This action might not be possible to undo. Are you sure you want to continue?
Jason is the network security administrator for Gunderson International, a gl obal shipping company based out of New York City. Jason’s company utilizes many layers of security throughout its network such as network firewalls, applicatio n firewalls, vlans, operating system hardening, and so on. One thing in particu lar the company is concerned with is the trustworthiness of data and resources i n terms of preventing improper and unauthorized changes. Since the company is g lobal, information is sent constantly back and forth to all its employees all ov er the world. What in particular is Jason’s company concerned about? A. Jason’s company is particularly concerned about data integrity. * B. Authenticity is what the company is most concerned about. C. The confidentiality of the company’s data is the most important concern for G underson International. D. The availability of the data is paramount to any other concern of the company . 2. Yancey is a network security administrator for a large electric company. Thi s company provides power for over 100,000 people in Las Vegas. Yancey has worke d for his company for over 15 years and has become very successful. One day, Ya ncey comes in to work and finds out that the company will be downsizing and he w ill be out of a job in two weeks. Yancey is very angry and decides to place log ic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing t o him. What would Yancey be considered? A. Yancey would be considered a Suicide Hacker. * B. Since he does not care about going to jail, he would be considered a Black Ha t. C. Because Yancey works for the company currently; he would be a White Hat. D. Yancey is a Hacktivist Hacker since he is standing up to a company that is do wnsizing. 3. Heather is a hacktivist working for Green Peace International. She has broke n into numerous oil and energy companies and exposed their confidential data to the public. Normally, Heather uses a combination of social engineering and DoS techniques to gain access to the companies’ networks. Heather has made over 50 fake ID cards and access badges to gain unauthorized access to companies to gain information as well. If Heather is caught by the federal government, what US l aw could she be prosecuted under? A. She could be prosecuted under US law 18 U.S.C § 1029 if caught. * B. Heather would be charged under 18 U.S.C § 2510, which entails the use of more than 15 counterfeit items. C. 18 U.S.C § 9914 is the US law that Heather would be prosecuted under since sh e used false pretenses to gain unauthorized access. D. Heather would serve prison time for her actions if prosecuted under US law 18 U.S.C § 2929. 4. Stephanie is the senior security analyst for her company, a manufacturing com pany in Detroit. Stephanie is in charge of maintaining network security through out the entire company. A colleague of hers recently told her in confidence tha t he was able to see confidential corporate information on Stephanie’s external website. He was typing in URLs randomly on the company website and he found inf ormation that should not be public. Her friend said this happened about a month ago. Stephanie goes to the addresses he said the pages were at, but she finds
nothing. She is very concerned about this, since someone should be held account able if there really was sensitive information posted on the website. Where can Stephanie go to see past versions and pages of a website? A. Stephanie can go to Archive.org to see past versions of the company website. * B. She should go to the web page Samspade.org to see web pages that might no lon ger be on the website. C. If Stephanie navigates to Search.com; she will see old versions of the compan y website. D. AddressPast.com would have any web pages that are no longer hosted on the com pany’s website. 5. You are the chief information officer for your company, a shipping company ba sed out of Oklahoma City. You are responsible for network security throughout t he home office and all branch offices. You have implemented numerous layers of security from logical to physical. As part of your procedures, you perform a ye arly network assessment which includes vulnerability analysis, internal network scanning, and external penetration tests. Your main concern currently is the se rver in the DMZ which hosts a number of company websites. To see how the server appears to external users, you log onto a laptop at a Wi-Fi hotspot. Since you already know the IP address of the web server, you create a telnet session to t hat server and type in the command: HEAD /HTTP/1.0 After typing in this command, you are presented with the following screen:
What are you trying to do here? A. You are trying to grab the banner of the web server. * B. You are attempting to send an html file over port 25 to the web server. C. You are trying to open a remote shell to the web server. D. By typing in the HEAD command, you are attempting to create a buffer overflow on the web server. 6. Kyle is a security consultant currently working under contract for a large fi nancial firm based in San Francisco. Kyle has been asked by the company to perf orm any and all tests necessary to ensure that every point of the network is sec ure. Kyle first performs some passive footprinting. He finds the company’s web site which he checks out thoroughly for information. Kyle sets up an account wi th the company and logs on to their website with his information.
Kyle changes the URL to:
This address produces a Page Cannot be Displayed error. Kyle then types in anot her URL:
What is Kyle attempting here? A. Kyle is trying incremental substitution to navigate to other pages not normal ly available. *
B. Kyle is using extension walking to gain access to other web pages. C. He is using error walking to see what software is being used to host the fina ncial institution’s website. D. By changing the address manually, Kyle is attempting ASP poisoning. 7. George is the senior security analyst for Tyler Manufacturing, a motorcycle m anufacturing company in Seattle. George has been tasked by the president of the company to perform a complete network security audit. The president is most co ncerned about crackers breaking in through the company’s web server. This web s erver is vital to the company’s business since over one million dollars of produ ct is sold online every year. The company’s web address is at: www.customchopp ers.com. George decides to hire an external security auditor to try and break i nto the network through the web server. This external auditor types in the foll owing Google search attempting to glean information from the web server: What is the auditor trying to accomplish here? A. He is trying to search for all web pages on the customchoppers site without e xtensions of html and htm. * B. The auditor is having Google retrieve all web pages on the Tyler Manufacturin g website that either have the extension of html or htm. C. He is attempting to retrieve all web pages the might have a login page to the company’s backend database. D. The auditor that George has hired is trying to find pages with the extension of html or htm that link directly to customchoppers.com. 8. Jonathan is an IT security consultant working for Innovative Security, an IT auditing company in Houston. Jonathan has just been hired on to audit the netwo rk of a large law firm in downtown Houston. Jonathan starts his work by perform ing some initial passive scans and social engineering. He then uses Angry IP to scan for live hosts on the firm’s network. After finding some live IP addresse s, he attempts some firewalking techniques to bypass the firewall using ICMP but the firewall blocks this traffic. Jonathan decides to use HPING2 to hopefully bypass the firewall this time. He types in the following command:
What is Jonathan trying to accomplish by using HPING2? A. Jonathan is attempting to send spoofed SYN packets to the target via a truste d third party to port 81. * B. He is using HPING2 to send FIN packets to 10.0.1.24 over port 81. C. By using this command for HPING2, Jonathan is attempting to connect to the ho st at 10.0.1.24 through an SSH shell. D. This HPING2 command that Jonathan is using will attempt to connect to the 10. 0.1.24 host over HTTP by tunneling through port 81. 9. Hayden is the network security administrator for her company, a large marking firm based in Miami. Hayden just got back from a security conference in Las Ve gas where they talked about all kinds of old and new security threats; many of w hich she did not know of. Hayden is worried about the current security state of her company’s network so she decides to start scanning the network from an exte rnal IP address. To see how some of the hosts on her network react, she sends o ut SYN packets to an IP range. A number of IPs responds with a SYN/ACK response . Before the connection is established she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system w ill log the traffic. What type of scan is Hayden attempting here? A. Hayden is using a half-open scan to find live hosts on her network. *
What would be the best password attack method for Lauren to use in this situation? A. The company’s internal network is connected t o the PBX phone system so that customized software applications used by employee s can use the PBX to dial out to customers.2. From one of the client computers running Linux. C. Paul is concerned about crackers br eaking into his network by way of the PBX. * B. you are attempting to connect to the SMB share on the host using an Anonymous connection.B. He is particularly worried about war dialing software that might try all of the company’s numbers to find a way in. By typing in this command. This security audit is required by company p olicy. Your network is comprised of Windows as well a s Linux servers. Hayden is attempting to find live hosts on her company’s network by using an XMAS scan. Paul is the systems administrator for One-Time International. THC Scan would be the best software program for Paul to use if he wants to be notified of war dialer attacks. Since Lauren knows that all state a gency passwords must abide by the same password policy. a large state-run agenc y in California. he will be notified by the software when and if anyone tries to crack into the PBX system. D. D. * B. you are performing vulnerability analysis. and many other techniques. A hyberfil-based password attack would be the best method of password crackin g in this scenario. brute f orce. Paul needs to use Roadkil’s Detector software to tell if a hacker is trying t o break into his phone system 11. . This audit she has been asked t o perform will be an external audit.* B. C. 10. she believes she can fin ish this particular task quickly. D. You are the chief security information analyst for your company Utilize Inco rporated. To prepare. Paul can use SandTrap which would notify him if anyone tries to break into th e PBX. Paul is in charge of the company’s older PBX system as well as its workstations and servers. You are currently preparing for a future security audit that will be performed by a consulting company. She is utilizing a SYN scan to find live hosts that are listening on her netw ork.121 host. This type of scan she is using is called a NULL scan. You are trying to connect to this host at the IPC share using the currently l ogged on user’s credentials.168. You are attempting to establish a null session on the 192. a computer man ufacturing company. If Paul uses ToneLoc. Lauren has been asked by the IT manager of another state agenc y to perform a security audit on their network. C. The first task that she has been asked to per form is to attempt to crack user passwords. You are trying to connect to the localhost share of the client computer. Lauren should use a rule-based attack on the agency’s user passwords. 12. scanning. C. What software utility can Paul use to notify him if any war dialing attempts ar e made on his PBX? A. Lauren can produce the best and fastest results if she uses a dictionary atta ck. Lauren is a network security officer for her agency. The IT manager thought that Lauren would b e a great candidate for this task since she does not work for the other agency b ut is an accomplished IT auditor. you open a com mand shell and type in the following command: What are you trying to accomplish? A.
Tyler is closing all open TCP and UDP sessions on the computer. Lyle’s responsibilities include network vulnerability scans. Tyler is using this command to find all the host records that are stored on t he local client computer. By using this command. * B. D. What type of virus has Lyle found on this computer? A. Seeing traffic on UDP ports 2140 and 3150 means that a computer is infected w ith the Bobax Trojan 14. By using the free antivirus software. After auditing the network at the home office without finding any issues. Lyle receives a help desk call from a user in the Accounting department. A client inside the network has been infected with the Deep Throat Trojan. On this port. Tyler is currently performing a network secu rity audit for the entire company. Tyler decides to l ook further. Lyle has found a tunneling virus on the computer. Tyler is trying to find out all the ports that are listening on this computer . a large law firm i n Beverly Hills. an online retail company based out of Los Angeles. After seeing some odd traffic on the firewal l going outbound to an IP address found to be in North Korea. he uses Wireshark to capture traff ic. The first tas k that Simon carries out is to set up traffic mirroring on the internal-facing p ort of that office’s firewall. Lyle does some research and finds that this vir us disguises itself as a genuine application on a computer to hide from antiviru s software. This command will show Tyler if there are any Trojan programs installed on th is computer. and IDS monitoring. C. he finds a huge number of UDP packets going both directions on ports 2140 and 3150. C. Lyle runs a scan on the computer with the company ant ivirus software and finds nothing. This type of virus that Lyle has found is called a cavity virus. Tyler logs onto this cl ient computer and types in the following command: What is Tyler trying to accomplish by using this command? A. * B.D. Simon is also an IT sec urity expert with over 10 security-related certifications. . Lyle has found a polymorphic virus on this computer. Alarmingly. Tyler is the senior security officer for WayUP Enterprises. 15. 13. Simon has been asked by the company CIO to perform a comprehensive security audit of the entire netw ork. he travels to one of the company’s branch offices in New Orleans. What is most likely occurring here? A. Most likely. The infected files appear to be Microsoft Office files since they are in the s ame directory as that software. a computer inside the network is infected with the SQL Slammer w orm. D. A ntivirus monitoring. Tyler traces the traffic back to the originating IP inside the net work. Lyle downloads another free antivirus applic ation and scans the computer again. Lyle is a systems security analyst for Gusteffson & Sons. This time a virus is found on the computer. D. This type of traffic is indicative of the Netbus Trojan. This user reports that his computer is runni ng very slow all day long and it sometimes gives him an error message that the h ard drive is almost full. She should utilize the reverse-encryption password cracking technique since she knows the password policy. * B. which he finds to be a client running Windows XP. Simon is the network administrator for his company. Lyle has discovered a camouflage virus on the computer. C.
He infects a couple of co mputers with the virus and waits for the users of those machines to use their em ail client. Xavier opens a command window and types in: ipconfig /flushdn s.Google. 18. D. C. Miles’ responsibilities include monitoring all network traffic inside the network and traffic coming into the network. * B. Neil has created a fake company ID badge and uniform. Miles is trying to capture all UDP traffic from client1 and the LAN except fo r traffic to client29. en C. He has been gi ven permission to perform any tests necessary. B. Javier is a network security consultant working on contract for a state agen cy in Texas. One of Xavier’s coworkers receives a help desk call from a user who is havin g issues navigating to certain sites on the Internet. D. This computer has obviously been hit by a Smurf attack. he receives numerous emails that were . Xavier is responsible for maintaining agency security policies. * From this behavior. and monitoring the overall health of the networ k. When he navigates to the previous sites. Javier decides to use the Reaper Exploit virus to see if he can exploit any weaknesses in the company’s email.16. Javier has been asked to test the agency’s network security from e very possible aspect. it takes him to Yahooo.com. Miles not ices some odd traffic originating from some client computers inside the network. After a short amount of time. When Xavier types in Yahoo. it is evident that the client computer’s DNS cache has be poisoned. On the university’s IDS. he is still directed to the wrong o nes. Neil has used a tailgating social engineering attack to gain access to the of fices. Xavier is a network security specialist working for a federal agency in Wash ington DC. This type of social engineering attack is called man trapping. Xavier’s coworker cannot figure out the issue so he hands it off to Xavier. This client computer has had the hosts file poisoned. * B. Xavi er checks the local DNS settings as well as the DNS settings on the server and t hey are correct. Xavier checks all the I P settings on the computer which are static and they appear to be correct. C. What issue is Xavier seeing here on the client computer? A. Xavier is seeing a computer that has been infected with an IRC bot Trojan. He has used a piggybacking technique to gain unauthorized access. He logs on to the user’s com puter and goes to a couple of websites the user said were having issues. This command will capture all traffic on the internal network except for traf fic originating from client1 and client29. Neil is an IT security consultant working on contract for Davidson Avionics.com. Miles decides to use Tcpdump to take a further look. He is trying to see all UDP traffic between client1 and client29 only. it takes him to Boogle. D. What type of social engineering attack has Neil employed here? A. When X avier types in www.com instead. Neil has been hired to audit the network of Davidson Avionics. Miles will be able to capture all traffic on the network originating from cli ent1 and client29 except UDP traffic. 17. Miles is a network administrator working for the University of Central Oklah oma.com instead. What is Miles going to accomplish by running this command? A. teac hing security awareness classes. Neil is using the technique of reverse social engineering to gain access to t he offices of Davidson Avionics. Neil waits by one of the company’s entrance doors and fol lows an employee into the office after they use their valid access card to gain entrance. 19.
You are going to attempt a teardrop attack to see if their network can handle the packets. What measures can Bill take to h elp prevent future reflective DoS attacks against the ISP’s network? (Select 2) A. One of the company’s primary concerns is how the corpor ate data is transferred back and forth from the banks all over the city to the d ata warehouse at the company’s home office. This Reaper Exploit virus takes advantage of the inherent insecurity in S/MIM E used by email clients like Outlook. Bill should have the ISP block port 179 on their firewall to stop these DoS a ttacks. This attack is called a SYN attack since the UDP packets are manipulated. D. Gerald is a certified ethical hacker working for a large financial instituti on in Oklahoma City. He should have them configure their network equipment to recognize SYN source IP addresses that never complete their connections. Email clients like Outlook are susceptible to this exploit because they utili ze XML and XMLS. he simply monitors the traffic that passes between it and the server. By changing the characteristics of the UDP packets in this manner. Bill is an IT security consultant who has been hired on by an ISP that has r ecently been plagued by numerous DoS attacks. To see what type of traffic is bein g passed back and forth and to see how secure that data really is. 22. so they hired Bill for his expertise. This type of attack is referred to as a Ping of Death attack since the packet s use confusing offset values. * C. W hat type of session attack is Gerald employing here? A. you are tr ying to use a Smurf attack against the company’s network. Ger ald hijacks an HTML session between a client running a web application which con nects to a SQL database at the home office. D. The ISP did not have the internal resources to prevent future attacks. 21. Bill needs to tell the ISP to block all UDP traffic coming in on port 1001 to prevent future reflective DoS attacks against their network. * B. C. The energy company has asked you to per form DoS attacks against its branch offices to see if their configurations and n etwork hardening can handle the load. this proving that the client computers are susceptib le to the Reaper Exploit virus exploiting their email clients. This exploit takes advantage of hidden form fields which are used by email cl ients such as Microsoft Outlook. you craft UDP pac kets that you know are too large for the routers and switches to handle. What type of attack are you going to attempt on the company’s network? A. used by Microsoft Outlook. * . You al so put confusing offset values in the second and later fragments to confuse the network if it tries to break up the large packets. * B. Gerald is currently performing an annual security audit of the company’s network. Gerald uses a session hijacking tool to intercept traffic between a server and a client. 20. D. Gerald is using a passive application level hijack to monitor the client and server traffic. You are an IT security consultant working on a six month contract with a lar ge energy company based in Kansas City. The Reaper Exploit uses the functionality of DHTML in Internet Explorer. Bills should configure the ISP’s firewall so that it blocks FIN packets that are sent to the broadcast address of the company’s internal IP range. * B. To perform this attack. C. What aspect of e mail clients does this exploit take advantage of? A. Gerald does not kill the client’s s ession.copied from those clients. Bil l looks through the company’s firewall logs and can see from the patterns that t he attackers were using reflected DoS attacks.
As well as monitoring the security state of the company’s net work. Now that the company has added over 100 more clients to accommodate new departments. his computer will send out messages to the network with the title of “You are in trouble!”. D. C. She needs to check the permissions of the HKEY_LOCAL_MACHINE\SOFTWARE\Microso ft\Updates registry key. Once the employee opens the email with this code. * B. Leonard notices an employee using Hotmail. a large s hipping company based out of New York City. Meyerson Incorporate d. Theresa must find some kind of tool to see whether the clients are up-to-date or not. In the past. Cheryl performs some quick searches online and finds a utility that will display a window on her desktop showing the current uptime statistics of t he websites she needs to watch. Theresa and her IT emp loyees manually checked the status of client computers on the network to see if they had the most recent Microsoft updates.B. What registry key permission should Theresa check to ensure t hat Qfecheck runs properly? A. T heresa is worried that the operating system hardening that she performs on all c lients is keeping the software from scanning the necessary registry keys on the client computers. This type of attack would be considered an active application attack since he is actively monitoring the traffic. 24. Theresa needs to look over the permissions of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Updates\Microsoft\Patches. The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micros oft must be checked. What will this code do on the employee’s computer once the email is opened? A. Theresa is the chief information security officer for her company. To prove a poin t. Leonard has recently finished writing security policies for the company that have just been signed off by management. she is re peatedly told that the software does not have the proper permissions to scan. Yahoo. 25. He is utilizing a passive network level hijack to see the session traffic use d to communicate between the two devices. Leonard sends an email to this users Hotmail account with the following code. 23. D. D. This has been put in place becau se of virus infections that started with web-based email. This code will install a counter on the employee’s computer that will count e very time that user opens web-based email. In order for Qfecheck to run properly. C. showing the ping time as well as a small graph that allows Cheryl to view the recent monitoring history. When Theresa runs the tool. employees are not allowed to use web-based em ail clients such as Hotmail. * B. This type of hijacking attack is called an active network attack. and Gmail. While walking through the office one day. she must ensure that the company’s external websites are up and running al l the time. This code will create pop-up windows on the employee’s computer until its mem ory is exhausted. a publishing c ompany in Boston. agreeing to abide by them or face disciplinary action. What tool is Cheryl using to monitor the compan y’s external websites? . This tool works by periodically pinging the web sites. C. One polic y in particular is being enforced. Every employee has had to sign off on the policies. Theresa decides to use Qfecheck to monitor all client computers. This HTML code will force the computer to reboot immediately. it must have enough permission to read HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Microsoft\Updates. Cheryl is a security analyst working for Shintel Enterprises. Leonard is the senior security analyst for his company.
Kevin is an IT security analyst working for Emerson Time Makers. Cheryl is using Acunitex. Kevin is attempting directory tran sversal. Daryl wants to ch eck it to ensure it is as secure as possible. Kevin believes that she was seeing another person. He is attempting a path-string attack to gain access to her mailbox. James performs some initial external tests a nd then begins testing the security from inside the company’s network. J ames has been asked to audit the network security of Yerta Manufacturing.dll. Kevin is trying to utilize query string manipulation to gain access to her em ail account. D.exe storedpwd. a watch man ufacturing company in Miami. To prove his point.com/mail. knows that Katy has an account with that same company. Kevin. Kevin logs into his email account online and gets the following URL after successfully logged in: http://www. The command to bring up this window is “KRShowKeyMgr”. The developer created a logon pag e for lottery retailers to gain access to their financial information. Daryl is the network administrator for the North Carolina Lottery.exe keymgr. She is using Emsa Web monitor to check on the status of the company’s website * Cheryl is utilizing AccessDiver to check on the websites’ status. What is Kevin attempting here to gain access to Katy’s mailbox? A. James fi nds some big problems right away. By changing the mailbox’s name in the URL. Cheryl has chosen to use Burp to check on the status of the company’s website 26.dll” to get the Stored Use r Names and Passwords window to come up. James had to type in “rundll32. To bring up this stored user names and passwords window. * B. What command did James type in to get this window to come up? A.youremailhere. C.exe storedpwd. ShowWindow”. Daryl tries to bypass the l ogon page and gain access to the backend. D. * B. The lottery recently hired on a web developer to create their website and bring all service s in house since the lottery’s website was previously hosted and supported by a third party company.com/mail. 27. 28. James is an IT security consultant as well as a certified ethical hacker.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any inform ation. James typed in the command “rundll32. D. Without knowing what any of the usernames and passwords are. James has a user logon to a computer and then Jam es types in a command that brings up a window that says “Stored User Names and P asswords”. a number of users that are working on Windows XP computers have saved their usernames and passwords used to connect to servers on the network. those users do not have to type in their credentials every time they want access to a server. B. Daryl is responsible for all network security as well as physical security. KRShowKeyMgr” to get the windo w to pop up.dll. who has an online email account that he uses for most of his mail. s.A. and the manager does not believe this is possible on Wi ndows XP. Daryl makes a number of attempts and . C. a tool manufacturing company in Phoenix. This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access. To monitor her company’s websites.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL to: http://www.youremailhere. This way. James typed in “rund ll32. After the developer creates the website. James tells the IT manager of Yerta M anufacturing about this. s. C. Kevin and his girlfriend Katy recently broke up af ter a big fight.
With this error checking. a chain of co ffee shops in the Seattle metropolitan area. Oliver is the network security administrator for Foodies Café. James will be able to see if there are any default sa user accounts in the SQ L database. Since these networks will be used by both internal airp ort employees and visitors to the airports. what will be the resulting speed of the wi reless networks? A. David is the wireless security administrator for Simpson Audio Visual. Because TCP error checking has no effect on the actual speed. David decided to go with the de fact o standard of 802. the airports’ w ireless networks will function at up to 11 mbps. Oliver is performing his quarterly security audit of the entire company. even though David has said this will slow down the wireless network connecti on speeds. blank passwords. Davi d was hired on after the company was awarded a contract with 100 airports to ins tall wireless networks.1 mbps since err or checking slows down the actual speed. This Select SQL statement will log James in if there are any users with NULL passwords. This statement will look for users with the name of admin. . From this error. C. The resulting speed of the wireless networks for the airports will be up to 2 48 mbps. If the page is susceptible to SQL injection. Jeremy comes u pon a login page which appears to allow employees access to sensitive areas on t he website. C. including each coffee shop the company ow ns. Daryl can deduce that the developer did not turn off friendly messages on the server. it will look in the Users table for usernames of admin * B. James types in the following statement in the username field: SELECT * from Users where username=’admin’ -. Since TCP error checking will be utilized.11b. Every airport wants to use 802. He can tell that the site is susceptible to SQL injection. the effective speed of the wireles s networks can be up to 5. a nd email addresses that end in @testers. * B.11b with TCP error checki ng.com%’ What will the following SQL statement accomplish? A. The home offi ce also has a wireless network which is used by employees.AND password=’’ AND email like ‘%@ testers. Jeremy has jus t been hired to perform contract work for a large state agency in Michigan. D. 29. D. 31. Jer emy’s first task is to scan all the company’s external websites. D. Jeremy is web security consultant for Information Securitas. Each café has a wireless hotspot that customers can utilize. While walking around the outside of the corporate office. What can Daryl deduce from this error message? A. * B.9 mbps. C. This particular error indicates that the page is vulnerable to buffer overflo ws. Daryl can see that the site is vulnerable to query string ma nipulation attacks.com. 30. Oliver sees a drawing on the sidewalk righ t next to his building.he gets the following error message every time. The resulting speed of the wireless networks will be up to 7.
168.254. no one could find how the hackers were able to get in.254.168. This particular symbol is used to tell others that a nearby wireless access p oint is using weak encryption. What is Jacob recommendin g the offices install for added security? A. He has recommended that these locations install stop-gap cages as an added se curity measure. What utility could Lonnie and his systems administrators implement on the company’s network to accomplish this? . This signifies a hacker has discovered that the company is using WEP encrypti on for its wireless network. He is recommending the offices install physical DMZ’s at their locations. D. C.254. 33. D.168. This command will block all TCP packets with NULL headers from reaching the I P address of 192. Although Lonnie and his administrators believed they were secu re. a railroad shipping company with offices all over the United States. Sydney types in the following command: iptables -A INPUT -s 0/0 -I eth1 -d 192. a hacker group was able to get into the network and modify files hosted on t he company’s websites. * B. Jacob has been told by the company’s president to perform a logical an d physical security audit for all the offices around the city. After searching through firewall and server logs. C.121.121. Sydney is using this command to allow all TCP traffic that is outbound from I P address 192. D. 32. Jacob finds that a number of offices need more physical security. Sydney has been fine tuning the firewall on many clients t o adjust for the best security.254. This command will allow TCP packets coming in on interface eth1 from any IP address destined for 192. Lonnie is the chief information officer for Ganderson Trailways. Lonnie decides that the entire network needs to be monitored for critical and essential file changes. * B.121. This mo nitoring tool needs to alert administrators whenever a critical file is changed in any way.What does this symbol signify? A. Sydney is an expert in Linux systems and is util izing IPTables to protect Linux clients as well as servers. Jacob is the IT manager for Thompson & Sons. After monitoring th e firewall log files. On top of these.254. Sydney will block all TCP traffic coming in on interfa ce eth1 to the IP address of 192. This means that someone knows the corporate wireless network is utilizing a a ccess points with MAC filtering and WPA encryption. Jacob is recommending that the offices install mantraps at their locations. By using this command. This symbol means that someone has found out that the company is using wirele ss networking with open access and restrictions. This cage will allow employees in the office to verify the customer’s infor mation before allowing them access into the building.121. a bail bondsman company in Minn eapolis. Lonnie had all his sy stems administrators implement hardware and software firewalls last year to help ensure network security. This type of physical security measure is called a piggyback box. 34. they implemented IDS/IPS systems thr oughout the network to check for and stop any bad traffic that may attempt to en ter the network.121 -p TCP -j ACCEPT What will this command accomplish for Sydney? A.168.168. Sydney is a certified ethical hacker working as the systems administrator fo r Galt Riderson International. * B. Jacob recommends that these o ffices add a cage that customers must pass through before entering the main offi ce. C.
essentially crashing the machine. Lonnie and his systems administrators need to use Loki to monitor specified f iles on the company’s network. Right before she is asked to leave. 36. The investigator tells Nathan that his company has to give up the encryption algorithms and keys to the government so they can . 35. Because the code is written in this manner. Nathan is the senior network administrator for Undulating Innovations. Lonnie could use Tripwire to notify administrators whenever a critical file i s changed.A. Neville has chosen to use Firew all Informer because it actively and safely tests devices with real-world exploi ts to determine their security state. What built-in technology used by Firewall Informer actively performs these exploit tests on network equipment? A. F. C. * B.) technology to actively test network devices. They can implement Strataguard on the network which monitors critical system and registry files. Firewall Informer uses Blade Software’s Simulated Attack For Evaluation (S. the marketing firm terminate s Ursula’s service and does not pay the rest of the money that is owed to her. 37. Neville is a network security analyst working for Fenderson Biomedics. The built-in technology used by Firewall Informer is a graphical user interfa ce version of Snort.Y. Firewall Informer utilizes a stripped down version of Loki to actively and sa fely check for possible exploits on network devices. it will create a buffer underflow if it is executed. D. D. Louis. When the US federal government steps in. Ursula writes a small application with the f ollowing code inserted into it. These programs allow these a gencies to send and receive encrypted email using proprietary encryption and sig ning methods. An employee at one of the state agencies has been arrested on sus picion of leaking sensitive government information to third world countries for profit. a med ical research company based out of London.A. a sof tware development company in Los Angeles. Neville has been tasked by his super visor to ensure that the company is as secure as possible. Ursula has been hired on to help str eamline the company’s website and ensure it meets accessibility laws for that st ate.* B. This code Ursula has inserted into a program will create a format string bug if executed.A.E. SnortSam would be the best utility to implement since it keeps track of criti cal files as well as files it is told to monitor. * B. What will this code accomplish? A. Neville first examin es and hardens the OS for all company clients and servers.S. Nathan’s company typically develops s ecure email programs for state and local agencies. The technology used to actively perform exploit checking in Firewall Informer is Blade Software’s Exploit Awareness Safety Yield (E. D. This code that Ursula has written will cause the computer it is run on to thr ow up a URI exception error. they seize the employee’s comp uter and attempt to read email he sent but are not able to because of the encryp tion software he used. Neville wants to che ck the performance and configuration of every firewall and network device to ens ure they comply with company security policies.). Nathan receives a call from an investigator working for the CIA on this particular case. C. After completing all the work that was asked. C. Ursula is a network security analyst as well as a web developer working on c ontract for a marketing firm in St. This code will create a buffer overflow if the application it resides in is r un.
Zane prim arily focuses on checking the time validity of session tokens. To streamline online purchases. This analysis would be considered a vulnerability analysis. C. This initial analysis performed by Charlie is called an Executive Summary. She has decided to implement ElGamal signatures since they offer more reliabi lity than the typical DSA signatures. and expiration of session tokens while translating from SSL to non-SSL re sources. Recent US regulations have forced the company to implement stronger and more secure means of communication. What type of signature has Justine decided to implement? A. * B. Justine now nee ds to implement robust digital signatures to ensure data authenticity and reliab ility. the government has the right to ob tain proprietary information from Nathan’s company under Juris Prudence laws. The investigator can ask for and obtain the proprietary information due to Ha beas Corpus laws. * B. the programming department has de veloped a new web application that will keep track of inventory and check items out online for customers. This type of analysis is called GAP analysis. showing the company where its weak p oints are. Under what right does this investigator have to ask for the encryption algorithms and keys? A. a mechanical engineering company also in Denver. These signatures are more e fficient than DSA and are not vulnerable to a number field sieve attacks. Charlie has performed a BREACH analysis. Charlie has recently been hired by Fleishman Robotics. C. D. D. length of those t okens. These types of signatures that Justine has decided to use are called RSA-PSS signatures. The federal government can obtain encryption keys from companies under the Go vernment Access to Keys (GAK) rule. Charlie asks to look over the current company security policies. Charlie is an IT security consultant that owns his own business in Denver. What type of web application testing is Zane primarily focusing on? . Justine is now utilizing SHA-1 with RSA signatures to help ensure data reliab ility. * B. From this information. a cust om car manufacturing company in San Francisco. D. This report then becomes the basis for all of Charlie’s remaini ng tests. 38. 39.read the email sent by the accused state employee. The CIA investigator can obtain the proprietary keys and algorithms from Nath an’s company due to Eminent Domain laws. C. 40. Since this has turned into a federal case. Justi ne and other administrators have been put in charge of securing the company’s di gital communication lines. What type of initial analysis has Charlie performed to show the compa ny which areas it needs improvements in? A. After signing service level agreements and other contra ct papers. Bas ed on these policies. Justine has decided to use ECDSA signatures since they are more efficient tha n DSA signatures. an international shipp ing company with offices all over the world. Zane is a network security specialist working for Fameton Automotive. Zane is responsible for ensuring that the entire network is as secure as possible. Justine has decided to implement digital signatures which are a variant of DSA and that operate on elliptical curve groups. Since this application will be critical to the compan y. Charlie compares the policies against what is actually in place to secure the company’s network. Charlie is able t o produce a report to give to company executives showing which areas the company is lacking in. Justine is the systems administrator for her company. After implementing email encryption. Zane wants to test it thoroughly for any security vulnerabilities. Much of the company’s busine ss is performed online by customers buying parts and entire cars through the com pany website.
This seems to have no affec . By typing in: http://172. * B. Zane is putting most of his effort into component checking. These MAC users ar e running on the MAC OS X operating system. Tommy. calls Giles and says that his computer is running very slow.tgz to all the other MAC users. Michael is an IT security consultant currently working under contract for a large state agency in New York. On Tommy’s computer. Paulette could type in: http://172. D. C. Paulette is the systems administrator for Newton Technologies. except for some designers that prefer to use MACs. a graphics design compan y based in Dallas. All network equip ment at the home office and branch offices are Cisco equipment.A. This behavior is indicative of the OSX/Inqtana.B virus.A virus.254. Paulette is currently performing the yearly security audit for the company’s ent ire network which includes two branch offices. C. To test this.110. Paulette travels to one of the b ranch offices to perform an internal audit at that location. Giles also sees that many of the computer’s appl ications appear to be altered. Paulette wi ll be able to see if the Cisco router is vulnerable. Most of the network is comprised of Windows servers and work stations. The path where the files should be has an altere d file and the original application is stored in the file’s resource fork. The agency’s network has come u nder many DoS attacks in recent months.16.255/level/99/exec/show/config/cr. 43. He is testing the web application’s configuration verification. If one o f the router’s IP addresses is 172. one of these MAC users.16. She needs to navigate to: http://172.16. He uses a random username and tries to input a very l arge password to see if that freezes up the router. Paulette wants to check for a particular arbitrary administrative access vulnerability known in Cisco equipment when certain HTTP requests are made to those routers. Giles has discovered an apparent infection of the OSX/Tr ansmitter. 220.127.116.11/level/121/exec/show/admin/config. what HTTP request could Paulette u se to see if that router is vulnerable? A. Michael has been given permission to perform an y tests necessary against the agency’s network. Zane’s testing is concentrated on input validation. Giles has found the OSX/Leap-A virus on Tommy’s computer. She uses Send ICMP Nasty Garbage (SING) to find all the routers in the network.16. she would be able to see if the router is vulnerable to arbitrary administrative acc ess attacks. so the agency’s IT team has tried to tak e precautions to prevent any future DoS attacks. Giles then gets more calls from the oth er MAC users saying they are receiving instant messages from Tommy even when he says he is not on his computer. Giles is the network administrator for his company.110/level/22/exec/show/config/cr to check if the router is vulnerable. Tommy says he never sent those files.97.168. * B. He opens iChat on Tommy’s computer and it sa ys that it sent a file called latestpics. 41. He has discovered OSX/Chat-burner virus on Tommy’s computer.110:2209 to check for its vulnerab ility. C.16. He is most focused on testing the session management of the new web applicati on. By focusing on those specific areas. Giles immediately unplugs Tommy’s computer from the network to take a closer look. Paulette hol ds certifications in both Microsoft areas as well as security such as the CEH. D.28. * B. If she typed in: http://172.28. What has Giles discovered on Tommy’s computer? A. Michael attempts to gain unauthorized access or even overload one of the agency’s Cisco routers that is at IP address 192. D. Michael first creates a telnet session ov er port 23 to the router. These MAC users also utilize iChat to talk between each other.28.
97 -t. About a year ago. the company has hired on Cindy to ensure that all mobile devices used by em ployees are secure. If he listens on UDP port 1219. D. these devic es are vulnerable and she is able to gain access to the corporate network throug h the Blackberry devices. Cindy has used Blackjacking to gain access to the corporate network. As it turns out.97 would make the router freeze. This would be considered a Berryjack attack since it attacks Blackberry devic es. Ping -l 254 192. 45. To prove a point.168.168. D. Henry is the network administrator for a large advertising firm in Chicago. * B. If Michael used the command: ping -r 999 192. * B. C. Richard is usin g one of his Bluetooth enabled cell phones and a Bluetooth enabled laptop to mak e a demonstration on how to steal information from a wireless device through a B luetooth connection. he will be able to see the traffic. 44. The command: finger -l 9999 192. These mobile devices are the company’s main concern as far as ne twork security. As well as ensuring overall network health. vulnerability assessments and penetration tests to check for n etwork security. one of the company laptops was stolen from a sales person and sensitive company information was stolen from it. He should have his device listen on UDP port 16999 to see the traffic passed from the Palm device.254. Cindy then uses the BlackBerry Attack Toolkit along with BBProxy to ch eck for vulnerabilities on the blackberry devices. In particular. What type of attack is Richard demonstrating here at the conference ? . Because of t his. Henry wants to show the IT manager at that br anch office how insecure some of those mobile devices are.168. a computer manufacturing company based in Dallas. Henry has been asked to travel to one of the company’s branch offices in Taylor Texas to perform a security audit. What type of attack has Cindy used to gain access to the network through the mobile devices? A. Right away. he could freeze up the router and then attempt to gain access. Cindy has configured Bitlocker on those devices for hard disk enc ryption.t on the router yet. Richard shows how to connect to the OBEX Push target and h ow to perform an OBEX GET request to pull the address book and calendar off the cell phone.97 -t.254. he wa nts to point out the sensitive information that Palm devices can pass when using HotSync to synch itself with a computer. Cindy is a certified ethical hacker working on contract as an IT consultant for Dewdrop Enterprises. and laptops. Cindy is using a MITM attack by using Blackberry devices.168. Henry is responsible for performing security audits. * B.254. Richard is an IT security expert currently making presentations in Las Vegas at a logical security conference. What UDP port should Henry listen on that is used by the Palm OS to find sensitive information? A. 46.254. Richard’s specialty is in Bluetooth technolo gy and different ways to take advantage of its vulnerabilities. What other command could Michael use to attempt to freeze up the router? A. Blackberrie s.97 -m would force the router to free ze. C. This type of attack would be called Skipjacking since it is utilizing mobile devices to gain access to a corporate network. Henry notices how many mobile devices that branch office utilizes including PDA’s. Dewd rop has many sales people that travel all over the state using Blackberry device s and laptops. Henry needs to have his device listen on UDP port 14001. Henry should listen on UDP port 14237 to see the traffic passed back and fort h when using HotSync. C. Since many of the employees are now using new laptops with Windows Vista. D. Michael could use the command: ping -l 56550 192.
she attends a VoIP security seminar which she finds very informative. she finds ou t. so he asks for a demonstration. C. This. William is responsible for ensuring complete network security. * B. Vicki also learns that there is a default remote debugger on all th ese phones that listens on a specific port in case a remote administrator needs . D. what can Blake deduc e about these ports? A.A. is also what the VoIP phone manufacturer installed on all her company’s new V oIP phones. Vicki is the IT manager for her company. 48. Thwarting Enterprises installed a Cisco VoIP system th roughout their office to replace the older PBX system. This attack overloads the phone and William is able to do whatever he wants to with the device now. William uses Logic al Link Control and Adaptation Layer Protocol ( L2CAP) to send oversized packets to his boss’ phone. He is showing how to perform a Bluejacking attack by exploiting the inherent weaknesses in Bluetooth connections. Vicki and her employees install all the phones and set up the servers needed to run the new system. William obliges his boss by setting up an attack wit h his personal laptop and his boss’ Bluetooth enabled phone. Blake has been recently hired on my Thwarting Enterprises. an online retail business in Seattl e. C. specializing in PBX and VoIP implementat ion testing. D. William’s boss doesn’t believe that Bluetooth devices are a security risk. Richard is demonstrating how to perform a BlueBack attack . The company heard through contacts that Blake was t he best in the business as far as examining and securing VoIP network implementa tions. William has performed a Bluesnarf attack on his boss’ phone. This type of attack is called a BlueDump attack. a large la w firm in Miami. Blake is an IT security consultant. This attack that Richard is demonstrating is called a BlueSpam attack. Richard is demonstrating Bluesnarfing by stealing information from a wireless device through a Bluetooth connection. After about three months of setup. William was able to demonstrate to his boss how to perform a Bluejacking atta ck. Blake can tell that these ports are not being used. is trying to convince the owners of the firm to purchase new Blackberry devices and new Bluetooth enabled laptops. D. Blake can deduce that the ports that respond with this error are open and lis tening. About a year ago. Almost all of the ports respond wit h the error of “ICMP port unreachable”. Blake first begins his testing by finding network devices on the network that might be used for VoIP. the IT director. everything has been completed and the system is finally stable. Because she is not very famil iar with VoIP security. Vicki was recently given budget approval by the CIO to purchase 100 VoIP pho nes and all the VoIP networking equipment needed to make a complete VoIP impleme ntation. * B. * B. William is the senior security analyst for Cuthbert & Associates. He can tell that these specific ports are in hybrid mode. William’s boss. or lack thereof. From these errors. Blake finds a target on the n etwork that looks promising and begins to perform a scan against it by sending p ackets with empty UDP headers to each port. a broke rage firm in New York City. They have now brought Bl ake in to test its security. At the conference. One interesting piece of information she learns of is that most V oIP phones are installed with an imbedded OS called VxWorks. C. What type of attack has William just demonstrated to his boss? A. From this error. 49. This specific error means that the ports are currently in stealth mode. William h as been telling his boss that using Bluetooth devices like that is not secure. Blake pref ers to use UDP scanning because of its quickness. He has shown his boss how to perform a Bluesmacking attack. 47.
he made sure they were as state of the art as possible. 50. so ftware. When Steven purchased these tags. he hopes that SPAMMERS will see this and move on to easier a nd faster targets. Jacob is the systems administrator for Haverson Incorporated. D. The technology used to disable an RFIP chip after it is no longer needed. He is using the technique called teergrubing to delay SMTP responses and hope fully stop SPAM. Leonard is trying to use the Transparent SMTP Proxy technique to stop incomin g SPAM. or possibly stolen. One feature he really liked was the ability to disable RFID tags if necessary. Leonard is using the technique called Bayesian Content Filterin g. SPAM being sent to company email addresses has become a large problem within the last year for them. All Steven has to do is disable the RFID tag on the sold equipment and it cannot give up any information that was previously stored on it. What port should Vicki block at the firewall so no external connections can be made directly to the VoI P phones? A. What technique is Leonard trying to employ here to stop SPAM ? A. C. To keep track of everything. 52. turns on M X callbacks. * B. These RFID tags hold as much informati on as possible about the equipment they are attached to. RFID Kill Switches built into the chips enable Steven to disable them. By responding slowly t o SMTP connections. they do not prevent much of the SPAM from coming in. Leonard starts by adding SPAM prevention software at th e perimeter of the network. and oil well equipment. white list.to do some troubleshooting. Leonard is a systems administrator who has been tasked by his supervisor to slow down or lessen the amount of SPAM their company receives on a regular basis . Steven is the senior network administrator for Onkton Incorporated. She should block UDP port 21972 at the firewall to keep the remote debugging feature on the VoIP phones from being used. 51. Newer RFID tags can be disabled by using Terminator Switches built into the c hips. D. and uses heuristics to stop the incoming SPAM. she decides to block the necessary port on the firewall to save time. This technique that Leonard is trying is referred to as using a Sender Policy Framework to aid in SPAM prevention. While these techniq ues help some. To stop SPAM. is called RSA Blocking. This comes in very handy when the company actually sells oil drilling equipment to other co mpanies. D. * B. The company’s RFID tags can be disabled by Steven using Replaceable ROM techn ology. Vicki needs to block TCP port 17185 at the firewall to prevent the default de bugger program from communicating outside the network. including computers. She needs to block any traffic on the firewall coming in on or going out on T CP port 4290. Leonard dec ides to use a technique where his mail server responds very slowly to outside co nnected mail servers by using multi-line SMTP responses. Steven has decided to use RFID tags on their entire inventory so they can be scanned with either a wireless scanner or a handheld scanner. What techn ology allows Steven to disable the RFID tags once they are no longer needed? A. a food process . C. an oil w ell drilling company in Oklahoma City. * B. Inste ad of going to each and every new phone to turn off this feature. Vicki sees this as a large security problem. TCP port 9121 should be blocked at the firewall to keep anyone from using the remote admin debugging software. He then builds a black list. Steven and his team of IT technicians ar e in charge of keeping inventory for the entire company. C.
After breaking through the disk encryption. * B. Stephan and his team were able to read files and their contents on the computer. What fi . Lyle begins to test different aspects of the network. What is the default user account created for Oracle database s when the create database command is used? A. These are called Web 2. John is the senior research security analyst for Terror Trends International . eBay. Oracle creates the default user account DEFAULT when the create database comm and is used. D. he wants to lock those machines down as much as possible. inclu ding everything from mobile users to internal databases. C. specifical ly cyber Jihad. These collaborative areas on the Internet are called Centrix environments.inf and UsbStor. he should rename the USBFile.pnf. and even environments like Second Life. What are thes e Internet communication environments referred to? A. Jacob wants to make sure that no one can use USB flash drives on those computers. while still allowing USB mi ce and keyboards to work. currently working out of Am sterdam. 54. The default user account created for Oracle databases is called OUTLN. * C. Lyle is able to exploit the default user accounts that were created fo r these databases. Jacob is responsible for all equipment on the network as well as network security. Jacob should delete the registry key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentCont rolSet\Services\Usbhub D. By using these new communication method s. 55. a large state agency i n Florida. The default account created when using the create database command on Oracle databases is called SYSOP. 53. Environments such as these used by terrorists and common people alike are cal led Symbiotic Networks. t he other files used by the application were not in that same directory.ing company in Boston. Lyle has been charged with performing a security audit to comply with state regulations that were just passed. it has made the job of John and his research team much harder. D. These environments are often referred to as Internet2. Stephan is the senior security analyst for NATO. He needs to rename the files UsbStor. They appear to be using technologies like social-networking sites. What can Jacob do to prevent USB flash drives from wo rking on these publicly available computers? (Select 2) A. Lyle is the network security analyst for his company. To disable USB drives. Jacob wants to make some changes on the network to ensure network security. Jacob needs to change the registry value to “4” at HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\UsbStor\Start * B. a research foundation that provides terrorism information to companies as well as governments.sys and StoreDrive. After finding this out. Stephan has been assigned to research terrorist activities. Through transl ated bulletin posts and intercepted email communications. Stephan was recently given a computer that was seized from a te rrorist cell in London. C. SYSTEM is the default user account created in Oracle. * B.0 environments. After attending the CEH class and passing the CEH te st. including the ma ny Oracle databases that are utilized. they have seen terrori st and extremist groups use less conventional means of communication on the Inte rnet. Stephan f ound a copy of Mujahedeen Secrets 2 in a hidden folder that the terrorists were apparently using to hide their communications on the Internet. Unfortunately.inf fi les. Lyle is responsible for ensuring the agency’s network security. Lyle finds out that the Oracle DBA creat ed all of the databases with the simple create database command. Since there are three company computers in a publicly accessible area. John and his team have been monitoring terrorist cyber traffic for over eight years now and have noticed an interesting trend.
Jacob decides to install a couple of other free browsers that have pop-up blockers. * B. C. 57. Stephan and his team need look for the file LockedAsrar. The scans return no results. Jacob downloads free spyware and adware removal software to scan these computers.db. Frederick should tell his boss that the application can make a maximum number of 99 passes to delete a file. Natalie is the IT security administrator for Sheridan Group. including its security. One of Frederick’s colleague s was able to obtain a copy of Mujahedeen Secrets 2 for him to check out. This application is able to make a maximum number of 5 passes over a file to completely delete it from a computer. a comp any that sells paper. soci al networking sites. To block pop-ups. He should search on the computer for Secrets2. He can manually add the registry key of “HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\CurrentVersion\BlockPopups” with a value of “1”. These users’ computers are all running Windows XP SP2. D. What should Frederick’s an swer be? A.0. Since the help file was in Arabic.le should Stephan look for on the computer if he wants to find the file that sto res all the keys used by Mujahedeen Secrets 2? A. Frederick was only able to research and look through half of the application. Jacob has recently been receiving numerous calls from users stating that they receive pop-ups all the time.1. and other extremist websites.0. What no-cost set ting could Jacob make to stop pop-ups on these computers? A. Frederick’s boss asks him specifical ly about the File Shredder module of the software. Natalie has been getting reports from the help desk th at users are having issues when they go to a particular vendor’s website.db on the computer.C. Jacob is responsible for the entir e corporate network. Fre derick had to translate the 60 some odd pages which took him over 6 hours. which Frederick was not able to research.db. Jacob does not have any money in his budget to buy any commercial products to stop this issue. Stephan needs to look for AsrarKeys. D.db on the computer. By t he time that his boss’ briefing came around. They report strange browser behavior such as pop-ups. * B. * B. an investment c ompany based in Detroit. Stephan should l ook for KeyFob. Jacob can modify the Windows Firewall settings on these computers to block po p-ups. Jacob can edit the hosts file on these computers by adding the addresses of t hese pop-up sites and pointing them to 127. Frederick is a security research analyst for the Department of Defense. To find the file used by Mujahedeen Secrets 2 to store keys. 56. bro . and the co mputers still receive numerous pop-ups. 58. C. Frederick should reply by saying that the application can make a maximum numb er of 299 passes. Mujahedeen Secrets 2 can be set to make a maximum number of 10 passes over a file to delete it from a computer. and the computers are still getting numerous pop-ups. C. a heating and ai r conditioning company based out of Wichita. Fre derick was recently assigned to the cyber defense unit based in Washington D. he can edit the hosts file on these computers and add entri es for the pop-up sites and point them to the broadcast address for their partic ular subnet. Jacob is the network administrator for Richardson Electric. D. Jacob checks their Internet E xplorer settings and the pop-up blocker is on for every machine. he tells Frederick he wants to be briefed on eve ry aspect of the software within 2 days. When Frederick’s boss hears of this. He has been researching terrorist activity online through bulletin boards. Frederick’s boss wants to know what the maximum number of passes t he program uses when deleting files from a computer.
a news story leaks about the stolen laptops and also that sensitive information from those computers was posted to . but receives an error that it cannot start. She has discovered an apparent use of stegonagraphy in the source code. and spyware and turns up nothing. Bonnie decides to download an d install NetDefender on her Windows computers to block malicious traffic. Natalie has discovered Web Bugs in the source code.com quite a bit du ring this free time to stay in touch with friends. * B. What could Michelle do t o still gain access to Myspace. Your company has over 250 servers running W indows Server. even though it is now prohibited by an IT policy. This type of code is indicative of a Web Virus. adware.net to navigate to Myspace. C. 10 of your company’s laptops were s tolen from salesmen while at a conference in Amsterdam. Last week. C. She can turn off Windows Firewall on her computer. Michelle can use Proxify. She is able to perform much of her job through her home network when performing exte rnal footprinting. and so on. W hy can’t Bonnie get NetDefender to start on her Windows computers? A. She uses two desktops that run as servers for her home network. similar to those being provided by the vendor. Bonnie sees some odd tra ffic trying to connect to her internal computers. Michelle goes to Myspace. You are the CIO for Avantes Finance International. One day. D. Natalie has one of these users navigate to the vendor’s website and sees the o dd browser behavior. Bonnie is an IT security consultant currently working out of her home.com? A. Bonnie also utilizes an IDS to watch any tr affic that might try to get into her network. 60. To get NetDefender to work properly. Michelle can edit her local hosts file to get around the Internet filter. What has Natalie discovered here in the source code? A. B. While doing damage assessment on the possible public relations nightmare this may become. Nata lie scans these computers for viruses. and so on. After a new IT policy is imp lemented. She can navigate to Redirect. 59. Michelle works on a Windows XP SP2 computer. 61. She cannot get NetDefender to work because it is only meant to run on Linux-b ased computers. These users also state they have been getting SPAM related to paper products. D. 5000 workstations running Windows Vista. and 200 mobile users wor king from laptops on Windows XP. Michelle is a CPA working in the Accounting department for Beyerton & Associ ates. She needs to stop the Windows firewall before starting NetDefender. letting her navigate to Myspace. C.com to serve as a proxy. Natalie decides to take a look at the source code of that website to see if she can pull out anything of use. Bonnie has a number of computers running on different operating systems from Windows XP SP2 to Fedora. This leaves her about 2 hours a d ay where she can surf the Internet. * B. Michelle really wants to go to Myspace to stay in touch with the people she kn ows. a global finance company based in Geneva. scanning. Michelle’s daily duties tak e up about 6 hours out of her 8 hour workday. Bonnie needs to allow TCP port 559 in th e Windows firewall settings.wser redirection. handing out DHCP numbers. B onnie tries to start NetDefender. sites like Myspace are blocked so users cannot get to them. * She has found hidden Form Fields in the source code of the vendor’s website. performing DNS lookups. All of her Windows computers are running Windows XP SP2 with the default install. She cannot start NetDefender because the computers are getting dynamic IPs. D. You are responsible for network functions and logical security throughout the entire corporation. Natalie finds many places i n the source code referring to a jpg file that is only one pixel in height and o ne pixel in width. and pen testing. These laptops contained proprietary company information. The IT de partment is using an Internet filter to block specific websites such as Myspace.
When a laptop is classified as missing or stolen. specializing in social engineering and external penetration tests. a subco ntractor for the Department of Defense. This software sets off a loud alarm when sent a signal from an administrator. What method is used by PAL PC Tracker to notify administrators of a laptop’s location? A. PAL PC Tracker can send stealth email to a predetermined address whenever a t racked computer is connected to the Internet. After meeting with the female employee numero us times. * B. Lori is a certified ethical hacker as well as a certified hacking forensics investigator working as an IT security consultant. PAL PC Tracker sends a page to a predetermined phone number through any wirel ess signal it can find. know about Shayla’s work she will be doing. the sensitive information on the laptops would not have leaked out. The executive team believes that an employee is leaking infor mation to the rival company. C. alerting anyone in the vicinity of the laptop. Because she does not have any legal access herself. she would be co nsidered a Pure Insider. Tommy is the systems administrator for his company. D. Lori is told that a rival marketing compan y came out with an exact duplicate product right before Kiley Innovators was abo ut to release it. She searches by email being sen t to and sent from the rival marketing company. You should have used 3DES which is built into Windows. Lori questions all employees. Shayla’s first step is to obtain a list of employees through co mpany website contact pages. C. a large marketing firm that recently underwent a string of theft s and corporate espionage incidents. One day. If you would have implemented Pretty Good Privacy (PGP) which is built into W indows. 64. Shayla would be considere d an Outside Affiliate. Lori is then given permissio n to search through the corporate email system. a large law firm based i n New York City. You could have implemented Encrypted File System (EFS) to encrypt the sensiti ve files on the laptops. C. Then she befriends a female employee of the compan y through an online chat website. What built-in Windows feature could you have implemented to prot ect the sensitive information on these laptops? A. Since Shayla obtained access with a legitimate company badge. Due to laptop theft within the last couple of years. Shayla has been hired on by Treks Avionics.a blog online. he has to administer over 100 laptops. Shayla is an Insider Associate since she has befriended an actual employee. She would be considered an Insider Affiliate. You should have utilized the built-in feature of Distributed File System (DFS ) to protect the sensitive information on the laptops. Sh ayla steals the employee’s access badge and uses it to gain unauthorized access to the Treks Avionics offices. No emp loyees for the company. 63. D. 62. She finds one employee that app . and firewall logs. * B. after which she finds nothing. Since Tommy’s company employs many telecommuters and mobile us ers. Shayla has been given authority to perf orm any and all tests necessary to audit the company’s network security. reviews server logs. Tommy chose this software because of its ability to track equipment and its ability to notify administrators if the laptop has b een stolen. PAL PC Tracker will send HT TP messages to a predetermined website when the equipment is connected to the In ternet. * B. Shayla is an It security consultant. Lori has been hired on by Ki ley Innovators. other than the IT director. Tommy has convinced management to purchase PAL PC Tracker to i nstall on all company laptops. What type of insider threat would Shayla be cons idered? A. Shayla is able to gain her trust and they become friends. D.
D. the ir policies state that everything is forbidden. Since the last manager did not implement or even write IT policies. Per his supervisor. printing them. C. only finds picture files attached to them. all employees must sign and agree to the policies or face disciplinar y action. These files seem perfectly harmless. ten other employees will be under another since they work on comp uters in publicly-accessible areas. * B. After only one week. this would be considered a Tar Pit. Marshall was just hired on two months ago after the last information security manager retired . Tarik has fine-tuned the ACL’s to where no one can access info rmation outside of their department’s network folder. To catch anyone that migh t attempt to access unauthorized files or folders. The method used by the employee to hide the information was logical watermark ing. network file access. D. By using the pictures to hide information. Lori decides to use some special software to further examine the pictures and finds that each one had hidden text that was stored in each picture. In each document. The employee used steganography to hide information in the picture attachment s. he places headers and foo ters that read “Do Not Print or Save”. What tech nique was used by the Kiley Innovators employee to send information to the rival marketing company? A. Marshall has written tw o sets of policies. even though they should have no reason to be communicating with them. Tarik creates many fake HR documents referring to personal informat ion of employees that do not exist. 66. Since this was set up on an internal network. Tarik has set up a Honeytoken to catch employees accessing unauthorized files . What types of policies has Marshall writte n for the users working on computers in the publicly-accessible areas? A. Then Tarik sets up logging and monitorin g to see if anyone accesses the folder and its contents. In this folder. What has Tarik set up here to catc h employees accessing unauthorized documents? A. Lori tracks down the actual emails sent and upon opening them. Marshall is the information security manager for his company. They are not allowed to browse the Internet or even use email. He has configured a Honeypot to log when employees access unauthorized files.ears to be sending very large email to this other marketing company. The Kiley Innovators employee used cryptography to hide the information in th e emails sent. Tarik has configured a network Black Hole. Through management approval. Tarik names this folder “HR-Do Not Open”. One policy in particular. Tarik is the systems administrator for Qwerty International. He has written Paranoid policies for these users in public areas. * B. The first project that Tarik completes is to create IT security policies that cover everything security related from logical to physical. a computer part s manufacturing company in San Francisco. For the users working on publicly-accessible computers. T arik records two separate employees opening the fake HR files. usually containing some kind of joke . The only thing they can use is their work relat ed applications like Word and Excel. * B. Marshall has begun writing IT security policies to cover every conceivable aspect. Tarik just passed his certified ethic al hacker test and now wants to implement many of the things he learned in class . C. Tarik creates a folder in the root of the network file share. the employee utilized picture fuzz ing. Marshall has created Prudent policies for the computer users in publicly-acce . 65. an d saving them to their personal directories. is of importance to Ta rik and his superiors because of past incidents where employees accessed unautho rized documents. Marsh all’s supervisor has informed him that while most employees will be under one se t of policies.
The fir m’s marketing director has asked Calvin to purchase a graphics editing applicati on to install on two computers in the marketing department. C. The company used logic gates to ensure license validation. Theresa’s sup ervisor now wants her to focus on finding and taking down websites that host ill egal pirated software. Since you are on a limited budget.ssible areas. These sites that host illegal copyrighted software are called Warez sites. the graphics software works prop erly. C. What kind of license validation was used to make the graphics software wo rk correctly? A. servers. After a small increase in yo ur budget this year. Calvin calls the software company to find out what the issue is. * B. Calvin looks through the software boxes and finds two USB devices. 67. Calvin makes the pu rchase and receives the software in the mail one week later. . These sites that Theresa has been tasked to take down are called uTorrent sit es. an advertising firm base d out of Toronto. and software. 69. These USB devices are called hardware validators. What have you asked your IT staff to install on all the computers in the agency? A. Calvin thought there was a CD key that needed to be used on installation but the company’s support represe ntative said there should have been a USB device included in the software box. network equip ment. D. C. you have had to get by w ith outdated hardware and software for many years. The software company used dongles to ensure license validation. Theresa is an IT security analyst working for the United Kingdom Internet Cr imes Bureau in London. * B. He has implemented Permissive policies for the users working on public comput ers. Theresa and her division have been responsible f or taking down over 2. After pluggi ng the devices into the computers in marketing. You have two junior IT staff that field help desk calls as their primary duty. D. This software is licensed for only one copy. You have instructed your IT staff to install pirated copies of Office 2007 on every computer. 68. By installing one licensed copy. a medium-sized state age ncy in Oregon. you decide to purchase Microsoft Office 2007 for your agenc y. These websites are referred to as Dark Web sites. You have asked them to install abusive copies of the Office 2007 software. Calvin is the IT manager for Riverson & Associates. * B. Theresa has been assigned to the software piracy divisio n which focuses on taking down individual and organized groups that distribute c opyrighted software illegally. When the marketing users try to use the software. but you give it to your junior IT staff and tell them to install it on every computer in the agency. You are the systems administrator for your company. D. These types of policies would be considered Promiscuous policies. you are asking your staff to use cracked cop ies of Office 2007. The USB devices the software required for license validation are called logic keys. Installing one licensed copy on many different computers is called using an O EM copy. D. You are responsible for all workstations.000 FTP sites hosting copyrighted software. it says they need to “Insert device for validation”. C. What are these sights called that Theresa has been taske d with taking down? A. Calvin is responsible for all IT related situations. Calvin installs th e software on the two requested computers. Websites that host illegal pirated versions of software are called Back Door sites.
and other potentially harmfu l objects. so t hey have a large retail-oriented website where customers can purchase anything t he company offers. This research usually takes him to websites that might not have the safest content. * . longitude. Justin is trying to wo rk out errors the devices are experiencing in regards to four variables (latitud e. Java scripts. Currently. Justin is working on the Geometric Dilution of Precision problem. * B. What type of proxy has Travis installed on his own computer? A. If Harold wants to use Symantec. All company workstations are running Windows XP and all serv ers are running Windows Server 2003. Symantec provides a software package call SQL Protector that would perform al l the tasks that Harold needs. the new devices cannot be finished. Wintrex Systems sells most of their products online. Justin is an electrical engineer working for ZenWorks Navigation. Justin and a team o f other engineers are working on the latest GPS handheld system for the company. It must be set to utilize port 10421. backup. and IPS software. Travis has installed a Circumventor Proxy on his work computer. SQL injection. He could install and use Symantec SQL Suite which would help Harold perform a ll the tasks the CIO has requested. Harold is not too familiar with database software or protection. Stewart is responsible f or network security of his entire company. 78. and so on. This would be considered a Reverse Proxy. a software developm ent company in Salt Lake City. * B. offsite images. regulatory compliance . He could use the Symantec Database Security solution that they provide. b ut is inclined to use a company like Symantec since they provide the company’s v irus. Through the proxy on his own computer. but now wants to branch out to the individual consumer market. data leakage. This should help his browser remove banner ads. C. For inventory and product management. By installing a proxy on his own computer to bypass another proxy. and time) on the accuracy of a three-dimensional fix. D. altitude. 77. a Global P ositioning device manufacturing company based in Las Vegas. Stewart decides to install Proxomitron on his computer for web filtering. He has installed a Transparent Proxy to bypass the company’s Internet policie s. The local host browser must be configured to use 548 on his computer in order to function. C. What port must Stewart configure his browser to utilize in order to use Proxomitron? A. Wint rex uses many SQL Server 2005 databases. He should use Symantec’s Data Guard Pro to protect the company’s data housed in the SQL databases. The browser needs to use port 9000. 79. flash animation. D. ZenWorks previously only produced GPS systems for airplanes.rtual machine. * B. what software product could he acquire from them that would serve his needs to protect the com pany’s SQL databases? A. Stewart also does a vast amount of s ecurity research when time permits. Harold is the network administrator for Wintrex Systems. Harold is responsible for all physical and logic al network equipment. he is able to get around the company’s Internet proxy and get to the websites he wants to. Un til this issue is resolved. C. His browser must use the local port 8080 on his computer. Harold has been informed by the compan y’s CIO that he needs to implement some kind of protection for the corporate dat abases to prevent intrusions. D. Stewart is an IT security analyst for his company. What GPS-relate d issue is Justin currently working on? A. Travis has implemented a Split Proxy.
it is considere d a problem with the Wide Area Augmentation System. D. Justin is experiencing issues with the Signal to Noise Ratio. * Mary should hold the Mark key down until the units are forced to perform a co start. C. B. Darren is responsible for all network functions as well as any d igital forensics work that is needed. this would be considered a low-level incident. 80. He should open TCP port 1699 on his local Windows firewall so the application s can talk to the devices. C. Theo has been asked to map out free available wireless hotspots on a chart that will be published by the city. He needs to install the GPS daemon service on a Linux-based computer since it will not work on a Windows computer. 82. When a GPS device is having issues with these four variables. This specific incident would be labeled as an immediate-level incident. ld C.000 worth of lost data. * B. Darren is examining the firewall logs one morning and notices some unusual activity. Theo is an IT security consultant that was just hired on by the city of Seat tle. they say they cannot communicate with the GPS devices. Darren decides that this incident shou ld be handled and resolved within the same day of its discovery. Darren is the network administrator for Greyson & Associates. Because Darren has determined that this issue needs to be addressed in the sa me day it was discovered.B. He traces the activity target to on e of the firm’s internal file servers and finds that many documents on that serv er were destroyed. This issue would be considered a problem with the Local Area Augmentation Sys tem. one for finding the hotspots and on e to precisely locate his whereabouts on a city map. C. Since there was over $50. Mary needs to hold the Enter key down until they reboot. Mary is a field service technician for Garmin which makes all kinds of GPS d evices. The service rep on the phone tells her to fo rce the devices to perform a cold start. Theo has never mapped wireless hotspots ov er such a large range. * B. so he buys software and GPS devices that he thinks will d o the job. UDP port 1121 needs to be open on his laptop’s Windows firewall. Theo needs to open TCP port 2947 on the Windows firewall so they can communic ate. When Mary gets to the company. What incident level would this situation be classified as? A. She calls her company’s cu stomer support line for some help. Mary’s company has decided to send her out to the car rental company instead of them sending back every GPS device. she troubleshoots a number of the devices but cannot figure out what the issue is. 81. a large law fi rm in Houston. After performing some calculations. How can Mary force the devices to perf orm a cold start? A. Th eo downloads and installs a GPS service daemon on his laptop running Windows XP SP2 so the GPS applications will not conflict with each other. . When Theo opens both GPS programs. this would be considered a high-l evel incident. D. These two pieces of softwa re will utilize two GPS devices. D.000 worth of loss. This situation would be classified as a mid-level incident. Almost all the devices app ear to be getting an error message when they are started up. D. Mary has been called out to a car rental company that purchased over 10 00 GPS devices to be installed in their rental cars. Theo buys two software programs. She must hold the Page key down while the units are powering up. To run both these devices at the same time. She needs to hold down the Reset key for at least 20 seconds. Darren finds the damage to be around $75. What does Theo need to do to ensure the GPS applications can communicate with the GPS devices? A.
The CEO of the company should ultimately be responsible for these types of is sues. Pauline is in charge of 8 IT employees which include 3 developers.83. and pre vention to constituents? A. Hanna is the network administrator for her company. The new site created by the developers will be using reverse lookup detection to see if fraud is involved. an online retailer based out of St. D. which IT role should be responsible for recovery. 85. including corporate email. containme nt. This new portal checks for fraud by looking for multiple orders that are to be delivered to the same address but using different cards. * B. After undergoing a disastrous incident last year where data was d eleted by a hacker. When handling computer-related i ncidents. a nd prevention. Lyle is the IT director for his company. C. C. Hanna is responsible fo r all network functions. 84. different orders originating from the same IP address. * B. Heather dow nloads all the HIPAA requirements for information security and begins an audit o f the company. Pauline is the IT manager for Techworks. Hanna receives a call from the Director of Administration one morning saying he cannot access one of his ar chive files. C. Louis. Outlook Revealer would be the best application to recover the password. The program says that she needs a pas sword to open the file. the company’s CIO decided that there needed to be a change. Lyle should be responsible for these issues in computer-related incident hand ling. creating a more secure checkout portal that will check for potential fraud. Apparently. The Network Administrator should be responsible for recovery. The se developers have recently created a new checkout website that is supposed to b e more secure than the one currently being used by the company. containment. Hanna goes to the director’s office and tries to open the archive file from inside his Outlook 2003 client. Heather is the network administrator for her company. * B. Lyle is now assigning different roles and responsibilities to the different team members. 86. they must comply with HIPAA rules and regulations. Heather finds out that many of the billing technicians have been sending sensitive information in PDF documents to outside companies. She should use PwdRecover Toolset to retrieve the password for the archive fi le. After numerous fraud attempts on the website. The Security Administrator should be held responsible for recovery. Since the company handles personal information for thous ands of clients. credit card numbers vary by only a few di gits. What program could Hanna use to recover the archive password for the director? A. containment. D. She could download and install PstPassword to recover the password of the arc hive file. a large food processing plant in No rth Carolina. a small medical billin g company in Billings. The new website portal will be using anomaly variance detection to look for f raud in transactions on the site. and users repeatedly submiting the same credit card numbers with different expiration dates. Hanna could run ArchiveRestore to find the password for the archive file. D. The developers have written the new portal to utilize round robin checking to see if visitors are attempting fraud. The portal will be using pattern detection to check for potential fraud. To protec . the director password protected the archive file without realizing it. What fraud detection technique will the new retail portal be using? A. and prevention. Lyle has begun creating an incident response team made up of employees from varying departments.
Dylan then downloads and installs Doorstop X Firewall onto the MAC laptops. After implementing a strong password policy through Active Direc tory. 88. This is not enough protection because PDF passwords can easily be cracked by many different software applications. 87. C. He has also created another OU named Company Computers that contains all comp uter accounts. You are the IT manager for a small investment firm in Los Angeles. the firm only employs a total of 20 people. Includin g you. They cannot make a connection because he needs to modify the firewall. they have been password protecting the PDF documents. The laptops cannot connect because all TCP ports are protected by default whe n Doorstop X Firewall is installed.data files on all the MAC laptops be fore they can function properly. a recent audit suggeste d he utilize application-level firewalls for all workstations and mobile compute rs. D. You have chosen this particular firewal l because of its adaptive and intelligent inspection technology that protects bo th the network and application layers. C. Aft er installation.com. * B. They utilize built-in technology called SORT. Heath er has informed all the technicians that this method of protecting the data is n ot safe enough. Since PDF password protection alone does not comply with SOX. The last mana ger did not have any security measures in place for the firm’s network. * B. D. Geoffrey administers the corporate Windows Server 2003 Active Directory network. 89. an IT staffi ng company in Oregon.t this information. They cannot connect to other computers on the network because Dylan needs to install the “Network Services for MAC” piece on all the Windows workstations. The technicians should not only rely on PDF passwords because the passwords a re sent as an attached text file went sent through email. You were hired on last month to take over the position of the last IT manager that was fired. Al l computers are under one domain named veering. PDF passwords are not reliable because they are completely stripped off from the documents once they are passed through email. which le d to a data breach. Dylan needs to modify the local firewall. Dylan is the systems administrator for Intern Support Staffing. C. a custom car manufacturer in California. The built-in technology used by Check Point firewalls for traffic inspection is called SEARCH & DESTROY. Why is using passwords to protect PDF documents not enough to s afeguard against information leakage? A. You have chosen a Check Point firewall because of its adaptive STINGER techno logy. What built-in technology used by Check P oint firewalls protects traffic on both the network and application layers? A. Why are these laptops not able to connect to other computers after Dylan installed Doorstop X Firewall? A. All workstations on the company’s network are running Win dows XP SP2 except for three laptops that run MAC OS X.conf fi le before they can use the software properly. He is also responsible for logical security. none of the MAC laptops can connect to any other computers on t he network. Even though Dylan has s etup and configured a hardware firewall for the company. they should not solely rely on them for protection. * B. Dylan configures the Windows Firewall settings for the Windows computers. Geoffrey is the systems administrator for Veering Incorporated. How can Geoffrey apply a different policy to . Geoffrey has organized all user accounts by placing them in an Organizational Unit (OU) named Company Users . Check Point firewalls use the INSPECT technology. D. You have decided to purchase the Check Point firewall model Firewall-1 to help secure the network. the executive team tells Geoffrey the policy is too stringent for them and they would like their own policy.
Charlie has assigned a fine-grained password policy to only the management team because they wanted a different password policy than the rest of the company. The management team does not want to have to deal with c hanging their passwords often like the other users. create a ne w password policy for that OU. * B. To accomplish what his boss has asked. Charlie is responsible for the entire network whi ch consists of one Server 2008 Active Directory domain. He needs to move their user accounts to a different OU. Kevin needs to adjust the "Minimum Password Age" setting. What is the maximum passwor d age that Charlie can set for the management team in a Server 2008 Active Direc tory domain? A. an ink cartrid ge replacement company based out of New Orleans. HR Computers. Kevin s boss doesn t want users to be able to change their passwords so often or be able to change their password right after IT resets their passwords.the members of the executive team? A. * C. He can create a WMI filter that keeps the current policy from applying to the ir machines. The maximum age of a password in 2008 is 999 days. and so on. and so on. * B. create a new password policy for that OU. Geoffrey needs to move their computer accounts to a different OU. an aeronautics enginee ring company based in Dallas. The computer accoun ts for the company’s management team are all under the Management Computers OU. 92. He can adjust the password policy to allow for up to 99 days on password age. Sherral is the systems administrator for Trigon Technologies. What password pol icy settings does Kevin need to adjust to accomplish what his boss has asked him to do? (Select 2) A. Kevin has been told by his bos s that he needs to change the password policy on the network. 90. The maximum age for passwords that Charlie can set for the management team is 9999 days. * B. The user accounts for the compa ny’s management team are all under the Management Users OU. D. All computer accounts are in respective department OUs such as Accounting Computers. To accommodate 20 new mobile u sers. a software dev elopment company in Wichita. all user accounts must have a password expiration p olicy applied to them. C. Geoffrey must create a new domain and move their user accounts to that domain . This is not possible since only one password policy can be set per domain in 2008. According to company policy. A . D. HR U sers. Users are apparently reusing passwords over and over and changing them immediate ly whenever IT resets their passwords for them. He should change the "Enforce Password History" setting in the Group Policy s ettings module. and deny the other policy from applying to that OU. All user accounts are i n respective department Organizational Units (OU) such as Accounting Users. Kevin needs to adjust the "Enforce Use r Change at Next Logon" policy. Kevin should adjust the "Maximum Password Age" Group Policy setting. Kevin is the systems administrator for Inktime International. The co mpany s network consists of one 2003 Active Directory domain. She oversees the entire network which consists of one Windows Server 2003 Active Directory domain. 91. Charlie is the systems administrator for his company. and deny the other policy from applying to that O U. D. C. Sherral has enabled Challenge Handshake Authentication Protocol (CHAP) and remote access to let the remote users get into the network from the outside.
Jerald is responsible for all servers. D. the company prev iously had no password policies in place.fter applying these settings. Willem is the network administrator for his company. C. e very available auditing feature is turned on for the network through Group Polic . * B. What password policy change must she configure to allow the remote users access to the network? A. C. Afte r implementing this new policy. he will have to manually unlock every locked user account. He needs to adjust the “Account Lockout Duration” setting to 99. Richard has writte n the password policy to require complex passwords. Sherral receives calls from the remote users stati ng that they cannot authenticate with the network. Willem should change the “Account Lockout Duration” setting to zero minutes. The CIO’s policy states that once a user locks him or herself out. She must enable the “Store password using reversible encryption for all users in the domain” setting in the Default Domain Group Policy. workstations. passwords must be at least 8 characters. Richard wants the logon attempts to unlock a screensaver to apply towards the number of attempts that will lockout a user account if tried too many times. To allow these new remote users access. Sherral must enable the “Allow logon using CHAP” setting in the Default Domain G roup Policy. Willem has convinced the CIO to let him change that specific p assword policy so that Willem must manually unlock user accounts when they call. Willem was hired on last month to repla ce the last administrator that retired. What setting must Willem adjust to ensure that user accounts must be manually reset by him when they are locked out? A. This can be set in Group Policy by enabling the “Interactive logon: Require l ocal SAM authentication to unlock workstation” setting. 93. The CIO has just recently created new network policies which include a comprehensive password policy. Richard is the systems administrator for BillRight Incorporated. He should enable the “Domain Controller: Require screensaver authentication t o unlock” setting. they must wait a period of time until that acco unt is unlocked. Jerald is the systems administrator for his company. and user accounts will be locked out after 5 unsuccessful attempts to help prevent against brute force attacks. So that remote workers using CHAP can connect to an Active Directory domain. William needs to change the “Account Lockout Threshold” to zero minutes. How can Richard apply this setting across the network if it is running under one Windows Server 2003 Active Directory domain? A. This new passw ord policy states that every password setting in group policy must be set. One of the IT policies also states that user computers must utilize a password protected screensaver that is activ ated after 20 minutes of inactivity. Richard needs to enable the “Interactive logon: Require Domain Controller aut hentication to unlock workstation” setting in Group Policy. Sherral needs to disable the “Require Kerberos Authentication” setting in the Default Domain Group Policy. To Willem’s amazement. and network security. * B. 94. a toy manufacturing com pany in London. D. Richard can apply this setting network-wide if he enables “Domain Controller: Authenticate workstation unlocking”. Based on instructions from the IT director. she needs to enable the “Password mus t meet complexity requirements” setting. many users are calling Willem and stating that t hey locked themselves out of their accounts. * B.999 minutes. Based on company policy. By setting the “Account Lockout Duration” policy to disabled. a medical b illing company in Minneapolis. D. C. Richard is currently writing the company’s IT se curity policies. 95. Willem manages the entire company’s network which consists of o ne Server 2003 Active Directory domain.
* B. C. Raul has created a domain account on the network which will ser ve as the service account used by the new custom application. an oil pipeline manufac turing company in San Antonio. All domain user accounts are contained in one Organizational Unit (OU) called S taff. Raul wants to make one centralized sett ing change on the network to make sure the service account will work properly wh en running the application. What Group Policy setting can Raul edit to affect t his change on the network? A. If he adds the new service account to the list of users in the “Impersonate a client after authentication” setting in the Default Domain Group Policy. . All computer accounts are added to the Compu ter Accounts OU by default when they are joined to the domain. All domain computer accounts are contained in one OU called Computer Acco unts. To allow Steven the permission to add computers to the domain. Louis needs to make Steven a Domain Admin. C. to be able to add workstations to the domain. Louis has given the “Add workstations to domain” permission to Steven’s user account. Th e hacker then was apparently able to generate millions of erroneous events in th e server event logs which caused them to shut down. Jerald comes in to work one morning and two of his Domain Controllers are co mpletely shut down. Jerald should enable the “Audit: Do not shut down system if events can no lon ger be logged” setting. He should add the new service account to the users list in the “Act as SYSTEM account on domain computers” Default Domain Group Policy. Louis is the senior systems administrator for the University of Eastern Wyom ing. Louis needs to give Steven “Create computer objects” permission for the Compu ter Accounts OU. D. He should enable the “Domain member: Do not shut down system if unable to log events” setting. D. * B.y. To prevent the servers from shutting down in the future. Raul manages a team of 10 IT personnel which inc ludes two software developers. Louis manages 25 IT technicians and junior systems administrators. Louis wants one of his junior systems administrators. From th e event and firewall logs. He needs to add this service account to the users list in the “Replace a proc ess level token” Default Domain Group Policy. Jerald boots the two machines up and checks their event log s. The Un iversity’s network consists of one Windows Server 2003 Active Directory domain. The developers ha ve informed Raul that this service account will need to run as a process on clie nt computers and will need to be able to use the identity of any user and access the resources authorized to that user. * B. Steven needs the “Create nisMap Objects” permission for the Computer Accounts OU. Raul is the network administrator for Davidson Pipe. The company network consists of one Windows Serv er 2003 Active Directory domain. the ap plication will work properly. Raul needs to add the new service account to the list of users in the “Act as part of the operating system” Default Domain Group Policy. 96. C. What else does Louis nee d to do to ensure that Steven can add computers to the domain? A. These developers have recently created a custo m inventory application that will run on one of the company’s servers and all th e workstations. but he is still not able to add computer accounts to the domain. 97. Steven. Jerald needs to disa ble logging on those two Domain Controllers. Jerald needs to disable the “Audit: Shut down system immediately if unable to log security audits” setting. it appears that a hacker was able to gain access to t he two servers using an old unused service account that had a weak password. What setting does Jerald ne ed to adjust to prevent this same issue from happening again? A. Then Jerald checks the firewall logs to see if anything stands out.
Jayson needs to add the “RDP Deny” group to the “Deny logon through Terminal Services” policy. Phillip finds some hacking software on one of the computers in the Rest ricted Computer Accounts OU. How can Phillip logon to this computer as administrator if he must ke ep if offline? A. * B. Phillip should boot the computer in VGA mode. Almost a ll employees have Remote Desktop access to the servers so they can perform their work duties. He has been given permission to perf orm any and all necessary tests against the network. He needs to run the gpresult /force command on the computer. the “Accounts: Administrator account status” setting in group policy is set to disabled. C. While performing a securit y audit. By adding the “RDP Deny” group to the “Deny logon as a service” policy. What Group Policy change can Jayson make to ensure that all users in the “RDP Deny” group cannot access the company servers through Remote Desktop? A. Jayson is the network administrator for Consultants Galore. The manager believes that this will keep any hackers from ever using the administrator account to perform attacks. How can an administrator account still be cracked even though th e name has been changed? . Phillip is responsible for the company’s enti re network which consists of one 2003 Active Directory domain. Jayson should add the “RDP Deny” group into the list of Restricted Groups to prevent the users from accessing servers remotely. The IT manager for the company says that the biggest secur ity precaution they have taken is to rename the administrator account on the net work. D. Lionel informs the IT manager that wh ile changing the administrator name is a good idea. These computers have very stringent group policies applied to them so they ca n be as secure as possible. If Phillip runs the gpupdate command on the computer. the account can still possib ly be cracked. * B. These computers are all running Windows XP SP2 . Phillip is the systems administrator for Photopia Incorporated. Lionel is an IT security consultant currently working on contract for a car manufacturing company in Philadelphia. the u sers in that security group will not be able to establish remote connections to any of the servers. C. He immediately takes that computer offline to keep it from infecting or contaminating any more computers. In particular. Jayson is responsible for the company’s entire netw ork which consists of one Windows Server 2003 Active Directory domain. 100. an IT consulting firm based in Kansas City. he will be able to logo n as the administrator. Jayson has created a security group in Active Directory called “R DP Deny” which contains all the user accounts that should not have Remote Deskto p permission to any of the servers. Phillip can logon as the administrator if he boots the computer in Safe Mode. Lionel has been brought in to asses the company’s network security state. 99. 98. Phillip cannot logon to the computer as an administrator since the group policy was set to disable that account. Some computer ac counts have been placed in a special Organizational Unit (OU) called Restricted Computer Accounts because those computers have been placed outside the firewall to allow for video conferencing.D. a camera man ufacturing company in Des Moines. D. Louis should give Steven the “Take ownership of” permission for the Computer Accounts OU. This manufacturing company’s network is comp rised of one 2003 Active Directory domain. He should add the “RDP Deny” group to the “Deny RDP connections to member ser vers” policy. Lionel interviews the IT s taff for the company to get a feel for the logical security measures they have a lready put in place.
The administrator name will still be used if connecting through a NULL sessio n. It can still be cracked since the name is still stored in clear text as “admi nistrator” in the local SAM database. D. * B. . C. An administrator account can still be cracked because the GUI for that accoun t does not change when the name itself is changed.A. The SID for the administrator account does not change.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.