In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR.
These flags have decimal numbers assigned to them:
FIN = 1
SYN = 2
RST = 4
PSH = 8
ACK = 16
URG = 32
ECE = 64
CWR = 128

Jason is the security administrator of ASPEN Communications. He analyzes some traffic
using Wireshark and has enabled the following filters.

What is Jason trying to accomplish here?

A.

SYN, FIN, URG and PSH

B.

 SYN, SYN/ACK, ACK

C.

RST, PSH/URG, FIN

D.

ACK, ACK, SYN, URG

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the
ARP cache of these switches. If these switches' ARP cache is successfully flooded, what
will be the result?

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

 If the ARP cache is flooded, the switches will drop into pix mode making it less
susceptible to attacks.

C.

 Depending on the switch manufacturer, the device will either delete every entry in its
ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions

You have successfully brute forced basic authentication configured on a Web Server
using Brutus hacking tool. The username/password is “Admin” and “Bettlemani@”.
You logon to the system using the brute forced password and plant backdoors and
rootkits.
After downloading various sensitive documents from the compromised machine,
you proceed to clear the log files to hide your trace..
Which event log located at C:\Windows\system32\config contains the trace of your
brute force attempts?

A.

AppEvent.Evt

B.

SecEvent.Evt

C.

SysEvent.Evt

D.

WinEvent.Evt

LM authentication is not as strong as Windows NT authentication so you may want
to disable its use, because an attacker eavesdropping on network traffic will attack
the weaker protocol. A successful attack can compromise the user's password. How
do you disable LM authentication in Windows XP?

A.

Stop the LM service in Windows XP

B.

  Disable LSASS service in Windows XP

C.

Disable LM authentication in the registry

D.

Download and install LMSHUT.EXE tool from Microsoft website

What type of port scan is represented here.

A.

Stealth Scan

B.

Full Scan

C.

XMAS Scan

D.

FIN Scan

If an attackers computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on
a closed port, what will be the response?

A.

The zombie computer will respond with an IPID of 24334.

B.

The zombie computer will respond with an IPID of 24333.

C.

The zombie computer will not send a response.

D.

The zombie computer will respond with an IPID of 24335.

You have retrieved the raw hash values from a Windows 2000 Domain Controller.
Using social engineering, you come to know that they are enforcing strong
passwords. You understand that all users are required to use passwords that are at
least 8 characters in length. All passwords must also use 3 of the 4 following
categories: lower case letters, capital letters, numbers and special characters.
With your existing knowledge of users, likely user account names and the possibility
that they will choose the easiest passwords possible, what would be the fastest type
of password cracking attack you can run against these hash values and still get
results?

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

  Hybrid Attack

What are the limitations of Vulnerability scanners? (Select 2 answers)

A.

There are often better at detecting well-known vulnerabilities than more esoteric ones

B.

The scanning speed of their scanners are extremely high

C.

It is impossible for any, one scanning product to incorporate all known vulnerabilities in a
timely manner

D.

The more vulnerabilities detected, the more tests required

E.

They are highly expensive and require per host scan license

Neil is an IT security consultant working on contract for Davidson Avionics. Neil has been
hired to audit the network of Davidson Avionics. He has been given permission to perform
any tests necessary. Neil has created a fake company ID badge and uniform. Neil waits by
one of the companys entrance doors and follows an employee into the office after they use
their valid access card to gain entrance. What type of social engineering attack has Neil
employed here?

A.

Neil has used a tailgating social engineering attack to gain access to the offices

B.

He has used a piggybacking technique to gain unauthorized access

C.

This type of social engineering attack is called man trapping

D.

Neil is using the technique of reverse social engineering to gain access to the offices of
Davidson Avionics

In the following example, which of these is the "exploit"?
Today, Microsoft Corporation released a security notice. It detailed how a person
could bring down the Windows 2003 Server operating system, by sending
malformed packets to it. They detailed how this malicious process had been
automated using basic scripting. Even worse, the new automated method for
bringing down the server has already been used to perform denial of service attacks
on many large commercial websites.
Select the best answer.

A.

Microsoft Corporation is the exploit.

B.

The security "hole" in the product is the exploit.

C.

 Windows 2003 Server

D.

The exploit is the hacker that would use this vulnerability.

E.

The documented method of how to use the vulnerability to gain unprivileged access.

You have successfully gained access to a victimS computer using Windows 2003 Server
SMB Vulnerability. Which command will you run to disable auditing from the cmd?

A.

 stoplog stoplog ?

B.

EnterPol /nolog

C.

EventViewer o service

D.

 auditpol.exe /disable

Travis works primarily from home as a medical transcriptions.
He just bought a brand new Dual Core Pentium Computer with over 3 GB of RAM. He
uses voice recognition software is processor intensive, which is why he bought the
new computer. Travis frequently has to get on the Internet to do research on what he
is working on. After about two months of working on his new computer, he notices
that it is not running nearly as fast as it used to.
Travis uses antivirus software, anti-spyware software and always keeps the
computer up-to-date with Microsoft patches.
After another month of working on the computer, Travis computer is even more
noticeable slow. Every once in awhile, Travis also notices a window or two pop-up
on his screen, but they quickly disappear. He has seen these windows show up,
even when he has not been on the Internet. Travis is really worried about his
computer because he spent a lot of money on it and he depends on it to work. Travis
scans his through Windows Explorer and check out the file system, folder by folder to see if there is anything he can find. He spends over four hours pouring over the
files and folders and can’t find anything but before he gives up, he notices that his
computer only has about 10 GB of free space available. Since has drive is a 200 GB
hard drive, Travis thinks this is very odd.
Travis downloads Space Monger and adds up the sizes for all the folders and files
on his computer. According to his calculations, he should have around 150 GB of
free space. What is mostly likely the cause of Travi’s problems?

A.

Travis’s Computer is infected with stealth kernel level rootkit

B.

Travi’s Computer is infected with Stealth Torjan Virus

C.

 Travis’s Computer is infected with Self-Replication Worm that fills the hard disk space

D.

Logic Bomb’s triggered at random times creating hidden data consuming junk files