Embed Size (px)
DESCRIPTION
Uploaded from Google Docs
Citation preview
QSA Questions 4.11
Domain 01 - Gather the Data 54
54. What does ICMP Type 3/Code 13 mean?A. Host UnreachableB. Administratively BlockedC. Port UnreachableD. Protocol Unreachable
84. Which of the following is the most important aspect of a penetration test? A. Perform attacks over intermediary networks to reach the client’s intranetB. Use dial-up connections to simulate Internet connectivityC. Minimize the impact on productionD. Only perform attacks from within the client’s intranet
80. All of the following are commonly used to define the rules of engagement EXCEPT? A. Depth of the assessment drives the length of the projectB. Forbidding of social engineering against client staffC. Assessments should take place during normal business hours on M – FD. Attack can take place locally, wirelessly, over VPN, and over dial-up
72. What is the first step in a Qualified Security Analyst’s testing methodology? A. ReconnaissanceB. Data analysisC. Intrusive target searchD. Organize the project
91. All of the following types of information can be directly discovered by examining the header of an e-mail received from the target client, EXCEPT? A. SMTP server in useB. MAC addressC. Client e-mail applicationD. Usernames 92. Which of the following Internet resources is likely to have the LEAST amount of valuable information about your target client? A. USENETB. The Way Back MachineC. NetcraftD. Snopes
95. Which of the following nmap commands will discover a TFTP server running on its default port?
A. nmap –sU –v –sV 192.168.1.6 –p 69B. nmap –sT –v –O 192.168.1.6 –p 69C. nmap –UDP –v 192.168.1.6 –p 0-1024D. nmap –U –v 192.168.1.6 –p 3889-65000
71. The following are valid reasons for using a testing methodology EXCEPT? A. Use a single method of testing for each potential vulnerability.B. Implement security controls in order to conform to a standard of “due care” accepted by similar well-run companies.C. Through research, testing, and analysis discover exposures and recommend corrections.D. The opportunity to improve the security posture of their networked computers.
97. What command line tool can be used to obtain zone information from an authoritative source?
A. whoisB. nslookupC. tracerouteD. ifconfig
101. Which of the following activities will most likely result in the identification of an e-mail server’s product name and version?
A. nmap -sT –v –O 192.168.5.4 –p 25B. nc –l –n –vv –p 25C. telnet 192.168.5.4 25D. nmap –sU –sV 192.168.5.4 –p 25
6. Using netcat and connecting to port 80 on a web server to issue the command GET / HTTP/1.0 is an example of what?Domain 01 - Gather the DataA. passive reconnaissanceB. passive enumerationC. script analysisD. banner grabbing
96. What is required by nmap to perform an active operating system identification?Domain 01 - Gather the Data
A. a UDP scanB. a target with a non-private IP addressC. the –P0 syntax parameter
D. one open port, one closed port
112. Which of the following commands will display current routing tables?Domain 01 - Gather the DataA. route CHANGEB. netstat –rC. nbtstat –nD. systeminfo /r
113. What is the preferred output from any tool used during a security assessment?Domain 01 - Gather the DataA. binaryB. textC. graphicalD. hexadecima
1. Simplifying risk includes identifying risk itself, asset value, vulnerability and:Domain 01 - Gather the DataA. Cost of ImpactB. Backup SolutionsC. Perceived ThreatD. Managerial Functions
98. Which of the following is a tool or technique that can be used to locate firewalls?Domain 01 - Gather the DataA. IDLE scanB. tracerouteC. Cain & AbelD. ping sweeps
99. Which of the following tools is best suited for interacting with remote hosts over NetBIOS?Domain 01 - Gather the DataA. tracerouteB. nbtstatC. nslookupD. nmap
100. When examining a NetBIOS name table cache, which 16th character represents a username?Domain 01 - Gather the DataA. <03>B. <20>C. <1D>D. <00>
102. Both non-intrusive and intrusive target search has been performed as well as port scanning and banner grabbing. What is the next step in the security analysis methodology?Domain 01 - Gather the DataA. vulnerability identificationB. exploitationC. data analysis
D. document findings of penetration
119. What is the primary distinction between scanning for discovery versus scanning for confirmation?Domain 01 - Gather the DataA. One can determine open portsB. One can determine filtered portsC. One can be detectedD. One verifies information learned during non-intrusive target search
64. You are conducting an assessment of a web server. You manually connect to port 80 to grab the banner and you notice that to retrieve the information you have to press enter 4 times. You know from previous recon work that the organization you are testing is a Windows shop. What is your guess at the Web Server version that the site is running?Domain 01 - Gather the Data
A. IIS 5B. IIS 4C. IIS 6D. IIS 6.5
65. What is the expected response to the following command if there are no services running on the target port?Domain 01 - Gather the Data
nmap –sU 192.168.4.2 –p 80
A. SYN/ACK packetB. ICMP type 3C. No responseD. RST
66. Who is a potential threat to the security of an organization?Domain 01 - Gather the DataA. disgruntled employeesB. professional hackersC. script kiddiesD. everyone
109. Which of the following statements should be adopted as a methodology guideline?Domain 01 - Gather the DataA. Employ a single tool per taskB. Use new tools as soon as they are available on the InternetC. Thoroughly test all toolsD. Use well-known tools even if you have not fully mastered how to use it
67. What security posture can be described as having a default rule of deny all, then allow by exception? A. Promiscuous
B. PermissiveC. PrudentD. Paranoid
68. What method of security testing uses automated tools with databases of exploits and has a goal of finding possible weaknesses?Domain 01 - Gather the DataA. Security auditB. AccreditationC. Vulnerability assessmentD. Penetration testing
69. The level of confidence that one can have in a vulnerability assessment is directly related to the _______________ that has been spent conducting the vulnerability assessment.Domain 01 - Gather the DataA. budgetary fundsB. time and effortC. internal political capitalD. senior management trust
70. The following statements are true EXCEPT?Domain 01 - Gather the Data
A. No testing or assessment methodology can guarantee that a system is 100% free of vulnerabilities.B. It is only possible to test what you and your tools know.C. Penetration tests should be performed before vulnerability scanning.D. A vulnerability assessment is a systematic and comprehensive method of identifying and reporting vulnerabilities in networked systems that could result in the compromise of those systems from remote hosts.
73. After the first step of a Qualified Security Analyst’s testing methodology is performed, what is the next or second step?Domain 01 - Gather the DataA. Organize the projectB. Non-intrusive target searchC. Remote target assessmentD. Data analysis
74. All of the following are benefits of the testing methodology EXCEPT?Domain 01 - Gather the DataA. Computing operations are at minimal risk of disruption.B. The methodology can be tailored to suite the specific needs of the client.C. Data and programs are at a reduced risk for loss of integrity.D. All steps or actions are predefined before testing starts
78. All of the following are important guidelines for the security analyst except?Domain 01 - Gather the Data
A. Avoid the use of encryption to prevent data loss.
B. Avoid accidentally crossing the line between determining that a vulnerability exists and exploiting the vulnerability.C. Know boundaries set by the client ahead of time.D. Attention to detail and self-restraint are required
79. A client expects all of the following from a security analyst EXCEPT?Domain 01 - Gather the Data
A. Be evasive about the tools and techniques to be employed.B. Clearly define what you are going to do.C. Distinctly indicate what is not going to occur.D. Keep lines of communication open.
81. A hacker needs to discover _______________ in order to compromise a system, while a security analyst need to discover _______________ in order to protect a system.Domain 01 - Gather the DataA. one vulnerability, one weaknessB. one weakness, all vulnerabilitiesC. all vulnerabilities, all weaknessesD. all weaknesses, one vulnerability
82. Which of the following is most commonly permitted by a client within the rules of engagement?Domain 01 - Gather the DataA. release of malicious codeB. social engineeringC. denial of serviceD. insider attack simulation
83. What is the most often overlooked aspect of security when a client hires a security analyst to perform a penetration test?Domain 01 - Gather the DataA. social engineering threatsB. external attacks over the InternetC. physical weaknessesD. lack of updates and patches
75. A security analyst should use a variety of tools even if they perform the same functions or scans, due to the following reasons, EXCEPT?Domain 01 - Gather the DataA. Tools are getting better and easier to useB. No single tool checks for all possible vulnerabilitiesC. Some tools work better on, from, or against one platform than anotherD. Multiple confirmations increases the validity of information
90. Which of these statements is poor practice for a security analyst?Domain 01 - Gather the DataA. Assume the target database is exhaustive.B. Check the target database against client-provided data.C. Use multiple tools to confirm the target list.D. Repeatedly re-confirm the contents of the target database throughout the analysis process.
2. The four typical network security policies can be classified as prudent, permissive, promiscuous and:Domain 01 - Gather the DataA. ProminentB. PervasiveC. ParanoidD. Pre-emptive
3. What is the definition of a grey hat?Domain 01 - Gather the DataA. Reformed Black HatB. A former network administratorC. A white hat who at certain times breaks ethics for his/her own agendaD. A person who is tries to exploit weaknesses in systems who is not technically sophisticated
47. You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?Domain 01 - Gather the DataA. outlook:”search”B. intitle:”exchange server”C. allinurl:”exchange/1ogon.aspD. locate:”logon page”
85. What percentage of the total budget should be set aside as a contingency fund just in case the unexpected happens?Domain 01 - Gather the DataA. 2%B. 10%C. 25%D. 50%
107. When a port scanner reveals that UDP port 161 and 162 are open, what tool should be used to interact with the service(s) behind these ports?Domain 01 - Gather the DataA. nmapB. hping2C. SNMP management consoleD. Remote Desktop Connection
86. All of the following are limiting factors to the number of targets that are assessed, EXCEPT?Domain 01 - Gather the DataA. Scope defined by clientB. Time allottedC. Staff availabilityD. Platform types
87. How much of the overall time and effort is to be put into organizing the project?Domain 01 - Gather the DataA. 10%
B. 20%C. 35%D. 50%
88. What form of target search or assessment will have the least impact on the client’s infrastructure?Domain 01 - Gather the DataA. intrusive target searchB. remote target assessmentC. non-intrusive target searchD. local target assessment
89. Why is it important to collect the IP address and the MAC address of every discovered target?Domain 01 - Gather the DataA. To identify the operating systemB. To load balance the scanning effortC. To bypass routing protocolsD. To determine if a single computer is using multiple logical addresses
31. Jessica works as a systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?Domain 01 - Gather the DataA. TracertB. Smurf scanC. Ping traceD. ICMP ping sweep
93. Which of the following tools or resources is not used to gain information about registration of Internet resolution information?Domain 01 - Gather the Data
A. nslookupB. whoisC. nmapD. arin.net
94. In order to discover the types of operating systems and applications used by a client organization while maintaining a stealthy assessment approach, which of the following resources should be employed?Domain 01 - Gather the Data
A. Web site ripperB. nmapC. Job postingsD. social engineering
45. Why are Linux/Unix-based computers better to use than Windows computers for idle scanning?Domain 01 - Gather the Data
A. Linux/Unix computers are constantly talkingB. Windows computers will not respond to die scansC. Linux/Unix computers are easier to compromiseD. Windows computers are constantly talking
56. Kim is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?Domain 01 - Gather the DataA. OSPFB. BPGC. UDPD. ATM
10. The OSSTMM is best described as what?Domain 01 - Gather the DataA. passive information gathering sourceB. a hacking guideC. a methodologyD. a reporting structure after penetration testing
40. The objective of this act was to protect consumers’ personal financial information held by financial institutions and their service providers:Domain 01 - Gather the DataA. Sarbanes-Oxley 2002B. Gramm-Leach-Bliiley ActC. HIPAAD. California SB 1386
Domain 02 - Penetrate the Network 2820. To test your website for vulnerabilities, you type a quotation mark (‘) into the username field. After you click OK, you receive the following error message window:Microsoft OLE DB Provider for ODCB driversError ‘80040e14’ [Microsoft] [ODCB Microsoft Access Driver] extra(in query expression userid’=’3306’) or (‘a’=’a’ ANDPassword=””.)/_users/loginmain.asp, line 41What can you infer from the error window?Domain 02 - Penetrate the Network A. (‘) is a valid username?B. SQL injection is not possibleC. SQL injection is possibleD. The user for line 3306 in the SQL database has a weak password
27. Harold is a security analyst who has just run the rdisk/s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?Domain 02 - Penetrate the Network A. %system$root%\repair
B. %systemroom%\system32\drivers\etcC. %systemroot%\system32\LSAD. %systemroot%\LSA
35. Tom works as Unix systems administrator for Jacob and Co. He needs to run brute force attacks on the passwords of his users to ensure that they are abiding by the corporate password policy. Where can Tom find these passwords?Domain 02 - Penetrate the Network A. /drivers/etc/shadowB. /etc/pwdC. /etc/passwdD. /root/hidden
106. What does the following command do?
net use \\192.168.69.42\IPC$ “” /u:“”Domain 02 - Penetrate the Network
A. Reverses a command shellB. Opens a null session mapped to a local drive letterC. Performs a IPC network mapping of the targetD. Conducts a password guessing attack against a network share
7. Which of the following protocols can traffic be tunneled through?Domain 02 - Penetrate the Network A. SSHB. ICMPC. SSLD. All of the above
32. You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe.What are you trying to accomplish here?Domain 02 – Penetrate the Network A. Enumerate MX and A records from DNSB. Establish a remote connection to the Domain ControllerPoison the DNS records with false recordsEnumerate domain user accounts and built-in groups
33. George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as “stealthy” as possible during the scan. Why would a scanner like Nessus not be recommended in this situation?Domain 02 - Penetrate the NetworkA. Nessus is too loudB. There are no ways of performing a “stealthy” wireless scanC. Nessus is not a network scannerD. Nessus cannot perform wireless testing
8. Which of the following is a technique with which an attacker modifies a user-defined URL string that he/she knows will be processed by a backend SQL server?Domain 02 - Penetrate the NetworkA. SQL command overflowB. SQL record spoofingC. SQL injectionD. SQL formatting string
48. Jennifer works at a small law firm in Chicago. Jennifer’s work duties take up about three hours of her day, so the rest of the day she spends on the Internet. One of Jennifer’s favorite sites is Myspace. One day, Jennifer comes into work and tries to access the Myspace page but is met with a “This site has been restricted” message. Jennifer is upset because she really wants to keep using Myspace to stay in touch with her friends. What service could Jennifer possibly use to get around the block on Myspace at her company?Domain 02 - Penetrate the NetworkA. Hping2B. HTTrackC. AnonymizerD. FTP proxy
103. What is a popular open-source vulnerability assessment tool that can automatically probe numerous targets simultaneously with a wide range of exploitation simulations?Domain 02 - Penetrate the NetworkA. Metasploit FrameworkB. NessusC. NmapD. Snort
104. Before using the results of an automated vulnerability assessment engine, all of the following tasks must be performed and verified EXCEPT?Domain 02 - Penetrate the Network
A. Update the engine and exploit databaseB. Perform manual exploitation of each discovered vulnerabilityC. Verify the remediation recommendations using third-party vulnerability research sourcesD. Confirm the ownership of the targets
105. Both nmap and nessus can export their findings, results, and reports to an external file. What is the preferred file type for the content of this file?Domain 03 - Analyze the ResultsA. Binary outputB. XMLC. comma delimited textD. Excel spreadsheet layout
16. You are a security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank’s security defenses are too strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic,
you notice a lot of FTP packets back and forth. You want to sniff the traffic and extract user names and passwords. What tool could you use to obtain this information?Domain 02 - Penetrate the NetworkA. AirsnortB. EttercapC. SnortD. Raid Sniff
108. A client has requested that you perform DoS testing against their systems. However, they have asked that you discover vulnerabilities that could be targeted by DoS attacks rather than actually demonstrating the compromise. All of the following actions should be performed EXCEPT?Domain 02 - Penetrate the NetworkA. Grab a new DoS tool off the InternetB. Perform the testing against portions of the environment, rather than the whole environmentC. Obtain written consent to perform DoS testing or simulationD. Use a trusted vulnerability assessment engine
9. Which of the following best describes a type of attack that involves the mass distribution of spoofed email messages with return addresses, links, and brandings that appear to come from legitimate companies or personnel?Domain 02 - Penetrate the NetworkA. PhreakingB. PhishingC. Social EngineeringD. Passive Enumeration
4. In Unix operating systems, a penetration tester should be able to identify three valid file permissions including: read, write, and:Domain 02 - Penetrate the NetworkA. lockedB. executeC. emptyD. owner
36. What is the smallest possible Windows shellcode?Domain 02 - Penetrate the NetworkA. 800 bytesB. 1000 bytesC. 600 bytesD. 100 bytes
50. What will the following command accomplish?c:\> nmap -v -sS -Po 172.16.28.251 –data_length 66000 --packet_traceDomain 02 - Penetrate the Network
A. Test the ability of a router to handle under-sized packetsB. Test ability of a router to handle over-sized packetsC. Test the ability of a WLAN to handle fragmented packetsD. Test the ability of a router to handle fragmented packets
51. Bill is the accounting manager for Grummon and Sons LLC. On a regular basis, he needs to send PDF documents containing sensitive information outside his company through email. Bill protects the PDF documents with a password and sends them to their intended recipients. When the IT manager of Bill’s company discovers that Bill is only using the password protect feature in Adobe Acrobat, he tells Bill that the PDF password does not offer enough protection. Why is this?Domain 02 - Penetrate the NetworkA. PDF passwords are not considered safe by Sarbanes-OxleyB. When sent in email, PDF passwords are stripped from the document completelyC. PDF passwords are converted to clear text when sent in email D. PDF passwords can easily be cracked by software brute force tools
46. You are an IT security consultant attempting to gain access to the state of New Hampshire’s network. After trying numerous routes of attack, you are still unsuccessful. You decide to perform a Google search for ftp.nh.st.us to see if the New Hampshire’s network utilized an FTP site. You find information about their FTP site and from there you are able to perform a thorough scan of the New Hampshire state network. What type of scan have you just performed?Domain 02 - Penetrate the NetworkA. FTP backdoor scanB. RPC scanC. FTP bounce scanD. SYN scan
11. A shadow file is best described as what?Domain 02 - Penetrate the NetworkA. a hidden file in the windows operating system that contains hashed passwordsB. a executable file in linux that can be used to exploit a systemC. a type of password fileD. a hidden Novell Netware password file
14. Social Engineering is referred to as the art of: Domain 02 - Penetrate the NetworkA. Engaging in after hours parties with business partnersB. Applied interaction with skilled engineersC. Tricking people into revealing sensitive informationD. Coordination of engineering personnel
15. Which of the following is the most common attack?Domain 02 - Penetrate the NetworkA. Heap OverflowsB. String Formatting FlawsC. Buffer OverflowsD. Protocol Flaws
43. Terri works for a security consulting firm that is currently performing a penetration test on a financial institution. Terri’s duties include bypassing the firewalls and switches to gain access to the network. From an outside address, Terri sends an IP packet to one of the company’s switches
with the ACK bit and the source address of her machine. What is Terri trying to accomplish by sending this IP packet?Domain 02 - Penetrate the NetworkA. Crash the switch with a DoS attack since ACK bits cannot be sent by computers, only switchesB. Poison the switch’s MAC address table by flooding it with ACK bitsC. Trick the switch into thinking it already has a session with Terri’s computerD. Enable tunneling feature on the switch
44. After attending a CEH security seminar on the state of network security, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using a utility mentioned at the seminar, Userinfo, you attempt to establish a null session with one of the servers, and are successful. Why is that?Domain 02 - Penetrate the NetworkA. There is no way to always prevent an anonymous null session from establishingB. RestrictAnonymous must be set to “3” for complete securityC. RestrictAnonymous must be set to “10” for complete securityD. RestrictAnonymous must be set to “2” for complete security
39. Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed, it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security auditing firm sends in a technician dressed as an electrician. He waits out in the lobby for some employees to get to work and follows in behind them when they access the restricted areas. After entering the main office, he is able to get into the server room, telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?
Domain 02 - Penetrate the NetworkA. TailgatingB. Man trap attackC. FuzzingD. Backtrapping
Domain 03 - Analyze the Results 33 21. You are running through a series of tests on your network to test for vulnerabilities. After normal working hours, you initiate a DoS attack on your external firewall. The firewall quickly freezes up and becomes unusable. You then initiate FTP connection from an external IP into your internal network. The connection is successful even though you have blocked FTP at the external firewall. What happened?Domain 03 - Analyze the Results
A. The firewall failed-openB. The firewall’s ACL has been purgedC. The firewall fail-closed
D. The firewall failed-bypass
24. You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities:<script>alert(“This is a test.”)</script>What is the result of this test?Domain 03 - Analyze the Results A. Your website is vulnerable to CSSB. Your website is not vulnerableC. Your website is vulnerable to SQL injectionD. Your website is vulnerable to web bugs
62. In exhibit B what is the protocol type being represented?Domain 03 - Analyze the Results A. TCPB. ICMPC. UDPD. IGRP
121. Which of the following countermeasures allows for a detecting agent to modify firewall ACLs in real time?Domain 03 - Analyze the Results A. Snort running in in-line modeB. NMap with the –R (react enabled) switchC. Statistical Intrusion Prevention SystemsD. Active packet filter firewall
26. You are the network administrator for a small bank in Dallas, Texas. To ensure security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the stand-alone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why are these passwords cracked so easily?Domain 03 - Analyze the Results . The passwords that were cracked are local accounts on the Domain ControllerB. Networks using Active Directory never use SAM databases so the SAM database pulled was emptyC. A password Group Policy change takes at least 3 weeks to completely replicate throughout a networkD. Passwords of 14 characters or less are broken up into two, 7-character hashes
60. Observe exhibit A, what is the type of protocol that the trace is representing?Domain 03 - Analyze the Results A. TCPB. ICMPC. UDPD. IGRP
58. Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to asses the network security, Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. By turning off what feature would eliminate the ability to easily enumerate this information on your Cisco routers?Domain 03 - Analyze the Results A. Simple Network Management ProtocolB. Border Gateway ProtocolC. Broadcast System ProtocolD. Cisco Discovery Protocol
57. You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive.org and view the HTML code of news.com from three years ago. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal:<img src=http://coolwebsearch.com/ads/pixel.news .com width=1 height=1 border=0>Domain 03 - Analyze the ResultsWhat have you found?A. Blind bugB. Web bugC. CCI codeD. Trojan.downloader
120. When using a hierarchal PKI, which service can assist with the vetting of identities but cannot sign certificates?Domain 03 - Analyze the ResultsA. CRLB. RAC. CAD. Subordinate CA
59. In a virtual test environment, Michael is testing the strength and security or BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on “bringing down the Internet”. Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves?Domain 03 - Analyze the ResultsA. RESTART packets to the affected router to get it to power back upB. More RESET packets to the affected router to get it to power back upC. The change in the routing fabric to bypass the affected routerD. STOP packets to all other routers warning of where the attack originated
61. In exhibit A, what is the size of the header represented?Domain 03 - Analyze the Results
A. 10 bytesB. 20 bytesC. 30 bytes
D. 40 bytes
63. In exhibit C, identify the highlighted section of the packet received:Domain 03 - Analyze the ResultsA. FPAB. SFC. SAD. RA
28. Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by temporary IDS he set up, he notices a number of items that show up as unknown but questionable in his logs. He looks up the behavior on the Internet, but cannot find anything related.What organization should Frank submit the log to find out if it is a new vulnerability or not?Domain 03 - Analyze the ResultsA. RIPEB. APIPAC. CVED. IANA
29. For security reasons and to conserve the number of public IP addresses owned by his company, Jason uses NAT to translate the private IPs on his internal network to a private IP. Jason decides to use 192.169.0.0 through 192.169.255.255 for his internal IPs. Jason’s company decides to pay for a security audit. Why would the security audit company recommend that Jason change his internal IP address scheme?Domain 03 - Analyze the ResultsA. His IP scheme includes too many Class C networksB. His IP scheme does not fall under RFC 1918C. His IP scheme does not fall under RFC 19872D. His IP scheme includes too many class B networks
30. After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?Domain 03 - Analyze the ResultsA. Disable direct broadcastsB. Enable direct broadcastsC. Disable BGPD. Enable BGP
22. Software firewalls work at which level of the OSI model?Domain 03 - Analyze the ResultsA. NetworkB. TransportC. Data LinkD. Application
34. After attending a security class, William decides to set up a dual-homed proxy for the network of his small business. He installs an extra network card on his computer, creates ACL rules, and enables packet forwarding. William also turns a sniffer to monitor traffic on his new
proxy. He quickly notices source IPs he added to his ACL are still able to send to his network and through his proxy. Why is William seeing this result?Domain 03 - Analyze the ResultsA. Only one network card should be used for a dual-homed proxyB. Packet forwarding should be disabledC. Dual-homed proxies need at least three network cards, two for functionality and one for monitoringD. ACL rules should not be used with a proxy
42. Paulette works for an IT security consulting company that is currently performing an audit for the company ACE Unlimited. Paulette’s duties include logging in to all the company’s network equipment to ensure the lOS versions are up to date and all the other security settings are as stringent as possible. Paulette presents the following screenshot to her boss so he can inform the client that changes need to be made. From the screenshot, what changes should the client company make?Domain 03 - Analyze the ResultsA. Remove any identifying numbers, names, or version informationB. The banner should not state that “only authorized IT personnel may proceed”C. The banner should have more detail on the version numbers for the network equipmentD. The banner should include the Cisco tech support contact information as well
37. Why would a Web administrator remove the .htr extension from the list of application extensions on IIS?Domain 03 - Analyze the ResultsA. Disallow users from changing their passwords through a web pageB. Prevent users from accessing server side includes which are a security threatC. Prevent users from printing documents through Internet printersD. Prevent users from bypassing access control lists on the Web server
38. Software firewalls work at which layer of the OSI model?Domain 03 - Analyze the ResultsA. ApplicationB. NetworkC. TransportD. Data Link
23. When setting up a wireless network with multiple access points, why is it important for each access point be on a different channel?Domain 03 - Analyze the ResultsA. So that the access points will work on different frequenciesB. Multiple access points can be set up on the same channel without issuesC. Avoid cross talkD. Avoid over saturation of wireless signals
25. When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?Domain 03 - Analyze the ResultsA. NIPSB. Active IDSC. Progressive IDSD. Passive IDS
17. Why is a static packet filter firewall not as secure as other types of firewalls?Domain 03 - Analyze the ResultsA. They cannot look into the packet at allB. They cannot restrict IP packets based on their destinationC. They do not look into the packet past header informationD. They cannot restrict IP packets based on source
18. What will the following command produce on a website’s login page: SELECT email, psswd, login_id, full_nameFROM membersWHERE email= [email protected]’; DROP TABLE members; --’Domain 03 - Analyze the ResultsA. Deletes the entire members tableB. This command will not produce anything since the syntax is incorrectC. Insert the [email protected] email address into the members tableD. Retrieves the password for the first member in the members table
19. After passing her CEH exam, Carol wants to ensure that her entire network is completely secure. She implements a DMZ statefull firewall, NAT, IPSEC and packet filtering firewall. Since all of the security measures were taken, none of the hosts on her network can reach the internet. Why is that?Domain 03 - Analyze the ResultsA. Statefull firewalls do not work with packet filtering firewallsB. IPSEC does not work with packet filtering firewallsC. NAT does not work with statefull firewallsD. NAT does not work with IPSEC very well, and is complex to setup!
55. What is a good security method to prevent unauthorized users from “tailgating”?Domain 03 - Analyze the ResultsA. Man trapB. Electronic combination locksC. Electronic key systemsD. Pick-resistant locks
110. Password cracking can be eliminated as a serious threat using which of the following techniques?Domain 03 - Analyze the ResultsA. Using 4 different types of characters in each password: uppercase, lowercase, numbers, symbolsB. multifactor authenticationC. Using a different password on every systemD. Using longer passwords
111. The most common mistake made by users in regards to passwords is?Domain 03 - Analyze the ResultsA. using passwords longer than 15 charactersB. using only 3 different types of charactersC. changing passwords every 90 daysD. reusing the same password on multiple systems
12. Preparation, Detection, Containment, Eradication, Recovery and Followup are steps referred to in which incident response methodology?
Domain 03 - Analyze the ResultsA. FRECDPB. PDCERFC. PCDERFD. FEDRESP
52. Why is a static packet filter firewall not as secure as other types of firewalls?Domain 03 - Analyze the ResultsA. They do not look into the packet past the header informationB. They cannot look into the packet at allC. They cannot restrict IP packets based on their sourceD. They cannot restrict IP packets based on their destination
53. What are the security risks of running a “repair” installation for Windows XP?Domain 03 - Analyze the ResultsA. Pressing Shift+F1 gives the user administrative rightsB. Pressing Shift+F10 gives the user administrative rightsC. Pressing Ctrl+F10 gives the user administrative rightsD. There are no security risks when running the ‘repair” installation for Windows XP
Domain 04 - Write the Report 6 116. All of the following are important aspects to consider when delivering a findings briefing EXCEPT?Domain 04 - Write the Report A. Who is the target audienceB. What is an appropriate level of detailC. What is the expected time frameD. What type of slide transitions and animations should be used
114. All of the following should be included in a final report EXCEPT?Domain 04 - Write the Report A. Discovered weaknessesB. Assumed oversightsC. Confirmed secure implementations and configurationsD. Calculated likelihood of compromise
76. A security analyst will produce a custom findings report instead of relying upon the output of a scanning and reporting engine for all of the following reasons EXCEPT?Domain 04 - Write the ReportA. Recommended fixes are not always accurate or current.B. There may be false positives and false negatives not properly addressed in the automated report.C. The automated reporting engines often generate massive amounts of raw information that is hard to digest.D. Updated scanning engines can save time and focus efforts on identifiable concerns.
77. The information collected about a client during security analysis should not be?Domain 04 - Write the ReportA. Transmitted securely using PGP.B. Stored on a USB drive.C. Isolated from all other data.D. Secured on a hard drive using TrueCrypt.
115. The supporting evidence for each finding in a final report should be located where?Domain 04 - Write the Report
A. In a separate text document provided to the client through a Web siteB. In the main body of the report as the text for each findingC. In AppendixesD. In graphical form in a slide presentation
117. Which of the following is likely to cause a findings briefing to fail or be perceived as unprofessional?Domain 04 - Write the Report
A. Providing full color handoutsB. Allotting sufficient time to handle questionsC. Employing graphics to represent findingsD. Including exhaustive technical detail
Total 121 (25)
