_____ is the process of converting something from one representation to the
simplest form. It deals with the way in which systems convert data from one form to
another.

A.

Canonicalization

B.

  Character Mapping

C.

  Character Encoding

D.

UCS transformation formats

Ursula is a college student at a University in Amsterdam. Ursula originally went to college
to study engineering but later changed to marine biology after spending a month at sea
with her friends. These friends frequently go out to sea to follow and harass fishing fleets
that illegally fish in foreign waters. Ursula eventually wants to put companies practicing
illegal fishing out of business. Ursula decides to hack into the parent company's computers
and destroy critical data knowing fully well that, if caught, she probably would be sent to jail
for a very long time. What would Ursula be considered?

A.

Ursula would be considered a gray hat since she is performing an act against illegal
activities.

B.

She would be considered a suicide hacker.

C.

She would be called a cracker.

D.

Ursula would be considered a black hat.

Which of the following LM hashes represent a password of less than 8 characters?
(Select 2)

A.

BA810DBA98995F1817306D272A9441BB

B.

44EFCE164AB921CQAAD3B435B51404EE

C.

0182BD0BD4444BF836077A718CCDF409

D.

CEC52EB9C8E3455DC2265B23734E0DAC

E.

 B757BF5C0D87772FAAD3B435B51404EE

F.

 E52CAC67419A9A224A3B108F3FA6CB6D

Giles is the network administrator for his company, a graphics design company based in
Dallas. Most of the network is comprised of Windows servers and workstations, except for
some designers that prefer to use MACs. These MAC users are running on the MAC OS X
operating system. These MAC users also utilize iChat to talk between each other. Tommy,
one of these MAC users, calls Giles and says that his computer is running very slow. Giles
then gets more calls from the other MAC users saying they are receiving instant messages
from Tommy even when he says he is not on his computer. Giles immediately unplugs
Tommys computer from the network to take a closer look. He opens iChat on Tommys
computer and it says that it sent a file called latestpics.tgz to all the other MAC users.
Tommy says he never sent those files. Giles also sees that many of the computers
applications appear to be altered. The path where the files should be has an altered file
and the original application is stored in the file's resource fork.
What has Giles discovered on Tommys computer?

A.

He has discovered OSX/Chat-burner virus on Tommys computer

B.

Giles has found the OSX/Leap-A virus on Tommys computer

C.

This behavior is indicative of the OSX/Inqtana.A virus

D.

 On Tommys computer, Giles has discovered an apparent infection of the
OSX/Transmitter.B virus

Fingerprinting an Operating System helps a cracker because:

A.

It defines exactly what software you have installed

B.

  It opens a security-delayed window based on the port being scanned

C.

  It doesn't depend on the patches that have been applied to fix existing security holes

D.

  It informs the cracker of which vulnerabilities he may be able to exploit on your system

The GET method should never be used when sensitive data such as credit card is being
sent to a CGI program. This is because any GET command will appear in the URL, and will
be logged by any servers. For example, lets say that you've entered your credit card
information into a form that uses the GET method. The URL may appear like this:
https://www.xsecurity-bank.com/creditcard.asp?cardnumber=453453433532234
The GET method appends the credit card number to the URL. This means that anyone with
access to a server log will be able to obtain this information. How would you protect from
this type of attack?

A.

Never include sensitive information in a script

B.

Use HTTPS SSLv3 to send the data instead of plain HTTPS

C.

Replace the GET with POST method when sending data

D.

Encrypt the data before you send using GET method

You are a Administrator of Windows server. You want to find the port number for
POP3. What file would you find the information in and where?
Select the best answer.

A.

%windir%\\etc\\services

B.

 system32\\drivers\\etc\\services

C.

%windir%\\system32\\drivers\\etc\\services

D.

 /etc/services

E.

 %windir%/system32/drivers/etc/services

Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to
detect attacks going through his network. He receives Snort SMS alerts on his iPhone
whenever there is an attempted intrusion to his network.

An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on
Jasons network with the hping command.
Which of the following hping2 command is responsible for the above snort alert?

A.

chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118

B.

 chenrocks:/home/siew # hping -F -Q -J -A -C -W 192.168.2.56 -p 22 -c 5 -t 118

C.

chenrocks:/home/siew # hping -D -V -R -S -Z -Y 192.168.2.56 -p 22 -c 5 -t 118

D.

 chenrocks:/home/siew # hping -G -T -H -S -L -W 192.168.2.56 -p 22 -c 5 -t 118

NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are
trying to intercept the traffic from a victim machine to a corporate network printer. You are
attempting to hijack the printer network connection from your laptop by sniffing the wire.
Which port does SMB over TCP/IP use?

A.

443

B.

139

C.

179

D.

445

LAN Manager passwords are concatenated to 14 bytes and split in half. The two
halves are hashed individually. If the password is 7 characters or less, than the
second half of the hash is always:

A.

0xAAD3B435B51404EE

B.

0xAAD3B435B51404AA

C.

  0xAAD3B435B51404BB

D.

  0xAAD3B435B51404CC

You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to
Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and
acknowledgement numbers to successfully hijack the telnet session.
Here is the captured data in tcpdump.

What are the next sequence and acknowledgement numbers that the router will send to the
victim machine?

A.

Sequence number: 82980070 Acknowledgement number: 17768885A.

B.

Sequence number: 17768729 Acknowledgement number: 82980070B.

C.

Sequence number: 87000070 Acknowledgement number: 85320085C.

D.

 Sequence number: 82980010 Acknowledgement number: 17768885D.

While examining audit logs, you discover that people are able to telnet into the SMTP
server on port 25. You would like to block this, though you do not see any evidence
of an attack or other wrong doing. However, you are concerned about affecting the
normal functionality of the email server. From the following options choose how
best you can achieve this objective?

A.

Block port 25 at the firewall.

B.

Shut off the SMTP service on the server.

C.

Force all connections to use a username and password.

D.

Switch from Windows Exchange to UNIX Sendmail.

E.

None of the above.