Professional Documents
Culture Documents
------------------
This address produces a Page Cannot be Displayed error. Kyle then types in anot
her URL:
13. Simon is the network administrator for his company. Simon is also an IT sec
urity expert with over 10 security-related certifications. Simon has been asked
by the company CIO to perform a comprehensive security audit of the entire netw
ork. After auditing the network at the home office without finding any issues,
he travels to one of the company’s branch offices in New Orleans. The first task
that Simon carries out is to set up traffic mirroring on the internal-facing por
t of that office’s firewall. On this port, he uses Wireshark to capture traffic.
Alarmingly, he finds a huge number of UDP packets going both directions on port
s 2140 and 3150. What is most likely occurring here?
A. A client inside the network has been infected with the Deep Throat Trojan. *
B. This type of traffic is indicative of the Netbus Trojan.
C. Most likely, a computer inside the network is infected with the SQL Slammer w
orm.
D. Seeing traffic on UDP ports 2140 and 3150 means that a computer is infected w
ith the Bobax Trojan
14. Tyler is the senior security officer for WayUP Enterprises, an online retail
company based out of Los Angeles. Tyler is currently performing a network secu
rity audit for the entire company. After seeing some odd traffic on the firewal
l going outbound to an IP address found to be in North Korea, Tyler decides to l
ook further. Tyler traces the traffic back to the originating IP inside the net
work; which he finds to be a client running Windows XP. Tyler logs onto this cl
ient computer and types in the following command:
What will this code do on the employee’s computer once the email is opened?
A. This code will create pop-up windows on the employee’s computer until its memor
y is exhausted. *
B. This HTML code will force the computer to reboot immediately.
C. Once the employee opens the email with this code, his computer will send out
messages to the network with the title of “You are in trouble!”.
D. This code will install a counter on the employee’s computer that will count eve
ry time that user opens web-based email.
25. Cheryl is a security analyst working for Shintel Enterprises, a publishing c
ompany in Boston. As well as monitoring the security state of the company’s netwo
rk, she must ensure that the company’s external websites are up and running all th
e time. Cheryl performs some quick searches online and finds a utility that wil
l display a window on her desktop showing the current uptime statistics of the w
ebsites she needs to watch. This tool works by periodically pinging the website
s; showing the ping time as well as a small graph that allows Cheryl to view the
recent monitoring history. What tool is Cheryl using to monitor the company’s ex
ternal websites?
A. She is using Emsa Web monitor to check on the status of the company’s websites.
*
B. Cheryl is utilizing AccessDiver to check on the websites’ status.
C. To monitor her company’s websites, Cheryl is using Acunitex.
D. Cheryl has chosen to use Burp to check on the status of the company’s websites.
26. James is an IT security consultant as well as a certified ethical hacker. J
ames has been asked to audit the network security of Yerta Manufacturing, a tool
manufacturing company in Phoenix. James performs some initial external tests a
nd then begins testing the security from inside the company’s network. James find
s some big problems right away; a number of users that are working on Windows XP
computers have saved their usernames and passwords used to connect to servers o
n the network. This way, those users do not have to type in their credentials e
very time they want access to a server. James tells the IT manager of Yerta Man
ufacturing about this, and the manager does not believe this is possible on Wind
ows XP. To prove his point, James has a user logon to a computer and then James
types in a command that brings up a window that says “Stored User Names and Passw
ords”. What command did James type in to get this window to come up?
A. James had to type in “rundll32.exe keymgr.dll, KRShowKeyMgr” to get the window to
pop up. *
B. To bring up this stored user names and passwords window, James typed in “rundll
32.exe storedpwd.dll, ShowWindow”.
C. The command to bring up this window is “KRShowKeyMgr”.
D. James typed in the command “rundll32.exe storedpwd.dll” to get the Stored User Na
mes and Passwords window to come up.
27. Kevin is an IT security analyst working for Emerson Time Makers, a watch man
ufacturing company in Miami. Kevin and his girlfriend Katy recently broke up af
ter a big fight. Kevin believes that she was seeing another person. Kevin, who
has an online email account that he uses for most of his mail, knows that Katy
has an account with that same company. Kevin logs into his email account online
and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22
Kevin changes the URL to:
http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22
Kevin is trying to access her email account to see if he can find out any inform
ation. What is Kevin attempting here to gain access to Katy’s mailbox?
A. Kevin is trying to utilize query string manipulation to gain access to her em
ail account. *
B. This type of attempt is called URL obfuscation when someone manually changes
a URL to try and gain unauthorized access.
C. By changing the mailbox’s name in the URL, Kevin is attempting directory transv
ersal.
D. He is attempting a path-string attack to gain access to her mailbox.
28. Daryl is the network administrator for the North Carolina Lottery. Daryl is
responsible for all network security as well as physical security. The lottery
recently hired on a web developer to create their website and bring all service
s in house since the lottery’s website was previously hosted and supported by a th
ird party company. After the developer creates the website, Daryl wants to chec
k it to ensure it is as secure as possible. The developer created a logon page
for lottery retailers to gain access to their financial information. Without kn
owing what any of the usernames and passwords are, Daryl tries to bypass the log
on page and gain access to the backend. Daryl makes a number of attempts and he
gets the following error message every time.
What can Daryl deduce from this error message?
A. He can tell that the site is susceptible to SQL injection. *
B. From this error, Daryl can see that the site is vulnerable to query string ma
nipulation attacks.
C. This particular error indicates that the page is vulnerable to buffer overflo
ws.
D. Daryl can deduce that the developer did not turn off friendly messages on the
server.
29. Jeremy is web security consultant for Information Securitas. Jeremy has jus
t been hired to perform contract work for a large state agency in Michigan. Jer
emy’s first task is to scan all the company’s external websites. Jeremy comes upon
a login page which appears to allow employees access to sensitive areas on the w
ebsite. James types in the following statement in the username field:
SELECT * from Users where username=’admin’ -- AND password=’’ AND email like ‘%@testers.co
m%’
What will the following SQL statement accomplish?
A. If the page is susceptible to SQL injection, it will look in the Users table
for usernames of admin *
B. This statement will look for users with the name of admin, blank passwords, a
nd email addresses that end in @testers.com.
C. This Select SQL statement will log James in if there are any users with NULL
passwords.
D. James will be able to see if there are any default sa user accounts in the SQ
L database.
30. David is the wireless security administrator for Simpson Audio Visual. Davi
d was hired on after the company was awarded a contract with 100 airports to ins
tall wireless networks. Since these networks will be used by both internal airp
ort employees and visitors to the airports, David decided to go with the de fact
o standard of 802.11b. Every airport wants to use 802.11b with TCP error checki
ng, even though David has said this will slow down the wireless network connecti
on speeds. With this error checking, what will be the resulting speed of the wi
reless networks?
A. Since TCP error checking will be utilized; the effective speed of the wireles
s networks can be up to 5.9 mbps. *
B. The resulting speed of the wireless networks will be up to 7.1 mbps since err
or checking slows down the actual speed.
C. Because TCP error checking has no effect on the actual speed, the airports’ wir
eless networks will function at up to 11 mbps.
D. The resulting speed of the wireless networks for the airports will be up to 2
48 mbps.
31. Oliver is the network security administrator for Foodies Café, a chain of coff
ee shops in the Seattle metropolitan area. Oliver is performing his quarterly s
ecurity audit of the entire company, including each coffee shop the company owns
. Each café has a wireless hotspot that customers can utilize. The home office a
lso has a wireless network which is used by employees. While walking around the
outside of the corporate office, Oliver sees a drawing on the sidewalk right ne
xt to his building.
What does this symbol signify?
A. This symbol means that someone has found out that the company is using wirele
ss networking with open access and restrictions. *
B. This means that someone knows the corporate wireless network is utilizing a a
ccess points with MAC filtering and WPA encryption.
C. This signifies a hacker has discovered that the company is using WEP encrypti
on for its wireless network.
D. This particular symbol is used to tell others that a nearby wireless access p
oint is using weak encryption.
32. Jacob is the IT manager for Thompson & Sons, a bail bondsman company in Minn
eapolis. Jacob has been told by the company’s president to perform a logical and
physical security audit for all the offices around the city. Jacob finds that a
number of offices need more physical security. Jacob recommends that these off
ices add a cage that customers must pass through before entering the main office
. This cage will allow employees in the office to verify the customer’s informati
on before allowing them access into the building. What is Jacob recommending th
e offices install for added security?
A. Jacob is recommending that the offices install mantraps at their locations. *
B. He is recommending the offices install physical DMZ’s at their locations.
C. This type of physical security measure is called a piggyback box.
D. He has recommended that these locations install stop-gap cages as an added se
curity measure.
33. Sydney is a certified ethical hacker working as the systems administrator fo
r Galt Riderson International. Sydney is an expert in Linux systems and is util
izing IPTables to protect Linux clients as well as servers. After monitoring th
e firewall log files, Sydney has been fine tuning the firewall on many clients t
o adjust for the best security. Sydney types in the following command:
iptables -A INPUT -s 0/0 -I eth1 -d 192.168.254.121 -p TCP -j ACCEPT
What will this command accomplish for Sydney?
A. This command will allow TCP packets coming in on interface eth1 from any IP
address destined for 192.168.254.121. *
B. By using this command, Sydney will block all TCP traffic coming in on interfa
ce eth1 to the IP address of 192.168.254.121.
C. This command will block all TCP packets with NULL headers from reaching the I
P address of 192.168.254.121.
D. Sydney is using this command to allow all TCP traffic that is outbound from I
P address 192.168.254.121.
34. Lonnie is the chief information officer for Ganderson Trailways, a railroad
shipping company with offices all over the United States. Lonnie had all his sy
stems administrators implement hardware and software firewalls last year to help
ensure network security. On top of these, they implemented IDS/IPS systems thr
oughout the network to check for and stop any bad traffic that may attempt to en
ter the network. Although Lonnie and his administrators believed they were secu
re, a hacker group was able to get into the network and modify files hosted on t
he company’s websites. After searching through firewall and server logs, no one c
ould find how the hackers were able to get in. Lonnie decides that the entire n
etwork needs to be monitored for critical and essential file changes. This moni
toring tool needs to alert administrators whenever a critical file is changed in
any way. What utility could Lonnie and his systems administrators implement on
the company’s network to accomplish this?
A. Lonnie could use Tripwire to notify administrators whenever a critical file i
s changed.*
B. They can implement Strataguard on the network which monitors critical system
and registry files.
C. SnortSam would be the best utility to implement since it keeps track of criti
cal files as well as files it is told to monitor.
D. Lonnie and his systems administrators need to use Loki to monitor specified f
iles on the company’s network.
35. Neville is a network security analyst working for Fenderson Biomedics, a med
ical research company based out of London. Neville has been tasked by his super
visor to ensure that the company is as secure as possible. Neville first examin
es and hardens the OS for all company clients and servers. Neville wants to che
ck the performance and configuration of every firewall and network device to ens
ure they comply with company security policies. Neville has chosen to use Firew
all Informer because it actively and safely tests devices with real-world exploi
ts to determine their security state. What built-in technology used by Firewall
Informer actively performs these exploit tests on network equipment?
A. Firewall Informer uses Blade Software’s Simulated Attack For Evaluation (S.A.F.
E.) technology to actively test network devices. *
B. The built-in technology used by Firewall Informer is a graphical user interfa
ce version of Snort.
C. The technology used to actively perform exploit checking in Firewall Informer
is Blade Software’s Exploit Awareness Safety Yield (E.A.S.Y.).
D. Firewall Informer utilizes a stripped down version of Loki to actively and sa
fely check for possible exploits on network devices.
36. Ursula is a network security analyst as well as a web developer working on c
ontract for a marketing firm in St. Louis. Ursula has been hired on to help str
eamline the company’s website and ensure it meets accessibility laws for that stat
e. After completing all the work that was asked, the marketing firm terminates
Ursula’s service and does not pay the rest of the money that is owed to her. Righ
t before she is asked to leave, Ursula writes a small application with the follo
wing code inserted into it.