CEH V6 Study Guide -----------------1.

Jason is the network security administrator for Gunderson International, a gl obal shipping company based out of New York City. Jason’s company utilizes many l ayers of security throughout its network such as network firewalls, application firewalls, vlans, operating system hardening, and so on. One thing in particula r the company is concerned with is the trustworthiness of data and resources in terms of preventing improper and unauthorized changes. Since the company is glo bal, information is sent constantly back and forth to all its employees all over the world. What in particular is Jason’s company concerned about? A. Jason’s company is particularly concerned about data integrity. * B. Authenticity is what the company is most concerned about. C. The confidentiality of the company’s data is the most important concern for Gun derson International. D. The availability of the data is paramount to any other concern of the company . 2. Yancey is a network security administrator for a large electric company. Thi s company provides power for over 100,000 people in Las Vegas. Yancey has worke d for his company for over 15 years and has become very successful. One day, Ya ncey comes in to work and finds out that the company will be downsizing and he w ill be out of a job in two weeks. Yancey is very angry and decides to place log ic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing t o him. What would Yancey be considered? A. Yancey would be considered a Suicide Hacker. * B. Since he does not care about going to jail, he would be considered a Black Ha t. C. Because Yancey works for the company currently; he would be a White Hat. D. Yancey is a Hacktivist Hacker since he is standing up to a company that is do wnsizing. 3. Heather is a hacktivist working for Green Peace International. She has broke n into numerous oil and energy companies and exposed their confidential data to the public. Normally, Heather uses a combination of social engineering and DoS techniques to gain access to the companies’ networks. Heather has made over 50 fa ke ID cards and access badges to gain unauthorized access to companies to gain i nformation as well. If Heather is caught by the federal government, what US law could she be prosecuted under? A. She could be prosecuted under US law 18 U.S.C § 1029 if caught. * B. Heather would be charged under 18 U.S.C § 2510, which entails the use of more t han 15 counterfeit items. C. 18 U.S.C § 9914 is the US law that Heather would be prosecuted under since she used false pretenses to gain unauthorized access. D. Heather would serve prison time for her actions if prosecuted under US law 18 U.S.C § 2929. 4. Stephanie is the senior security analyst for her company, a manufacturing com pany in Detroit. Stephanie is in charge of maintaining network security through out the entire company. A colleague of hers recently told her in confidence tha t he was able to see confidential corporate information on Stephanie’s external we bsite. He was typing in URLs randomly on the company website and he found infor mation that should not be public. Her friend said this happened about a month a go. Stephanie goes to the addresses he said the pages were at, but she finds no

thing. She is very concerned about this, since someone should be held accountab le if there really was sensitive information posted on the website. Where can S tephanie go to see past versions and pages of a website? A. Stephanie can go to Archive.org to see past versions of the company website. * B. She should go to the web page Samspade.org to see web pages that might no lon ger be on the website. C. If Stephanie navigates to Search.com; she will see old versions of the compan y website. D. AddressPast.com would have any web pages that are no longer hosted on the com pany’s website. 5. You are the chief information officer for your company, a shipping company ba sed out of Oklahoma City. You are responsible for network security throughout t he home office and all branch offices. You have implemented numerous layers of security from logical to physical. As part of your procedures, you perform a ye arly network assessment which includes vulnerability analysis, internal network scanning, and external penetration tests. Your main concern currently is the se rver in the DMZ which hosts a number of company websites. To see how the server appears to external users, you log onto a laptop at a Wi-Fi hotspot. Since you already know the IP address of the web server, you create a telnet session to t hat server and type in the command: HEAD /HTTP/1.0 After typing in this command, you are presented with the following screen:

What are you trying to do here? A. You are trying to grab the banner of the web server. * B. You are attempting to send an html file over port 25 to the web server. C. You are trying to open a remote shell to the web server. D. By typing in the HEAD command, you are attempting to create a buffer overflow on the web server. 6. Kyle is a security consultant currently working under contract for a large fi nancial firm based in San Francisco. Kyle has been asked by the company to perf orm any and all tests necessary to ensure that every point of the network is sec ure. Kyle first performs some passive footprinting. He finds the company’s websi te which he checks out thoroughly for information. Kyle sets up an account with the company and logs on to their website with his information.

Kyle changes the URL to:

This address produces a Page Cannot be Displayed error. Kyle then types in anot her URL:

What is Kyle attempting here? A. Kyle is trying incremental substitution to navigate to other pages not normal ly available. *

B. Kyle is using extension walking to gain access to other web pages. C. He is using error walking to see what software is being used to host the fina ncial institution’s website. D. By changing the address manually, Kyle is attempting ASP poisoning. 7. George is the senior security analyst for Tyler Manufacturing, a motorcycle m anufacturing company in Seattle. George has been tasked by the president of the company to perform a complete network security audit. The president is most co ncerned about crackers breaking in through the company’s web server. This web ser ver is vital to the company’s business since over one million dollars of product i s sold online every year. The company’s web address is at: www.customchoppers.co m. George decides to hire an external security auditor to try and break into th e network through the web server. This external auditor types in the following Google search attempting to glean information from the web server: What is the auditor trying to accomplish here? A. He is trying to search for all web pages on the customchoppers site without e xtensions of html and htm. * B. The auditor is having Google retrieve all web pages on the Tyler Manufacturin g website that either have the extension of html or htm. C. He is attempting to retrieve all web pages the might have a login page to the company’s backend database. D. The auditor that George has hired is trying to find pages with the extension of html or htm that link directly to customchoppers.com. 8. Jonathan is an IT security consultant working for Innovative Security, an IT auditing company in Houston. Jonathan has just been hired on to audit the netwo rk of a large law firm in downtown Houston. Jonathan starts his work by perform ing some initial passive scans and social engineering. He then uses Angry IP to scan for live hosts on the firm’s network. After finding some live IP addresses, he attempts some firewalking techniques to bypass the firewall using ICMP but t he firewall blocks this traffic. Jonathan decides to use HPING2 to hopefully by pass the firewall this time. He types in the following command:

What is Jonathan trying to accomplish by using HPING2? A. Jonathan is attempting to send spoofed SYN packets to the target via a truste d third party to port 81. * B. He is using HPING2 to send FIN packets to over port 81. C. By using this command for HPING2, Jonathan is attempting to connect to the ho st at through an SSH shell. D. This HPING2 command that Jonathan is using will attempt to connect to the 10. 0.1.24 host over HTTP by tunneling through port 81. 9. Hayden is the network security administrator for her company, a large marking firm based in Miami. Hayden just got back from a security conference in Las Ve gas where they talked about all kinds of old and new security threats; many of w hich she did not know of. Hayden is worried about the current security state of her company’s network so she decides to start scanning the network from an extern al IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to st op the session. She has done this to see how her intrusion detection system wil l log the traffic. What type of scan is Hayden attempting here? A. Hayden is using a half-open scan to find live hosts on her network. *

B. Hayden is attempting to find live hosts on her company’s network by using an XM AS scan. C. She is utilizing a SYN scan to find live hosts that are listening on her netw ork. D. This type of scan she is using is called a NULL scan. 10. Paul is the systems administrator for One-Time International, a computer man ufacturing company. Paul is in charge of the company’s older PBX system as well a s its workstations and servers. The company’s internal network is connected to th e PBX phone system so that customized software applications used by employees ca n use the PBX to dial out to customers. Paul is concerned about crackers breaki ng into his network by way of the PBX. He is particularly worried about war dia ling software that might try all of the company’s numbers to find a way in. What software utility can Paul use to notify him if any war dialing attempts are made on his PBX? A. Paul can use SandTrap which would notify him if anyone tries to break into th e PBX.* B. If Paul uses ToneLoc, he will be notified by the software when and if anyone tries to crack into the PBX system. C. THC Scan would be the best software program for Paul to use if he wants to be notified of war dialer attacks. D. Paul needs to use Roadkil’s Detector software to tell if a hacker is trying to break into his phone system 11. You are the chief security information analyst for your company Utilize Inco rporated. You are currently preparing for a future security audit that will be performed by a consulting company. This security audit is required by company p olicy. To prepare, you are performing vulnerability analysis, scanning, brute f orce, and many other techniques. Your network is comprised of Windows as well a s Linux servers. From one of the client computers running Linux, you open a com mand shell and type in the following command:

What are you trying to accomplish? A. You are attempting to establish a null session on the host. * B. You are trying to connect to this host at the IPC share using the currently l ogged on user’s credentials. C. By typing in this command, you are attempting to connect to the SMB share on the host using an Anonymous connection. D. You are trying to connect to the localhost share of the client computer. 12. Lauren is a network security officer for her agency, a large state-run agenc y in California. Lauren has been asked by the IT manager of another state agenc y to perform a security audit on their network. This audit she has been asked t o perform will be an external audit. The IT manager thought that Lauren would b e a great candidate for this task since she does not work for the other agency b ut is an accomplished IT auditor. The first task that she has been asked to per form is to attempt to crack user passwords. Since Lauren knows that all state a gency passwords must abide by the same password policy, she believes she can fin ish this particular task quickly. What would be the best password attack method for Lauren to use in this situation? A. Lauren should use a rule-based attack on the agency’s user passwords. * B. Lauren can produce the best and fastest results if she uses a dictionary atta ck. C. A hyberfil-based password attack would be the best method of password crackin g in this scenario.

D. She should utilize the reverse-encryption password cracking technique since she knows the password policy. 13. Simon is the network administrator for his company. Simon is also an IT sec urity expert with over 10 security-related certifications. Simon has been asked by the company CIO to perform a comprehensive security audit of the entire netw ork. After auditing the network at the home office without finding any issues, he travels to one of the company’s branch offices in New Orleans. The first task that Simon carries out is to set up traffic mirroring on the internal-facing por t of that office’s firewall. On this port, he uses Wireshark to capture traffic. Alarmingly, he finds a huge number of UDP packets going both directions on port s 2140 and 3150. What is most likely occurring here? A. A client inside the network has been infected with the Deep Throat Trojan. * B. This type of traffic is indicative of the Netbus Trojan. C. Most likely, a computer inside the network is infected with the SQL Slammer w orm. D. Seeing traffic on UDP ports 2140 and 3150 means that a computer is infected w ith the Bobax Trojan 14. Tyler is the senior security officer for WayUP Enterprises, an online retail company based out of Los Angeles. Tyler is currently performing a network secu rity audit for the entire company. After seeing some odd traffic on the firewal l going outbound to an IP address found to be in North Korea, Tyler decides to l ook further. Tyler traces the traffic back to the originating IP inside the net work; which he finds to be a client running Windows XP. Tyler logs onto this cl ient computer and types in the following command:

What is Tyler trying to accomplish by using this command? A. Tyler is trying to find out all the ports that are listening on this computer . * B. Tyler is using this command to find all the host records that are stored on t he local client computer. C. By using this command, Tyler is closing all open TCP and UDP sessions on the computer. D. This command will show Tyler if there are any Trojan programs installed on th is computer. 15. Lyle is a systems security analyst for Gusteffson & Sons, a large law firm i n Beverly Hills. Lyle’s responsibilities include network vulnerability scans, Ant ivirus monitoring, and IDS monitoring. Lyle receives a help desk call from a us er in the Accounting department. This user reports that his computer is running very slow all day long and it sometimes gives him an error message that the har d drive is almost full. Lyle runs a scan on the computer with the company antiv irus software and finds nothing. Lyle downloads another free antivirus applicat ion and scans the computer again. This time a virus is found on the computer. The infected files appear to be Microsoft Office files since they are in the sam e directory as that software. Lyle does some research and finds that this virus disguises itself as a genuine application on a computer to hide from antivirus software. What type of virus has Lyle found on this computer? A. Lyle has discovered a camouflage virus on the computer. * B. By using the free antivirus software, Lyle has found a tunneling virus on the computer. C. This type of virus that Lyle has found is called a cavity virus. D. Lyle has found a polymorphic virus on this computer.

16. Miles is a network administrator working for the University of Central Oklah oma. Miles’ responsibilities include monitoring all network traffic inside the ne twork and traffic coming into the network. On the university’s IDS, Miles notices some odd traffic originating from some client computers inside the network. Mi les decides to use Tcpdump to take a further look.

What is Miles going to accomplish by running this command? A. Miles is trying to capture all UDP traffic from client1 and the LAN except fo r traffic to client29. * B. He is trying to see all UDP traffic between client1 and client29 only. C. This command will capture all traffic on the internal network except for traf fic originating from client1 and client29. D. Miles will be able to capture all traffic on the network originating from cli ent1 and client29 except UDP traffic. 17. Neil is an IT security consultant working on contract for Davidson Avionics. Neil has been hired to audit the network of Davidson Avionics. He has been gi ven permission to perform any tests necessary. Neil has created a fake company ID badge and uniform. Neil waits by one of the company’s entrance doors and follo ws an employee into the office after they use their valid access card to gain en trance. What type of social engineering attack has Neil employed here? A. Neil has used a tailgating social engineering attack to gain access to the of fices. * B. He has used a piggybacking technique to gain unauthorized access. C. This type of social engineering attack is called man trapping. D. Neil is using the technique of reverse social engineering to gain access to t he offices of Davidson Avionics. 18. Xavier is a network security specialist working for a federal agency in Wash ington DC. Xavier is responsible for maintaining agency security policies, teac hing security awareness classes, and monitoring the overall health of the networ k. One of Xavier’s coworkers receives a help desk call from a user who is having issues navigating to certain sites on the Internet. Xavier’s coworker cannot figu re out the issue so he hands it off to Xavier. He logs on to the user’s computer and goes to a couple of websites the user said were having issues. When Xavier types in www.Google.com, it takes him to Boogle.com instead. When Xavier types in Yahoo.com, it takes him to Yahooo.com instead. Xavier checks all the IP sett ings on the computer which are static and they appear to be correct. Xavier che cks the local DNS settings as well as the DNS settings on the server and they ar e correct. Xavier opens a command window and types in: ipconfig /flushdns. Wh en he navigates to the previous sites, he is still directed to the wrong ones. What issue is Xavier seeing here on the client computer? A. This client computer has had the hosts file poisoned. * B. From this behavior, it is evident that the client computer’s DNS cache has been poisoned. C. Xavier is seeing a computer that has been infected with an IRC bot Trojan. D. This computer has obviously been hit by a Smurf attack. 19. Javier is a network security consultant working on contract for a state agen cy in Texas. Javier has been asked to test the agency’s network security from eve ry possible aspect. Javier decides to use the Reaper Exploit virus to see if he can exploit any weaknesses in the company’s email. He infects a couple of comput ers with the virus and waits for the users of those machines to use their email client. After a short amount of time, he receives numerous emails that were cop

ied from those clients; this proving that the client computers are susceptible t o the Reaper Exploit virus exploiting their email clients. What aspect of email clients does this exploit take advantage of? A. The Reaper Exploit uses the functionality of DHTML in Internet Explorer, used by Microsoft Outlook. * B. This exploit takes advantage of hidden form fields which are used by email cl ients such as Microsoft Outlook. C. This Reaper Exploit virus takes advantage of the inherent insecurity in S/MIM E used by email clients like Outlook. D. Email clients like Outlook are susceptible to this exploit because they utili ze XML and XMLS. 20. You are an IT security consultant working on a six month contract with a lar ge energy company based in Kansas City. The energy company has asked you to per form DoS attacks against its branch offices to see if their configurations and n etwork hardening can handle the load. To perform this attack, you craft UDP pac kets that you know are too large for the routers and switches to handle. You al so put confusing offset values in the second and later fragments to confuse the network if it tries to break up the large packets. What type of attack are you going to attempt on the company’s network? A. You are going to attempt a teardrop attack to see if their network can handle the packets. * B. This type of attack is referred to as a Ping of Death attack since the packet s use confusing offset values. C. By changing the characteristics of the UDP packets in this manner, you are tr ying to use a Smurf attack against the company’s network. D. This attack is called a SYN attack since the UDP packets are manipulated. 21. Bill is an IT security consultant who has been hired on by an ISP that has r ecently been plagued by numerous DoS attacks. The ISP did not have the internal resources to prevent future attacks, so they hired Bill for his expertise. Bil l looks through the company’s firewall logs and can see from the patterns that the attackers were using reflected DoS attacks. What measures can Bill take to hel p prevent future reflective DoS attacks against the ISP’s network? (Select 2) A. Bill should have the ISP block port 179 on their firewall to stop these DoS a ttacks. * B. He should have them configure their network equipment to recognize SYN source IP addresses that never complete their connections. * C. Bill needs to tell the ISP to block all UDP traffic coming in on port 1001 to prevent future reflective DoS attacks against their network. D. Bills should configure the ISP’s firewall so that it blocks FIN packets that ar e sent to the broadcast address of the company’s internal IP range. 22. Gerald is a certified ethical hacker working for a large financial instituti on in Oklahoma City. Gerald is currently performing an annual security audit of the company’s network. One of the company’s primary concerns is how the corporate data is transferred back and forth from the banks all over the city to the data warehouse at the company’s home office. To see what type of traffic is being pass ed back and forth and to see how secure that data really is, Gerald uses a sessi on hijacking tool to intercept traffic between a server and a client. Gerald hi jacks an HTML session between a client running a web application which connects to a SQL database at the home office. Gerald does not kill the client’s session; he simply monitors the traffic that passes between it and the server. What type of session attack is Gerald employing here? A. Gerald is using a passive application level hijack to monitor the client and server traffic. *

B. He is utilizing a passive network level hijack to see the session traffic use d to communicate between the two devices. C. This type of attack would be considered an active application attack since he is actively monitoring the traffic. D. This type of hijacking attack is called an active network attack. 23. Theresa is the chief information security officer for her company, a large s hipping company based out of New York City. In the past, Theresa and her IT emp loyees manually checked the status of client computers on the network to see if they had the most recent Microsoft updates. Now that the company has added over 100 more clients to accommodate new departments, Theresa must find some kind of tool to see whether the clients are up-to-date or not. Theresa decides to use Qfecheck to monitor all client computers. When Theresa runs the tool, she is re peatedly told that the software does not have the proper permissions to scan. T heresa is worried that the operating system hardening that she performs on all c lients is keeping the software from scanning the necessary registry keys on the client computers. What registry key permission should Theresa check to ensure t hat Qfecheck runs properly? A. She needs to check the permissions of the HKEY_LOCAL_MACHINE\SOFTWARE\Microso ft\Updates registry key. * B. Theresa needs to look over the permissions of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Updates\Microsoft\Patches. C. In order for Qfecheck to run properly, it must have enough permission to read HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Microsoft\Updates. D. The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micros oft must be checked. 24. Leonard is the senior security analyst for his company, Meyerson Incorporate d. Leonard has recently finished writing security policies for the company that have just been signed off by management. Every employee has had to sign off on the policies, agreeing to abide by them or face disciplinary action. One polic y in particular is being enforced; employees are not allowed to use web-based em ail clients such as Hotmail, Yahoo, and Gmail. This has been put in place becau se of virus infections that started with web-based email. While walking through the office one day, Leonard notices an employee using Hotmail. To prove a poin t, Leonard sends an email to this users Hotmail account with the following code.

What will this code do on the employee’s computer once the email is opened? A. This code will create pop-up windows on the employee’s computer until its memor y is exhausted. * B. This HTML code will force the computer to reboot immediately. C. Once the employee opens the email with this code, his computer will send out messages to the network with the title of “You are in trouble!”. D. This code will install a counter on the employee’s computer that will count eve ry time that user opens web-based email. 25. Cheryl is a security analyst working for Shintel Enterprises, a publishing c ompany in Boston. As well as monitoring the security state of the company’s netwo rk, she must ensure that the company’s external websites are up and running all th e time. Cheryl performs some quick searches online and finds a utility that wil l display a window on her desktop showing the current uptime statistics of the w ebsites she needs to watch. This tool works by periodically pinging the website s; showing the ping time as well as a small graph that allows Cheryl to view the recent monitoring history. What tool is Cheryl using to monitor the company’s ex ternal websites?

A. * B. C. D.

She is using Emsa Web monitor to check on the status of the company’s websites. Cheryl is utilizing AccessDiver to check on the websites’ status. To monitor her company’s websites, Cheryl is using Acunitex. Cheryl has chosen to use Burp to check on the status of the company’s websites.

26. James is an IT security consultant as well as a certified ethical hacker. J ames has been asked to audit the network security of Yerta Manufacturing, a tool manufacturing company in Phoenix. James performs some initial external tests a nd then begins testing the security from inside the company’s network. James find s some big problems right away; a number of users that are working on Windows XP computers have saved their usernames and passwords used to connect to servers o n the network. This way, those users do not have to type in their credentials e very time they want access to a server. James tells the IT manager of Yerta Man ufacturing about this, and the manager does not believe this is possible on Wind ows XP. To prove his point, James has a user logon to a computer and then James types in a command that brings up a window that says “Stored User Names and Passw ords”. What command did James type in to get this window to come up? A. James had to type in “rundll32.exe keymgr.dll, KRShowKeyMgr” to get the window to pop up. * B. To bring up this stored user names and passwords window, James typed in “rundll 32.exe storedpwd.dll, ShowWindow”. C. The command to bring up this window is “KRShowKeyMgr”. D. James typed in the command “rundll32.exe storedpwd.dll” to get the Stored User Na mes and Passwords window to come up. 27. Kevin is an IT security analyst working for Emerson Time Makers, a watch man ufacturing company in Miami. Kevin and his girlfriend Katy recently broke up af ter a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in: http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL to: http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any inform ation. What is Kevin attempting here to gain access to Katy’s mailbox? A. Kevin is trying to utilize query string manipulation to gain access to her em ail account. * B. This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access. C. By changing the mailbox’s name in the URL, Kevin is attempting directory transv ersal. D. He is attempting a path-string attack to gain access to her mailbox. 28. Daryl is the network administrator for the North Carolina Lottery. Daryl is responsible for all network security as well as physical security. The lottery recently hired on a web developer to create their website and bring all service s in house since the lottery’s website was previously hosted and supported by a th ird party company. After the developer creates the website, Daryl wants to chec k it to ensure it is as secure as possible. The developer created a logon page for lottery retailers to gain access to their financial information. Without kn owing what any of the usernames and passwords are, Daryl tries to bypass the log on page and gain access to the backend. Daryl makes a number of attempts and he gets the following error message every time.

What can Daryl deduce from this error message? A. He can tell that the site is susceptible to SQL injection. * B. From this error, Daryl can see that the site is vulnerable to query string ma nipulation attacks. C. This particular error indicates that the page is vulnerable to buffer overflo ws. D. Daryl can deduce that the developer did not turn off friendly messages on the server. 29. Jeremy is web security consultant for Information Securitas. Jeremy has jus t been hired to perform contract work for a large state agency in Michigan. Jer emy’s first task is to scan all the company’s external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the w ebsite. James types in the following statement in the username field: SELECT * from Users where username=’admin’ -- AND password=’’ AND email like ‘%@testers.co m%’ What will the following SQL statement accomplish? A. If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin * B. This statement will look for users with the name of admin, blank passwords, a nd email addresses that end in @testers.com. C. This Select SQL statement will log James in if there are any users with NULL passwords. D. James will be able to see if there are any default sa user accounts in the SQ L database. 30. David is the wireless security administrator for Simpson Audio Visual. Davi d was hired on after the company was awarded a contract with 100 airports to ins tall wireless networks. Since these networks will be used by both internal airp ort employees and visitors to the airports, David decided to go with the de fact o standard of 802.11b. Every airport wants to use 802.11b with TCP error checki ng, even though David has said this will slow down the wireless network connecti on speeds. With this error checking, what will be the resulting speed of the wi reless networks? A. Since TCP error checking will be utilized; the effective speed of the wireles s networks can be up to 5.9 mbps. * B. The resulting speed of the wireless networks will be up to 7.1 mbps since err or checking slows down the actual speed. C. Because TCP error checking has no effect on the actual speed, the airports’ wir eless networks will function at up to 11 mbps. D. The resulting speed of the wireless networks for the airports will be up to 2 48 mbps. 31. Oliver is the network security administrator for Foodies Café, a chain of coff ee shops in the Seattle metropolitan area. Oliver is performing his quarterly s ecurity audit of the entire company, including each coffee shop the company owns . Each café has a wireless hotspot that customers can utilize. The home office a lso has a wireless network which is used by employees. While walking around the outside of the corporate office, Oliver sees a drawing on the sidewalk right ne xt to his building.

What does this symbol signify? A. This symbol means that someone has found out that the company is using wirele ss networking with open access and restrictions. * B. This means that someone knows the corporate wireless network is utilizing a a ccess points with MAC filtering and WPA encryption. C. This signifies a hacker has discovered that the company is using WEP encrypti on for its wireless network. D. This particular symbol is used to tell others that a nearby wireless access p oint is using weak encryption. 32. Jacob is the IT manager for Thompson & Sons, a bail bondsman company in Minn eapolis. Jacob has been told by the company’s president to perform a logical and physical security audit for all the offices around the city. Jacob finds that a number of offices need more physical security. Jacob recommends that these off ices add a cage that customers must pass through before entering the main office . This cage will allow employees in the office to verify the customer’s informati on before allowing them access into the building. What is Jacob recommending th e offices install for added security? A. Jacob is recommending that the offices install mantraps at their locations. * B. He is recommending the offices install physical DMZ’s at their locations. C. This type of physical security measure is called a piggyback box. D. He has recommended that these locations install stop-gap cages as an added se curity measure. 33. Sydney is a certified ethical hacker working as the systems administrator fo r Galt Riderson International. Sydney is an expert in Linux systems and is util izing IPTables to protect Linux clients as well as servers. After monitoring th e firewall log files, Sydney has been fine tuning the firewall on many clients t o adjust for the best security. Sydney types in the following command: iptables -A INPUT -s 0/0 -I eth1 -d -p TCP -j ACCEPT What will this command accomplish for Sydney? A. This command will allow TCP packets coming in on interface eth1 from any IP address destined for * B. By using this command, Sydney will block all TCP traffic coming in on interfa ce eth1 to the IP address of C. This command will block all TCP packets with NULL headers from reaching the I P address of D. Sydney is using this command to allow all TCP traffic that is outbound from I P address 34. Lonnie is the chief information officer for Ganderson Trailways, a railroad shipping company with offices all over the United States. Lonnie had all his sy stems administrators implement hardware and software firewalls last year to help ensure network security. On top of these, they implemented IDS/IPS systems thr oughout the network to check for and stop any bad traffic that may attempt to en ter the network. Although Lonnie and his administrators believed they were secu re, a hacker group was able to get into the network and modify files hosted on t he company’s websites. After searching through firewall and server logs, no one c ould find how the hackers were able to get in. Lonnie decides that the entire n etwork needs to be monitored for critical and essential file changes. This moni toring tool needs to alert administrators whenever a critical file is changed in any way. What utility could Lonnie and his systems administrators implement on the company’s network to accomplish this? A. Lonnie could use Tripwire to notify administrators whenever a critical file i

s changed.* B. They can implement Strataguard on the and registry files. C. SnortSam would be the best utility to cal files as well as files it is told to D. Lonnie and his systems administrators iles on the company’s network.

network which monitors critical system implement since it keeps track of criti monitor. need to use Loki to monitor specified f

35. Neville is a network security analyst working for Fenderson Biomedics, a med ical research company based out of London. Neville has been tasked by his super visor to ensure that the company is as secure as possible. Neville first examin es and hardens the OS for all company clients and servers. Neville wants to che ck the performance and configuration of every firewall and network device to ens ure they comply with company security policies. Neville has chosen to use Firew all Informer because it actively and safely tests devices with real-world exploi ts to determine their security state. What built-in technology used by Firewall Informer actively performs these exploit tests on network equipment? A. Firewall Informer uses Blade Software’s Simulated Attack For Evaluation (S.A.F. E.) technology to actively test network devices. * B. The built-in technology used by Firewall Informer is a graphical user interfa ce version of Snort. C. The technology used to actively perform exploit checking in Firewall Informer is Blade Software’s Exploit Awareness Safety Yield (E.A.S.Y.). D. Firewall Informer utilizes a stripped down version of Loki to actively and sa fely check for possible exploits on network devices. 36. Ursula is a network security analyst as well as a web developer working on c ontract for a marketing firm in St. Louis. Ursula has been hired on to help str eamline the company’s website and ensure it meets accessibility laws for that stat e. After completing all the work that was asked, the marketing firm terminates Ursula’s service and does not pay the rest of the money that is owed to her. Righ t before she is asked to leave, Ursula writes a small application with the follo wing code inserted into it.

What will this code accomplish? A. This code will create a buffer overflow if the application it resides in is r un. * B. This code that Ursula has written will cause the computer it is run on to thr ow up a URI exception error; essentially crashing the machine. C. Because the code is written in this manner, it will create a buffer underflow if it is executed. D. This code Ursula has inserted into a program will create a format string bug if executed. 37. Nathan is the senior network administrator for Undulating Innovations, a sof tware development company in Los Angeles. Nathan’s company typically develops sec ure email programs for state and local agencies. These programs allow these age ncies to send and receive encrypted email using proprietary encryption and signi ng methods. An employee at one of the state agencies has been arrested on suspi cion of leaking sensitive government information to third world countries for pr ofit. When the US federal government steps in, they seize the employee’s computer and attempt to read email he sent but are not able to because of the encryption software he used. Nathan receives a call from an investigator working for the CIA on this particular case. The investigator tells Nathan that his company has to give up the encryption algorithms and keys to the government so they can rea d the email sent by the accused state employee. Under what right does this inve

stigator have to ask for the encryption algorithms and keys? A. The federal government can obtain encryption keys from companies under the Go vernment Access to Keys (GAK) rule. * B. The CIA investigator can obtain the proprietary keys and algorithms from Nath an’s company due to Eminent Domain laws. C. Since this has turned into a federal case, the government has the right to ob tain proprietary information from Nathan’s company under Juris Prudence laws. D. The investigator can ask for and obtain the proprietary information due to Ha beas Corpus laws. 38. Justine is the systems administrator for her company, an international shipp ing company with offices all over the world. Recent US regulations have forced the company to implement stronger and more secure means of communication. Justi ne and other administrators have been put in charge of securing the company’s digi tal communication lines. After implementing email encryption, Justine now needs to implement robust digital signatures to ensure data authenticity and reliabil ity. Justine has decided to implement digital signatures which are a variant of DSA and that operate on elliptical curve groups. These signatures are more eff icient than DSA and are not vulnerable to a number field sieve attacks. What ty pe of signature has Justine decided to implement? A. Justine has decided to use ECDSA signatures since they are more efficient tha n DSA signatures. * B. She has decided to implement ElGamal signatures since they offer more reliabi lity than the typical DSA signatures. C. Justine is now utilizing SHA-1 with RSA signatures to help ensure data reliab ility. D. These types of signatures that Justine has decided to use are called RSA-PSS signatures. 39. Charlie is an IT security consultant that owns his own business in Denver. Charlie has recently been hired by Fleishman Robotics, a mechanical engineering company also in Denver. After signing service level agreements and other contra ct papers, Charlie asks to look over the current company security policies. Bas ed on these policies, Charlie compares the policies against what is actually in place to secure the company’s network. From this information, Charlie is able to produce a report to give to company executives showing which areas the company i s lacking in. This report then becomes the basis for all of Charlie’s remaining t ests. What type of initial analysis has Charlie performed to show the company w hich areas it needs improvements in? A. This type of analysis is called GAP analysis. * B. This initial analysis performed by Charlie is called an Executive Summary. C. Charlie has performed a BREACH analysis; showing the company where its weak p oints are. D. This analysis would be considered a vulnerability analysis. 40. Zane is a network security specialist working for Fameton Automotive, a cust om car manufacturing company in San Francisco. Zane is responsible for ensuring that the entire network is as secure as possible. Much of the company’s business is performed online by customers buying parts and entire cars through the compa ny website. To streamline online purchases, the programming department has deve loped a new web application that will keep track of inventory and check items ou t online for customers. Since this application will be critical to the company, Zane wants to test it thoroughly for any security vulnerabilities. Zane primar ily focuses on checking the time validity of session tokens, length of those tok ens, and expiration of session tokens while translating from SSL to non-SSL reso urces. What type of web application testing is Zane primarily focusing on?

A. He is most focused on testing the session management of the new web applicati on. * B. Zane is putting most of his effort into component checking. C. By focusing on those specific areas, Zane’s testing is concentrated on input va lidation. D. He is testing the web application’s configuration verification. 41. Giles is the network administrator for his company, a graphics design compan y based in Dallas. Most of the network is comprised of Windows servers and work stations, except for some designers that prefer to use MACs. These MAC users ar e running on the MAC OS X operating system. These MAC users also utilize iChat to talk between each other. Tommy, one of these MAC users, calls Giles and says that his computer is running very slow. Giles then gets more calls from the oth er MAC users saying they are receiving instant messages from Tommy even when he says he is not on his computer. Giles immediately unplugs Tommy’s computer from th e network to take a closer look. He opens iChat on Tommy’s computer and it says t hat it sent a file called latestpics.tgz to all the other MAC users. Tommy says he never sent those files. Giles also sees that many of the computer’s applicatio ns appear to be altered. The path where the files should be has an altered file and the original application is stored in the file’s resource fork. What has Gil es discovered on Tommy’s computer? A. Giles has found the OSX/Leap-A virus on Tommy’s computer. * B. This behavior is indicative of the OSX/Inqtana.A virus. C. He has discovered OSX/Chat-burner virus on Tommy’s computer. D. On Tommy’s computer, Giles has discovered an apparent infection of the OSX/Tran smitter.B virus. 42. Paulette is the systems administrator for Newton Technologies. Paulette hol ds certifications in both Microsoft areas as well as security such as the CEH. Paulette is currently performing the yearly security audit for the company’s entir e network which includes two branch offices. Paulette travels to one of the bra nch offices to perform an internal audit at that location. She uses Send ICMP N asty Garbage (SING) to find all the routers in the network. All network equipme nt at the home office and branch offices are Cisco equipment. Paulette wants to check for a particular arbitrary administrative access vulnerability known in C isco equipment when certain HTTP requests are made to those routers. If one of the router’s IP addresses is, what HTTP request could Paulette use t o see if that router is vulnerable? A. Paulette could type in: to check if the router is vulnerable. * B. If she typed in:, she would be able to see if the router is vulnerable to arbitrary administrative acc ess attacks. C. By typing in:, Paulette wi ll be able to see if the Cisco router is vulnerable. D. She needs to navigate to: to check for its vulnerab ility. 43. Michael is an IT security consultant currently working under contract for a large state agency in New York. Michael has been given permission to perform an y tests necessary against the agency’s network. The agency’s network has come under many DoS attacks in recent months, so the agency’s IT team has tried to take prec autions to prevent any future DoS attacks. To test this, Michael attempts to ga in unauthorized access or even overload one of the agency’s Cisco routers that is at IP address Michael first creates a telnet session over port 23 to the router. He uses a random username and tries to input a very large pas sword to see if that freezes up the router. This seems to have no affect on the router yet. What other command could Michael use to attempt to freeze up the r

outer? A. Michael could use the command: ping -l 56550 -t. * B. If Michael used the command: ping -r 999 -t, he could freeze up the router and then attempt to gain access. C. The command: finger -l 9999 -m would force the router to free ze. D. Ping -l 254 would make the router freeze. 44. Cindy is a certified ethical hacker working on contract as an IT consultant for Dewdrop Enterprises, a computer manufacturing company based in Dallas. Dewd rop has many sales people that travel all over the state using Blackberry device s and laptops. These mobile devices are the company’s main concern as far as netw ork security. About a year ago, one of the company laptops was stolen from a sa les person and sensitive company information was stolen from it. Because of thi s, the company has hired on Cindy to ensure that all mobile devices used by empl oyees are secure. Since many of the employees are now using new laptops with Wi ndows Vista, Cindy has configured Bitlocker on those devices for hard disk encry ption. Cindy then uses the BlackBerry Attack Toolkit along with BBProxy to chec k for vulnerabilities on the blackberry devices. As it turns out, these devices are vulnerable and she is able to gain access to the corporate network through the Blackberry devices. What type of attack has Cindy used to gain access to th e network through the mobile devices? A. Cindy has used Blackjacking to gain access to the corporate network. * B. This type of attack would be called Skipjacking since it is utilizing mobile devices to gain access to a corporate network. C. This would be considered a Berryjack attack since it attacks Blackberry devic es. D. Cindy is using a MITM attack by using Blackberry devices. 45. Henry is the network administrator for a large advertising firm in Chicago. As well as ensuring overall network health, Henry is responsible for performing security audits, vulnerability assessments and penetration tests to check for n etwork security. Henry has been asked to travel to one of the company’s branch of fices in Taylor Texas to perform a security audit. Right away, Henry notices ho w many mobile devices that branch office utilizes including PDA’s, Blackberries, a nd laptops. To prove a point, Henry wants to show the IT manager at that branch office how insecure some of those mobile devices are. In particular, he wants to point out the sensitive information that Palm devices can pass when using Hot Sync to synch itself with a computer. What UDP port should Henry listen on that is used by the Palm OS to find sensitive information? A. Henry should listen on UDP port 14237 to see the traffic passed back and fort h when using HotSync. * B. He should have his device listen on UDP port 16999 to see the traffic passed from the Palm device. C. If he listens on UDP port 1219, he will be able to see the traffic. D. Henry needs to have his device listen on UDP port 14001. 46. Richard is an IT security expert currently making presentations in Las Vegas at a logical security conference. Richard’s specialty is in Bluetooth technology and different ways to take advantage of its vulnerabilities. Richard is using one of his Bluetooth enabled cell phones and a Bluetooth enabled laptop to make a demonstration on how to steal information from a wireless device through a Blu etooth connection. Richard shows how to connect to the OBEX Push target and how to perform an OBEX GET request to pull the address book and calendar off the ce ll phone. What type of attack is Richard demonstrating here at the conference? A. Richard is demonstrating Bluesnarfing by stealing information from a wireless

device through a Bluetooth connection. * B. He is showing how to perform a Bluejacking attack by exploiting the inherent weaknesses in Bluetooth connections. C. This attack that Richard is demonstrating is called a BlueSpam attack. D. At the conference, Richard is demonstrating how to perform a BlueBack attack . 47. William is the senior security analyst for Cuthbert & Associates, a large la w firm in Miami. William is responsible for ensuring complete network security. William’s boss, the IT director, is trying to convince the owners of the firm to purchase new Blackberry devices and new Bluetooth enabled laptops. William has been telling his boss that using Bluetooth devices like that is not secure. Wi lliam’s boss doesn’t believe that Bluetooth devices are a security risk, so he asks for a demonstration. William obliges his boss by setting up an attack with his personal laptop and his boss’ Bluetooth enabled phone. William uses Logical Link Control and Adaptation Layer Protocol ( L2CAP) to send oversized packets to his boss’ phone. This attack overloads the phone and William is able to do whatever h e wants to with the device now. What type of attack has William just demonstrat ed to his boss? A. He has shown his boss how to perform a Bluesmacking attack. * B. William has performed a Bluesnarf attack on his boss’ phone. C. This type of attack is called a BlueDump attack. D. William was able to demonstrate to his boss how to perform a Bluejacking atta ck. 48. Blake is an IT security consultant, specializing in PBX and VoIP implementat ion testing. Blake has been recently hired on my Thwarting Enterprises, a broke rage firm in New York City. The company heard through contacts that Blake was t he best in the business as far as examining and securing VoIP network implementa tions. About a year ago, Thwarting Enterprises installed a Cisco VoIP system th roughout their office to replace the older PBX system. They have now brought Bl ake in to test its security, or lack thereof. Blake first begins his testing by finding network devices on the network that might be used for VoIP. Blake pref ers to use UDP scanning because of its quickness. Blake finds a target on the n etwork that looks promising and begins to perform a scan against it by sending p ackets with empty UDP headers to each port. Almost all of the ports respond wit h the error of “ICMP port unreachable”. From these errors, what can Blake deduce ab out these ports? A. From this error, Blake can tell that these ports are not being used. * B. This specific error means that the ports are currently in stealth mode. C. Blake can deduce that the ports that respond with this error are open and lis tening. D. He can tell that these specific ports are in hybrid mode. 49. Vicki is the IT manager for her company, an online retail business in Seattl e. Vicki was recently given budget approval by the CIO to purchase 100 VoIP pho nes and all the VoIP networking equipment needed to make a complete VoIP impleme ntation. Vicki and her employees install all the phones and set up the servers needed to run the new system. After about three months of setup, everything has been completed and the system is finally stable. Because she is not very famil iar with VoIP security, she attends a VoIP security seminar which she finds very informative. One interesting piece of information she learns of is that most V oIP phones are installed with an imbedded OS called VxWorks. This, she finds ou t, is also what the VoIP phone manufacturer installed on all her company’s new VoI P phones. Vicki also learns that there is a default remote debugger on all thes e phones that listens on a specific port in case a remote administrator needs to do some troubleshooting. Vicki sees this as a large security problem. Instead of going to each and every new phone to turn off this feature, she decides to b

lock the necessary port on the firewall to save time. What port should Vicki bl ock at the firewall so no external connections can be made directly to the VoIP phones? A. Vicki needs to block TCP port 17185 at the firewall to prevent the default de bugger program from communicating outside the network. * B. She should block UDP port 21972 at the firewall to keep the remote debugging feature on the VoIP phones from being used. C. TCP port 9121 should be blocked at the firewall to keep anyone from using the remote admin debugging software. D. She needs to block any traffic on the firewall coming in on or going out on T CP port 4290. 50. Steven is the senior network administrator for Onkton Incorporated, an oil w ell drilling company in Oklahoma City. Steven and his team of IT technicians ar e in charge of keeping inventory for the entire company; including computers, so ftware, and oil well equipment. To keep track of everything, Steven has decided to use RFID tags on their entire inventory so they can be scanned with either a wireless scanner or a handheld scanner. These RFID tags hold as much informati on as possible about the equipment they are attached to. When Steven purchased these tags, he made sure they were as state of the art as possible. One feature he really liked was the ability to disable RFID tags if necessary. This comes in very handy when the company actually sells oil drilling equipment to other co mpanies. All Steven has to do is disable the RFID tag on the sold equipment and it cannot give up any information that was previously stored on it. What techn ology allows Steven to disable the RFID tags once they are no longer needed? A. RFID Kill Switches built into the chips enable Steven to disable them. * B. The technology used to disable an RFIP chip after it is no longer needed, or possibly stolen, is called RSA Blocking. C. Newer RFID tags can be disabled by using Terminator Switches built into the c hips. D. The company’s RFID tags can be disabled by Steven using Replaceable ROM technol ogy. 51. Leonard is a systems administrator who has been tasked by his supervisor to slow down or lessen the amount of SPAM their company receives on a regular basis . SPAM being sent to company email addresses has become a large problem within the last year for them. Leonard starts by adding SPAM prevention software at th e perimeter of the network. He then builds a black list, white list, turns on M X callbacks, and uses heuristics to stop the incoming SPAM. While these techniq ues help some, they do not prevent much of the SPAM from coming in. Leonard dec ides to use a technique where his mail server responds very slowly to outside co nnected mail servers by using multi-line SMTP responses. By responding slowly t o SMTP connections, he hopes that SPAMMERS will see this and move on to easier a nd faster targets. What technique is Leonard trying to employ here to stop SPAM ? A. He is using the technique called teergrubing to delay SMTP responses and hope fully stop SPAM. * B. This technique that Leonard is trying is referred to as using a Sender Policy Framework to aid in SPAM prevention. C. Leonard is trying to use the Transparent SMTP Proxy technique to stop incomin g SPAM. D. To stop SPAM, Leonard is using the technique called Bayesian Content Filterin g. 52. Jacob is the systems administrator for Haverson Incorporated, a food process ing company in Boston. Jacob is responsible for all equipment on the network as well as network security. After attending the CEH class and passing the CEH te

st, Jacob wants to make some changes on the network to ensure network security. Since there are three company computers in a publicly accessible area, he wants to lock those machines down as much as possible. Jacob wants to make sure that no one can use USB flash drives on those computers; while still allowing USB mi ce and keyboards to work. What can Jacob do to prevent USB flash drives from wo rking on these publicly available computers? (Select 2) A. Jacob needs to change the registry value to “4” at HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Services\UsbStor\Start * B. He needs to rename the files UsbStor.inf and UsbStor.pnf. * C. Jacob should delete the registry key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentCont rolSet\Services\Usbhub D. To disable USB drives, he should rename the USBFile.sys and StoreDrive.inf fi les. 53. Lyle is the network security analyst for his company, a large state agency i n Florida. Lyle is responsible for ensuring the agency’s network security; includi ng everything from mobile users to internal databases. Lyle has been charged wi th performing a security audit to comply with state regulations that were just p assed. Lyle begins to test different aspects of the network, including the many Oracle databases that are utilized. Lyle finds out that the Oracle DBA created all of the databases with the simple create database command. After finding th is out, Lyle is able to exploit the default user accounts that were created for these databases. What is the default user account created for Oracle databases when the create database command is used? A. The default user account created for Oracle databases is called OUTLN. * B. Oracle creates the default user account DEFAULT when the create database comm and is used. C. SYSTEM is the default user account created in Oracle. D. The default account created when using the create database command on Oracle databases is called SYSOP. 54. John is the senior research security analyst for Terror Trends International , a research foundation that provides terrorism information to companies as well as governments. John and his team have been monitoring terrorist cyber traffic for over eight years now and have noticed an interesting trend. Through transl ated bulletin posts and intercepted email communications, they have seen terrori st and extremist groups use less conventional means of communication on the Inte rnet. They appear to be using technologies like social-networking sites, eBay, and even environments like Second Life. By using these new communication method s, it has made the job of John and his research team much harder. What are thes e Internet communication environments referred to? A. These are called Web 2.0 environments. * B. These environments are often referred to as Internet2. C. These collaborative areas on the Internet are called Centrix environments. D. Environments such as these used by terrorists and common people alike are cal led Symbiotic Networks. 55. Stephan is the senior security analyst for NATO, currently working out of Am sterdam. Stephan has been assigned to research terrorist activities, specifical ly cyber Jihad. Stephan was recently given a computer that was seized from a te rrorist cell in London. After breaking through the disk encryption, Stephan and his team were able to read files and their contents on the computer. Stephan f ound a copy of Mujahedeen Secrets 2 in a hidden folder that the terrorists were apparently using to hide their communications on the Internet. Unfortunately, t he other files used by the application were not in that same directory. What fi le should Stephan look for on the computer if he wants to find the file that sto res all the keys used by Mujahedeen Secrets 2?

A. Stephan needs to look for AsrarKeys.db on the computer. * B. To find the file used by Mujahedeen Secrets 2 to store keys, Stephan should l ook for KeyFob.db. C. He should search on the computer for Secrets2.db. D. Stephan and his team need look for the file LockedAsrar.db on the computer. 56. Frederick is a security research analyst for the Department of Defense. Fre derick was recently assigned to the cyber defense unit based in Washington D.C. He has been researching terrorist activity online through bulletin boards, soci al networking sites, and other extremist websites. One of Frederick’s colleagues was able to obtain a copy of Mujahedeen Secrets 2 for him to check out. When Fr ederick’s boss hears of this, he tells Frederick he wants to be briefed on every a spect of the software within 2 days. Since the help file was in Arabic, Frederi ck had to translate the 60 some odd pages which took him over 6 hours. By the t ime that his boss’ briefing came around, Frederick was only able to research and l ook through half of the application. Frederick’s boss asks him specifically about the File Shredder module of the software; which Frederick was not able to resea rch. Frederick’s boss wants to know what the maximum number of passes the program uses when deleting files from a computer. What should Frederick’s answer be? A. Mujahedeen Secrets 2 can be set to make a maximum number of 10 passes over a file to delete it from a computer. * B. Frederick should tell his boss that the application can make a maximum number of 99 passes to delete a file. C. This application is able to make a maximum number of 5 passes over a file to completely delete it from a computer. D. Frederick should reply by saying that the application can make a maximum numb er of 299 passes. 57. Jacob is the network administrator for Richardson Electric, a heating and ai r conditioning company based out of Wichita. Jacob is responsible for the entir e corporate network, including its security. Jacob has recently been receiving numerous calls from users stating that they receive pop-ups all the time. These users’ computers are all running Windows XP SP2. Jacob checks their Internet Exp lorer settings and the pop-up blocker is on for every machine. Jacob decides to install a couple of other free browsers that have pop-up blockers, and the comp uters still receive numerous pop-ups. Jacob downloads free spyware and adware r emoval software to scan these computers. The scans return no results, and the c omputers are still getting numerous pop-ups. Jacob does not have any money in h is budget to buy any commercial products to stop this issue. What no-cost setti ng could Jacob make to stop pop-ups on these computers? A. Jacob can edit the hosts file on these computers by adding the addresses of t hese pop-up sites and pointing them to * B. He can manually add the registry key of “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\BlockPopups” with a value of “1”. C. To block pop-ups, he can edit the hosts file on these computers and add entri es for the pop-up sites and point them to the broadcast address for their partic ular subnet. D. Jacob can modify the Windows Firewall settings on these computers to block po p-ups. 58. Natalie is the IT security administrator for Sheridan Group, an investment c ompany based in Detroit. Natalie has been getting reports from the help desk th at users are having issues when they go to a particular vendor’s website; a compan y that sells paper. They report strange browser behavior such as pop-ups, brows er redirection, and so on. These users also state they have been getting SPAM r elated to paper products, similar to those being provided by the vendor. Natali e scans these computers for viruses, adware, and spyware and turns up nothing.

Natalie has one of these users navigate to the vendor’s website and sees the odd b rowser behavior. Natalie decides to take a look at the source code of that webs ite to see if she can pull out anything of use. Natalie finds many places in th e source code referring to a jpg file that is only one pixel in height and one p ixel in width. What has Natalie discovered here in the source code? A. B. C. D. Natalie has discovered Web Bugs in the source code. * She has found hidden Form Fields in the source code of the vendor’s website. She has discovered an apparent use of stegonagraphy in the source code. This type of code is indicative of a Web Virus.

59. Michelle is a CPA working in the Accounting department for Beyerton & Associ ates. Michelle works on a Windows XP SP2 computer. Michelle’s daily duties take up about 6 hours out of her 8 hour workday. This leaves her about 2 hours a day where she can surf the Internet. Michelle goes to Myspace.com quite a bit duri ng this free time to stay in touch with friends. After a new IT policy is imple mented, sites like Myspace are blocked so users cannot get to them. The IT depa rtment is using an Internet filter to block specific websites such as Myspace. Michelle really wants to go to Myspace to stay in touch with the people she know s, even though it is now prohibited by an IT policy. What could Michelle do to still gain access to Myspace.com? A. Michelle can use Proxify.net to navigate to Myspace. * B. Michelle can edit her local hosts file to get around the Internet filter. C. She can navigate to Redirect.com to serve as a proxy; letting her navigate to Myspace. D. She can turn off Windows Firewall on her computer. 60. Bonnie is an IT security consultant currently working out of her home. She is able to perform much of her job through her home network when performing exte rnal footprinting, scanning, and pen testing. Bonnie has a number of computers running on different operating systems from Windows XP SP2 to Fedora. She uses two desktops that run as servers for her home network; handing out DHCP numbers, performing DNS lookups, and so on. Bonnie also utilizes an IDS to watch any tr affic that might try to get into her network. One day, Bonnie sees some odd tra ffic trying to connect to her internal computers. Bonnie decides to download an d install NetDefender on her Windows computers to block malicious traffic. All of her Windows computers are running Windows XP SP2 with the default install. B onnie tries to start NetDefender, but receives an error that it cannot start. W hy can’t Bonnie get NetDefender to start on her Windows computers? A. She needs to stop the Windows firewall before starting NetDefender. * B. She cannot start NetDefender because the computers are getting dynamic IPs. C. To get NetDefender to work properly, Bonnie needs to allow TCP port 559 in th e Windows firewall settings. D. She cannot get NetDefender to work because it is only meant to run on Linux-b ased computers. 61. You are the CIO for Avantes Finance International, a global finance company based in Geneva. You are responsible for network functions and logical security throughout the entire corporation. Your company has over 250 servers running W indows Server, 5000 workstations running Windows Vista, and 200 mobile users wor king from laptops on Windows XP. Last week, 10 of your company’s laptops were sto len from salesmen while at a conference in Amsterdam. These laptops contained p roprietary company information. While doing damage assessment on the possible p ublic relations nightmare this may become, a news story leaks about the stolen l aptops and also that sensitive information from those computers was posted to a blog online. What built-in Windows feature could you have implemented to protec t the sensitive information on these laptops?

A. You could have implemented Encrypted File System (EFS) to encrypt the sensiti ve files on the laptops. * B. You should have used 3DES which is built into Windows. C. If you would have implemented Pretty Good Privacy (PGP) which is built into W indows, the sensitive information on the laptops would not have leaked out. D. You should have utilized the built-in feature of Distributed File System (DFS ) to protect the sensitive information on the laptops. 62. Tommy is the systems administrator for his company, a large law firm based i n New York City. Since Tommy’s company employs many telecommuters and mobile user s, he has to administer over 100 laptops. Due to laptop theft within the last c ouple of years, Tommy has convinced management to purchase PAL PC Tracker to ins tall on all company laptops. Tommy chose this software because of its ability t o track equipment and its ability to notify administrators if the laptop has bee n stolen. What method is used by PAL PC Tracker to notify administrators of a l aptop’s location? A. PAL PC Tracker can send stealth email to a predetermined address whenever a t racked computer is connected to the Internet. * B. This software sets off a loud alarm when sent a signal from an administrator, alerting anyone in the vicinity of the laptop. C. PAL PC Tracker sends a page to a predetermined phone number through any wirel ess signal it can find. D. When a laptop is classified as missing or stolen, PAL PC Tracker will send HT TP messages to a predetermined website when the equipment is connected to the In ternet. 63. Shayla is an It security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subco ntractor for the Department of Defense. Shayla has been given authority to perf orm any and all tests necessary to audit the company’s network security. No emplo yees for the company, other than the IT director, know about Shayla’s work she wil l be doing. Shayla’s first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company thro ugh an online chat website. After meeting with the female employee numerous tim es, Shayla is able to gain her trust and they become friends. One day, Shayla s teals the employee’s access badge and uses it to gain unauthorized access to the T reks Avionics offices. What type of insider threat would Shayla be considered? A. She would be considered an Insider Affiliate. * B. Because she does not have any legal access herself, Shayla would be considere d an Outside Affiliate. C. Shayla is an Insider Associate since she has befriended an actual employee. D. Since Shayla obtained access with a legitimate company badge; she would be co nsidered a Pure Insider. 64. Lori is a certified ethical hacker as well as a certified hacking forensics investigator working as an IT security consultant. Lori has been hired on by Ki ley Innovators, a large marketing firm that recently underwent a string of theft s and corporate espionage incidents. Lori is told that a rival marketing compan y came out with an exact duplicate product right before Kiley Innovators was abo ut to release it. The executive team believes that an employee is leaking infor mation to the rival company. Lori questions all employees, reviews server logs, and firewall logs; after which she finds nothing. Lori is then given permissio n to search through the corporate email system. She searches by email being sen t to and sent from the rival marketing company. She finds one employee that app ears to be sending very large email to this other marketing company, even though they should have no reason to be communicating with them. Lori tracks down the actual emails sent and upon opening them, only finds picture files attached to them. These files seem perfectly harmless, usually containing some kind of joke

. Lori decides to use some special software to further examine the pictures and finds that each one had hidden text that was stored in each picture. What tech nique was used by the Kiley Innovators employee to send information to the rival marketing company? A. The employee used steganography to hide information in the picture attachment s. * B. The Kiley Innovators employee used cryptography to hide the information in th e emails sent. C. The method used by the employee to hide the information was logical watermark ing. D. By using the pictures to hide information, the employee utilized picture fuzz ing. 65. Tarik is the systems administrator for Qwerty International, a computer part s manufacturing company in San Francisco. Tarik just passed his certified ethic al hacker test and now wants to implement many of the things he learned in class . The first project that Tarik completes is to create IT security policies that cover everything security related from logical to physical. Through management approval, all employees must sign and agree to the policies or face disciplinar y action. One policy in particular, network file access, is of importance to Ta rik and his superiors because of past incidents where employees accessed unautho rized documents. Tarik has fine-tuned the ACL’s to where no one can access inform ation outside of their department’s network folder. To catch anyone that might at tempt to access unauthorized files or folders, Tarik creates a folder in the roo t of the network file share. Tarik names this folder “HR-Do Not Open”. In this fol der, Tarik creates many fake HR documents referring to personal information of e mployees that do not exist. In each document, he places headers and footers tha t read “Do Not Print or Save”. Then Tarik sets up logging and monitoring to see if anyone accesses the folder and its contents. After only one week, Tarik records two separate employees opening the fake HR files, printing them, and saving the m to their personal directories. What has Tarik set up here to catch employees accessing unauthorized documents? A. Tarik has set up a Honeytoken to catch employees accessing unauthorized files . * B. He has configured a Honeypot to log when employees access unauthorized files. C. Since this was set up on an internal network, this would be considered a Tar Pit. D. Tarik has configured a network Black Hole. 66. Marshall is the information security manager for his company. Marshall was just hired on two months ago after the last information security manager retired . Since the last manager did not implement or even write IT policies, Marshall has begun writing IT security policies to cover every conceivable aspect. Marsh all’s supervisor has informed him that while most employees will be under one set of policies, ten other employees will be under another since they work on comput ers in publicly-accessible areas. Per his supervisor, Marshall has written two sets of policies. For the users working on publicly-accessible computers, their policies state that everything is forbidden. They are not allowed to browse th e Internet or even use email. The only thing they can use is their work related applications like Word and Excel. What types of policies has Marshall written for the users working on computers in the publicly-accessible areas? A. He has written Paranoid policies for these users in public areas. * B. Marshall has created Prudent policies for the computer users in publicly-acce ssible areas. C. These types of policies would be considered Promiscuous policies. D. He has implemented Permissive policies for the users working on public comput ers.

67. Theresa is an IT security analyst working for the United Kingdom Internet Cr imes Bureau in London. Theresa has been assigned to the software piracy divisio n which focuses on taking down individual and organized groups that distribute c opyrighted software illegally. Theresa and her division have been responsible f or taking down over 2,000 FTP sites hosting copyrighted software. Theresa’s super visor now wants her to focus on finding and taking down websites that host illeg al pirated software. What are these sights called that Theresa has been tasked with taking down? A. These sites that host illegal copyrighted software are called Warez sites. * B. These sites that Theresa has been tasked to take down are called uTorrent sit es. C. These websites are referred to as Dark Web sites. D. Websites that host illegal pirated versions of software are called Back Door sites. 68. You are the systems administrator for your company, a medium-sized state age ncy in Oregon. You are responsible for all workstations, servers, network equip ment, and software. You have two junior IT staff that field help desk calls as their primary duty. Since you are on a limited budget, you have had to get by w ith outdated hardware and software for many years. After a small increase in yo ur budget this year, you decide to purchase Microsoft Office 2007 for your agenc y. This software is licensed for only one copy; but you give it to your junior IT staff and tell them to install it on every computer in the agency. What have you asked your IT staff to install on all the computers in the agency? A. You have asked them to install abusive copies of the Office 2007 software. * B. You have instructed your IT staff to install pirated copies of Office 2007 on every computer. C. By installing one licensed copy, you are asking your staff to use cracked cop ies of Office 2007. D. Installing one licensed copy on many different computers is called using an O EM copy. 69. Calvin is the IT manager for Riverson & Associates, an advertising firm base d out of Toronto. Calvin is responsible for all IT related situations. The fir m’s marketing director has asked Calvin to purchase a graphics editing application to install on two computers in the marketing department. Calvin makes the purc hase and receives the software in the mail one week later. Calvin installs the software on the two requested computers. When the marketing users try to use th e software, it says they need to “Insert device for validation”. Calvin calls the s oftware company to find out what the issue is. Calvin thought there was a CD ke y that needed to be used on installation but the company’s support representative said there should have been a USB device included in the software box. Calvin l ooks through the software boxes and finds two USB devices. After plugging the d evices into the computers in marketing, the graphics software works properly. W hat kind of license validation was used to make the graphics software work corre ctly? A. The software company used dongles to ensure license validation. * B. These USB devices are called hardware validators. C. The company used logic gates to ensure license validation. D. The USB devices the software required for license validation are called logic keys. 70. Harold is a software application developer for 24/7 Gaming Incorporated, an online gaming company that hosts over 25 online game environments. Harold has w orked at the company for over 8 years and has risen up through the ranks. One d ay, Harold comes in to work and is informed that his position is being terminate

d in two weeks for budget reasons. Harold is furious because of all the time an d effort he has invested in the company. Harold decides to get revenge so he im plants some hacks into the code of one online game the company hosts. He tells his friends how to access the code; which lets them see through walls and other objects within the game while other players cannot. What type of exploit has Ha rold inserted into the online game? A. Harold has created a Wall Hack to allow his friends to see through walls and objects in the game. * B. He has inserted an Aimbot hack into the game giving his friends an unfair adv antage over other players. C. Harold has hacked the online game by inserting a Cham hack into the environme nt. D. This type of code exploit is called Strafe-jumping. 71. Wesley is an IT technician working for Bonner-Riddel, a research foundation located in Lansing. Wesley works on both Windows and Linux-based machines, but enjoys tweaking and customizing open source applications more. Wesley has been using a Concurrent Versions System (CVS) to monitor the latest additions and rev isions to source code he likes to work on. Wesley likes CVS but has issues when some items are partially checked-in. A colleague of his told him about another way to monitor source code; this method even tracks directory versioning. What monitoring method is Wesley’s colleague recommending? A. He is recommending that Wesley use Subversion Repositories for monitoring. * B. Wesley’s colleague is recommending that he use Granular Repositories for monito ring. C. His colleague has suggested Wesley use Reverse Zone Repositories. D. He is suggesting the use of Recursive Repositories. 72. Ralph is the network administrator for his company. As well as being respon sible for the logical and physical network, he is in charge of logical and physi cal security. Ralph is currently performing a security audit of the company’s net work, including its two internally-hosted websites. These websites utilize RSS feeds to update subscribers on current information. While performing his audit, Ralph is flagged to some irregular code in one of the website pages.

What is the purpose of this code? A. This code is will log all keystrokes. * B. This JavaScript code will use a Web Bug to send information back to another s erver. C. This code snippet will send a message to a server at whenever the “escape” key is pressed. D. This bit of JavaScript code will place a specific image on every page of the RSS feed. 73. Steven is the help desk manager for Fortified Investors, an investment firm based in Boston. Steven is responsible for fielding all help desk calls from co mpany employees. Steven is getting numerous calls from users stating that when they navigate to one of the company vendor’s websites, their Internet Explorer bro wser starts to behave abnormally by pulling up pop-ups and being redirected to o ther pages. All the users that have called Steven are using Internet Explorer f or their browsers. Steven checks the source code of the vendor’s page and sees so me odd scripts in the source code. The employees still need to access the vendo r’s page to perform their work duties so Steven decides to download and install Fi refox on these users’ computers. When browsing with Firefox, the users do not see any odd behavior on the website as before. Why are they not seeing the same od

d behavior when browsing the vendor website with Firefox? A. They are not having issues because Firefox does not support VBScript and Acti veX. * B. The users are not experiencing the same issues with Firefox as with Internet Explorer because Firefox does not support JavaScript. C. Their new Firefox browsers are not showing the same odd behavior because Fire fox does not support DHTML and XML. D. The vendor’s website is not displaying the same behavior because Firefox only s upports HTML and DHTML. 74. Ryan is the network administrator for Hammerstein Incorporated, a sign manuf acturing company in Chicago. Ryan holds certificates for certified ethical hack er and certified hacking forensics investigator. Ryan prefers to use Linux-base d operating systems, but has to work on Windows computers for much of his work-r elated duties. Ryan also prefers to use Netscape Navigator on his Windows compu ters because he believes it is more secure than Internet Explorer. While readin g a security-related article online one day, he reads that Netscape Navigator ha s an issue with improperly validating SSL sessions which worries him greatly. W hat add-on provided for Netscape Navigator could Ryan install that would allevia te this issue of not properly validating SSL sessions? A. Ryan can install the Personal Security Manager add-on for Netscape Navigator. * B. He needs to download and install the SSL Fixer add-on for Netscape Navigator. C. If Ryan installs the Safety Zone Navigator add-on, his Netscape Navigator bro wser will no longer improperly handle SSL sessions. D. Ryan should download and install the Session Manager add-on for Netscape Navi gator. 75. Ursula is the systems administrator for GateTime Enterprises, a clock manufa cturing company in Atlanta. Ursula is in charge of all network equipment as wel l as network security. Ursula has recently created a set of IT security policie s which include an acceptable use policy that all employees must sign. Ursula w ants to install software on a proxy server that will monitor all user Internet t raffic, enable her to administer Internet policy settings in one place, and prev ent avoidance of the new acceptable use policy. What kind of proxy server does Ursula want to implement? A. Ursula wants to implement an Intercepting Proxy server. * B. She wants to implement a Forced Proxy server. C. This would be considered a Split Proxy server since all Internet activity mus t pass through it. D. By funneling all Internet traffic through one server, she is implementing a R everse Proxy server. 76. Travis is an administrative assistant to the executive director of Thuel Ene rgy, an oil and gas company based in Oklahoma City. Travis has an IT degree, bu t was not able to get a technical job because of the competitive job market. Tr avis likes to surf the Internet at work when he has time. He likes to go to soc ial networking sites to chat with friends and meet new people. Unfortunately, h is company has recently enacted a computer use and acceptable use policy that pr ohibits employees from going to social networking sites. To further keep users from sites they should not go to, the IT department installs a proxy server that specifically blocks certain websites. Trying to outsmart the company policies, Travis installs a virtual machine on his computer and a proxy server on that vi rtual machine. Through the proxy on his own computer, he is able to get around the company’s Internet proxy and get to the websites he wants to. What type of pr oxy has Travis installed on his own computer?

A. Travis has installed a Circumventor Proxy on his work computer. * B. He has installed a Transparent Proxy to bypass the company’s Internet policies. C. By installing a proxy on his own computer to bypass another proxy, Travis has implemented a Split Proxy. D. This would be considered a Reverse Proxy. 77. Stewart is an IT security analyst for his company. Stewart is responsible f or network security of his entire company. Stewart also does a vast amount of s ecurity research when time permits. This research usually takes him to websites that might not have the safest content. Stewart decides to install Proxomitron on his computer for web filtering. This should help his browser remove banner ads, Java scripts, offsite images, flash animation, and other potentially harmfu l objects. What port must Stewart configure his browser to utilize in order to use Proxomitron? A. His browser must use the local port 8080 on his computer. * B. The local host browser must be configured to use 548 on his computer in order to function. C. The browser needs to use port 9000. D. It must be set to utilize port 10421. 78. Harold is the network administrator for Wintrex Systems, a software developm ent company in Salt Lake City. Harold is responsible for all physical and logic al network equipment. Wintrex Systems sells most of their products online, so t hey have a large retail-oriented website where customers can purchase anything t he company offers. All company workstations are running Windows XP and all serv ers are running Windows Server 2003. For inventory and product management, Wint rex uses many SQL Server 2005 databases. Harold has been informed by the compan y’s CIO that he needs to implement some kind of protection for the corporate datab ases to prevent intrusions, SQL injection, data leakage, regulatory compliance, and so on. Harold is not too familiar with database software or protection, but is inclined to use a company like Symantec since they provide the company’s virus , backup, and IPS software. If Harold wants to use Symantec, what software prod uct could he acquire from them that would serve his needs to protect the company’s SQL databases? A. He could use the Symantec Database Security solution that they provide. * B. Symantec provides a software package call SQL Protector that would perform al l the tasks that Harold needs. C. He could install and use Symantec SQL Suite which would help Harold perform a ll the tasks the CIO has requested. D. He should use Symantec’s Data Guard Pro to protect the company’s data housed in t he SQL databases. 79. Justin is an electrical engineer working for ZenWorks Navigation, a Global P ositioning device manufacturing company based in Las Vegas. Justin and a team o f other engineers are working on the latest GPS handheld system for the company. ZenWorks previously only produced GPS systems for airplanes, but now wants to branch out to the individual consumer market. Currently, Justin is trying to wo rk out errors the devices are experiencing in regards to four variables (latitud e, longitude, altitude, and time) on the accuracy of a three-dimensional fix. Un til this issue is resolved, the new devices cannot be finished. What GPS-relate d issue is Justin currently working on? A. Justin is working on the Geometric Dilution of Precision problem. * B. This issue would be considered a problem with the Local Area Augmentation Sys tem. C. When a GPS device is having issues with these four variables, it is considere d a problem with the Wide Area Augmentation System. D. Justin is experiencing issues with the Signal to Noise Ratio.

80. Theo is an IT security consultant that was just hired on by the city of Seat tle. Theo has been asked to map out free available wireless hotspots on a chart that will be published by the city. Theo has never mapped wireless hotspots ov er such a large range, so he buys software and GPS devices that he thinks will d o the job. Theo buys two software programs, one for finding the hotspots and on e to precisely locate his whereabouts on a city map. These two pieces of softwa re will utilize two GPS devices. To run both these devices at the same time, Th eo downloads and installs a GPS service daemon on his laptop running Windows XP SP2 so the GPS applications will not conflict with each other. When Theo opens both GPS programs, they say they cannot communicate with the GPS devices. What does Theo need to do to ensure the GPS applications can communicate with the GPS devices? A. Theo needs to open TCP port 2947 on the Windows firewall so they can communic ate. * B. He should open TCP port 1699 on his local Windows firewall so the application s can talk to the devices. C. He needs to install the GPS daemon service on a Linux-based computer since it will not work on a Windows computer. D. UDP port 1121 needs to be open on his laptop’s Windows firewall. 81. Mary is a field service technician for Garmin which makes all kinds of GPS d evices. Mary has been called out to a car rental company that purchased over 10 00 GPS devices to be installed in their rental cars. Almost all the devices app ear to be getting an error message when they are started up. Mary’s company has d ecided to send her out to the car rental company instead of them sending back ev ery GPS device. When Mary gets to the company, she troubleshoots a number of th e devices but cannot figure out what the issue is. She calls her company’s custom er support line for some help. The service rep on the phone tells her to force the devices to perform a cold start. How can Mary force the devices to perform a cold start? A. B. ld C. D. She must hold the Page key down while the units are powering up. * Mary should hold the Mark key down until the units are forced to perform a co start. Mary needs to hold the Enter key down until they reboot. She needs to hold down the Reset key for at least 20 seconds.

82. Darren is the network administrator for Greyson & Associates, a large law fi rm in Houston. Darren is responsible for all network functions as well as any d igital forensics work that is needed. Darren is examining the firewall logs one morning and notices some unusual activity. He traces the activity target to on e of the firm’s internal file servers and finds that many documents on that server were destroyed. After performing some calculations, Darren finds the damage to be around $75,000 worth of lost data. Darren decides that this incident should be handled and resolved within the same day of its discovery. What incident le vel would this situation be classified as? A. This situation would be classified as a mid-level incident. * B. Since there was over $50,000 worth of loss, this would be considered a high-l evel incident. C. Because Darren has determined that this issue needs to be addressed in the sa me day it was discovered, this would be considered a low-level incident. D. This specific incident would be labeled as an immediate-level incident. 83. Lyle is the IT director for his company, a large food processing plant in No rth Carolina. After undergoing a disastrous incident last year where data was d eleted by a hacker, Lyle has begun creating an incident response team made up of employees from varying departments. Lyle is now assigning different roles and

responsibilities to the different team members. When handling computer-related i ncidents, which IT role should be responsible for recovery, containment, and pre vention to constituents? A. The Network Administrator should be responsible for recovery, containment, a nd prevention. * B. Lyle should be responsible for these issues in computer-related incident hand ling. C. The CEO of the company should ultimately be responsible for these types of is sues. D. The Security Administrator should be held responsible for recovery, containme nt, and prevention. 84. Pauline is the IT manager for Techworks, an online retailer based out of St. Louis. Pauline is in charge of 8 IT employees which include 3 developers. The se developers have recently created a new checkout website that is supposed to b e more secure than the one currently being used by the company. After numerous fraud attempts on the website, the company’s CIO decided that there needed to be a change; creating a more secure checkout portal that will check for potential fr aud. This new portal checks for fraud by looking for multiple orders that are t o be delivered to the same address but using different cards, different orders o riginating from the same IP address, credit card numbers vary by only a few digi ts, and users repeatedly submiting the same credit card numbers with different e xpiration dates. What fraud detection technique will the new retail portal be u sing? A. The portal will be using pattern detection to check for potential fraud. * B. The new site created by the developers will be using reverse lookup detection to see if fraud is involved. C. The developers have written the new portal to utilize round robin checking to see if visitors are attempting fraud. D. The new website portal will be using anomaly variance detection to look for f raud in transactions on the site. 85. Hanna is the network administrator for her company. Hanna is responsible fo r all network functions, including corporate email. Hanna receives a call from the Director of Administration one morning saying he cannot access one of his ar chive files. Hanna goes to the director’s office and tries to open the archive fi le from inside his Outlook 2003 client. The program says that she needs a passw ord to open the file. Apparently, the director password protected the archive f ile without realizing it. What program could Hanna use to recover the archive p assword for the director? A. She could download and install PstPassword to recover the password of the arc hive file. * B. Outlook Revealer would be the best application to recover the password. C. Hanna could run ArchiveRestore to find the password for the archive file. D. She should use PwdRecover Toolset to retrieve the password for the archive fi le. 86. Heather is the network administrator for her company, a small medical billin g company in Billings. Since the company handles personal information for thous ands of clients, they must comply with HIPAA rules and regulations. Heather dow nloads all the HIPAA requirements for information security and begins an audit o f the company. Heather finds out that many of the billing technicians have been sending sensitive information in PDF documents to outside companies. To protec t this information, they have been password protecting the PDF documents. Heath er has informed all the technicians that this method of protecting the data is n ot safe enough. Why is using passwords to protect PDF documents not enough to s afeguard against information leakage?

A. This is not enough protection because PDF passwords can easily be cracked by many different software applications. * B. The technicians should not only rely on PDF passwords because the passwords a re sent as an attached text file went sent through email. C. Since PDF password protection alone does not comply with SOX; they should not solely rely on them for protection. D. PDF passwords are not reliable because they are completely stripped off from the documents once they are passed through email. 87. You are the IT manager for a small investment firm in Los Angeles. Includin g you, the firm only employs a total of 20 people. You were hired on last month to take over the position of the last IT manager that was fired. The last mana ger did not have any security measures in place for the firm’s network; which led to a data breach. You have decided to purchase the Check Point firewall model F irewall-1 to help secure the network. You have chosen this particular firewall because of its adaptive and intelligent inspection technology that protects both the network and application layers. What built-in technology used by Check Poi nt firewalls protects traffic on both the network and application layers? A. Check Point firewalls use the INSPECT technology. * B. They utilize built-in technology called SORT. C. You have chosen a Check Point firewall because of its adaptive STINGER techno logy. D. The built-in technology used by Check Point firewalls for traffic inspection is called SEARCH & DESTROY. 88. Dylan is the systems administrator for Intern Support Staffing, an IT staffi ng company in Oregon. All workstations on the company’s network are running Windo ws XP SP2 except for three laptops that run MAC OS X. Even though Dylan has set up and configured a hardware firewall for the company, a recent audit suggested he utilize application-level firewalls for all workstations and mobile computers . Dylan configures the Windows Firewall settings for the Windows computers. Dy lan then downloads and installs Doorstop X Firewall onto the MAC laptops. After installation, none of the MAC laptops can connect to any other computers on the network. Why are these laptops not able to connect to other computers after Dy lan installed Doorstop X Firewall? A. The laptops cannot connect because all TCP ports are protected by default whe n Doorstop X Firewall is installed. * B. They cannot make a connection because he needs to modify the firewall.conf fi le before they can use the software properly. C. Dylan needs to modify the local firewall.data files on all the MAC laptops be fore they can function properly. D. They cannot connect to other computers on the network because Dylan needs to install the “Network Services for MAC” piece on all the Windows workstations. 89. Geoffrey is the systems administrator for Veering Incorporated, a custom car manufacturer in California. Geoffrey administers the corporate Windows Server 2003 Active Directory network. He is also responsible for logical security. Al l computers are under one domain named veering.com. Geoffrey has organized all user accounts by placing them in an Organizational Unit (OU) named Company Users . He has also created another OU named Company Computers that contains all comp uter accounts. After implementing a strong password policy through Active Direc tory, the executive team tells Geoffrey the policy is too stringent for them and they would like their own policy. How can Geoffrey apply a different policy to the members of the executive team? A. Geoffrey must create a new domain and move their user accounts to that domain . * B. He needs to move their user accounts to a different OU, create a new password

policy for that OU, and deny the other policy from applying to that OU. C. Geoffrey needs to move their computer accounts to a different OU, create a ne w password policy for that OU, and deny the other policy from applying to that O U. D. He can create a WMI filter that keeps the current policy from applying to the ir machines. 90. Kevin is the systems administrator for Inktime International, an ink cartrid ge replacement company based out of New Orleans. €Kevin has been told by his boss that he needs to change the password policy on the network. Users are apparently reusing passwords over and over and changing them immediate ly whenever IT resets their passwords for them. Kevin s boss doesn t want users to be able to change their passwords so often or be able to change their password right after IT resets their passwords. €The comp any s network consists of one 2003 Active Directory domain. €What password policy settings does Kevin need to adjust to accomplish what his boss has asked him to do? (Select 2) A. Kevin needs to adjust the "Minimum Password Age" setting. * B. He should change the "Enforce Password History" setting in the Group Policy s ettings module. * C. Kevin should adjust the "Maximum Password Age" Group Policy setting. D. To accomplish what his boss has asked, Kevin needs to adjust the "Enforce Use r Change at Next Logon" policy. 91. Charlie is the systems administrator for his company, an aeronautics enginee ring company based in Dallas. Charlie is responsible for the entire network whi ch consists of one Server 2008 Active Directory domain. All user accounts are i n respective department Organizational Units (OU) such as Accounting Users, HR U sers, and so on. All computer accounts are in respective department OUs such as Accounting Computers, HR Computers, and so on. The user accounts for the compa ny’s management team are all under the Management Users OU. The computer accounts for the company’s management team are all under the Management Computers OU. Cha rlie has assigned a fine-grained password policy to only the management team bec ause they wanted a different password policy than the rest of the company. Acco rding to company policy, all user accounts must have a password expiration polic y applied to them. The management team does not want to have to deal with chang ing their passwords often like the other users. What is the maximum password ag e that Charlie can set for the management team in a Server 2008 Active Directory domain? A. The maximum age of a password in 2008 is 999 days. * B. This is not possible since only one password policy can be set per domain in 2008. C. The maximum age for passwords that Charlie can set for the management team is 9999 days. D. He can adjust the password policy to allow for up to 99 days on password age. 92. Sherral is the systems administrator for Trigon Technologies, a software dev elopment company in Wichita. She oversees the entire network which consists of one Windows Server 2003 Active Directory domain. To accommodate 20 new mobile u sers, Sherral has enabled Challenge Handshake Authentication Protocol (CHAP) and remote access to let the remote users get into the network from the outside. A fter applying these settings, Sherral receives calls from the remote users stati ng that they cannot authenticate with the network. What password policy change must she configure to allow the remote users access to the network? A. She must enable the “Store password using reversible encryption for all users i




n the domain” setting in the Default Domain Group Policy. * B. Sherral needs to disable the “Require Kerberos Authentication” setting in the Def ault Domain Group Policy. C. So that remote workers using CHAP can connect to an Active Directory domain, Sherral must enable the “Allow logon using CHAP” setting in the Default Domain Group Policy. D. To allow these new remote users access, she needs to enable the “Password must meet complexity requirements” setting. 93. Willem is the network administrator for his company, a toy manufacturing com pany in London. Willem manages the entire company’s network which consists of one Server 2003 Active Directory domain. Willem was hired on last month to replace the last administrator that retired. To Willem’s amazement, the company previous ly had no password policies in place. The CIO has just recently created new net work policies which include a comprehensive password policy. This new password policy states that every password setting in group policy must be set. After im plementing this new policy, many users are calling Willem and stating that they locked themselves out of their accounts. The CIO’s policy states that once a user locks him or herself out, they must wait a period of time until that account is unlocked. Willem has convinced the CIO to let him change that specific passwor d policy so that Willem must manually unlock user accounts when they call. What setting must Willem adjust to ensure that user accounts must be manually reset by him when they are locked out? A. Willem should change the “Account Lockout Duration” setting to zero minutes. * B. He needs to adjust the “Account Lockout Duration” setting to 99,999 minutes. C. By setting the “Account Lockout Duration” policy to disabled, he will have to man ually unlock every locked user account. D. William needs to change the “Account Lockout Threshold” to zero minutes. 94. Richard is the systems administrator for BillRight Incorporated, a medical b illing company in Minneapolis. Richard is currently writing the company’s IT secu rity policies. Based on instructions from the IT director, Richard has written the password policy to require complex passwords, passwords must be at least 8 c haracters, and user accounts will be locked out after 5 unsuccessful attempts to help prevent against brute force attacks. One of the IT policies also states t hat user computers must utilize a password protected screensaver that is activat ed after 20 minutes of inactivity. Richard wants the logon attempts to unlock a screensaver to apply towards the number of attempts that will lockout a user ac count if tried too many times. How can Richard apply this setting across the ne twork if it is running under one Windows Server 2003 Active Directory domain? A. Richard needs to enable the “Interactive logon: Require Domain Controller authe ntication to unlock workstation” setting in Group Policy. * B. He should enable the “Domain Controller: Require screensaver authentication to unlock” setting. C. This can be set in Group Policy by enabling the “Interactive logon: Require loc al SAM authentication to unlock workstation” setting. D. Richard can apply this setting network-wide if he enables “Domain Controller: A uthenticate workstation unlocking”. 95. Jerald is the systems administrator for his company. Jerald is responsible for all servers, workstations, and network security. Based on company policy, e very available auditing feature is turned on for the network through Group Polic y. Jerald comes in to work one morning and two of his Domain Controllers are co mpletely shut down. Jerald boots the two machines up and checks their event log s. Then Jerald checks the firewall logs to see if anything stands out. From th e event and firewall logs, it appears that a hacker was able to gain access to t he two servers using an old unused service account that had a weak password. Th e hacker then was apparently able to generate millions of erroneous events in th

e server event logs which caused them to shut down. What setting does Jerald ne ed to adjust to prevent this same issue from happening again? A. Jerald needs to disable the “Audit: Shut down system immediately if unable to l og security audits” setting. * B. He should enable the “Domain member: Do not shut down system if unable to log e vents” setting. C. To prevent the servers from shutting down in the future, Jerald needs to disa ble logging on those two Domain Controllers. D. Jerald should enable the “Audit: Do not shut down system if events can no longe r be logged” setting. 96. Raul is the network administrator for Davidson Pipe, an oil pipeline manufac turing company in San Antonio. Raul manages a team of 10 IT personnel which inc ludes two software developers. The company network consists of one Windows Serv er 2003 Active Directory domain. These developers have recently created a custo m inventory application that will run on one of the company’s servers and all the workstations. Raul has created a domain account on the network which will serve as the service account used by the new custom application. The developers have informed Raul that this service account will need to run as a process on client computers and will need to be able to use the identity of any user and access t he resources authorized to that user. Raul wants to make one centralized settin g change on the network to make sure the service account will work properly when running the application. What Group Policy setting can Raul edit to affect thi s change on the network? A. Raul needs to add the new service account to the list of users in the “Act as p art of the operating system” Default Domain Group Policy. * B. He should add the new service account to the users list in the “Act as SYSTEM a ccount on domain computers” Default Domain Group Policy. C. If he adds the new service account to the list of users in the “Impersonate a c lient after authentication” setting in the Default Domain Group Policy, the applic ation will work properly. D. He needs to add this service account to the users list in the “Replace a proces s level token” Default Domain Group Policy. 97. Louis is the senior systems administrator for the University of Eastern Wyom ing. Louis manages 25 IT technicians and junior systems administrators. The Un iversity’s network consists of one Windows Server 2003 Active Directory domain. A ll domain user accounts are contained in one Organizational Unit (OU) called Sta ff. All domain computer accounts are contained in one OU called Computer Accoun ts. Louis wants one of his junior systems administrators, Steven, to be able to add workstations to the domain. All computer accounts are added to the Compute r Accounts OU by default when they are joined to the domain. Louis has given th e “Add workstations to domain” permission to Steven’s user account, but he is still no t able to add computer accounts to the domain. What else does Louis need to do to ensure that Steven can add computers to the domain? A. Louis needs to give Steven “Create computer objects” permission for the Computer Accounts OU. * B. To allow Steven the permission to add computers to the domain, Louis needs to make Steven a Domain Admin. C. Steven needs the “Create nisMap Objects” permission for the Computer Accounts OU. D. Louis should give Steven the “Take ownership of” permission for the Computer Acco unts OU. 98. Jayson is the network administrator for Consultants Galore, an IT consulting firm based in Kansas City. Jayson is responsible for the company’s entire networ k which consists of one Windows Server 2003 Active Directory domain. Almost all employees have Remote Desktop access to the servers so they can perform their w

ork duties. Jayson has created a security group in Active Directory called “RDP D eny” which contains all the user accounts that should not have Remote Desktop perm ission to any of the servers. What Group Policy change can Jayson make to ensur e that all users in the “RDP Deny” group cannot access the company servers through R emote Desktop? A. Jayson needs to add the “RDP Deny” group to the “Deny logon through Terminal Servic es” policy. * B. He should add the “RDP Deny” group to the “Deny RDP connections to member servers” po licy. C. By adding the “RDP Deny” group to the “Deny logon as a service” policy, the users in that security group will not be able to establish remote connections to any of t he servers. D. Jayson should add the “RDP Deny” group into the list of Restricted Groups to prev ent the users from accessing servers remotely. 99. Phillip is the systems administrator for Photopia Incorporated, a camera man ufacturing company in Des Moines. Phillip is responsible for the company’s entire network which consists of one 2003 Active Directory domain. Some computer acco unts have been placed in a special Organizational Unit (OU) called Restricted Co mputer Accounts because those computers have been placed outside the firewall to allow for video conferencing. These computers are all running Windows XP SP2. These computers have very stringent group policies applied to them so they can be as secure as possible. In particular, the “Accounts: Administrator account sta tus” setting in group policy is set to disabled. While performing a security audi t, Phillip finds some hacking software on one of the computers in the Restricted Computer Accounts OU. He immediately takes that computer offline to keep it fr om infecting or contaminating any more computers. Phillip cannot logon to the c omputer as an administrator since the group policy was set to disable that accou nt. How can Phillip logon to this computer as administrator if he must keep if offline? A. Phillip can logon as the administrator if he boots the computer in Safe Mode. * B. If Phillip runs the gpupdate command on the computer, he will be able to logo n as the administrator. C. He needs to run the gpresult /force command on the computer. D. Phillip should boot the computer in VGA mode. 100. Lionel is an IT security consultant currently working on contract for a car manufacturing company in Philadelphia. Lionel has been brought in to asses the company’s network security state. This manufacturing company’s network is comprise d of one 2003 Active Directory domain. He has been given permission to perform any and all necessary tests against the network. Lionel interviews the IT staff for the company to get a feel for the logical security measures they have alrea dy put in place. The IT manager for the company says that the biggest security precaution they have taken is to rename the administrator account on the network . The manager believes that this will keep any hackers from ever using the admi nistrator account to perform attacks. Lionel informs the IT manager that while changing the administrator name is a good idea, the account can still possibly b e cracked. How can an administrator account still be cracked even though the na me has been changed? A. The SID for the administrator account does not change. * B. The administrator name will still be used if connecting through a NULL sessio n. C. An administrator account can still be cracked because the GUI for that accoun t does not change when the name itself is changed. D. It can still be cracked since the name is still stored in clear text as “admini strator” in the local SAM database.

Sign up to vote on this title
UsefulNot useful