CEH V6 Study Guide

------------------

1. Jason is the network security administrator for Gunderson International, a gl

obal shipping company based out of New York City. Jason’s company utilizes many l
ayers of security throughout its network such as network firewalls, application
firewalls, vlans, operating system hardening, and so on. One thing in particula
r the company is concerned with is the trustworthiness of data and resources in
terms of preventing improper and unauthorized changes. Since the company is glo
bal, information is sent constantly back and forth to all its employees all over
the world. What in particular is Jason’s company concerned about?
A. Jason’s company is particularly concerned about data integrity. *
B. Authenticity is what the company is most concerned about.
C. The confidentiality of the company’s data is the most important concern for Gun
derson International.
D. The availability of the data is paramount to any other concern of the company
.
2. Yancey is a network security administrator for a large electric company. Thi
s company provides power for over 100,000 people in Las Vegas. Yancey has worke
d for his company for over 15 years and has become very successful. One day, Ya
ncey comes in to work and finds out that the company will be downsizing and he w
ill be out of a job in two weeks. Yancey is very angry and decides to place log
ic bombs, viruses, Trojans, and backdoors all over the network to take down the
company once he has left. Yancey does not care if his actions land him in jail
for 30 or more years, he just wants the company to pay for what they are doing t
o him. What would Yancey be considered?
A. Yancey would be considered a Suicide Hacker. *
B. Since he does not care about going to jail, he would be considered a Black Ha
t.
C. Because Yancey works for the company currently; he would be a White Hat.
D. Yancey is a Hacktivist Hacker since he is standing up to a company that is do
wnsizing.
3. Heather is a hacktivist working for Green Peace International. She has broke
n into numerous oil and energy companies and exposed their confidential data to
the public. Normally, Heather uses a combination of social engineering and DoS
techniques to gain access to the companies’ networks. Heather has made over 50 fa
ke ID cards and access badges to gain unauthorized access to companies to gain i
nformation as well. If Heather is caught by the federal government, what US law
could she be prosecuted under?
A. She could be prosecuted under US law 18 U.S.C § 1029 if caught. *
B. Heather would be charged under 18 U.S.C § 2510, which entails the use of more t
han 15 counterfeit items.
C. 18 U.S.C § 9914 is the US law that Heather would be prosecuted under since she
used false pretenses to gain unauthorized access.
D. Heather would serve prison time for her actions if prosecuted under US law 18
U.S.C § 2929.
4. Stephanie is the senior security analyst for her company, a manufacturing com
pany in Detroit. Stephanie is in charge of maintaining network security through
out the entire company. A colleague of hers recently told her in confidence tha
t he was able to see confidential corporate information on Stephanie’s external we
bsite. He was typing in URLs randomly on the company website and he found infor
mation that should not be public. Her friend said this happened about a month a
go. Stephanie goes to the addresses he said the pages were at, but she finds no
thing. She is very concerned about this, since someone should be held accountab
le if there really was sensitive information posted on the website. Where can S
tephanie go to see past versions and pages of a website?
A. Stephanie can go to Archive.org to see past versions of the company website.
*
B. She should go to the web page Samspade.org to see web pages that might no lon
ger be on the website.
C. If Stephanie navigates to Search.com; she will see old versions of the compan
y website.
D. AddressPast.com would have any web pages that are no longer hosted on the com
pany’s website.
5. You are the chief information officer for your company, a shipping company ba
sed out of Oklahoma City. You are responsible for network security throughout t
he home office and all branch offices. You have implemented numerous layers of
security from logical to physical. As part of your procedures, you perform a ye
arly network assessment which includes vulnerability analysis, internal network
scanning, and external penetration tests. Your main concern currently is the se
rver in the DMZ which hosts a number of company websites. To see how the server
appears to external users, you log onto a laptop at a Wi-Fi hotspot. Since you
already know the IP address of the web server, you create a telnet session to t
hat server and type in the command:
HEAD /HTTP/1.0
After typing in this command, you are presented with the following screen:

What are you trying to do here?

A. You are trying to grab the banner of the web server. *
B. You are attempting to send an html file over port 25 to the web server.
C. You are trying to open a remote shell to the web server.
D. By typing in the HEAD command, you are attempting to create a buffer overflow
on the web server.
6. Kyle is a security consultant currently working under contract for a large fi
nancial firm based in San Francisco. Kyle has been asked by the company to perf
orm any and all tests necessary to ensure that every point of the network is sec
ure. Kyle first performs some passive footprinting. He finds the company’s websi
te which he checks out thoroughly for information. Kyle sets up an account with
the company and logs on to their website with his information.

Kyle changes the URL to:

This address produces a Page Cannot be Displayed error. Kyle then types in anot
her URL:

What is Kyle attempting here?

A. Kyle is trying incremental substitution to navigate to other pages not normal
ly available. *
B. Kyle is using extension walking to gain access to other web pages.
C. He is using error walking to see what software is being used to host the fina
ncial institution’s website.
D. By changing the address manually, Kyle is attempting ASP poisoning.
7. George is the senior security analyst for Tyler Manufacturing, a motorcycle m
anufacturing company in Seattle. George has been tasked by the president of the
company to perform a complete network security audit. The president is most co
ncerned about crackers breaking in through the company’s web server. This web ser
ver is vital to the company’s business since over one million dollars of product i
s sold online every year. The company’s web address is at: www.customchoppers.co
m. George decides to hire an external security auditor to try and break into th
e network through the web server. This external auditor types in the following
Google search attempting to glean information from the web server:

What is the auditor trying to accomplish here?

A. He is trying to search for all web pages on the customchoppers site without e
xtensions of html and htm. *
B. The auditor is having Google retrieve all web pages on the Tyler Manufacturin
g website that either have the extension of html or htm.
C. He is attempting to retrieve all web pages the might have a login page to the
company’s backend database.
D. The auditor that George has hired is trying to find pages with the extension
of html or htm that link directly to customchoppers.com.
8. Jonathan is an IT security consultant working for Innovative Security, an IT
auditing company in Houston. Jonathan has just been hired on to audit the netwo
rk of a large law firm in downtown Houston. Jonathan starts his work by perform
ing some initial passive scans and social engineering. He then uses Angry IP to
scan for live hosts on the firm’s network. After finding some live IP addresses,
he attempts some firewalking techniques to bypass the firewall using ICMP but t
he firewall blocks this traffic. Jonathan decides to use HPING2 to hopefully by
pass the firewall this time. He types in the following command:

What is Jonathan trying to accomplish by using HPING2?

A. Jonathan is attempting to send spoofed SYN packets to the target via a truste
d third party to port 81. *
B. He is using HPING2 to send FIN packets to 10.0.1.24 over port 81.
C. By using this command for HPING2, Jonathan is attempting to connect to the ho
st at 10.0.1.24 through an SSH shell.
D. This HPING2 command that Jonathan is using will attempt to connect to the 10.
0.1.24 host over HTTP by tunneling through port 81.
9. Hayden is the network security administrator for her company, a large marking
firm based in Miami. Hayden just got back from a security conference in Las Ve
gas where they talked about all kinds of old and new security threats; many of w
hich she did not know of. Hayden is worried about the current security state of
her company’s network so she decides to start scanning the network from an extern
al IP address. To see how some of the hosts on her network react, she sends out
SYN packets to an IP range. A number of IPs responds with a SYN/ACK response.
Before the connection is established she sends RST packets to those hosts to st
op the session. She has done this to see how her intrusion detection system wil
l log the traffic. What type of scan is Hayden attempting here?
A. Hayden is using a half-open scan to find live hosts on her network. *
B. Hayden is attempting to find live hosts on her company’s network by using an XM
AS scan.
C. She is utilizing a SYN scan to find live hosts that are listening on her netw
ork.
D. This type of scan she is using is called a NULL scan.
10. Paul is the systems administrator for One-Time International, a computer man
ufacturing company. Paul is in charge of the company’s older PBX system as well a
s its workstations and servers. The company’s internal network is connected to th
e PBX phone system so that customized software applications used by employees ca
n use the PBX to dial out to customers. Paul is concerned about crackers breaki
ng into his network by way of the PBX. He is particularly worried about war dia
ling software that might try all of the company’s numbers to find a way in. What
software utility can Paul use to notify him if any war dialing attempts are made
on his PBX?
A. Paul can use SandTrap which would notify him if anyone tries to break into th
e PBX.*
B. If Paul uses ToneLoc, he will be notified by the software when and if anyone
tries to crack into the PBX system.
C. THC Scan would be the best software program for Paul to use if he wants to be
notified of war dialer attacks.
D. Paul needs to use Roadkil’s Detector software to tell if a hacker is trying to
break into his phone system
11. You are the chief security information analyst for your company Utilize Inco
rporated. You are currently preparing for a future security audit that will be
performed by a consulting company. This security audit is required by company p
olicy. To prepare, you are performing vulnerability analysis, scanning, brute f
orce, and many other techniques. Your network is comprised of Windows as well a
s Linux servers. From one of the client computers running Linux, you open a com
mand shell and type in the following command:

What are you trying to accomplish?

A. You are attempting to establish a null session on the 192.168.2.121 host. *
B. You are trying to connect to this host at the IPC share using the currently l
ogged on user’s credentials.
C. By typing in this command, you are attempting to connect to the SMB share on
the host using an Anonymous connection.
D. You are trying to connect to the localhost share of the client computer.
12. Lauren is a network security officer for her agency, a large state-run agenc
y in California. Lauren has been asked by the IT manager of another state agenc
y to perform a security audit on their network. This audit she has been asked t
o perform will be an external audit. The IT manager thought that Lauren would b
e a great candidate for this task since she does not work for the other agency b
ut is an accomplished IT auditor. The first task that she has been asked to per
form is to attempt to crack user passwords. Since Lauren knows that all state a
gency passwords must abide by the same password policy, she believes she can fin
ish this particular task quickly. What would be the best password attack method
for Lauren to use in this situation?
A. Lauren should use a rule-based attack on the agency’s user passwords. *
B. Lauren can produce the best and fastest results if she uses a dictionary atta
ck.
C. A hyberfil-based password attack would be the best method of password crackin
g in this scenario.
D. She should utilize the reverse-encryption password cracking technique since
she knows the password policy.

13. Simon is the network administrator for his company. Simon is also an IT sec
urity expert with over 10 security-related certifications. Simon has been asked
by the company CIO to perform a comprehensive security audit of the entire netw
ork. After auditing the network at the home office without finding any issues,
he travels to one of the company’s branch offices in New Orleans. The first task
that Simon carries out is to set up traffic mirroring on the internal-facing por
t of that office’s firewall. On this port, he uses Wireshark to capture traffic.
Alarmingly, he finds a huge number of UDP packets going both directions on port
s 2140 and 3150. What is most likely occurring here?
A. A client inside the network has been infected with the Deep Throat Trojan. *
B. This type of traffic is indicative of the Netbus Trojan.
C. Most likely, a computer inside the network is infected with the SQL Slammer w
orm.
D. Seeing traffic on UDP ports 2140 and 3150 means that a computer is infected w
ith the Bobax Trojan
14. Tyler is the senior security officer for WayUP Enterprises, an online retail
company based out of Los Angeles. Tyler is currently performing a network secu
rity audit for the entire company. After seeing some odd traffic on the firewal
l going outbound to an IP address found to be in North Korea, Tyler decides to l
ook further. Tyler traces the traffic back to the originating IP inside the net
work; which he finds to be a client running Windows XP. Tyler logs onto this cl
ient computer and types in the following command:

What is Tyler trying to accomplish by using this command?

A. Tyler is trying to find out all the ports that are listening on this computer
. *
B. Tyler is using this command to find all the host records that are stored on t
he local client computer.
C. By using this command, Tyler is closing all open TCP and UDP sessions on the
computer.
D. This command will show Tyler if there are any Trojan programs installed on th
is computer.
15. Lyle is a systems security analyst for Gusteffson & Sons, a large law firm i
n Beverly Hills. Lyle’s responsibilities include network vulnerability scans, Ant
ivirus monitoring, and IDS monitoring. Lyle receives a help desk call from a us
er in the Accounting department. This user reports that his computer is running
very slow all day long and it sometimes gives him an error message that the har
d drive is almost full. Lyle runs a scan on the computer with the company antiv
irus software and finds nothing. Lyle downloads another free antivirus applicat
ion and scans the computer again. This time a virus is found on the computer.
The infected files appear to be Microsoft Office files since they are in the sam
e directory as that software. Lyle does some research and finds that this virus
disguises itself as a genuine application on a computer to hide from antivirus
software. What type of virus has Lyle found on this computer?
A. Lyle has discovered a camouflage virus on the computer. *
B. By using the free antivirus software, Lyle has found a tunneling virus on the
computer.
C. This type of virus that Lyle has found is called a cavity virus.
D. Lyle has found a polymorphic virus on this computer.
16. Miles is a network administrator working for the University of Central Oklah
oma. Miles’ responsibilities include monitoring all network traffic inside the ne
twork and traffic coming into the network. On the university’s IDS, Miles notices
some odd traffic originating from some client computers inside the network. Mi
les decides to use Tcpdump to take a further look.

What is Miles going to accomplish by running this command?

A. Miles is trying to capture all UDP traffic from client1 and the LAN except fo
r traffic to client29. *
B. He is trying to see all UDP traffic between client1 and client29 only.
C. This command will capture all traffic on the internal network except for traf
fic originating from client1 and client29.
D. Miles will be able to capture all traffic on the network originating from cli
ent1 and client29 except UDP traffic.
17. Neil is an IT security consultant working on contract for Davidson Avionics.
Neil has been hired to audit the network of Davidson Avionics. He has been gi
ven permission to perform any tests necessary. Neil has created a fake company
ID badge and uniform. Neil waits by one of the company’s entrance doors and follo
ws an employee into the office after they use their valid access card to gain en
trance. What type of social engineering attack has Neil employed here?
A. Neil has used a tailgating social engineering attack to gain access to the of
fices. *
B. He has used a piggybacking technique to gain unauthorized access.
C. This type of social engineering attack is called man trapping.
D. Neil is using the technique of reverse social engineering to gain access to t
he offices of Davidson Avionics.
18. Xavier is a network security specialist working for a federal agency in Wash
ington DC. Xavier is responsible for maintaining agency security policies, teac
hing security awareness classes, and monitoring the overall health of the networ
k. One of Xavier’s coworkers receives a help desk call from a user who is having
issues navigating to certain sites on the Internet. Xavier’s coworker cannot figu
re out the issue so he hands it off to Xavier. He logs on to the user’s computer
and goes to a couple of websites the user said were having issues. When Xavier
types in www.Google.com, it takes him to Boogle.com instead. When Xavier types
in Yahoo.com, it takes him to Yahooo.com instead. Xavier checks all the IP sett
ings on the computer which are static and they appear to be correct. Xavier che
cks the local DNS settings as well as the DNS settings on the server and they ar
e correct. Xavier opens a command window and types in: ipconfig /flushdns. Wh
en he navigates to the previous sites, he is still directed to the wrong ones.
What issue is Xavier seeing here on the client computer?
A. This client computer has had the hosts file poisoned. *
B. From this behavior, it is evident that the client computer’s DNS cache has been
poisoned.
C. Xavier is seeing a computer that has been infected with an IRC bot Trojan.
D. This computer has obviously been hit by a Smurf attack.
19. Javier is a network security consultant working on contract for a state agen
cy in Texas. Javier has been asked to test the agency’s network security from eve
ry possible aspect. Javier decides to use the Reaper Exploit virus to see if he
can exploit any weaknesses in the company’s email. He infects a couple of comput
ers with the virus and waits for the users of those machines to use their email
client. After a short amount of time, he receives numerous emails that were cop
ied from those clients; this proving that the client computers are susceptible t
o the Reaper Exploit virus exploiting their email clients. What aspect of email
clients does this exploit take advantage of?
A. The Reaper Exploit uses the functionality of DHTML in Internet Explorer, used
by Microsoft Outlook. *
B. This exploit takes advantage of hidden form fields which are used by email cl
ients such as Microsoft Outlook.
C. This Reaper Exploit virus takes advantage of the inherent insecurity in S/MIM
E used by email clients like Outlook.
D. Email clients like Outlook are susceptible to this exploit because they utili
ze XML and XMLS.
20. You are an IT security consultant working on a six month contract with a lar
ge energy company based in Kansas City. The energy company has asked you to per
form DoS attacks against its branch offices to see if their configurations and n
etwork hardening can handle the load. To perform this attack, you craft UDP pac
kets that you know are too large for the routers and switches to handle. You al
so put confusing offset values in the second and later fragments to confuse the
network if it tries to break up the large packets. What type of attack are you
going to attempt on the company’s network?
A. You are going to attempt a teardrop attack to see if their network can handle
the packets. *
B. This type of attack is referred to as a Ping of Death attack since the packet
s use confusing offset values.
C. By changing the characteristics of the UDP packets in this manner, you are tr
ying to use a Smurf attack against the company’s network.
D. This attack is called a SYN attack since the UDP packets are manipulated.
21. Bill is an IT security consultant who has been hired on by an ISP that has r
ecently been plagued by numerous DoS attacks. The ISP did not have the internal
resources to prevent future attacks, so they hired Bill for his expertise. Bil
l looks through the company’s firewall logs and can see from the patterns that the
attackers were using reflected DoS attacks. What measures can Bill take to hel
p prevent future reflective DoS attacks against the ISP’s network? (Select 2)
A. Bill should have the ISP block port 179 on their firewall to stop these DoS a
ttacks. *
B. He should have them configure their network equipment to recognize SYN source
IP addresses that never complete their connections. *
C. Bill needs to tell the ISP to block all UDP traffic coming in on port 1001 to
prevent future reflective DoS attacks against their network.
D. Bills should configure the ISP’s firewall so that it blocks FIN packets that ar
e sent to the broadcast address of the company’s internal IP range.
22. Gerald is a certified ethical hacker working for a large financial instituti
on in Oklahoma City. Gerald is currently performing an annual security audit of
the company’s network. One of the company’s primary concerns is how the corporate
data is transferred back and forth from the banks all over the city to the data
warehouse at the company’s home office. To see what type of traffic is being pass
ed back and forth and to see how secure that data really is, Gerald uses a sessi
on hijacking tool to intercept traffic between a server and a client. Gerald hi
jacks an HTML session between a client running a web application which connects
to a SQL database at the home office. Gerald does not kill the client’s session;
he simply monitors the traffic that passes between it and the server. What type
of session attack is Gerald employing here?
A. Gerald is using a passive application level hijack to monitor the client and
server traffic. *
B. He is utilizing a passive network level hijack to see the session traffic use
d to communicate between the two devices.
C. This type of attack would be considered an active application attack since he
is actively monitoring the traffic.
D. This type of hijacking attack is called an active network attack.
23. Theresa is the chief information security officer for her company, a large s
hipping company based out of New York City. In the past, Theresa and her IT emp
loyees manually checked the status of client computers on the network to see if
they had the most recent Microsoft updates. Now that the company has added over
100 more clients to accommodate new departments, Theresa must find some kind of
tool to see whether the clients are up-to-date or not. Theresa decides to use
Qfecheck to monitor all client computers. When Theresa runs the tool, she is re
peatedly told that the software does not have the proper permissions to scan. T
heresa is worried that the operating system hardening that she performs on all c
lients is keeping the software from scanning the necessary registry keys on the
client computers. What registry key permission should Theresa check to ensure t
hat Qfecheck runs properly?
A. She needs to check the permissions of the HKEY_LOCAL_MACHINE\SOFTWARE\Microso
ft\Updates registry key. *
B. Theresa needs to look over the permissions of the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Updates\Microsoft\Patches.
C. In order for Qfecheck to run properly, it must have enough permission to read
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Microsoft\Updates.
D. The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micros
oft must be checked.
24. Leonard is the senior security analyst for his company, Meyerson Incorporate
d. Leonard has recently finished writing security policies for the company that
have just been signed off by management. Every employee has had to sign off on
the policies, agreeing to abide by them or face disciplinary action. One polic
y in particular is being enforced; employees are not allowed to use web-based em
ail clients such as Hotmail, Yahoo, and Gmail. This has been put in place becau
se of virus infections that started with web-based email. While walking through
the office one day, Leonard notices an employee using Hotmail. To prove a poin
t, Leonard sends an email to this users Hotmail account with the following code.

What will this code do on the employee’s computer once the email is opened?
A. This code will create pop-up windows on the employee’s computer until its memor
y is exhausted. *
B. This HTML code will force the computer to reboot immediately.
C. Once the employee opens the email with this code, his computer will send out
messages to the network with the title of “You are in trouble!”.
D. This code will install a counter on the employee’s computer that will count eve
ry time that user opens web-based email.
25. Cheryl is a security analyst working for Shintel Enterprises, a publishing c
ompany in Boston. As well as monitoring the security state of the company’s netwo
rk, she must ensure that the company’s external websites are up and running all th
e time. Cheryl performs some quick searches online and finds a utility that wil
l display a window on her desktop showing the current uptime statistics of the w
ebsites she needs to watch. This tool works by periodically pinging the website
s; showing the ping time as well as a small graph that allows Cheryl to view the
recent monitoring history. What tool is Cheryl using to monitor the company’s ex
ternal websites?
A. She is using Emsa Web monitor to check on the status of the company’s websites.
*
B. Cheryl is utilizing AccessDiver to check on the websites’ status.
C. To monitor her company’s websites, Cheryl is using Acunitex.
D. Cheryl has chosen to use Burp to check on the status of the company’s websites.
26. James is an IT security consultant as well as a certified ethical hacker. J
ames has been asked to audit the network security of Yerta Manufacturing, a tool
manufacturing company in Phoenix. James performs some initial external tests a
nd then begins testing the security from inside the company’s network. James find
s some big problems right away; a number of users that are working on Windows XP
computers have saved their usernames and passwords used to connect to servers o
n the network. This way, those users do not have to type in their credentials e
very time they want access to a server. James tells the IT manager of Yerta Man
ufacturing about this, and the manager does not believe this is possible on Wind
ows XP. To prove his point, James has a user logon to a computer and then James
types in a command that brings up a window that says “Stored User Names and Passw
ords”. What command did James type in to get this window to come up?
A. James had to type in “rundll32.exe keymgr.dll, KRShowKeyMgr” to get the window to
pop up. *
B. To bring up this stored user names and passwords window, James typed in “rundll
32.exe storedpwd.dll, ShowWindow”.
C. The command to bring up this window is “KRShowKeyMgr”.
D. James typed in the command “rundll32.exe storedpwd.dll” to get the Stored User Na
mes and Passwords window to come up.
27. Kevin is an IT security analyst working for Emerson Time Makers, a watch man
ufacturing company in Miami. Kevin and his girlfriend Katy recently broke up af
ter a big fight. Kevin believes that she was seeing another person. Kevin, who
has an online email account that he uses for most of his mail, knows that Katy
has an account with that same company. Kevin logs into his email account online
and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22
Kevin changes the URL to:
http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22
Kevin is trying to access her email account to see if he can find out any inform
ation. What is Kevin attempting here to gain access to Katy’s mailbox?
A. Kevin is trying to utilize query string manipulation to gain access to her em
ail account. *
B. This type of attempt is called URL obfuscation when someone manually changes
a URL to try and gain unauthorized access.
C. By changing the mailbox’s name in the URL, Kevin is attempting directory transv
ersal.
D. He is attempting a path-string attack to gain access to her mailbox.
28. Daryl is the network administrator for the North Carolina Lottery. Daryl is
responsible for all network security as well as physical security. The lottery
recently hired on a web developer to create their website and bring all service
s in house since the lottery’s website was previously hosted and supported by a th
ird party company. After the developer creates the website, Daryl wants to chec
k it to ensure it is as secure as possible. The developer created a logon page
for lottery retailers to gain access to their financial information. Without kn
owing what any of the usernames and passwords are, Daryl tries to bypass the log
on page and gain access to the backend. Daryl makes a number of attempts and he
gets the following error message every time.
What can Daryl deduce from this error message?
A. He can tell that the site is susceptible to SQL injection. *
B. From this error, Daryl can see that the site is vulnerable to query string ma
nipulation attacks.
C. This particular error indicates that the page is vulnerable to buffer overflo
ws.
D. Daryl can deduce that the developer did not turn off friendly messages on the
server.
29. Jeremy is web security consultant for Information Securitas. Jeremy has jus
t been hired to perform contract work for a large state agency in Michigan. Jer
emy’s first task is to scan all the company’s external websites. Jeremy comes upon
a login page which appears to allow employees access to sensitive areas on the w
ebsite. James types in the following statement in the username field:
SELECT * from Users where username=’admin’ -- AND password=’’ AND email like ‘%@testers.co
m%’
What will the following SQL statement accomplish?
A. If the page is susceptible to SQL injection, it will look in the Users table
for usernames of admin *
B. This statement will look for users with the name of admin, blank passwords, a
nd email addresses that end in @testers.com.
C. This Select SQL statement will log James in if there are any users with NULL
passwords.
D. James will be able to see if there are any default sa user accounts in the SQ
L database.
30. David is the wireless security administrator for Simpson Audio Visual. Davi
d was hired on after the company was awarded a contract with 100 airports to ins
tall wireless networks. Since these networks will be used by both internal airp
ort employees and visitors to the airports, David decided to go with the de fact
o standard of 802.11b. Every airport wants to use 802.11b with TCP error checki
ng, even though David has said this will slow down the wireless network connecti
on speeds. With this error checking, what will be the resulting speed of the wi
reless networks?
A. Since TCP error checking will be utilized; the effective speed of the wireles
s networks can be up to 5.9 mbps. *
B. The resulting speed of the wireless networks will be up to 7.1 mbps since err
or checking slows down the actual speed.
C. Because TCP error checking has no effect on the actual speed, the airports’ wir
eless networks will function at up to 11 mbps.
D. The resulting speed of the wireless networks for the airports will be up to 2
48 mbps.
31. Oliver is the network security administrator for Foodies Café, a chain of coff
ee shops in the Seattle metropolitan area. Oliver is performing his quarterly s
ecurity audit of the entire company, including each coffee shop the company owns
. Each café has a wireless hotspot that customers can utilize. The home office a
lso has a wireless network which is used by employees. While walking around the
outside of the corporate office, Oliver sees a drawing on the sidewalk right ne
xt to his building.
What does this symbol signify?
A. This symbol means that someone has found out that the company is using wirele
ss networking with open access and restrictions. *
B. This means that someone knows the corporate wireless network is utilizing a a
ccess points with MAC filtering and WPA encryption.
C. This signifies a hacker has discovered that the company is using WEP encrypti
on for its wireless network.
D. This particular symbol is used to tell others that a nearby wireless access p
oint is using weak encryption.
32. Jacob is the IT manager for Thompson & Sons, a bail bondsman company in Minn
eapolis. Jacob has been told by the company’s president to perform a logical and
physical security audit for all the offices around the city. Jacob finds that a
number of offices need more physical security. Jacob recommends that these off
ices add a cage that customers must pass through before entering the main office
. This cage will allow employees in the office to verify the customer’s informati
on before allowing them access into the building. What is Jacob recommending th
e offices install for added security?
A. Jacob is recommending that the offices install mantraps at their locations. *
B. He is recommending the offices install physical DMZ’s at their locations.
C. This type of physical security measure is called a piggyback box.
D. He has recommended that these locations install stop-gap cages as an added se
curity measure.
33. Sydney is a certified ethical hacker working as the systems administrator fo
r Galt Riderson International. Sydney is an expert in Linux systems and is util
izing IPTables to protect Linux clients as well as servers. After monitoring th
e firewall log files, Sydney has been fine tuning the firewall on many clients t
o adjust for the best security. Sydney types in the following command:
iptables -A INPUT -s 0/0 -I eth1 -d 192.168.254.121 -p TCP -j ACCEPT
What will this command accomplish for Sydney?
A. This command will allow TCP packets coming in on interface eth1 from any IP
address destined for 192.168.254.121. *
B. By using this command, Sydney will block all TCP traffic coming in on interfa
ce eth1 to the IP address of 192.168.254.121.
C. This command will block all TCP packets with NULL headers from reaching the I
P address of 192.168.254.121.
D. Sydney is using this command to allow all TCP traffic that is outbound from I
P address 192.168.254.121.
34. Lonnie is the chief information officer for Ganderson Trailways, a railroad
shipping company with offices all over the United States. Lonnie had all his sy
stems administrators implement hardware and software firewalls last year to help
ensure network security. On top of these, they implemented IDS/IPS systems thr
oughout the network to check for and stop any bad traffic that may attempt to en
ter the network. Although Lonnie and his administrators believed they were secu
re, a hacker group was able to get into the network and modify files hosted on t
he company’s websites. After searching through firewall and server logs, no one c
ould find how the hackers were able to get in. Lonnie decides that the entire n
etwork needs to be monitored for critical and essential file changes. This moni
toring tool needs to alert administrators whenever a critical file is changed in
any way. What utility could Lonnie and his systems administrators implement on
the company’s network to accomplish this?
A. Lonnie could use Tripwire to notify administrators whenever a critical file i
s changed.*
B. They can implement Strataguard on the network which monitors critical system
and registry files.
C. SnortSam would be the best utility to implement since it keeps track of criti
cal files as well as files it is told to monitor.
D. Lonnie and his systems administrators need to use Loki to monitor specified f
iles on the company’s network.
35. Neville is a network security analyst working for Fenderson Biomedics, a med
ical research company based out of London. Neville has been tasked by his super
visor to ensure that the company is as secure as possible. Neville first examin
es and hardens the OS for all company clients and servers. Neville wants to che
ck the performance and configuration of every firewall and network device to ens
ure they comply with company security policies. Neville has chosen to use Firew
all Informer because it actively and safely tests devices with real-world exploi
ts to determine their security state. What built-in technology used by Firewall
Informer actively performs these exploit tests on network equipment?
A. Firewall Informer uses Blade Software’s Simulated Attack For Evaluation (S.A.F.
E.) technology to actively test network devices. *
B. The built-in technology used by Firewall Informer is a graphical user interfa
ce version of Snort.
C. The technology used to actively perform exploit checking in Firewall Informer
is Blade Software’s Exploit Awareness Safety Yield (E.A.S.Y.).
D. Firewall Informer utilizes a stripped down version of Loki to actively and sa
fely check for possible exploits on network devices.
36. Ursula is a network security analyst as well as a web developer working on c
ontract for a marketing firm in St. Louis. Ursula has been hired on to help str
eamline the company’s website and ensure it meets accessibility laws for that stat
e. After completing all the work that was asked, the marketing firm terminates
Ursula’s service and does not pay the rest of the money that is owed to her. Righ
t before she is asked to leave, Ursula writes a small application with the follo
wing code inserted into it.

What will this code accomplish?

A. This code will create a buffer overflow if the application it resides in is r
un. *
B. This code that Ursula has written will cause the computer it is run on to thr
ow up a URI exception error; essentially crashing the machine.
C. Because the code is written in this manner, it will create a buffer underflow
if it is executed.
D. This code Ursula has inserted into a program will create a format string bug
if executed.
37. Nathan is the senior network administrator for Undulating Innovations, a sof
tware development company in Los Angeles. Nathan’s company typically develops sec
ure email programs for state and local agencies. These programs allow these age
ncies to send and receive encrypted email using proprietary encryption and signi
ng methods. An employee at one of the state agencies has been arrested on suspi
cion of leaking sensitive government information to third world countries for pr
ofit. When the US federal government steps in, they seize the employee’s computer
and attempt to read email he sent but are not able to because of the encryption
software he used. Nathan receives a call from an investigator working for the
CIA on this particular case. The investigator tells Nathan that his company has
to give up the encryption algorithms and keys to the government so they can rea
d the email sent by the accused state employee. Under what right does this inve
stigator have to ask for the encryption algorithms and keys?
A. The federal government can obtain encryption keys from companies under the Go
vernment Access to Keys (GAK) rule. *
B. The CIA investigator can obtain the proprietary keys and algorithms from Nath
an’s company due to Eminent Domain laws.
C. Since this has turned into a federal case, the government has the right to ob
tain proprietary information from Nathan’s company under Juris Prudence laws.
D. The investigator can ask for and obtain the proprietary information due to Ha
beas Corpus laws.
38. Justine is the systems administrator for her company, an international shipp
ing company with offices all over the world. Recent US regulations have forced
the company to implement stronger and more secure means of communication. Justi
ne and other administrators have been put in charge of securing the company’s digi
tal communication lines. After implementing email encryption, Justine now needs
to implement robust digital signatures to ensure data authenticity and reliabil
ity. Justine has decided to implement digital signatures which are a variant of
DSA and that operate on elliptical curve groups. These signatures are more eff
icient than DSA and are not vulnerable to a number field sieve attacks. What ty
pe of signature has Justine decided to implement?
A. Justine has decided to use ECDSA signatures since they are more efficient tha
n DSA signatures. *
B. She has decided to implement ElGamal signatures since they offer more reliabi
lity than the typical DSA signatures.
C. Justine is now utilizing SHA-1 with RSA signatures to help ensure data reliab
ility.
D. These types of signatures that Justine has decided to use are called RSA-PSS
signatures.
39. Charlie is an IT security consultant that owns his own business in Denver.
Charlie has recently been hired by Fleishman Robotics, a mechanical engineering
company also in Denver. After signing service level agreements and other contra
ct papers, Charlie asks to look over the current company security policies. Bas
ed on these policies, Charlie compares the policies against what is actually in
place to secure the company’s network. From this information, Charlie is able to
produce a report to give to company executives showing which areas the company i
s lacking in. This report then becomes the basis for all of Charlie’s remaining t
ests. What type of initial analysis has Charlie performed to show the company w
hich areas it needs improvements in?
A. This type of analysis is called GAP analysis. *
B. This initial analysis performed by Charlie is called an Executive Summary.
C. Charlie has performed a BREACH analysis; showing the company where its weak p
oints are.
D. This analysis would be considered a vulnerability analysis.
40. Zane is a network security specialist working for Fameton Automotive, a cust
om car manufacturing company in San Francisco. Zane is responsible for ensuring
that the entire network is as secure as possible. Much of the company’s business
is performed online by customers buying parts and entire cars through the compa
ny website. To streamline online purchases, the programming department has deve
loped a new web application that will keep track of inventory and check items ou
t online for customers. Since this application will be critical to the company,
Zane wants to test it thoroughly for any security vulnerabilities. Zane primar
ily focuses on checking the time validity of session tokens, length of those tok
ens, and expiration of session tokens while translating from SSL to non-SSL reso
urces. What type of web application testing is Zane primarily focusing on?
A. He is most focused on testing the session management of the new web applicati
on. *
B. Zane is putting most of his effort into component checking.
C. By focusing on those specific areas, Zane’s testing is concentrated on input va
lidation.
D. He is testing the web application’s configuration verification.
41. Giles is the network administrator for his company, a graphics design compan
y based in Dallas. Most of the network is comprised of Windows servers and work
stations, except for some designers that prefer to use MACs. These MAC users ar
e running on the MAC OS X operating system. These MAC users also utilize iChat
to talk between each other. Tommy, one of these MAC users, calls Giles and says
that his computer is running very slow. Giles then gets more calls from the oth
er MAC users saying they are receiving instant messages from Tommy even when he
says he is not on his computer. Giles immediately unplugs Tommy’s computer from th
e network to take a closer look. He opens iChat on Tommy’s computer and it says t
hat it sent a file called latestpics.tgz to all the other MAC users. Tommy says
he never sent those files. Giles also sees that many of the computer’s applicatio
ns appear to be altered. The path where the files should be has an altered file
and the original application is stored in the file’s resource fork. What has Gil
es discovered on Tommy’s computer?
A. Giles has found the OSX/Leap-A virus on Tommy’s computer. *
B. This behavior is indicative of the OSX/Inqtana.A virus.
C. He has discovered OSX/Chat-burner virus on Tommy’s computer.
D. On Tommy’s computer, Giles has discovered an apparent infection of the OSX/Tran
smitter.B virus.
42. Paulette is the systems administrator for Newton Technologies. Paulette hol
ds certifications in both Microsoft areas as well as security such as the CEH.
Paulette is currently performing the yearly security audit for the company’s entir
e network which includes two branch offices. Paulette travels to one of the bra
nch offices to perform an internal audit at that location. She uses Send ICMP N
asty Garbage (SING) to find all the routers in the network. All network equipme
nt at the home office and branch offices are Cisco equipment. Paulette wants to
check for a particular arbitrary administrative access vulnerability known in C
isco equipment when certain HTTP requests are made to those routers. If one of
the router’s IP addresses is 172.16.28.110, what HTTP request could Paulette use t
o see if that router is vulnerable?
A. Paulette could type in: http://172.16.28.110/level/22/exec/show/config/cr to
check if the router is vulnerable. *
B. If she typed in: http://172.16.28.110/level/121/exec/show/admin/config, she
would be able to see if the router is vulnerable to arbitrary administrative acc
ess attacks.
C. By typing in: http://172.16.28.255/level/99/exec/show/config/cr, Paulette wi
ll be able to see if the Cisco router is vulnerable.
D. She needs to navigate to: http://172.16.28.110:2209 to check for its vulnerab
ility.
43. Michael is an IT security consultant currently working under contract for a
large state agency in New York. Michael has been given permission to perform an
y tests necessary against the agency’s network. The agency’s network has come under
many DoS attacks in recent months, so the agency’s IT team has tried to take prec
autions to prevent any future DoS attacks. To test this, Michael attempts to ga
in unauthorized access or even overload one of the agency’s Cisco routers that is
at IP address 192.168.254.97. Michael first creates a telnet session over port
23 to the router. He uses a random username and tries to input a very large pas
sword to see if that freezes up the router. This seems to have no affect on the
router yet. What other command could Michael use to attempt to freeze up the r
outer?
A. Michael could use the command: ping -l 56550 192.168.254.97 -t. *
B. If Michael used the command: ping -r 999 192.168.254.97 -t, he could freeze
up the router and then attempt to gain access.
C. The command: finger -l 9999 192.168.254.97 -m would force the router to free
ze.
D. Ping -l 254 192.168.254.97 would make the router freeze.
44. Cindy is a certified ethical hacker working on contract as an IT consultant
for Dewdrop Enterprises, a computer manufacturing company based in Dallas. Dewd
rop has many sales people that travel all over the state using Blackberry device
s and laptops. These mobile devices are the company’s main concern as far as netw
ork security. About a year ago, one of the company laptops was stolen from a sa
les person and sensitive company information was stolen from it. Because of thi
s, the company has hired on Cindy to ensure that all mobile devices used by empl
oyees are secure. Since many of the employees are now using new laptops with Wi
ndows Vista, Cindy has configured Bitlocker on those devices for hard disk encry
ption. Cindy then uses the BlackBerry Attack Toolkit along with BBProxy to chec
k for vulnerabilities on the blackberry devices. As it turns out, these devices
are vulnerable and she is able to gain access to the corporate network through
the Blackberry devices. What type of attack has Cindy used to gain access to th
e network through the mobile devices?
A. Cindy has used Blackjacking to gain access to the corporate network. *
B. This type of attack would be called Skipjacking since it is utilizing mobile
devices to gain access to a corporate network.
C. This would be considered a Berryjack attack since it attacks Blackberry devic
es.
D. Cindy is using a MITM attack by using Blackberry devices.
45. Henry is the network administrator for a large advertising firm in Chicago.
As well as ensuring overall network health, Henry is responsible for performing
security audits, vulnerability assessments and penetration tests to check for n
etwork security. Henry has been asked to travel to one of the company’s branch of
fices in Taylor Texas to perform a security audit. Right away, Henry notices ho
w many mobile devices that branch office utilizes including PDA’s, Blackberries, a
nd laptops. To prove a point, Henry wants to show the IT manager at that branch
office how insecure some of those mobile devices are. In particular, he wants
to point out the sensitive information that Palm devices can pass when using Hot
Sync to synch itself with a computer. What UDP port should Henry listen on that
is used by the Palm OS to find sensitive information?
A. Henry should listen on UDP port 14237 to see the traffic passed back and fort
h when using HotSync. *
B. He should have his device listen on UDP port 16999 to see the traffic passed
from the Palm device.
C. If he listens on UDP port 1219, he will be able to see the traffic.
D. Henry needs to have his device listen on UDP port 14001.
46. Richard is an IT security expert currently making presentations in Las Vegas
at a logical security conference. Richard’s specialty is in Bluetooth technology
and different ways to take advantage of its vulnerabilities. Richard is using
one of his Bluetooth enabled cell phones and a Bluetooth enabled laptop to make
a demonstration on how to steal information from a wireless device through a Blu
etooth connection. Richard shows how to connect to the OBEX Push target and how
to perform an OBEX GET request to pull the address book and calendar off the ce
ll phone. What type of attack is Richard demonstrating here at the conference?
A. Richard is demonstrating Bluesnarfing by stealing information from a wireless
 device through a Bluetooth connection. *
B. He is showing how to perform a Bluejacking attack by exploiting the inherent
weaknesses in Bluetooth connections.
C. This attack that Richard is demonstrating is called a BlueSpam attack.
D. At the conference, Richard is demonstrating how to perform a BlueBack attack
.
47. William is the senior security analyst for Cuthbert & Associates, a large la
w firm in Miami. William is responsible for ensuring complete network security.
William’s boss, the IT director, is trying to convince the owners of the firm to
purchase new Blackberry devices and new Bluetooth enabled laptops. William has
been telling his boss that using Bluetooth devices like that is not secure. Wi
lliam’s boss doesn’t believe that Bluetooth devices are a security risk, so he asks
for a demonstration. William obliges his boss by setting up an attack with his
personal laptop and his boss’ Bluetooth enabled phone. William uses Logical Link
Control and Adaptation Layer Protocol ( L2CAP) to send oversized packets to his
boss’ phone. This attack overloads the phone and William is able to do whatever h
e wants to with the device now. What type of attack has William just demonstrat
ed to his boss?
A. He has shown his boss how to perform a Bluesmacking attack. *
B. William has performed a Bluesnarf attack on his boss’ phone.
C. This type of attack is called a BlueDump attack.
D. William was able to demonstrate to his boss how to perform a Bluejacking atta
ck.
48. Blake is an IT security consultant, specializing in PBX and VoIP implementat
ion testing. Blake has been recently hired on my Thwarting Enterprises, a broke
rage firm in New York City. The company heard through contacts that Blake was t
he best in the business as far as examining and securing VoIP network implementa
tions. About a year ago, Thwarting Enterprises installed a Cisco VoIP system th
roughout their office to replace the older PBX system. They have now brought Bl
ake in to test its security, or lack thereof. Blake first begins his testing by
finding network devices on the network that might be used for VoIP. Blake pref
ers to use UDP scanning because of its quickness. Blake finds a target on the n
etwork that looks promising and begins to perform a scan against it by sending p
ackets with empty UDP headers to each port. Almost all of the ports respond wit
h the error of “ICMP port unreachable”. From these errors, what can Blake deduce ab
out these ports?
A. From this error, Blake can tell that these ports are not being used. *
B. This specific error means that the ports are currently in stealth mode.
C. Blake can deduce that the ports that respond with this error are open and lis
tening.
D. He can tell that these specific ports are in hybrid mode.
49. Vicki is the IT manager for her company, an online retail business in Seattl
e. Vicki was recently given budget approval by the CIO to purchase 100 VoIP pho
nes and all the VoIP networking equipment needed to make a complete VoIP impleme
ntation. Vicki and her employees install all the phones and set up the servers
needed to run the new system. After about three months of setup, everything has
been completed and the system is finally stable. Because she is not very famil
iar with VoIP security, she attends a VoIP security seminar which she finds very
informative. One interesting piece of information she learns of is that most V
oIP phones are installed with an imbedded OS called VxWorks. This, she finds ou
t, is also what the VoIP phone manufacturer installed on all her company’s new VoI
P phones. Vicki also learns that there is a default remote debugger on all thes
e phones that listens on a specific port in case a remote administrator needs to
do some troubleshooting. Vicki sees this as a large security problem. Instead
of going to each and every new phone to turn off this feature, she decides to b
lock the necessary port on the firewall to save time. What port should Vicki bl
ock at the firewall so no external connections can be made directly to the VoIP
phones?
A. Vicki needs to block TCP port 17185 at the firewall to prevent the default de
bugger program from communicating outside the network. *
B. She should block UDP port 21972 at the firewall to keep the remote debugging
feature on the VoIP phones from being used.
C. TCP port 9121 should be blocked at the firewall to keep anyone from using the
remote admin debugging software.
D. She needs to block any traffic on the firewall coming in on or going out on T
CP port 4290.
50. Steven is the senior network administrator for Onkton Incorporated, an oil w
ell drilling company in Oklahoma City. Steven and his team of IT technicians ar
e in charge of keeping inventory for the entire company; including computers, so
ftware, and oil well equipment. To keep track of everything, Steven has decided
to use RFID tags on their entire inventory so they can be scanned with either a
wireless scanner or a handheld scanner. These RFID tags hold as much informati
on as possible about the equipment they are attached to. When Steven purchased
these tags, he made sure they were as state of the art as possible. One feature
he really liked was the ability to disable RFID tags if necessary. This comes
in very handy when the company actually sells oil drilling equipment to other co
mpanies. All Steven has to do is disable the RFID tag on the sold equipment and
it cannot give up any information that was previously stored on it. What techn
ology allows Steven to disable the RFID tags once they are no longer needed?
A. RFID Kill Switches built into the chips enable Steven to disable them. *
B. The technology used to disable an RFIP chip after it is no longer needed, or
possibly stolen, is called RSA Blocking.
C. Newer RFID tags can be disabled by using Terminator Switches built into the c
hips.
D. The company’s RFID tags can be disabled by Steven using Replaceable ROM technol
ogy.
51. Leonard is a systems administrator who has been tasked by his supervisor to
slow down or lessen the amount of SPAM their company receives on a regular basis
. SPAM being sent to company email addresses has become a large problem within
the last year for them. Leonard starts by adding SPAM prevention software at th
e perimeter of the network. He then builds a black list, white list, turns on M
X callbacks, and uses heuristics to stop the incoming SPAM. While these techniq
ues help some, they do not prevent much of the SPAM from coming in. Leonard dec
ides to use a technique where his mail server responds very slowly to outside co
nnected mail servers by using multi-line SMTP responses. By responding slowly t
o SMTP connections, he hopes that SPAMMERS will see this and move on to easier a
nd faster targets. What technique is Leonard trying to employ here to stop SPAM
?
A. He is using the technique called teergrubing to delay SMTP responses and hope
fully stop SPAM. *
B. This technique that Leonard is trying is referred to as using a Sender Policy
Framework to aid in SPAM prevention.
C. Leonard is trying to use the Transparent SMTP Proxy technique to stop incomin
g SPAM.
D. To stop SPAM, Leonard is using the technique called Bayesian Content Filterin
g.
52. Jacob is the systems administrator for Haverson Incorporated, a food process
ing company in Boston. Jacob is responsible for all equipment on the network as
well as network security. After attending the CEH class and passing the CEH te
st, Jacob wants to make some changes on the network to ensure network security.
Since there are three company computers in a publicly accessible area, he wants
to lock those machines down as much as possible. Jacob wants to make sure that
no one can use USB flash drives on those computers; while still allowing USB mi
ce and keyboards to work. What can Jacob do to prevent USB flash drives from wo
rking on these publicly available computers? (Select 2)
A. Jacob needs to change the registry value to “4” at HKEY_LOCAL_MACHINE\SYSTEM\Curr
entControlSet\Services\UsbStor\Start *
B. He needs to rename the files UsbStor.inf and UsbStor.pnf. *
C. Jacob should delete the registry key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentCont
rolSet\Services\Usbhub
D. To disable USB drives, he should rename the USBFile.sys and StoreDrive.inf fi
les.
53. Lyle is the network security analyst for his company, a large state agency i
n Florida. Lyle is responsible for ensuring the agency’s network security; includi
ng everything from mobile users to internal databases. Lyle has been charged wi
th performing a security audit to comply with state regulations that were just p
assed. Lyle begins to test different aspects of the network, including the many
Oracle databases that are utilized. Lyle finds out that the Oracle DBA created
all of the databases with the simple create database command. After finding th
is out, Lyle is able to exploit the default user accounts that were created for
these databases. What is the default user account created for Oracle databases
when the create database command is used?
A. The default user account created for Oracle databases is called OUTLN. *
B. Oracle creates the default user account DEFAULT when the create database comm
and is used.
C. SYSTEM is the default user account created in Oracle.
D. The default account created when using the create database command on Oracle
databases is called SYSOP.
54. John is the senior research security analyst for Terror Trends International
, a research foundation that provides terrorism information to companies as well
as governments. John and his team have been monitoring terrorist cyber traffic
for over eight years now and have noticed an interesting trend. Through transl
ated bulletin posts and intercepted email communications, they have seen terrori
st and extremist groups use less conventional means of communication on the Inte
rnet. They appear to be using technologies like social-networking sites, eBay,
and even environments like Second Life. By using these new communication method
s, it has made the job of John and his research team much harder. What are thes
e Internet communication environments referred to?
A. These are called Web 2.0 environments. *
B. These environments are often referred to as Internet2.
C. These collaborative areas on the Internet are called Centrix environments.
D. Environments such as these used by terrorists and common people alike are cal
led Symbiotic Networks.
55. Stephan is the senior security analyst for NATO, currently working out of Am
sterdam. Stephan has been assigned to research terrorist activities, specifical
ly cyber Jihad. Stephan was recently given a computer that was seized from a te
rrorist cell in London. After breaking through the disk encryption, Stephan and
his team were able to read files and their contents on the computer. Stephan f
ound a copy of Mujahedeen Secrets 2 in a hidden folder that the terrorists were
apparently using to hide their communications on the Internet. Unfortunately, t
he other files used by the application were not in that same directory. What fi
le should Stephan look for on the computer if he wants to find the file that sto
res all the keys used by Mujahedeen Secrets 2?
A. Stephan needs to look for AsrarKeys.db on the computer. *
B. To find the file used by Mujahedeen Secrets 2 to store keys, Stephan should l
ook for KeyFob.db.
C. He should search on the computer for Secrets2.db.
D. Stephan and his team need look for the file LockedAsrar.db on the computer.
56. Frederick is a security research analyst for the Department of Defense. Fre
derick was recently assigned to the cyber defense unit based in Washington D.C.
He has been researching terrorist activity online through bulletin boards, soci
al networking sites, and other extremist websites. One of Frederick’s colleagues
was able to obtain a copy of Mujahedeen Secrets 2 for him to check out. When Fr
ederick’s boss hears of this, he tells Frederick he wants to be briefed on every a
spect of the software within 2 days. Since the help file was in Arabic, Frederi
ck had to translate the 60 some odd pages which took him over 6 hours. By the t
ime that his boss’ briefing came around, Frederick was only able to research and l
ook through half of the application. Frederick’s boss asks him specifically about
the File Shredder module of the software; which Frederick was not able to resea
rch. Frederick’s boss wants to know what the maximum number of passes the program
uses when deleting files from a computer. What should Frederick’s answer be?
A. Mujahedeen Secrets 2 can be set to make a maximum number of 10 passes over a
file to delete it from a computer. *
B. Frederick should tell his boss that the application can make a maximum number
of 99 passes to delete a file.
C. This application is able to make a maximum number of 5 passes over a file to
completely delete it from a computer.
D. Frederick should reply by saying that the application can make a maximum numb
er of 299 passes.
57. Jacob is the network administrator for Richardson Electric, a heating and ai
r conditioning company based out of Wichita. Jacob is responsible for the entir
e corporate network, including its security. Jacob has recently been receiving
numerous calls from users stating that they receive pop-ups all the time. These
users’ computers are all running Windows XP SP2. Jacob checks their Internet Exp
lorer settings and the pop-up blocker is on for every machine. Jacob decides to
install a couple of other free browsers that have pop-up blockers, and the comp
uters still receive numerous pop-ups. Jacob downloads free spyware and adware r
emoval software to scan these computers. The scans return no results, and the c
omputers are still getting numerous pop-ups. Jacob does not have any money in h
is budget to buy any commercial products to stop this issue. What no-cost setti
ng could Jacob make to stop pop-ups on these computers?
A. Jacob can edit the hosts file on these computers by adding the addresses of t
hese pop-up sites and pointing them to 127.0.0.1. *
B. He can manually add the registry key of “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\BlockPopups” with a value of “1”.
C. To block pop-ups, he can edit the hosts file on these computers and add entri
es for the pop-up sites and point them to the broadcast address for their partic
ular subnet.
D. Jacob can modify the Windows Firewall settings on these computers to block po
p-ups.
58. Natalie is the IT security administrator for Sheridan Group, an investment c
ompany based in Detroit. Natalie has been getting reports from the help desk th
at users are having issues when they go to a particular vendor’s website; a compan
y that sells paper. They report strange browser behavior such as pop-ups, brows
er redirection, and so on. These users also state they have been getting SPAM r
elated to paper products, similar to those being provided by the vendor. Natali
e scans these computers for viruses, adware, and spyware and turns up nothing.
Natalie has one of these users navigate to the vendor’s website and sees the odd b
rowser behavior. Natalie decides to take a look at the source code of that webs
ite to see if she can pull out anything of use. Natalie finds many places in th
e source code referring to a jpg file that is only one pixel in height and one p
ixel in width. What has Natalie discovered here in the source code?
A. Natalie has discovered Web Bugs in the source code. *
B. She has found hidden Form Fields in the source code of the vendor’s website.
C. She has discovered an apparent use of stegonagraphy in the source code.
D. This type of code is indicative of a Web Virus.
59. Michelle is a CPA working in the Accounting department for Beyerton & Associ
ates. Michelle works on a Windows XP SP2 computer. Michelle’s daily duties take
up about 6 hours out of her 8 hour workday. This leaves her about 2 hours a day
where she can surf the Internet. Michelle goes to Myspace.com quite a bit duri
ng this free time to stay in touch with friends. After a new IT policy is imple
mented, sites like Myspace are blocked so users cannot get to them. The IT depa
rtment is using an Internet filter to block specific websites such as Myspace.
Michelle really wants to go to Myspace to stay in touch with the people she know
s, even though it is now prohibited by an IT policy. What could Michelle do to
still gain access to Myspace.com?
A. Michelle can use Proxify.net to navigate to Myspace. *
B. Michelle can edit her local hosts file to get around the Internet filter.
C. She can navigate to Redirect.com to serve as a proxy; letting her navigate to
Myspace.
D. She can turn off Windows Firewall on her computer.
60. Bonnie is an IT security consultant currently working out of her home. She
is able to perform much of her job through her home network when performing exte
rnal footprinting, scanning, and pen testing. Bonnie has a number of computers
running on different operating systems from Windows XP SP2 to Fedora. She uses
two desktops that run as servers for her home network; handing out DHCP numbers,
performing DNS lookups, and so on. Bonnie also utilizes an IDS to watch any tr
affic that might try to get into her network. One day, Bonnie sees some odd tra
ffic trying to connect to her internal computers. Bonnie decides to download an
d install NetDefender on her Windows computers to block malicious traffic. All
of her Windows computers are running Windows XP SP2 with the default install. B
onnie tries to start NetDefender, but receives an error that it cannot start. W
hy can’t Bonnie get NetDefender to start on her Windows computers?
A. She needs to stop the Windows firewall before starting NetDefender. *
B. She cannot start NetDefender because the computers are getting dynamic IPs.
C. To get NetDefender to work properly, Bonnie needs to allow TCP port 559 in th
e Windows firewall settings.
D. She cannot get NetDefender to work because it is only meant to run on Linux-b
ased computers.
61. You are the CIO for Avantes Finance International, a global finance company
based in Geneva. You are responsible for network functions and logical security
throughout the entire corporation. Your company has over 250 servers running W
indows Server, 5000 workstations running Windows Vista, and 200 mobile users wor
king from laptops on Windows XP. Last week, 10 of your company’s laptops were sto
len from salesmen while at a conference in Amsterdam. These laptops contained p
roprietary company information. While doing damage assessment on the possible p
ublic relations nightmare this may become, a news story leaks about the stolen l
aptops and also that sensitive information from those computers was posted to a
blog online. What built-in Windows feature could you have implemented to protec
t the sensitive information on these laptops?
A. You could have implemented Encrypted File System (EFS) to encrypt the sensiti
ve files on the laptops. *
B. You should have used 3DES which is built into Windows.
C. If you would have implemented Pretty Good Privacy (PGP) which is built into W
indows, the sensitive information on the laptops would not have leaked out.
D. You should have utilized the built-in feature of Distributed File System (DFS
) to protect the sensitive information on the laptops.
62. Tommy is the systems administrator for his company, a large law firm based i
n New York City. Since Tommy’s company employs many telecommuters and mobile user
s, he has to administer over 100 laptops. Due to laptop theft within the last c
ouple of years, Tommy has convinced management to purchase PAL PC Tracker to ins
tall on all company laptops. Tommy chose this software because of its ability t
o track equipment and its ability to notify administrators if the laptop has bee
n stolen. What method is used by PAL PC Tracker to notify administrators of a l
aptop’s location?
A. PAL PC Tracker can send stealth email to a predetermined address whenever a t
racked computer is connected to the Internet. *
B. This software sets off a loud alarm when sent a signal from an administrator,
alerting anyone in the vicinity of the laptop.
C. PAL PC Tracker sends a page to a predetermined phone number through any wirel
ess signal it can find.
D. When a laptop is classified as missing or stolen, PAL PC Tracker will send HT
TP messages to a predetermined website when the equipment is connected to the In
ternet.
63. Shayla is an It security consultant, specializing in social engineering and
external penetration tests. Shayla has been hired on by Treks Avionics, a subco
ntractor for the Department of Defense. Shayla has been given authority to perf
orm any and all tests necessary to audit the company’s network security. No emplo
yees for the company, other than the IT director, know about Shayla’s work she wil
l be doing. Shayla’s first step is to obtain a list of employees through company
website contact pages. Then she befriends a female employee of the company thro
ugh an online chat website. After meeting with the female employee numerous tim
es, Shayla is able to gain her trust and they become friends. One day, Shayla s
teals the employee’s access badge and uses it to gain unauthorized access to the T
reks Avionics offices. What type of insider threat would Shayla be considered?
A. She would be considered an Insider Affiliate. *
B. Because she does not have any legal access herself, Shayla would be considere
d an Outside Affiliate.
C. Shayla is an Insider Associate since she has befriended an actual employee.
D. Since Shayla obtained access with a legitimate company badge; she would be co
nsidered a Pure Insider.
64. Lori is a certified ethical hacker as well as a certified hacking forensics
investigator working as an IT security consultant. Lori has been hired on by Ki
ley Innovators, a large marketing firm that recently underwent a string of theft
s and corporate espionage incidents. Lori is told that a rival marketing compan
y came out with an exact duplicate product right before Kiley Innovators was abo
ut to release it. The executive team believes that an employee is leaking infor
mation to the rival company. Lori questions all employees, reviews server logs,
and firewall logs; after which she finds nothing. Lori is then given permissio
n to search through the corporate email system. She searches by email being sen
t to and sent from the rival marketing company. She finds one employee that app
ears to be sending very large email to this other marketing company, even though
they should have no reason to be communicating with them. Lori tracks down the
actual emails sent and upon opening them, only finds picture files attached to
them. These files seem perfectly harmless, usually containing some kind of joke
. Lori decides to use some special software to further examine the pictures and
finds that each one had hidden text that was stored in each picture. What tech
nique was used by the Kiley Innovators employee to send information to the rival
marketing company?
A. The employee used steganography to hide information in the picture attachment
s. *
B. The Kiley Innovators employee used cryptography to hide the information in th
e emails sent.
C. The method used by the employee to hide the information was logical watermark
ing.
D. By using the pictures to hide information, the employee utilized picture fuzz
ing.
65. Tarik is the systems administrator for Qwerty International, a computer part
s manufacturing company in San Francisco. Tarik just passed his certified ethic
al hacker test and now wants to implement many of the things he learned in class
. The first project that Tarik completes is to create IT security policies that
cover everything security related from logical to physical. Through management
approval, all employees must sign and agree to the policies or face disciplinar
y action. One policy in particular, network file access, is of importance to Ta
rik and his superiors because of past incidents where employees accessed unautho
rized documents. Tarik has fine-tuned the ACL’s to where no one can access inform
ation outside of their department’s network folder. To catch anyone that might at
tempt to access unauthorized files or folders, Tarik creates a folder in the roo
t of the network file share. Tarik names this folder “HR-Do Not Open”. In this fol
der, Tarik creates many fake HR documents referring to personal information of e
mployees that do not exist. In each document, he places headers and footers tha
t read “Do Not Print or Save”. Then Tarik sets up logging and monitoring to see if
anyone accesses the folder and its contents. After only one week, Tarik records
two separate employees opening the fake HR files, printing them, and saving the
m to their personal directories. What has Tarik set up here to catch employees
accessing unauthorized documents?
A. Tarik has set up a Honeytoken to catch employees accessing unauthorized files
. *
B. He has configured a Honeypot to log when employees access unauthorized files.
C. Since this was set up on an internal network, this would be considered a Tar
Pit.
D. Tarik has configured a network Black Hole.
66. Marshall is the information security manager for his company. Marshall was
just hired on two months ago after the last information security manager retired
. Since the last manager did not implement or even write IT policies, Marshall
has begun writing IT security policies to cover every conceivable aspect. Marsh
all’s supervisor has informed him that while most employees will be under one set
of policies, ten other employees will be under another since they work on comput
ers in publicly-accessible areas. Per his supervisor, Marshall has written two
sets of policies. For the users working on publicly-accessible computers, their
policies state that everything is forbidden. They are not allowed to browse th
e Internet or even use email. The only thing they can use is their work related
applications like Word and Excel. What types of policies has Marshall written
for the users working on computers in the publicly-accessible areas?
A. He has written Paranoid policies for these users in public areas. *
B. Marshall has created Prudent policies for the computer users in publicly-acce
ssible areas.
C. These types of policies would be considered Promiscuous policies.
D. He has implemented Permissive policies for the users working on public comput
ers.
67. Theresa is an IT security analyst working for the United Kingdom Internet Cr
imes Bureau in London. Theresa has been assigned to the software piracy divisio
n which focuses on taking down individual and organized groups that distribute c
opyrighted software illegally. Theresa and her division have been responsible f
or taking down over 2,000 FTP sites hosting copyrighted software. Theresa’s super
visor now wants her to focus on finding and taking down websites that host illeg
al pirated software. What are these sights called that Theresa has been tasked
with taking down?
A. These sites that host illegal copyrighted software are called Warez sites. *
B. These sites that Theresa has been tasked to take down are called uTorrent sit
es.
C. These websites are referred to as Dark Web sites.
D. Websites that host illegal pirated versions of software are called Back Door
sites.
68. You are the systems administrator for your company, a medium-sized state age
ncy in Oregon. You are responsible for all workstations, servers, network equip
ment, and software. You have two junior IT staff that field help desk calls as
their primary duty. Since you are on a limited budget, you have had to get by w
ith outdated hardware and software for many years. After a small increase in yo
ur budget this year, you decide to purchase Microsoft Office 2007 for your agenc
y. This software is licensed for only one copy; but you give it to your junior
IT staff and tell them to install it on every computer in the agency. What have
you asked your IT staff to install on all the computers in the agency?
A. You have asked them to install abusive copies of the Office 2007 software. *
B. You have instructed your IT staff to install pirated copies of Office 2007 on
every computer.
C. By installing one licensed copy, you are asking your staff to use cracked cop
ies of Office 2007.
D. Installing one licensed copy on many different computers is called using an O
EM copy.
69. Calvin is the IT manager for Riverson & Associates, an advertising firm base
d out of Toronto. Calvin is responsible for all IT related situations. The fir
m’s marketing director has asked Calvin to purchase a graphics editing application
to install on two computers in the marketing department. Calvin makes the purc
hase and receives the software in the mail one week later. Calvin installs the
software on the two requested computers. When the marketing users try to use th
e software, it says they need to “Insert device for validation”. Calvin calls the s
oftware company to find out what the issue is. Calvin thought there was a CD ke
y that needed to be used on installation but the company’s support representative
said there should have been a USB device included in the software box. Calvin l
ooks through the software boxes and finds two USB devices. After plugging the d
evices into the computers in marketing, the graphics software works properly. W
hat kind of license validation was used to make the graphics software work corre
ctly?
A. The software company used dongles to ensure license validation. *
B. These USB devices are called hardware validators.
C. The company used logic gates to ensure license validation.
D. The USB devices the software required for license validation are called logic
keys.
70. Harold is a software application developer for 24/7 Gaming Incorporated, an
online gaming company that hosts over 25 online game environments. Harold has w
orked at the company for over 8 years and has risen up through the ranks. One d
ay, Harold comes in to work and is informed that his position is being terminate
d in two weeks for budget reasons. Harold is furious because of all the time an
d effort he has invested in the company. Harold decides to get revenge so he im
plants some hacks into the code of one online game the company hosts. He tells
his friends how to access the code; which lets them see through walls and other
objects within the game while other players cannot. What type of exploit has Ha
rold inserted into the online game?
A. Harold has created a Wall Hack to allow his friends to see through walls and
objects in the game. *
B. He has inserted an Aimbot hack into the game giving his friends an unfair adv
antage over other players.
C. Harold has hacked the online game by inserting a Cham hack into the environme
nt.
D. This type of code exploit is called Strafe-jumping.
71. Wesley is an IT technician working for Bonner-Riddel, a research foundation
located in Lansing. Wesley works on both Windows and Linux-based machines, but
enjoys tweaking and customizing open source applications more. Wesley has been
using a Concurrent Versions System (CVS) to monitor the latest additions and rev
isions to source code he likes to work on. Wesley likes CVS but has issues when
some items are partially checked-in. A colleague of his told him about another
way to monitor source code; this method even tracks directory versioning. What
monitoring method is Wesley’s colleague recommending?
A. He is recommending that Wesley use Subversion Repositories for monitoring. *
B. Wesley’s colleague is recommending that he use Granular Repositories for monito
ring.
C. His colleague has suggested Wesley use Reverse Zone Repositories.
D. He is suggesting the use of Recursive Repositories.
72. Ralph is the network administrator for his company. As well as being respon
sible for the logical and physical network, he is in charge of logical and physi
cal security. Ralph is currently performing a security audit of the company’s net
work, including its two internally-hosted websites. These websites utilize RSS
feeds to update subscribers on current information. While performing his audit,
Ralph is flagged to some irregular code in one of the website pages.

What is the purpose of this code?

A. This code is will log all keystrokes. *
B. This JavaScript code will use a Web Bug to send information back to another s
erver.
C. This code snippet will send a message to a server at 192.154.124.55 whenever
the “escape” key is pressed.
D. This bit of JavaScript code will place a specific image on every page of the
RSS feed.
73. Steven is the help desk manager for Fortified Investors, an investment firm
based in Boston. Steven is responsible for fielding all help desk calls from co
mpany employees. Steven is getting numerous calls from users stating that when
they navigate to one of the company vendor’s websites, their Internet Explorer bro
wser starts to behave abnormally by pulling up pop-ups and being redirected to o
ther pages. All the users that have called Steven are using Internet Explorer f
or their browsers. Steven checks the source code of the vendor’s page and sees so
me odd scripts in the source code. The employees still need to access the vendo
r’s page to perform their work duties so Steven decides to download and install Fi
refox on these users’ computers. When browsing with Firefox, the users do not see
any odd behavior on the website as before. Why are they not seeing the same od
d behavior when browsing the vendor website with Firefox?
A. They are not having issues because Firefox does not support VBScript and Acti
veX. *
B. The users are not experiencing the same issues with Firefox as with Internet
Explorer because Firefox does not support JavaScript.
C. Their new Firefox browsers are not showing the same odd behavior because Fire
fox does not support DHTML and XML.
D. The vendor’s website is not displaying the same behavior because Firefox only s
upports HTML and DHTML.
74. Ryan is the network administrator for Hammerstein Incorporated, a sign manuf
acturing company in Chicago. Ryan holds certificates for certified ethical hack
er and certified hacking forensics investigator. Ryan prefers to use Linux-base
d operating systems, but has to work on Windows computers for much of his work-r
elated duties. Ryan also prefers to use Netscape Navigator on his Windows compu
ters because he believes it is more secure than Internet Explorer. While readin
g a security-related article online one day, he reads that Netscape Navigator ha
s an issue with improperly validating SSL sessions which worries him greatly. W
hat add-on provided for Netscape Navigator could Ryan install that would allevia
te this issue of not properly validating SSL sessions?
A. Ryan can install the Personal Security Manager add-on for Netscape Navigator.
*
B. He needs to download and install the SSL Fixer add-on for Netscape Navigator.
C. If Ryan installs the Safety Zone Navigator add-on, his Netscape Navigator bro
wser will no longer improperly handle SSL sessions.
D. Ryan should download and install the Session Manager add-on for Netscape Navi
gator.
75. Ursula is the systems administrator for GateTime Enterprises, a clock manufa
cturing company in Atlanta. Ursula is in charge of all network equipment as wel
l as network security. Ursula has recently created a set of IT security policie
s which include an acceptable use policy that all employees must sign. Ursula w
ants to install software on a proxy server that will monitor all user Internet t
raffic, enable her to administer Internet policy settings in one place, and prev
ent avoidance of the new acceptable use policy. What kind of proxy server does
Ursula want to implement?
A. Ursula wants to implement an Intercepting Proxy server. *
B. She wants to implement a Forced Proxy server.
C. This would be considered a Split Proxy server since all Internet activity mus
t pass through it.
D. By funneling all Internet traffic through one server, she is implementing a R
everse Proxy server.
76. Travis is an administrative assistant to the executive director of Thuel Ene
rgy, an oil and gas company based in Oklahoma City. Travis has an IT degree, bu
t was not able to get a technical job because of the competitive job market. Tr
avis likes to surf the Internet at work when he has time. He likes to go to soc
ial networking sites to chat with friends and meet new people. Unfortunately, h
is company has recently enacted a computer use and acceptable use policy that pr
ohibits employees from going to social networking sites. To further keep users
from sites they should not go to, the IT department installs a proxy server that
specifically blocks certain websites. Trying to outsmart the company policies,
Travis installs a virtual machine on his computer and a proxy server on that vi
rtual machine. Through the proxy on his own computer, he is able to get around
the company’s Internet proxy and get to the websites he wants to. What type of pr
oxy has Travis installed on his own computer?
A. Travis has installed a Circumventor Proxy on his work computer. *
B. He has installed a Transparent Proxy to bypass the company’s Internet policies.
C. By installing a proxy on his own computer to bypass another proxy, Travis has
implemented a Split Proxy.
D. This would be considered a Reverse Proxy.
77. Stewart is an IT security analyst for his company. Stewart is responsible f
or network security of his entire company. Stewart also does a vast amount of s
ecurity research when time permits. This research usually takes him to websites
that might not have the safest content. Stewart decides to install Proxomitron
on his computer for web filtering. This should help his browser remove banner
ads, Java scripts, offsite images, flash animation, and other potentially harmfu
l objects. What port must Stewart configure his browser to utilize in order to
use Proxomitron?
A. His browser must use the local port 8080 on his computer. *
B. The local host browser must be configured to use 548 on his computer in order
to function.
C. The browser needs to use port 9000.
D. It must be set to utilize port 10421.
78. Harold is the network administrator for Wintrex Systems, a software developm
ent company in Salt Lake City. Harold is responsible for all physical and logic
al network equipment. Wintrex Systems sells most of their products online, so t
hey have a large retail-oriented website where customers can purchase anything t
he company offers. All company workstations are running Windows XP and all serv
ers are running Windows Server 2003. For inventory and product management, Wint
rex uses many SQL Server 2005 databases. Harold has been informed by the compan
y’s CIO that he needs to implement some kind of protection for the corporate datab
ases to prevent intrusions, SQL injection, data leakage, regulatory compliance,
and so on. Harold is not too familiar with database software or protection, but
is inclined to use a company like Symantec since they provide the company’s virus
, backup, and IPS software. If Harold wants to use Symantec, what software prod
uct could he acquire from them that would serve his needs to protect the company’s
SQL databases?
A. He could use the Symantec Database Security solution that they provide. *
B. Symantec provides a software package call SQL Protector that would perform al
l the tasks that Harold needs.
C. He could install and use Symantec SQL Suite which would help Harold perform a
ll the tasks the CIO has requested.
D. He should use Symantec’s Data Guard Pro to protect the company’s data housed in t
he SQL databases.
79. Justin is an electrical engineer working for ZenWorks Navigation, a Global P
ositioning device manufacturing company based in Las Vegas. Justin and a team o
f other engineers are working on the latest GPS handheld system for the company.
ZenWorks previously only produced GPS systems for airplanes, but now wants to
branch out to the individual consumer market. Currently, Justin is trying to wo
rk out errors the devices are experiencing in regards to four variables (latitud
e, longitude, altitude, and time) on the accuracy of a three-dimensional fix. Un
til this issue is resolved, the new devices cannot be finished. What GPS-relate
d issue is Justin currently working on?
A. Justin is working on the Geometric Dilution of Precision problem. *
B. This issue would be considered a problem with the Local Area Augmentation Sys
tem.
C. When a GPS device is having issues with these four variables, it is considere
d a problem with the Wide Area Augmentation System.
D. Justin is experiencing issues with the Signal to Noise Ratio.
80. Theo is an IT security consultant that was just hired on by the city of Seat
tle. Theo has been asked to map out free available wireless hotspots on a chart
that will be published by the city. Theo has never mapped wireless hotspots ov
er such a large range, so he buys software and GPS devices that he thinks will d
o the job. Theo buys two software programs, one for finding the hotspots and on
e to precisely locate his whereabouts on a city map. These two pieces of softwa
re will utilize two GPS devices. To run both these devices at the same time, Th
eo downloads and installs a GPS service daemon on his laptop running Windows XP
SP2 so the GPS applications will not conflict with each other. When Theo opens
both GPS programs, they say they cannot communicate with the GPS devices. What
does Theo need to do to ensure the GPS applications can communicate with the GPS
devices?
A. Theo needs to open TCP port 2947 on the Windows firewall so they can communic
ate. *
B. He should open TCP port 1699 on his local Windows firewall so the application
s can talk to the devices.
C. He needs to install the GPS daemon service on a Linux-based computer since it
will not work on a Windows computer.
D. UDP port 1121 needs to be open on his laptop’s Windows firewall.
81. Mary is a field service technician for Garmin which makes all kinds of GPS d
evices. Mary has been called out to a car rental company that purchased over 10
00 GPS devices to be installed in their rental cars. Almost all the devices app
ear to be getting an error message when they are started up. Mary’s company has d
ecided to send her out to the car rental company instead of them sending back ev
ery GPS device. When Mary gets to the company, she troubleshoots a number of th
e devices but cannot figure out what the issue is. She calls her company’s custom
er support line for some help. The service rep on the phone tells her to force
the devices to perform a cold start. How can Mary force the devices to perform
a cold start?
A. She must hold the Page key down while the units are powering up. *
B. Mary should hold the Mark key down until the units are forced to perform a co
ld start.
C. Mary needs to hold the Enter key down until they reboot.
D. She needs to hold down the Reset key for at least 20 seconds.
82. Darren is the network administrator for Greyson & Associates, a large law fi
rm in Houston. Darren is responsible for all network functions as well as any d
igital forensics work that is needed. Darren is examining the firewall logs one
morning and notices some unusual activity. He traces the activity target to on
e of the firm’s internal file servers and finds that many documents on that server
were destroyed. After performing some calculations, Darren finds the damage to
be around $75,000 worth of lost data. Darren decides that this incident should
be handled and resolved within the same day of its discovery. What incident le
vel would this situation be classified as?
A. This situation would be classified as a mid-level incident. *
B. Since there was over $50,000 worth of loss, this would be considered a high-l
evel incident.
C. Because Darren has determined that this issue needs to be addressed in the sa
me day it was discovered, this would be considered a low-level incident.
D. This specific incident would be labeled as an immediate-level incident.
83. Lyle is the IT director for his company, a large food processing plant in No
rth Carolina. After undergoing a disastrous incident last year where data was d
eleted by a hacker, Lyle has begun creating an incident response team made up of
employees from varying departments. Lyle is now assigning different roles and
responsibilities to the different team members. When handling computer-related i
ncidents, which IT role should be responsible for recovery, containment, and pre
vention to constituents?
A. The Network Administrator should be responsible for recovery, containment, a
nd prevention. *
B. Lyle should be responsible for these issues in computer-related incident hand
ling.
C. The CEO of the company should ultimately be responsible for these types of is
sues.
D. The Security Administrator should be held responsible for recovery, containme
nt, and prevention.
84. Pauline is the IT manager for Techworks, an online retailer based out of St.
Louis. Pauline is in charge of 8 IT employees which include 3 developers. The
se developers have recently created a new checkout website that is supposed to b
e more secure than the one currently being used by the company. After numerous
fraud attempts on the website, the company’s CIO decided that there needed to be a
change; creating a more secure checkout portal that will check for potential fr
aud. This new portal checks for fraud by looking for multiple orders that are t
o be delivered to the same address but using different cards, different orders o
riginating from the same IP address, credit card numbers vary by only a few digi
ts, and users repeatedly submiting the same credit card numbers with different e
xpiration dates. What fraud detection technique will the new retail portal be u
sing?
A. The portal will be using pattern detection to check for potential fraud. *
B. The new site created by the developers will be using reverse lookup detection
to see if fraud is involved.
C. The developers have written the new portal to utilize round robin checking to
see if visitors are attempting fraud.
D. The new website portal will be using anomaly variance detection to look for f
raud in transactions on the site.
85. Hanna is the network administrator for her company. Hanna is responsible fo
r all network functions, including corporate email. Hanna receives a call from
the Director of Administration one morning saying he cannot access one of his ar
chive files. Hanna goes to the director’s office and tries to open the archive fi
le from inside his Outlook 2003 client. The program says that she needs a passw
ord to open the file. Apparently, the director password protected the archive f
ile without realizing it. What program could Hanna use to recover the archive p
assword for the director?
A. She could download and install PstPassword to recover the password of the arc
hive file. *
B. Outlook Revealer would be the best application to recover the password.
C. Hanna could run ArchiveRestore to find the password for the archive file.
D. She should use PwdRecover Toolset to retrieve the password for the archive fi
le.
86. Heather is the network administrator for her company, a small medical billin
g company in Billings. Since the company handles personal information for thous
ands of clients, they must comply with HIPAA rules and regulations. Heather dow
nloads all the HIPAA requirements for information security and begins an audit o
f the company. Heather finds out that many of the billing technicians have been
sending sensitive information in PDF documents to outside companies. To protec
t this information, they have been password protecting the PDF documents. Heath
er has informed all the technicians that this method of protecting the data is n
ot safe enough. Why is using passwords to protect PDF documents not enough to s
afeguard against information leakage?
A. This is not enough protection because PDF passwords can easily be cracked by
many different software applications. *
B. The technicians should not only rely on PDF passwords because the passwords a
re sent as an attached text file went sent through email.
C. Since PDF password protection alone does not comply with SOX; they should not
solely rely on them for protection.
D. PDF passwords are not reliable because they are completely stripped off from
the documents once they are passed through email.
87. You are the IT manager for a small investment firm in Los Angeles. Includin
g you, the firm only employs a total of 20 people. You were hired on last month
to take over the position of the last IT manager that was fired. The last mana
ger did not have any security measures in place for the firm’s network; which led
to a data breach. You have decided to purchase the Check Point firewall model F
irewall-1 to help secure the network. You have chosen this particular firewall
because of its adaptive and intelligent inspection technology that protects both
the network and application layers. What built-in technology used by Check Poi
nt firewalls protects traffic on both the network and application layers?
A. Check Point firewalls use the INSPECT technology. *
B. They utilize built-in technology called SORT.
C. You have chosen a Check Point firewall because of its adaptive STINGER techno
logy.
D. The built-in technology used by Check Point firewalls for traffic inspection
is called SEARCH & DESTROY.
88. Dylan is the systems administrator for Intern Support Staffing, an IT staffi
ng company in Oregon. All workstations on the company’s network are running Windo
ws XP SP2 except for three laptops that run MAC OS X. Even though Dylan has set
up and configured a hardware firewall for the company, a recent audit suggested
he utilize application-level firewalls for all workstations and mobile computers
. Dylan configures the Windows Firewall settings for the Windows computers. Dy
lan then downloads and installs Doorstop X Firewall onto the MAC laptops. After
installation, none of the MAC laptops can connect to any other computers on the
network. Why are these laptops not able to connect to other computers after Dy
lan installed Doorstop X Firewall?
A. The laptops cannot connect because all TCP ports are protected by default whe
n Doorstop X Firewall is installed. *
B. They cannot make a connection because he needs to modify the firewall.conf fi
le before they can use the software properly.
C. Dylan needs to modify the local firewall.data files on all the MAC laptops be
fore they can function properly.
D. They cannot connect to other computers on the network because Dylan needs to
install the “Network Services for MAC” piece on all the Windows workstations.
89. Geoffrey is the systems administrator for Veering Incorporated, a custom car
manufacturer in California. Geoffrey administers the corporate Windows Server
2003 Active Directory network. He is also responsible for logical security. Al
l computers are under one domain named veering.com. Geoffrey has organized all
user accounts by placing them in an Organizational Unit (OU) named Company Users
. He has also created another OU named Company Computers that contains all comp
uter accounts. After implementing a strong password policy through Active Direc
tory, the executive team tells Geoffrey the policy is too stringent for them and
they would like their own policy. How can Geoffrey apply a different policy to
the members of the executive team?
A. Geoffrey must create a new domain and move their user accounts to that domain
. *
B. He needs to move their user accounts to a different OU, create a new password
 policy for that OU, and deny the other policy from applying to that OU.
C. Geoffrey needs to move their computer accounts to a different OU, create a ne
w password policy for that OU, and deny the other policy from applying to that O
U.
D. He can create a WMI filter that keeps the current policy from applying to the
ir machines.
90. Kevin is the systems administrator for Inktime International, an ink cartrid
ge replacement company based out of New Orleans. €Kevin has been told by his boss
that he needs to change the password policy on the network.
Users are apparently reusing passwords over and over and changing them immediate
ly whenever IT resets their passwords for them.
Kevin s boss doesn t want users to be able to change their passwords so often or
be able to change their password right after IT resets their passwords. €The comp
any s network consists of one 2003 Active Directory domain. €What password policy
settings does Kevin need to adjust to accomplish what his boss has asked him to
do? (Select 2)
A. Kevin needs to adjust the "Minimum Password Age" setting. *
B. He should change the "Enforce Password History" setting in the Group Policy s
ettings module. *
C. Kevin should adjust the "Maximum Password Age" Group Policy setting.
D. To accomplish what his boss has asked, Kevin needs to adjust the "Enforce Use
r Change at Next Logon" policy.
91. Charlie is the systems administrator for his company, an aeronautics enginee
ring company based in Dallas. Charlie is responsible for the entire network whi
ch consists of one Server 2008 Active Directory domain. All user accounts are i
n respective department Organizational Units (OU) such as Accounting Users, HR U
sers, and so on. All computer accounts are in respective department OUs such as
Accounting Computers, HR Computers, and so on. The user accounts for the compa
ny’s management team are all under the Management Users OU. The computer accounts
for the company’s management team are all under the Management Computers OU. Cha
rlie has assigned a fine-grained password policy to only the management team bec
ause they wanted a different password policy than the rest of the company. Acco
rding to company policy, all user accounts must have a password expiration polic
y applied to them. The management team does not want to have to deal with chang
ing their passwords often like the other users. What is the maximum password ag
e that Charlie can set for the management team in a Server 2008 Active Directory
domain?
A. The maximum age of a password in 2008 is 999 days. *
B. This is not possible since only one password policy can be set per domain in
2008.
C. The maximum age for passwords that Charlie can set for the management team is
9999 days.
D. He can adjust the password policy to allow for up to 99 days on password age.
92. Sherral is the systems administrator for Trigon Technologies, a software dev
elopment company in Wichita. She oversees the entire network which consists of
one Windows Server 2003 Active Directory domain. To accommodate 20 new mobile u
sers, Sherral has enabled Challenge Handshake Authentication Protocol (CHAP) and
remote access to let the remote users get into the network from the outside. A
fter applying these settings, Sherral receives calls from the remote users stati
ng that they cannot authenticate with the network. What password policy change
must she configure to allow the remote users access to the network?
A. She must enable the “Store password using reversible encryption for all users i
n the domain” setting in the Default Domain Group Policy. *
B. Sherral needs to disable the “Require Kerberos Authentication” setting in the Def
ault Domain Group Policy.
C. So that remote workers using CHAP can connect to an Active Directory domain,
Sherral must enable the “Allow logon using CHAP” setting in the Default Domain Group
Policy.
D. To allow these new remote users access, she needs to enable the “Password must
meet complexity requirements” setting.
93. Willem is the network administrator for his company, a toy manufacturing com
pany in London. Willem manages the entire company’s network which consists of one
Server 2003 Active Directory domain. Willem was hired on last month to replace
the last administrator that retired. To Willem’s amazement, the company previous
ly had no password policies in place. The CIO has just recently created new net
work policies which include a comprehensive password policy. This new password
policy states that every password setting in group policy must be set. After im
plementing this new policy, many users are calling Willem and stating that they
locked themselves out of their accounts. The CIO’s policy states that once a user
locks him or herself out, they must wait a period of time until that account is
unlocked. Willem has convinced the CIO to let him change that specific passwor
d policy so that Willem must manually unlock user accounts when they call. What
setting must Willem adjust to ensure that user accounts must be manually reset
by him when they are locked out?
A. Willem should change the “Account Lockout Duration” setting to zero minutes. *
B. He needs to adjust the “Account Lockout Duration” setting to 99,999 minutes.
C. By setting the “Account Lockout Duration” policy to disabled, he will have to man
ually unlock every locked user account.
D. William needs to change the “Account Lockout Threshold” to zero minutes.
94. Richard is the systems administrator for BillRight Incorporated, a medical b
illing company in Minneapolis. Richard is currently writing the company’s IT secu
rity policies. Based on instructions from the IT director, Richard has written
the password policy to require complex passwords, passwords must be at least 8 c
haracters, and user accounts will be locked out after 5 unsuccessful attempts to
help prevent against brute force attacks. One of the IT policies also states t
hat user computers must utilize a password protected screensaver that is activat
ed after 20 minutes of inactivity. Richard wants the logon attempts to unlock a
screensaver to apply towards the number of attempts that will lockout a user ac
count if tried too many times. How can Richard apply this setting across the ne
twork if it is running under one Windows Server 2003 Active Directory domain?
A. Richard needs to enable the “Interactive logon: Require Domain Controller authe
ntication to unlock workstation” setting in Group Policy. *
B. He should enable the “Domain Controller: Require screensaver authentication to
unlock” setting.
C. This can be set in Group Policy by enabling the “Interactive logon: Require loc
al SAM authentication to unlock workstation” setting.
D. Richard can apply this setting network-wide if he enables “Domain Controller: A
uthenticate workstation unlocking”.
95. Jerald is the systems administrator for his company. Jerald is responsible
for all servers, workstations, and network security. Based on company policy, e
very available auditing feature is turned on for the network through Group Polic
y. Jerald comes in to work one morning and two of his Domain Controllers are co
mpletely shut down. Jerald boots the two machines up and checks their event log
s. Then Jerald checks the firewall logs to see if anything stands out. From th
e event and firewall logs, it appears that a hacker was able to gain access to t
he two servers using an old unused service account that had a weak password. Th
e hacker then was apparently able to generate millions of erroneous events in th
e server event logs which caused them to shut down. What setting does Jerald ne
ed to adjust to prevent this same issue from happening again?
A. Jerald needs to disable the “Audit: Shut down system immediately if unable to l
og security audits” setting. *
B. He should enable the “Domain member: Do not shut down system if unable to log e
vents” setting.
C. To prevent the servers from shutting down in the future, Jerald needs to disa
ble logging on those two Domain Controllers.
D. Jerald should enable the “Audit: Do not shut down system if events can no longe
r be logged” setting.
96. Raul is the network administrator for Davidson Pipe, an oil pipeline manufac
turing company in San Antonio. Raul manages a team of 10 IT personnel which inc
ludes two software developers. The company network consists of one Windows Serv
er 2003 Active Directory domain. These developers have recently created a custo
m inventory application that will run on one of the company’s servers and all the
workstations. Raul has created a domain account on the network which will serve
as the service account used by the new custom application. The developers have
informed Raul that this service account will need to run as a process on client
computers and will need to be able to use the identity of any user and access t
he resources authorized to that user. Raul wants to make one centralized settin
g change on the network to make sure the service account will work properly when
running the application. What Group Policy setting can Raul edit to affect thi
s change on the network?
A. Raul needs to add the new service account to the list of users in the “Act as p
art of the operating system” Default Domain Group Policy. *
B. He should add the new service account to the users list in the “Act as SYSTEM a
ccount on domain computers” Default Domain Group Policy.
C. If he adds the new service account to the list of users in the “Impersonate a c
lient after authentication” setting in the Default Domain Group Policy, the applic
ation will work properly.
D. He needs to add this service account to the users list in the “Replace a proces
s level token” Default Domain Group Policy.
97. Louis is the senior systems administrator for the University of Eastern Wyom
ing. Louis manages 25 IT technicians and junior systems administrators. The Un
iversity’s network consists of one Windows Server 2003 Active Directory domain. A
ll domain user accounts are contained in one Organizational Unit (OU) called Sta
ff. All domain computer accounts are contained in one OU called Computer Accoun
ts. Louis wants one of his junior systems administrators, Steven, to be able to
add workstations to the domain. All computer accounts are added to the Compute
r Accounts OU by default when they are joined to the domain. Louis has given th
e “Add workstations to domain” permission to Steven’s user account, but he is still no
t able to add computer accounts to the domain. What else does Louis need to do
to ensure that Steven can add computers to the domain?
A. Louis needs to give Steven “Create computer objects” permission for the Computer
Accounts OU. *
B. To allow Steven the permission to add computers to the domain, Louis needs to
make Steven a Domain Admin.
C. Steven needs the “Create nisMap Objects” permission for the Computer Accounts OU.
D. Louis should give Steven the “Take ownership of” permission for the Computer Acco
unts OU.
98. Jayson is the network administrator for Consultants Galore, an IT consulting
firm based in Kansas City. Jayson is responsible for the company’s entire networ
k which consists of one Windows Server 2003 Active Directory domain. Almost all
employees have Remote Desktop access to the servers so they can perform their w
ork duties. Jayson has created a security group in Active Directory called “RDP D
eny” which contains all the user accounts that should not have Remote Desktop perm
ission to any of the servers. What Group Policy change can Jayson make to ensur
e that all users in the “RDP Deny” group cannot access the company servers through R
emote Desktop?
A. Jayson needs to add the “RDP Deny” group to the “Deny logon through Terminal Servic
es” policy. *
B. He should add the “RDP Deny” group to the “Deny RDP connections to member servers” po
licy.
C. By adding the “RDP Deny” group to the “Deny logon as a service” policy, the users in
that security group will not be able to establish remote connections to any of t
he servers.
D. Jayson should add the “RDP Deny” group into the list of Restricted Groups to prev
ent the users from accessing servers remotely.
99. Phillip is the systems administrator for Photopia Incorporated, a camera man
ufacturing company in Des Moines. Phillip is responsible for the company’s entire
network which consists of one 2003 Active Directory domain. Some computer acco
unts have been placed in a special Organizational Unit (OU) called Restricted Co
mputer Accounts because those computers have been placed outside the firewall to
allow for video conferencing. These computers are all running Windows XP SP2.
These computers have very stringent group policies applied to them so they can
be as secure as possible. In particular, the “Accounts: Administrator account sta
tus” setting in group policy is set to disabled. While performing a security audi
t, Phillip finds some hacking software on one of the computers in the Restricted
Computer Accounts OU. He immediately takes that computer offline to keep it fr
om infecting or contaminating any more computers. Phillip cannot logon to the c
omputer as an administrator since the group policy was set to disable that accou
nt. How can Phillip logon to this computer as administrator if he must keep if
offline?
A. Phillip can logon as the administrator if he boots the computer in Safe Mode.
*
B. If Phillip runs the gpupdate command on the computer, he will be able to logo
n as the administrator.
C. He needs to run the gpresult /force command on the computer.
D. Phillip should boot the computer in VGA mode.
100. Lionel is an IT security consultant currently working on contract for a car
manufacturing company in Philadelphia. Lionel has been brought in to asses the
company’s network security state. This manufacturing company’s network is comprise
d of one 2003 Active Directory domain. He has been given permission to perform
any and all necessary tests against the network. Lionel interviews the IT staff
for the company to get a feel for the logical security measures they have alrea
dy put in place. The IT manager for the company says that the biggest security
precaution they have taken is to rename the administrator account on the network
. The manager believes that this will keep any hackers from ever using the admi
nistrator account to perform attacks. Lionel informs the IT manager that while
changing the administrator name is a good idea, the account can still possibly b
e cracked. How can an administrator account still be cracked even though the na
me has been changed?
A. The SID for the administrator account does not change. *
B. The administrator name will still be used if connecting through a NULL sessio
n.
C. An administrator account can still be cracked because the GUI for that accoun
t does not change when the name itself is changed.
D. It can still be cracked since the name is still stored in clear text as “admini
strator” in the local SAM database.