Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using dumpster diving to gather information about Weare- secure, Inc. In which of the following steps of malicious hacking does dumpster diving come under?
You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user. You are also required to prevent the sales team members from communicating directly to one another. Which of the following actions will you perform to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
John works as an Office Assistant in DataSoft Inc. He has received an e-mail from duesoft_lotterygroup@us.com with the following message:
The DueSoft Lottery Incorporation
This is to inform you that you have just won a prize of $7,500.00 for this year's Annual Lottery promotion, which was organized by Msn/Yahoo Lottery in conjunction with DueSoft. We collect active online e-mails and select five people every year as our winners through an electronic balloting machine. Please reply within three days of receiving this e-mail with your full details like Name, Address, Sex, Occupation, Age, State, Telephone number, and Country to claim your prize.
If John replies to this e-mail, which of the following attacks may he become vulnerable to?
Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following security policies will you implement to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs?
Each correct answer represents a complete solution. Choose two.
An Anti-Virus software is used to prevent, detect, and remove malware from a system, including computer viruses, worms, and Trojan horses. Which of the following companies are the providers of Anti-virus softwares?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?
Jason, a cybercriminal, sells illegal articles on the Internet. Which of the following activities is Jason involved in?
Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions that is available to the Internet.
Which of the following security threats may occur if DMZ protocol attacks are performed?
Each correct answer represents a complete solution. Choose all that apply.
John works as a Network Security Administrator for NetPerfect Inc. The manager of the company has told John that the company's phone bill has increased drastically. John suspects that the company's phone system has been cracked by a malicious hacker. Which attack is used by malicious hackers to crack the phone system?
Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1. Smoothening and decreasing contrast by averaging the pixels of the area where significant
color transitions occurs.
2. Reducing noise by adjusting color and averaging pixel value.
3. Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?
You work as a Network Administrator for Infonet Inc. The company uses Wired Equivalent Privacy (WEP) for wireless security. Who among the following can authenticate from the access point of the network?
In a complex network, Router transfers data packets by observing some form of parameters or metrics provided in the routing table. Which of the following metrics is NOT included in the routing table?
You work as a Network Administrator for ABC Inc. The company uses a secure wireless network.
John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?
Linux traffic monitoring tools are used to monitor and quickly detect faults in the network or a system. Which of the following tools are used to monitor traffic of the Linux operating system?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements is true about a honeyfarm?
Which of the following proxy servers is also referred to as transparent proxies or forced proxies?
Which of the following terms is used for the process of securing a system or a device on a network infrastructure?
Which of the following is a transport layer circuit-level proxy server?
Which of the following attacks is used to hack simple alphabetical passwords?
Which of the following is a valid IP address for class B Networks?
Which of the following attacks is used to hack simple alphabetical passwords?
Which of the following is true for XSS, SQL injection, and RFI?
Firewalking is a technique that can be used to gather information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. Which of the following are pre-requisites for an attacker to conduct firewalking?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following password cracking attacks is implemented by calculating all the possible hashes for a set of characters?
Which of the following are the two types of reconnaissance?
Which of the following viruses/worms uses the buffer overflow attack?
Which of the following protocols allows a service to authenticate the identity of a user without needing to see a password?
Maria works as the Chief Security Officer for PassGuide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?
A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?
Which of the following algorithms is used by the Advanced Encryption Standard (AES)?
You work as a Network Administrator for Maverick Inc. The company has a Linux-based network.
You are working on a Linux computer. You want to see the environment variables that are set on your computer. Which of the following commands will you use?
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. He is working on the Linux operating system. He wants to sniff the weare- secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following pre-attack phases while testing the security of the server:
· Footprinting
· Scanning
Now he wants to conduct the enumeration phase. Which of the following tools can John use to conduct it?
Each correct answer represents a complete solution. Choose all that apply.
Fill in the blank with the appropriate layer name of the OSI model.
Secure Socket Layer (SSL) operates at the________ layer of the OSI model.
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.
Adam, a novice Web user is getting large amount of unsolicited commercial emails on his email address. He suspects that the emails he is receiving are the Spam. Which of the following steps will he take to stop the Spam?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements are true about Public-key cryptography?
Each correct answer represents a complete solution. Choose two.
Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included in the hacking process?
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He observes that the We-are-secure server is vulnerable to a special type of DoS attack and he makes the following suggestions to the security authority to protect the server from this DoS attack. The countermeasures against this type of DoS attack are as follows:
l Disabling IP-directed broadcasts at the We-are-secure router
l Configuring local computers so as not to respond to such ICMP packets that are configured to be sent to IP broadcast addresses
Which of the following DoS attacks has John discovered as a vulnerability for the We-are-secure security network?
You work as a Network Security Administrator for NetPerfect Inc. The company has a Windowsbased network. You are incharge of the data and network security of the company. While performing a threat log analysis, you observe that one of the database administrators is pilfering confidential data. What type of threat is this?
Which of the following tools is used to catch someone installing a rootkit or running a packet sniffer?
Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?
Andrew works as a Forensic Investigator for PassGuide Inc. The company has a Windows-based environment. The company's employees use Microsoft Outlook Express as their e-mail client program. E-mails of some employees have been deleted due to a virus attack on the network. Andrew is therefore assigned the task to recover the deleted mails. Which of the following tools can Andrew use to accomplish the task?
Each correct answer represents a complete solution. Choose two.
Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?
Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?
According to the case study, the departmental stores can dial in to distribution center computers to query their order status. Which protocol should they use to provide the highest level of security?
(Click the Exhibit button on the toolbar to see the case study.)
Which of the following proxy servers is placed anonymously between the client and remote server and handles all of the traffic from the client?