Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1


Ratings: (0)|Views: 3,129|Likes:
Published by BlackHeart562

More info:

Published by: BlackHeart562 on Aug 28, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





John has a proxy server on his network which caches and filters web access. He hasshut down all unnecessary ports and services. Additionally, he has installed a firewall(Cisco PIX) that will not allow users to connect to any outbound ports. Jack, anetwork user has successfully connected to a remote server on port 80 using netcat.He could in turn drop a shell from the remote machine. John wants to harden hisnetwork such that a remote user does not do the same to his network. Choose theoption that can be easily and more effectively implemented.Do not use a proxy, as application layer does not provide adequate protectionLimitHTTP CONNECT on the network – web server config (correct)Sniff the traffic and look for lengthy connection periods - statelessFilter port 80 – stateless, web
Assuming an attacker wants to penetrate John’s network, which of the followingoptions is he likely to choose? (get past his filters)Use reverse shell using FTP protocol – not possibleUse HTTPTunnel or Stunnel on port 80 and 443 - correctUse Monkey shell – port 80 shellUse ClosedVPN – distractor question
Derek has stumbled upon a wireless network and wants to assess its security.However, he does not find enough traffic for a good capture. He intends to useAirSnort on the captured traffic to crack the WEP key and does not know the IPaddress range or the AP. How can he generate traffic on the network so that he cancapture enough packets to crack the WEP key? (need a lot of packets)Derek can use a session replay on the packets captured – don’t have enoughpackets, this merely replays packetsDerek can use KisMAC, as it needs two USB devices to generate traffic-Mac tool,does not applyUse Ettercap to discover the gateway and ICMP ping flood tool to generate traffic –correct as it generates trafficUse any ARP requests found in the capture – does not generate packets
Why does Derek need to capture five to ten million packets in order to crack WEPwith Air Snort?Air Snort implements the FMS attack and only encrypted packets are counted -correctAll IVs are vulnerable to attack – not trueA majority of weak IVs transmitted by access points and wireless cards are notfiltered by contemporary wireless manufacturers – not trueAir Snort uses a cache of packets – true but not as good as the correct answer 
Derek would like your advice on using a tool that can save him time and get himbetter results with lesser packets. You would like to recommend a tool that usesKoreK’s implementation. Which tool would you recommend from the list below? John the Ripper – password cracker Shmoo – security and developer group write airsnort)Aircrack - correctKismet - sniffer 
Derek discovers that the wireless AP transmits 128 bytes of plaintext, and the stationresponds by encrypting the plaintext. It then transmits the resulting ciphertext usingthe same key and cipher that are used by WEP to encrypt subsequent network traffic.What authentication mechanism is being followed here?no authentication - incorrectopen system authentication - incorrectshared key authentication - correctsingle key authentication – key is shared
As shown from the following entry which of the following statements describes theattacker’s effort: cmd /c C:\mydocuments\home\...\pwdump.exe >> C:\jason.txtEnumerate users and passwords with Password Dump – no enumerationCopy pwdump.exe and rename it to jason.txt – no copy commandExecute pwdump.exe and save into jason.txt - correctCopy jason.txt into the directory where pwdump.exe resides – no copy command
As shown from the following entry what is the hacker attempting to do:GET/..À¯../..À¯../..À¯../ C:/mydocument/home/cmd.exe?/c+nc+-l+-p+2000+-e+cmd.exe HTTP/1.1Concatenate two files including cmd.exe to replace the original oneExploit Unicode vulnerability – no concantenationSpawn a reverse shell and execute net cat over it – not a reverse shellInstalled netcat to listen on port 2000 for a remote connection and upon successful –not correctconnection -- return a command shell - correct
John had heard much about Google hacks. Googling around, he comes across thisurl. http://www.google.ca/search?q=cache:tG9K6OqlGs8J: www.xsecurity.com/uk/myservice.aspx%3Fpid%3D..%255C..%255C..%255C..%255C..%255C..%255C..%255C..%255C..%255C..%255Cboot.ini+inurlwww.xsecurity.com/uk/myservice.aspx&hl=enWhat attack is shown cached here?Directory Traversal Attack – correct (%255 = /, attacker doing ///…to get to rootdirectory)Google Cache Poisoning - noMultiple Domain Traversal – no only one domain aboveUnicode Exploit – using unicode but exploit is directory traversal
Sue has forgotten her password to an online bookshelf. The web application asks her to key in her email so that they can send her the password. Sue enters her emailSue@yahoo.com’. The application displays server error. What is wrong with the webapplication?The web server may be downThe email is not validThe ISP connection is not reliableUser input is not sanitized- correct – single quote is SQL injection attack
What is the most common vehicle for social engineering attacks?Peer to Peer networks
Local Area NetworksEmail – phishing is correct but exam is old so next answer is correctDirect in person – for exam this is correct
Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally.He enters the following at the command prompt: $ nc -l -p 1026 -u –vIn response, he sees the following message:(?(c)???
?STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATEATTENTION.Windows has found 47 Critical Errors.To fix the errors please do the following:1. Download Registry Repair from: 
2. Install Registry Repair 3. Run Registry Repair 4. Reboot your computer FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!What would you infer from this alert?
It is a messenger spam. Windows creates a listener on one of the low dynamic portsfrom 1026 to 1029 and the message usually promotes malware disguised aslegitimate utilities - correctIt is a genuine fault of windows registry and the registry needs to be backed up - noAn attacker has compromised the machine and backdoored ports 1026 and 1027 –maybe but not statedThe machine is redirecting traffic to www.reg-patch.com using adware
Neil notices that a single address is generating traffic from its port 500 to port 500(IKECrack scan) of several other machines on the network. This scan is eating upmost of the network bandwidth and Neil is concerned. As a security professional,what would you infer from this scan?It is a worm that is malfunctioning or hardcoded to scan on port 500 - noThe attacker is trying to determine the type of VPN implementation and checking for IPSec - correctThe attacker is trying to detect machines on the network which have SSL enabled –port 443It is a network fault and the originating machine is in a network loop - no
You receive an e-mail with the following message:Hello Steve, We are having technical difficulty in restoring user database recordsafter the recent blackout. Your account data is corrupted. Please logon on toSuperEmailServices.com and change your password.http://www.superemailservices.com%40c3405906949/support/logon.htmIf you do not reset your password within 7 days, your account will be permanentlydisabled locking you out from using our e-mail services.Sincerely,Technical SupportSuperEmailServicesFrom this e-mail you suspect that this message was sent by some hacker since youhave been using their e-mail services for the last 2 years and they never sent out an

Activity (22)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
totitarek liked this
Kristin Stewart liked this
Dev Vishwakarma liked this
Jon Gordon liked this
pjablonski11 liked this
Hong Lee liked this
Bin20 liked this
Emanuel Anggit liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->