C. Cross Site Scripting*
D. Web server hacking
Answer: C
QUESTION: 341
You want to carry out session hijacking on a remote server. The server and the client are
communicating via TCP after a successful TCP three way handshake. The server has just
received packet #155 from the client. The client has a receive window of 230 and the server has
a receive window of 280. Within what range of sequence numbers should a packet, sent by the
client fall in order to be accepted by the server?
A. 200-280
B. 156-436* C. 155-435
D. 155-231
E. 155-530
Answer: B
QUESTION: 342
Jack is testing the perimeter security of DMC corp. He has identified a system in the
demilitarized zone. Using Hping and nmap, he has verified that telnet service is running on the
machine. To minimize his footprint, he spoofs his IP while attempting to telnet into the network.
However, he is still unable to telnet into the network. What do you think is the reason?
A. The demilitarized zone is secured by a firewall
B. Jack cannot successfully use TCP while spoofing his IP*
C. Jack needs to use a tool such as nmap to telnet inside
D. The target system does not reply to telnet even when the service is running
Answer: B
QUESTION: 343
An attacker tries to connect their wireless client, typically a laptop or PDA, to a basestation
without authorization. What would you call this attack?
A. Plug-in Unauthorized Clients Attack*
B. Plug-in Unauthorized Renegade Base Station Attack
C. Interception Attack
D. Monitoring Attack
Answer: A
QUESTION: 344
When SSL and SSH connections get hijacked, the only alert to the end-user is a warning that the
credentials of the host and certificate have changed and ask if you trust the new ones. Your
organization wants to provide some kind of interim protection its network users from such an
attack. Choose the best option.
A. Monitor all broadcasts from the base station and renegade base station
B. Enable SSH's StrictHostKeyChecking option, and distribute server key signatures to mobile
clients*
Answer: B
QUESTION: 345
WEP can be typically configured in 3 possible modes. They are:
A. 64 bit encryption, 128 bit encryption, 254 bit encryption
B. 30 bit encryption, 48 bit encryption, 64 bit encryption
C. No encryption, 40 bit encryption, 128 bit encryption*
D. No encryption, 48 bit encryption, 64 bit encryption
Answer: C
QUESTION: 346
An attacker with the proper equipment and tools can easily flood the 2.4 GHz frequency, so that
the signal to noise drops so low, that the wireless network ceases to function. What would you
call this attack?
A. Hamming
B. Flooding
C. Jamming*
D. Scooping
Answer: C
QUESTION: 347
Jack supports the parasitic grid movement actively. The grid is an underground movement to
deploy free wireless access zones in metropolitan areas. Jack is part of the group of volunteers
deploying, at their own expense, a wireless access point on the outside of their home, or at worst
at a window, with the access point connected to the volunteer's PC. What tool can an attacker use
to hide his access point among legitimate access points and steal credentials?
A. Dsniff
B. AirSnort
C. Netstumbler
D. Fake AP*
Answer: D
QUESTION: 348
In a switched network, the traffic flows as shown below:
Step 1: Node A transmits a frame to Node C.
Step 2: The switch will examine this frame and determine what the intended host is. It will then
set up a connection between Node A and Node C so that they have a 'private' connection.
Step 3: Node C will receive the frame and will examine the address. After determining that it is
the intended host, it will process the frame further
Which of the following represents attacks that can help an attacker sniff on a switched network?
A. ARP Spoofing, Switch Hijacking, MAC corrupting
B. ARP Spoofing, MAC Flooding, MAC duplicating*
C. Switch Flooding, Switch Tampering, Switch Hijacking
D. MAC Spoofing, Ethernet Flooding, MAC harvesting
Answer: B
QUESTION: 349
How would you describe a simple yet very effective mechanism for sending and receiving
unauthorized information or data between machines without alerting any firewalls and IDS's on a
network?
A. Crafted Channel
B. Covert Channel*
C. Deceptive Channel
D. Bounce Channel
Answer: B
QUESTION: 350
Derek transmits an ARP to a non-broadcast address. He gets a response from a machine on the
network of its IP address. What must Derek infer?
A. The machine has been trojaned by an attacker
B. The machine is running a sniffer in promiscuous mode*
C. The machine is configured with a local address loop
D. His system has its ARP cached and is looping back into the network
Answer: B
QUESTION: 351
During the scanning portion of his penetration test, Ed discovered a handful of Oracle servers.
Later, Ed found that those Oracle servers were being used by the webservers to retrieve
information. Ed decided that he should try some SQL injection attacks in order to read
information out of the Oracle servers. He opens the web page in his browser and begins injecting
commands. After hours of attempts, Ed is having no luck getting even a small amount of
information out of the databases. What is the probable cause of this? (Select the Best Answer)
A. You cannot do SQL injection against Oracle database
B. You must directly connect to the database instead of using the web server
C. You cannot use a web browser to perform SQL injection
D. Ed is not using SQL Plus to inject commands
Answer: A
QUESTION: 352
As inferred from the following entry which of the following statements describes the attacker's
effort? cmd/c C: \ProgramFiles\CommonFiles\system\...\pdump.exe>>C:\mine.txt
A. Enumerate users and passwords with Password Dump
B. Copy pdump.exe and rename it to mine.txt
C. Execute pdump.exe and save into mine.txt*
D. Copy mine.txt into the directory where pdump.exe resides
Answer: C
QUESTION: 353
John has a proxy server on his network which caches and filters web access. He has shut down
all unnecessary ports and services. Additionally, he has installed a firewall (Cisco PIX) that will
not allow users to connect to any outbound ports. Jack, a network user has successfully
connected to a remote server on port 80 using netcat. He could in turn drop a shell from the
remote machine. John wants to harden his network such that a remote user does not do the same
to his network. Choose the option that can be easily and more effectively implemented.
A. Do not use a proxy as application layer does not provide adequate protection
B. Limit HTTP CONNECT on the network*
C. Sniff the traffic and look for lengthy connection periods
D. Filter port 80
Answer: B
QUESTION: 354
Reflective DDoS attacks do not send traffic directly at the targeted host. Instead, they usually
spoof the originating IP addresses and send therequests at the reflectors. These reflectors
(usually routers or high- powered servers witha large amount of network resources at their
disposal) then reply to the spoofed targeted traffic by sending loads and loads of data to the final
target. How would you detect these reflectors on your network?
A. Run Vulnerability scanner on your network to detect these reflectors
B. Run floodnet tool to detect these reflectors
C. Look for the banner text by running Zobbie Zappers tools
D. Scan the network using Nmap for the services used by these reflectors
Answer: D
QUESTION: 355
You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes
in the program exploit.c
char shellcode[] =
"\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0"
"\x88\x43\x07\x89\x5b\x08\x89\x43\x0c \xb0
\x0b\x8d\x4b\x08\x8d" "\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73" "\x68";
What is the hexadecimal value of NOP instruction?
A. 0x60
B. 0x70
C. 0x80
D. 0x90
Answer: D
For More exams visit https://killexams.com
�
Kill your exam at First Attempt....Guaranteed!
No comments:
Post a Comment