accomplish the task. The netstat -an command is used to get the information of all network connections and listening ports in the numerical form. The netstat command displays
protocol-related statistics and the state of current TCP/IP connections. It is used to get information about the open connections on a computer, incoming and outgoing data, as well as the ports of remote computers to which the computer is connected. The netstat command gets all this networking information by reading the kernel routing tables in the memory. Answer A is incorrect. The netstat -e command displays the Ethernet information. Answer B is incorrect. The netstat -r command displays the routing table information. Answer C is incorrect. The netstat -s command displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP.

NEW QUESTION 2

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He notices that UDP port 137 of the We-are- secure server is open. Assuming that the Network Administrator of We-are-secure Inc. has not changed the default port values of the services, which of the following services is running on UDP port 137?

• A. HTTP
• B. TELNET
• C. NetBIOS
• D. HTTPS

Answer: C

Explanation:

NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15- character unique name and use Server Message Block, which allows Remote directory, file and printer sharing, etc. The default port value of NetBIOS Name Resolution Service is 137/UDP. Answer A is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer D is incorrect. The default port of HTTPS is TCP/443. Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL) then HTTPS, instead of HTTP protocol, should be used as a protocol type in the URL. Answer B is incorrect. TELNET is a command-line connectivity tool that starts terminal emulation with a remote host running the telnet server service. TELNET allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It uses TCP port 23 by default.

NEW QUESTION 3

Which TCP and UDP ports can be used to start a NULL session attack in NT and 2000 operating systems?

• A. 149 and 133
• B. 203 and 333
• C. 139 and 445
• D. 198 and 173

Answer: C

Explanation:

A null session is an anonymous connection to a freely accessible network share called IPC$ on Windows-based servers. It allows immediate read and write access with Windows NT/2000 and read-access with Windows XP and 2003. The command to be inserted at the DOS-prompt is as follows: net use \\IP address_or_host name\ipc$ "" "/user:" net use Port numbers 139 TCP and 445 UDP can be used to start a NULL session attack.

NEW QUESTION 4

You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You are concerned about the vulnerabilities existing in the network of the company. Which of the following can be a cause for making the network vulnerable? (Choose two)

• A. Use of well-known code
• B. Use of uncommon code
• C. Use of uncommon software
• D. Use of more physical connections

Answer: AD

Explanation:

In computer security, the term vulnerability is a weakness which allows an attacker to reduce a system's Information Assurance. A computer or a network can be vulnerable due to the following reasons: Complexity: Large, complex systems increase the probability of flaws and unintended access points. Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw. Connectivity: More physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability. Password management flaws: The computer user uses weak passwords that could be discovered by brute force. The computer user stores the password on the computer where a program can access it. Users re-use passwords between many programs and websites. Fundamental operating system design flaws: The operating system designer chooses to enforce sub optimal policies on user/program management. For example, operating systems with policies such as default permit grant every program and every user full access to the entire computer. This operating system flaw allows viruses and malware to execute commands on behalf of the administrator. Internet Website Browsing: Some Internet websites may contain harmful Spyware or Adware that can be installed automatically on the computer systems. After visiting those websites, the computer systems become infected and personal information will be collected and passed on to third party individuals. Software bugs: The programmer leaves an exploitable bug in a software program. The software bug may allow an attacker to misuse an application. Unchecked user input: The program assumes that all user input is safe. Programs that do not check user input can allow unintended direct execution of commands or SQL statements (known as Buffer overflows, SQL injection or other non-validated inputs). Answer B, C are incorrect. Use of common software and common code can make a network vulnerable.

NEW QUESTION 5

Web applications are accessed by communicating over TCP ports via an IP address. Choose the two most common Web Application TCP ports and their respective protocol names. (Choose two)

• A. TCP Port 443 / S-HTTP or SSL
• B. TCP Port 80 / HTTPS or SSL
• C. TCP Port 443 / HTTPS or SSL
• D. TCP Port 80 / HTTP

Answer: CD

Explanation:
The two most common Web Application TCP ports are Port 443 and Port 80. HTTPS or SSL uses TCP port 443, whereas HTTP uses TCP Port 80. Answer B is incorrect. Port 80 is used for HTTP, not HTTPS. Answer A is incorrect. S-HTTP is not the protocol name for Port 443. HTTPS or SSL is the name used for Port 443 traffic.

NEW QUESTION 6

Which of the following is a technique for creating Internet maps? (Choose two)

• A. AS PATH Inference
• B. Object Relational Mapping
• C. Active Probing
• D. Network Quota

Answer: AC

Explanation:

There are two prominent techniques used today for creating Internet maps: Active probing: It is the first works on the data plane of the Internet and is called active probing. It is used to infer Internet topology based on router adjacencies. AS PATH Inference: It is the second works on the control plane and infers autonomous system connectivity based on BGP data.

NEW QUESTION 7

Which of the following are the drawbacks of the NTLM Web authentication scheme?

• A. The password is sent in hashed format to the Web server.
• B. It works only with Microsoft Internet Explorer.
• C. The password is sent in clear text format to the Web server.
• D. It can be brute forced easily.

Answer: BD

Explanation:

The following are the drawbacks of the NTLM Web Authentication Scheme: NTLM Web authentication is not entirely safe because NTLM hashes (or challenge/response pairs) can be cracked with the help of brute force password guessing. The "cracking" program would repeatedly try all possible passwords, hashing each and comparing the result to the hash that the malicious user has obtained. When it discovers a match, the malicious user will know that the password that produced the hash is the user's password. This authentication technique works only with Microsoft Internet Explorer. Answer A, C are incorrect. NTLM authentication does not send the user's password (or hashed representation of the password) across the network. Instead, NTLM authentication utilizes challenge/response mechanisms to ensure that the actual password never traverses the network. How does it work? When the authentication process begins, the client sends a login request to the telnet server. The server replies with a randomly generated 'token' to the client. The client hashes the currently logged-on user's cryptographically protected password with the challenge and sends the resulting "response" to the server. The server receives the challenge-hashed response and compares it in the following manner:
The server takes a copy of the original token. Now it hashes the token against the user's password hash from its own user account database. If the received response matches the expected response, the user is successfully authenticated to the host.

NEW QUESTION 8

This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows: It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc. It is commonly used for the following purposes: a.War driving b.Detecting unauthorized access pointsc.Detecting causes of interference on a WLAN d.WEP ICV error trackinge.Making Graphs and Alarms on 802.11 Data, including Signal Strength This tool is known as .

• A. THC-Scan
• B. NetStumbler
• C. Absinthe
• D. Kismet

Answer: B

Explanation:

NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of NetStumbler are as follows: It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc. It is commonly used for the following purposes: a.War driving b.Detecting unauthorized access points c.Detecting causes of interference on a WLAN d.WEP ICV error tracking e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
Answer D is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Answer A is incorrect. THC-Scan is a war-dialing tool. Answer C is incorrect. Absinthe is an automated SQL injection tool.

NEW QUESTION 9

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the
forest is Windows Server 2003. The company has recently provided laptops to its sales team members. You have configured access points in the network to enable a wireless network. The company's security policy states that all users using laptops must use smart cards for authentication. Which of the following authentication techniques will you use to implement the security policy of the company?

• A. IEEE 802.1X using EAP-TLS
• B. IEEE 802.1X using PEAP-MS-CHAP
• C. Pre-shared key
• D. Open system

Answer: A

Explanation:

In order to ensure that the laptop users use smart cards for authentication, you will have to configure IEEE 802.1X authentication using the EAP-TLS protocol on the network.

NEW QUESTION 10

Which of the following functions are performed by methods of the HttpSessionActivationListener interface?

• A. Notifying an attribute that a session has just migrated from one JVM to another.
• B. Notifying the object when it is unbound from a session.
• C. Notifying the object when it is bound to a session.
• D. Notifying an attribute that a session is about to migrate from one JVM to another.

Answer: AD

Explanation:

The HttpSessionActivationListener interface notifies an attribute that the session is about to be activated or passivated. Methods of this interface are as follows: public void sessionDidActivate(HttpSessionEvent session): It notifies the attribute that the session has just been moved to a different JVM. public void sessionWillPassivate(HttpSessionEvent se): It notifies the attribute that the session is about to move to a different JVM. Answer B, C are incorrect. These functions are performed by the HttpSessionBindingListener interface. The HttpSessionBindingListener interface causes an object of the implementing class to be notified when it is added to or removed from a session. The HttpSessionBindingListener interface has the following methods: public void valueBound(event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is bound to a session. public void valueUnbound(HttpSessionBindingEvent event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is unbound from a session.

NEW QUESTION 11

Mark works as a project engineer in Tech Perfect Inc. His office is configured with Windows XP-based computers. The computer that he uses is not configured with a default gateway. He is able to access the Internet, but is not able to use e-mail services via the Internet. However, he is able to access e-mail services via the intranet of the company. Which of the following could be the reason of not being able to access e-mail services via the Internet?

• A. Proxy server
• B. IP packet filter
• C. Router
• D. Protocols other than TCP/IP

Answer: A

Explanation:

A proxy server exists between a client's Web-browsing program and a real Internet server. The purpose of the proxy server is to enhance the performance of user requests and filter requests. A proxy server has a database called cache where the most frequently accessed Web pages are stored. The next time such pages are requested, the proxy server is able to suffice the request locally, thereby greatly reducing the access time. Only when a proxy server is unable to fulfill a request locally does it forward the request to a real Internet server. The proxy server can also be used for filtering user requests. This may be done in order to prevent the users from visiting non-genuine sites. Answer D is incorrect. Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of standard protocols that govern how data passes between networks. It can be used to provide communication between the basic operating systems on local and wide-area networks (WANs). TCP/IP is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). It is considered the primary protocol of the Internet and the World Wide Web. Answer B is incorrect. IP packet filters allow or block packets from passing through specified ports. They can filter packets based on service type, port number, source computer name, or destination computer name. When packet filtering is enabled, all packets on the external interface are dropped unless they are explicitly allowed, either statically by IP packet filters or dynamically by access policy or publishing rules. Answer C is incorrect. A router is a device that routes data packets between computers in different networks. It is used to connect multiple networks, and it determines the path to be taken by each data packet to its destination computer. A router maintains a routing table of the available routes and their conditions. By using this information, along with distance and cost algorithms, the router determines the best path to be taken by the data packets to the destination computer. A router can connect dissimilar networks, such as Ethernet, FDDI, and Token Ring, and route data packets among them. Routers operate at the network layer (layer 3) of the Open Systems Interconnection (OSI) model.

NEW QUESTION 12

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to impose some special access restrictions on users. Which of the following Unix configuration files can you use to accomplish the task?

• A. /var/run/utmp
• B. /etc/terminfo
• C. /etc/usertty
• D. /etc/termcap

Answer: C

Explanation:
In Unix, the /etc/usertty file is used to impose some special access restrictions on users. Answer B is incorrect. In Unix, the /etc/terminfo file contains the details for the terminal I/O. Answer A is incorrect. In Unix, the /var/run/utmp file is the configuration file that contains information about the currently logged in users. Mostly, the 'Who' and 'w' commands use this file. Answer D is incorrect. In Unix, the /etc/termcap file works as a terminal capability database.

NEW QUESTION 13

Which of the following commands can you use to search a string 'pwd' in all text files without opening them? (Choose two)

• A. vi
• B. grep
• C. sed
• D. locate

Answer: BC

Explanation:

sed and grep are the two commands that can be used to search a specified string in all text files without opening them. sed is a stream editor that is used to perform basic text transformations on an input stream (a file or input from a pipeline).

NEW QUESTION 14

You work as an IT Technician for XYZ CORP. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task?

• A. RAS
• B. MAC Filtering
• C. SSID
• D. WEP

Answer: B

Explanation:

MAC filtering is a security access control technique that allows specific network devices to access, or prevents them from accessing, the network. MAC filtering can also be used on a wireless network to prevent certain network devices from accessing the wireless network. MAC addresses are allocated only to hardware devices, not to persons.

NEW QUESTION 15

Mark implements a Cisco unified wireless network for Tech Perfect Inc. Which functional area of the Cisco unified wireless network architecture includes intrusion detection and prevention?

• A. Network services
• B. Wireless clients
• C. Network unification
• D. Wireless access points

Answer: A

Explanation:
Network services is the last functional area of the Cisco unified wireless network architecture. This functional area includes the self-depending network, enhanced network support, such as location services, intrusion detection and prevention, firewalls, network admission control, and all other services. Answer C is incorrect. Network unification is a functional area of the Cisco unified wireless network architecture. This functional area includes the following wireless LAN controllers: 1.The 6500 series catalyst switch 2.Wireless services module (WiSM) 3.Cisco wireless LAN controller module (WLCM) 4.Cisco catalyst 3750 series integrated WLC 5.Cisco 4400 series WLC 6.Cisco 2000 series WLC Answer B is incorrect. Wireless clients is a functional area of the Cisco unified wireless network. The client devices are connected to a user. Answer D is incorrect. A wireless access point (WAP) is a device that allows wireless communication devices to connect to a wireless network using Wi-Fi, Bluetooth, or related standards. The WAP usually connects to a wired network, and it can transmit data between wireless devices and wired devices on the network. Each access point can serve multiple users within a defined network area. As people move beyond the range of one access point, they are automatically handed over to the next one. A small WLAN requires a single access point. The number of access points in a network depends on the number of network users and the physical size of the network.

NEW QUESTION 16

Audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Under which of the following controls does audit control come?

• A. Protective controls
• B. Reactive controls
• C. Detective controls
• D. Preventive controls

Answer: C

Explanation:

Audit trail or audit log comes under detective controls. Detective controls are the audit controls that are not needed to be restricted. Any control that performs a monitoring activity can likely be defined as a Detective Control. For example, it is possible that mistakes, either intentional or unintentional, can be made. Therefore, an additional Protective control is that these companies must have their financial results audited by an independent Certified Public Accountant. The role of this accountant is to act as an auditor. In fact, any auditor acts as a Detective control. If the organization in question has not properly followed the rules, a diligent auditor should be able to detect the deficiency which indicates that some control somewhere has failed. Answer B is incorrect. Reactive or corrective controls typically work in response to a detective control, responding in such a way as to alert or otherwise correct an unacceptable condition. Using the example of account rules, either the internal Audit Committee or the SEC itself, based on the report generated by the external auditor, will take some corrective action. In this way, they are acting as a Corrective or Reactive control. Answer A, D are incorrect. Protective or preventative controls serve to proactively define and possibly enforce acceptable behaviors. As an example, a set of common accounting rules are defined and must be followed by any publicly traded company. Each quarter, any particular company must publicly state its current financial standing and accounting as reflected by an application of these rules. These accounting rules and the SEC requirements serve as protective or preventative controls.

NEW QUESTION 17

Which of the following statements are true about locating rogue access points using WLAN discovery software such as NetStumbler, Kismet, or MacStumbler if you are using a Laptop integrated with Wi-Fi compliant MiniPCI card? (Choose two)

• A. These tools can determine the rogue access point even when it is attached to a wired network.
• B. These tools can determine the authorization status of an access point.
• C. These tools cannot detect rogue access points if the victim is using data encryption.
• D. These tools detect rogue access points if the victim is using IEEE 802.11 frequency bands.

Answer: BD

Explanation:

WLAN discovery software such as NetStumbler, Kismet, or MacStumbler can be used to detect rogue access points if the victim is using IEEE 802 frequency bands. However, if the victim is using non-IEEE 802.11 frequency bands or unpopular modulations, these tools might not detect rogue access. NetStumbler, kismet, or MacStumbler also gives the authorization status of an access point. A Rogue access point (AP) is set up by the attackers in an Enterprise's network. The attacker captures packets in the existing wireless LAN (WLAN) and finds the SSID and security keys (by cracking). Then the attacker sets up his own AP using the same SSID and security keys. The network clients unknowingly use this AP and the attacker captures their usernames and passwords. This can help the attacker to intrude the security and have access to the Enterprise dat Answer A, C are incorrect. The WLAN software such as NetStumbler, Kismet, or MacStumbler can search rogue access points even when the victim is using data encryption. However, these tools cannot determine the rogue access point even when it is attached to a wired network.

NEW QUESTION 18

You work as a Software Developer for Mansoft Inc. You create an application and use it to create users as members of the local Users group. Which of the following code snippets
imperatively demands that the current user is a member of the local Users group?

• A. System.AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); PrincipalPermission MyPermission = new PrincipalPermission(null, @"BUILTIN\Users", true); MyPermission.Demand();
• B. PrincipalPermission MyPermission = new PrincipalPermission(null, @"BUILTIN\Users", true); MyPermission.Demand();
• C. System.AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); PrincipalPermission MyPermission = new PrincipalPermission(null, @"Users", true); MyPermission.Demand();
• D. PrincipalPermission MyPermission = new PrincipalPermission(null, @"Users", true); MyPermission.Demand();

Answer: AC

Explanation:

The PrincipalPermission class allows security checks against the active principal. This is done by using the language constructs that are defined for both imperative and declarative security actions. To perform an imperative security demand for membership in a built-in Microsoft Windows group, you must first set the default principal policy to the Windows principal by calling the SetPrincipalPolicy (PrincipalPolicy.WindowsPrincipal) statement. Construct a PrincipalPermission object specifying the group name. To specify the group name, you can provide just the group name, or you can preface the group name with either "BUILTIN\" or the computer name and a backslash. Finally, call the PrincipalPermission.Demand method. There is another method of identifying group membership, i.e. by using the PrincipalPermission class or the PrincipalPermissionAttribute attribute derived from the System.Security.Permissions namespace. The PrincipalPermission object identifies that the identity of the active principal should match its information with the identity information that is passed to its constructor. The identity information contains the user's identity name and role.

NEW QUESTION 19

You work as a Network Administrator for XYZ CORP. The company's Windows 2000 network is configured with Internet Security and Acceleration (ISA) Server 2000. ISA Server is configured as follows: The server uses the default site and content rule and default IP packet filters. Packet filtering is enabled. The server has two protocol rules:

Users in the network complain that they are unable to access secure Web sites. However, they are able to connect to Web sites in which secure transmission is not required. What is the most likely cause?

• A. A protocol rule that allows the use of HTTP has not been created.
• B. An IP packet filter that allows the use of network traffic on port 80 has not been created.
• C. An IP packet filter that allows the use of network traffic on port 443 has not been created.
• D. A protocol rule that allows the use of HTTPS has not been created.

Answer: C

Explanation:

The default IP packet filter allows HTTP protocol (for non-secure communication) at port 80 to access the Internet. However, to allow users to access secure Web sites, you will have to create an additional packet filter to allow communication on port 443.

NEW QUESTION 20
......