Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.
In which of the following DoS attacks does an attacker send an ICMP packet larger than 65,536 bytes to the target system?
Which of the following softwares is used to perform constant monitoring of the network infrastructure?
Which of the following is a name, symbol, or slogan with which a product is identified?
You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user.
You are also required to prevent the sales team members from communicating directly to one another. Which of the following actions will you take to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements are correct about spoofing and session hijacking?
Each correct answer represents a complete solution. Choose all that apply.
Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from various resources such as Apache log files, IIS logs, streaming servers, and some FTP servers. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use AWStats application. Which of the following statements are true about AWStats?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following components are usually found in an Intrusion detection system (IDS)?
Each correct answer represents a complete solution. Choose two.
Which of the following Linux rootkits allows attackers to hide files, processes, and network connections?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?
Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1. Smoothening and decreasing contrast by averaging the pixels of the area where significant
color transitions occurs.
2. Reducing noise by adjusting color and averaging pixel value.
3. Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?
You work as a Network Administrator for ABC Inc. The company uses a secure wireless network.
John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?
Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. Choose all that apply.
Maria works as a professional Ethical Hacker. She recently has been assigned a project to test the security of www.we-are-secure.com. The company has provided the following information about the infrastructure of its network:
·Network diagrams of the we-are-secure infrastructure
·Source code of the security tools
· IP addressing information of the we-are-secure network
Which of the following testing methodologies is we-are-secure.com using to test the security of its network?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using dumpster diving to gather information about Weare- secure, Inc. In which of the following steps of malicious hacking does dumpster diving come under?
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server.
The output of the scanning test is as follows:
C.\whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is an example of a social engineering attack?
You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:
What is the IP address of the sender of this email?
You have made a program secure.c to display which ports are open and what types of services are running on these ports. You want to write the program's output to standard output and simultaneously copy it into a specified file. Which of the following commands will you use to accomplish the task?
Which of the following are the two primary U.S. laws that address cybercrime?
Which of the following programs is used to monitor the keystrokes that a user types on a specific computer's keyboard?
Fill in the blank with the appropriate layer name of the OSI model.
Secure Socket Layer (SSL) operates at the________ layer of the OSI model.
Which of the following is the first computer virus that was used to infect the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system?
Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?
Which of the following processes is used to convert plain text into cipher text?
Which of the following protocols allows a service to authenticate the identity of a user without needing to see a password?
Maria works as the Chief Security Officer for PassGuide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?
Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from syslog servers and network devices such as Router and switches. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use software called Sawmill. Which of the following statements are true about Sawmill?
Each correct answer represents a complete solution. Choose all that apply.
You work as a security manager in Mariotiss Inc. Your enterprise has been facing network and software security threats since a few months. You want to renew your current security policies and management to enhance the safety of your information systems. Which of the following is the best practice to initiate the renewal process from the lowest level with the least managerial effort?
Which of the following malicious codes is used by a hacker to get control over the system files of a victim?
Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?
What level of encryption is used by syskey?
Which of the following organizations is dedicated to computer security research and information sharing?
Which method would provide the highest level of protection for all data transmitted on the internal network only?
(Click the Exhibit button on the toolbar to see the case study.)
Adam, a novice Web user is getting large amount of unsolicited commercial emails on his email address. He suspects that the emails he is receiving are the Spam. Which of the following steps will he take to stop the Spam?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?
You work as a security manager in Mariotiss Inc. Your enterprise has been facing network and software security threats since a few months. You want to renew your current security policies and management to enhance the safety of your information systems. Which of the following is the best practice to initiate the renewal process from the lowest level with the least managerial effort?
You work as a Network Administrator for Infonet Inc. The company's network is connected to the Internet. The network has a Web server that is accessible to Internet users. For security, you want to keep the Web server separate from other servers on the network. Where will you place the Web server?
John works as a Desktop Technician for NetPerfect Inc. The company has a Windows-based network. For the last few days, the network of the company has become prone to the Man-in-the- Middle attack. John wants to send a confidential MS-Word file to his Manager through e-mail attachment. He wants to ensure that no one is able to open and understand the file's message except the Manager. Which of the following should John use to accomplish the task?
Each correct answer represents a part of the solution. Choose all that apply.
You have made a program secure.c to display which ports are open and what types of services are running on these ports. You want to write the program's output to standard output and simultaneously copy it into a specified file. Which of the following commands will you use to accomplish the task?
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?
Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?
Which of the following is an example of a low-interaction production honeypot that is developed and sold by the Swiss company Netsec?
Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?
Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?
Which of the following DoS attacks attempts to block service or reduce activity on a host by sending ping requests directly to the victim?
Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?
Cola Co. manufactures, markets, sells, and distributes non-alcoholic potables such as Lemcaa and Thunder Up under its brand name Cola and uses green and red logo. Mola Co., a new company, starts manufacturing, marketing, selling, and distributing non-alcoholic potables like Lumca and Cloud Up under its brand name Mola and uses green and red logo. Which of the following violations has been committed by Mola Co.?