Topic 23, Mixed Questions
Attackers footprint target Websites using Google Hacking techniques. Google hacking is a
term that refers to the art of creating complex search engine queries. It detects websites
that are vulnerable to numerous exploits and vulnerabilities. Google operators are used to
locate specific strings of text within the search results.
The configuration file contains both a username and a password for an SQL database.
Most sites with forums run a PHP message base. This file gives you the keys to that forum,
including FULL ADMIN access to the database. WordPress uses config.php that stores the
database Username and Password.
Which of the below Google search string brings up sites with "config.php" files?
A.
Search:index config/php
B.
Wordpress:index config.php
C.
intitle:index.of config.php
D.
Config.php:index list
intitle:index.of config.php
Which of the following type of scanning utilizes automated process of proactively identifying
vulnerabilities of the computing systems present on a network?
A.
Port Scanning
B.
Single Scanning
C.
External Scanning
D.
Vulnerability Scanning
Vulnerability Scanning
You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You
will be using LM Brute force hacking tool for decryption.
What encryption algorithm will you be decrypting?
A.
MD4
B.
DES
C.
SHA
D.
SSL
DES
Explanation: The LM hash is computed as follows.1. The user’s password as an OEM
string is converted to uppercase. 2. This password is either null-padded or truncated to 14
bytes. 3. The “fixed-length” password is split into two 7-byte halves. 4. These values are
used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to
DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext
values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is
the LM hash.
Lyle is a systems security analyst for Gusteffson & Sons, a large law firm in Beverly Hills.
Lyle's responsibilities include network vulnerability scans, Antivirus monitoring, and IDS
monitoring. Lyle receives a help desk call from a user in the Accounting department. This
user reports that his computer is running very slow all day long and it sometimes gives him
an error message that the hard drive is almost full. Lyle runs a scan on the computer with
the company antivirus software and finds nothing. Lyle downloads another free antivirus
application and scans the computer again. This time a virus is found on the computer. The
infected files appear to be Microsoft Office files since they are in the same directory as that
software. Lyle does some research and finds that this virus disguises itself as a genuine
application on a computer to hide from antivirus software. What type of virus has Lyle found
on this computer?
A.
This type of virus that Lyle has found is called a cavity virus.
B.
Lyle has discovered a camouflage virus on the computer.
C.
By using the free antivirus software, Lyle has found a tunneling virus on the computer.
D.
Lyle has found a polymorphic virus on this computer
By using the free antivirus software, Lyle has found a tunneling virus on the computer.
The SNMP Read-Only Community String is like a password. The string is sent along with
each SNMP Get-Request and allows (or denies) access to a device. Most network vendors
ship their equipment with a default password of "public". This is the so-called "default public
community string". How would you keep intruders from getting sensitive information
regarding the network devices using SNMP? (Select 2 answers)
A.
Enable SNMPv3 which encrypts username/password authentication
B.
Use your company name as the public community string replacing the default public
C.
Enable IP filtering to limit access to SNMP device
D.
The default configuration provided by device vendors is highly secure and you dont need to change anything
Enable SNMPv3 which encrypts username/password authentication
Enable IP filtering to limit access to SNMP device
Justine is the systems administrator for her company, an international shipping company
with offices all over the world. Recent US regulations have forced the company to
implement stronger and more secure means of communication. Justine and other
administrators have been put in charge of securing the companys digital communication
lines. After implementing email encryption, Justine now needs to implement robust digital
signatures to ensure data authenticity and reliability. Justine has decided to implement
digital signatures which are a variant of DSA and that operate on elliptical curve groups.
These signatures are more efficient than DSA and are not vulnerable to a number field
sieve attacks.
What type of signature has Justine decided to implement?
A.
She has decided to implement ElGamal signatures since they offer more reliability than
the typical DSA signatures
B.
Justine has decided to use ECDSA signatures since they are more efficient than DSA
signatures
C.
Justine is now utilizing SHA-1 with RSA signatures to help ensure data reliability
D.
These types of signatures that Justine has decided to use are called RSA-PSS
signatures
Justine has decided to use ECDSA signatures since they are more efficient than DSA
signatures
Explanation:
The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature
Algorithm (DSA)
which uses Elliptic curve cryptography. http://en.wikipedia.org/wiki/Elliptic_Curve
What type of encryption does WPA2 use?
A.
DES 64 bit
B.
AES-CCMP 128 bit
C.
MD5 48 bit
D.
SHA 160 bit
AES-CCMP 128 bit
Attackers can potentially intercept and modify unsigned SMB packets, modify the
traffic and forward it so that the server might perform undesirable actions.
Alternatively, the attacker could pose as the server or client after a legitimate
authentication and gain unauthorized access to data. Which of the following is NOT
a means that can be used to minimize or protect against such an attack?
A.
Timestamps
B.
SMB Signing
C.
File permissions
D.
Sequence numbers monitoring
Timestamps
SMB Signing
Sequence numbers monitoring
What is GINA?
A.
Gateway Interface Network Application
B.
GUI Installed Network Application CLASS
C.
Global Internet National Authority (G-USA)
D.
Graphical Identification and Authentication DLL
Graphical Identification and Authentication DLL
Explanation: In computing, GINA refers to the graphical identification and authentication
library, a component of some Microsoft Windows operating systems that provides secure
authentication and interactive logon services.
You are configuring the security options of your mail server and you would like to block
certain file attachments to prevent viruses and malware from entering the users inbox.
Which of the following file formats will you block?
(Select up to 6)
A.
.txt
B.
.vbs
C.
.pif
D.
.jpg
E.
.gif
F.
.com
G.
.htm
H.
.rar
I.
.scr
J.
.exe
.vbs
.pif
.gif
.com
.scr
.exe
Explanation:
http://office.microsoft.com/en-us/outlook/HP030850041033.aspx
You have installed antivirus software and you want to be sure that your AV signatures are
working correctly. You don't want to risk the deliberate introduction of a live virus to test the
AV software. You would like to write a harmless test virus, which is based on the European
Institute for Computer Antivirus Research format that can be detected by the AV software.
How should you proceed?
A.
Type the following code in notepad and save the file as SAMPLEVIRUS.COM. Your
antivirus program springs into action whenever you attempt to open, run or copy it.
X5O!P%@AP[4\PZX54(P^)7CC)7}$SAMPLEVIRUS-STANDARD-ANTIVIRUS-TESTFILE!$
H+H*
B.
Type the following code in notepad and save the file as AVFILE.COM. Your antivirus
program springs into action whenever you attempt to open, run or copy it.
X5O!P%@AP[4\PZX54(P^)7CC)7}$AVFILE-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
C.
Type the following code in notepad and save the file as TESTAV.COM. Your antivirus
program springs into action whenever you attempt to open, run or copy it.
X5O!P%@AP[4\PZX54(P^)7CC)7}$TESTAV-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
D.
Type the following code in notepad and save the file as EICAR.COM. Your antivirus
program springs into action whenever you attempt to open, run or copy it.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Type the following code in notepad and save the file as EICAR.COM. Your antivirus
program springs into action whenever you attempt to open, run or copy it.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Explanation:
The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed
by the European Institute for Computer
Antivirus Research, to test the response of computer antivirus (AV) programs. The
rationale behind it is to allow people, companies, and AV programmers
to test their software without having to use a real computer virus that could cause actual
damage should the AV not respond correctly. EICAR likens
the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm,
and promotes the EICAR test file as a safe alternative.
Which of the following is an attack in which a secret value like a hash is captured
and then reused at a later time to gain access to a system without ever decrypting or
decoding the hash.
A.
Replay Attacks
B.
Brute Force Attacks
C.
Cryptography Attacks
D.
John the Ripper Attacks
Replay Attacks
Explanation: A replay attack is a form of network attack in which a valid data transmission
is maliciously or fraudulently repeated or delayed. This is carried out either by the originator
or by an adversary who intercepts the data and retransmits it.
| Page 25 out of 64 Pages |
| Previous |