Q1. Hackers usually control Bots through:
A. IRC Channel
B. MSN Messenger
C. Trojan Client Software
D. Yahoo Chat
E. GoogleTalk
Answer: A
Explanation: Most of the bots out today has a function to connect to a predetermined IRC channel in order to get orders.
Q2. ARP poisoning is achieved in _____ steps
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation: The hacker begins by sending a malicious ARP "reply" (for which there was no previous request) to your router, associating his computer's MAC address with your IP Address. Now your router thinks the hacker's computer is your computer. Next, the hacker sends a malicious ARP reply to your computer, associating his MAC Address with the routers IP Address. Now your machine thinks the hacker's computer is your router. The hacker has now used ARP poisoning to accomplish a MitM attack.
Q3. Which of the following is one of the key features found in a worm but not seen in a virus?
A. The payload is very small, usually below 800 bytes.
B. It is self replicating without need for user intervention.
C. It does not have the ability to propagate on its own.
D. All of them cannot be detected by virus scanners.
Answer: B
Explanation: A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided.
Q4. All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?
A. They are all Windows based webserver
B. They are all Unix based webserver
C. The company is not using IDS
D. The company is not using a stateful firewall
Answer: D
Explanation: If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK.
Q5. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold.
What is the most common cause of buffer overflow in software today?
A. Bad permissions on files.
B. High bandwidth and large number of users.
C. Usage of non standard programming languages.
D. Bad quality assurance on software produced.
Answer: D
Explanation: Technically, a buffer overflow is a problem with the program's internal implementation.
Q6. Name two software tools used for OS guessing.(Choose two.
A. Nmap
B. Snadboy
C. Queso
D. UserInfo
E. NetBus
Answer: AC
Explanation: Nmap and Queso are the two best-known OS guessing programs. OS guessing software has the ability to look at peculiarities in the way that each vendor implements the RFC's. These differences are compared with its database of known OS fingerprints. Then a best guess of the OS is provided to the user.
Q7. In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning. He places the antenna for the access points near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the building’s center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Ulf figures that with this and his placement of antennas, his wireless network will be safe from attack.
Which of the following statements is true?
A. With the 300 feet limit of a wireless signal, Ulf’s network is safe.
B. Wireless signals can be detected from miles away, Ulf’s network is not safe.
C. Ulf’s network will be safe but only of he doesn’t switch to 802.11a.
D. Ulf’s network will not be safe until he also enables WEP.
Answer: D
Q8. In which part of OSI layer, ARP Poisoning occurs?
A. Transport Layer
B. Datalink Layer
C. Physical Layer
D. Application layer
Answer: B
Q9. Jake is a network administrator who needs to get reports from all the computer and network devices on his network. Jake wants to use SNMP but is afraid that won't be secure since passwords and messages are in clear text. How can Jake gather network information in a secure manner?
A. He can use SNMPv3
B. Jake can use SNMPrev5
C. He can use SecWMI
D. Jake can use SecSNMP
Answer: A
Q10. In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network’s speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same.
Why does this happen in the VPN over wireless implementation?
A. The stronger encryption used by the VPN slows down the network.
B. Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications.
C. VPNs use larger packets then wireless networks normally do.
D. Using a VPN on wireless automatically enables WEP, which causes additional overhead.
Answer: B
Explanation: By applying VPN the access point will have to recalculate all headers destined for client and from clients twice.