Professional Documents
Culture Documents
5. You are the chief information officer for your company, a shipping
company based out of Oklahoma City. You are responsible for network
security throughout the home office and all branch offices. You have
implemented numerous layers of security from logical to physical. As part
of your procedures, you perform a yearly network assessment which includes
vulnerability analysis, internal network scanning, and external
penetration tests. Your main concern currently is the server in the DMZ
which hosts a number of company websites. To see how the server appears
to external users, you log onto a laptop at a Wi-Fi hotspot. Since you
already know the IP address of the web server, you create a telnet session
to that server and type in the command:
HEAD /HTTP/1.0
After typing in this command, you are presented with the following screen:
This address produces a Page Cannot be Displayed error. Kyle then types
in another URL:
A. Paul can use SandTrap which would notify him if anyone tries to break
into the PBX.
B. If Paul uses ToneLoc, he will be notified by the software when and if
anyone tries to crack into the PBX system.
C. THC Scan would be the best software program for Paul to use if he wants
to be notified of war dialer attacks.
D. Paul needs to use Roadkil’s Detector software to tell if a hacker is
trying to break into his phone system
11. You are the chief security information analyst for your company
Utilize Incorporated. You are currently preparing for a future security
audit that will be performed by a consulting company. This security audit
is required by company policy. To prepare, you are performing
vulnerability analysis, scanning, brute force, and many other techniques.
Your network is comprised of Windows as well as Linux servers. From one
of the client computers running Linux, you open a command shell and type
in the following command:
12. Lauren is a network security officer for her agency, a large state-run
agency in California. Lauren has been asked by the IT manager of another
state agency to perform a security audit on their network. This audit she
has been asked to perform will be an external audit. The IT manager
thought that Lauren would be a great candidate for this task since she
does not work for the other agency but is an accomplished IT auditor. The
first task that she has been asked to perform is to attempt to crack user
passwords. Since Lauren knows that all state agency passwords must abide
by the same password policy, she believes she can finish this particular
task quickly. What would be the best password attack method for Lauren to
use in this situation?
13. Simon is the network administrator for his company. Simon is also an
IT security expert with over 10 security-related certifications. Simon
has been asked by the company CIO to perform a comprehensive security
audit of the entire network. After auditing the network at the home
office without finding any issues, he travels to one of the company’s
branch offices in New Orleans. The first task that Simon carries out is
to set up traffic mirroring on the internal-facing port of that office’s
firewall. On this port, he uses Wireshark to capture traffic.
Alarmingly, he finds a huge number of UDP packets going both directions on
ports 2140 and 3150. What is most likely occurring here?
A. A client inside the network has been infected with the Deep Throat
Trojan.
B. This type of traffic is indicative of the Netbus Trojan.
C. Most likely, a computer inside the network is infected with the SQL
Slammer worm.
D. Seeing traffic on UDP ports 2140 and 3150 means that a computer is
infected with the Bobax Trojan
14. Tyler is the senior security officer for WayUP Enterprises, an online
retail company based out of Los Angeles. Tyler is currently performing a
network security audit for the entire company. After seeing some odd
traffic on the firewall going outbound to an IP address found to be in
North Korea, Tyler decides to look further. Tyler traces the traffic back
to the originating IP inside the network; which he finds to be a client
running Windows XP. Tyler logs onto this client computer and types in the
following command:
A. Tyler is trying to find out all the ports that are listening on this
computer.
B. Tyler is using this command to find all the host records that are
stored on the local client computer.
C. By using this command, Tyler is closing all open TCP and UDP sessions
on the computer.
D. This command will show Tyler if there are any Trojan programs installed
on this computer.
15. Lyle is a systems security analyst for Gusteffson & Sons, a large law
firm in Beverly Hills. Lyle’s responsibilities include network
vulnerability scans, Antivirus monitoring, and IDS monitoring. Lyle
receives a help desk call from a user in the Accounting department. This
user reports that his computer is running very slow all day long and it
sometimes gives him an error message that the hard drive is almost full.
Lyle runs a scan on the computer with the company antivirus software and
finds nothing. Lyle downloads another free antivirus application and
scans the computer again. This time a virus is found on the computer.
The infected files appear to be Microsoft Office files since they are in
the same directory as that software. Lyle does some research and finds
that this virus disguises itself as a genuine application on a computer to
hide from antivirus software. What type of virus has Lyle found on this
computer?
A. Miles is trying to capture all UDP traffic from client1 and the LAN
except for traffic to client29.
B. He is trying to see all UDP traffic between client1 and client29 only.
C. This command will capture all traffic on the internal network except
for traffic originating from client1 and client29.
D. Miles will be able to capture all traffic on the network originating
from client1 and client29 except UDP traffic.
20. You are an IT security consultant working on a six month contract with
a large energy company based in Kansas City. The energy company has asked
you to perform DoS attacks against its branch offices to see if their
configurations and network hardening can handle the load. To perform this
attack, you craft UDP packets that you know are too large for the routers
and switches to handle. You also put confusing offset values in the
second and later fragments to confuse the network if it tries to break up
the large packets. What type of attack are you going to attempt on the
company’s network?
A. You are going to attempt a teardrop attack to see if their network can
handle the packets.
B. This type of attack is referred to as a Ping of Death attack since the
packets use confusing offset values.
C. By changing the characteristics of the UDP packets in this manner, you
are trying to use a Smurf attack against the company’s network.
D. This attack is called a SYN attack since the UDP packets are
manipulated.
21. Bill is an IT security consultant who has been hired on by an ISP that
has recently been plagued by numerous DoS attacks. The ISP did not have
the internal resources to prevent future attacks, so they hired Bill for
his expertise. Bill looks through the company’s firewall logs and can see
from the patterns that the attackers were using reflected DoS attacks.
What measures can Bill take to help prevent future reflective DoS attacks
against the ISP’s network? (Select 2)
A. Bill should have the ISP block port 179 on their firewall to stop these
DoS attacks.
B. He should have them configure their network equipment to recognize SYN
source IP addresses that never complete their connections.
C. Bill needs to tell the ISP to block all UDP traffic coming in on port
1001 to prevent future reflective DoS attacks against their network.
D. Bills should configure the ISP’s firewall so that it blocks FIN packets
that are sent to the broadcast address of the company’s internal IP range.
23. Theresa is the chief information security officer for her company, a
large shipping company based out of New York City. In the past, Theresa
and her IT employees manually checked the status of client computers on
the network to see if they had the most recent Microsoft updates. Now
that the company has added over 100 more clients to accommodate new
departments, Theresa must find some kind of tool to see whether the
clients are up-to-date or not. Theresa decides to use Qfecheck to monitor
all client computers. When Theresa runs the tool, she is repeatedly told
that the software does not have the proper permissions to scan. Theresa
is worried that the operating system hardening that she performs on all
clients is keeping the software from scanning the necessary registry keys
on the client computers. What registry key permission should Theresa
check to ensure that Qfecheck runs properly?
24. Leonard is the senior security analyst for his company, Meyerson
Incorporated. Leonard has recently finished writing security policies for
the company that have just been signed off by management. Every employee
has had to sign off on the policies, agreeing to abide by them or face
disciplinary action. One policy in particular is being enforced;
employees are not allowed to use web-based email clients such as Hotmail,
Yahoo, and Gmail. This has been put in place because of virus infections
that started with web-based email. While walking through the office one
day, Leonard notices an employee using Hotmail. To prove a point, Leonard
sends an email to this users Hotmail account with the following code.
What will this code do on the employee’s computer once the email is
opened?
A. This code will create pop-up windows on the employee’s computer until
its memory is exhausted.
B. This HTML code will force the computer to reboot immediately.
C. Once the employee opens the email with this code, his computer will
send out messages to the network with the title of “You are in trouble!”.
D. This code will install a counter on the employee’s computer that will
count every time that user opens web-based email.
A. She is using Emsa Web monitor to check on the status of the company’s
websites.
B. Cheryl is utilizing AccessDiver to check on the websites’ status.
C. To monitor her company’s websites, Cheryl is using Acunitex.
D. Cheryl has chosen to use Burp to check on the status of the company’s
websites.
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22
Kevin changes the URL to:
http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22
Kevin is trying to access her email account to see if he can find out any
information. What is Kevin attempting here to gain access to Katy’s
mailbox?
28. Daryl is the network administrator for the North Carolina Lottery.
Daryl is responsible for all network security as well as physical
security. The lottery recently hired on a web developer to create their
website and bring all services in house since the lottery’s website was
previously hosted and supported by a third party company. After the
developer creates the website, Daryl wants to check it to ensure it is as
secure as possible. The developer created a logon page for lottery
retailers to gain access to their financial information. Without knowing
what any of the usernames and passwords are, Daryl tries to bypass the
logon page and gain access to the backend. Daryl makes a number of
attempts and he gets the following error message every time.
30. David is the wireless security administrator for Simpson Audio Visual.
David was hired on after the company was awarded a contract with 100
airports to install wireless networks. Since these networks will be used
by both internal airport employees and visitors to the airports, David
decided to go with the de facto standard of 802.11b. Every airport wants
to use 802.11b with TCP error checking, even though David has said this
will slow down the wireless network connection speeds. With this error
checking, what will be the resulting speed of the wireless networks?
A. Since TCP error checking will be utilized; the effective speed of the
wireless networks can be up to 5.9 mbps.
B. The resulting speed of the wireless networks will be up to 7.1 mbps
since error checking slows down the actual speed.
C. Because TCP error checking has no effect on the actual speed, the
airports’ wireless networks will function at up to 11 mbps.
D. The resulting speed of the wireless networks for the airports will be
up to 248 mbps.