Question 95. What is the Ping of Death?
- A. Sending packets that, when reassembled, are too large for the system to understand
- B. Sending very large packets that cause a buffer overflow
- C. Sending packets very quickly to fill up the receiving buffer
- D. Sending TCP packet with the fragment offset out of bounds
Answer 95. Option A.
Explanation: The Ping of Death attack sends packets that, when reassembled, are too large and cause the system to crash or lock up.
Question 96. How does a Denial of Service attack work?
- A. Cracks passwords, causing the system to crash
- B. Imitates a valid user
- C. Prevents a legitimate user from using a system or service
- D. Attempts to break the authentication method
Answer 96. Option C.
Explanation: A Denial of Service attack works by preventing legitimate users from accessing the system.
Question 97. What is the goal of a Denial of Service attack?
- A. Capture files from a remote system
- B. Incapacitate a system or network
- C. Exploit a weakness in the TCP/IP stack
- D. Execute a Trojan using the hidden shares
Answer 97. Option B.
Explanation: The goal of a Denial of Service attack is to overload a system and cause it to stop responding.
Question 98. Which of the following tools is only for Sun Solaris systems?
- A. Juggernaut
- B. T-Sight
- C. IP Watcher
- D. TTYWatcher
Answer 98. Option D.
Explanation: TTYWatcher is used to perform session hijacking on Sun Solaris systems.
Question 99. What is a sequence number?
- A. A number that indicates where a packet falls in the data stream
- B. A way of sending information from the sending to the receiving station
- C. A number that the hacker randomly chooses in order to hijack a session
- D. A number used in reconstructing UDP session
Answer 99. Option A.
Explanation: A sequence number indicates where the packet is located in the data steam so the receiving station can reassemble the data.
Question 100. What type of information can be obtained during a session-hijacking attack? (Choose all that apply.)
- A. Passwords
- B. Credit card numbers
- C. Confidential data
- D. Authentication information
Answer 100. Options A, B, C.
Explanation: Passwords, credit card numbers, and other confidential data can be gathered in a session-hijacking attack. Authentication information isn’t accessible because session hijacking occurs after the user has authenticated.
Question 101. Which of the following is essential information to a hacker performing a session-hijacking attack?
- A. Session ID
- B. Session number
- C. Sequence number
- D. Source IP address
Answer 101. Option C.
Explanation: In order to perform a session-hijacking attack, the hacker must know the sequence number to use in the next packet so the server will accept the packet.
Question 102. Which of the following is a session-hijacking tool that runs on Linux operating systems?
- A. Juggernaut
- B. Hunt
- C. TTYWatcher
- D. TCP Reset Utility
Answer 102. Option A.
Explanation: Juggernaut runs on Linux operating systems.
Question 103. Which of the following is the best countermeasure to session hijacking?
- A. Port filtering firewall
- B. Encryption
- C. Session monitoring
- D. Strong passwords
Answer 103. Option B.
Explanation: Encryption make any information the hacker gathers during a session-hijacking attempt unreadable.
Question 104. Which of the following best describes sniffing?
- A. Gathering packets to locate IP addresses, in order to initiate a session-hijacking attack
- B. Analyzing packets in order to locate the sequence number to start a session hijack
- C. Monitoring TCP sessions in order to initiate a session-hijacking attack
- D. Locating a host susceptible to a session-hijack attack
Answer 104. Option B.
Explanation: Sniffing is usually used to locate the sequence number, which is necessary for a session hijack.
Question 105. What is session hijacking?
- A. Monitoring UDP session
- B. Monitoring TCP sessions
- C. Taking over UDP sessions
- D. Taking over TCP sessions
Answer 105. Option D.
Explanation: The most common form of session hijacking is the process of taking over a TCP session.
Question 106. What types of packets are sent to the victim of a session-hijacking attack to cause them to close their end of the connection?
- A. FIN and ACK
- B. SYN or ACK
- C. SYN and ACK
- D. FIN or RST
Answer 106. Option D.
Explanation: FIN (finish) and RST (reset) packets are sent to the victim to desynchronize their connection and cause them to close the existing connection.
Question 107. What is an ISN?
- A. Initiation Session Number
- B. Initial Sequence Number
- C. Initial Session Number
- D. Indication Sequence Number
Answer 107. Option B.
Explanation: ISN is the Initial Sequence Number that is sent by the host and is the starting point for the sequence numbers used in later packets.
Question 108. Which of the following are types of HTTP web authentication? (Choose all that apply.)
- A. Digest
- B. Basic
- C. Windows
- D. Kerberos
Answer 108. Options A, B.
Explanation: Digest and basic are the types of HTTP web authentication.
Question 109. Which of the following is a countermeasure for a buffer overflow attack?
- A. Input field length validation
- B. Encryption
- C. Firewall
- D. Use of web forms
Answer 109. Option A.
Explanation: Validating the field length and performing bounds checking are countermeasures for a buffer overflow attack.
Question 110. A hardware device that displays a login that changes every 60 seconds is known as
- A. Login finder
- B. Authentication server
- C. Biometric authentication
- D. Token
Answer 110. Option D.
Explanation: A token is a hardware device containing a screen that displays a discrete set of numbers used for login and authentication.
Question 111. Which is a common web server vulnerability?
- A. Limited user accounts
- B. Default installation
- C. Open shares
- D. No directory access
Answer 111. Option B.
Explanation: Default installation is a common web server vulnerability.
Question 112. A password of P@SSWORD can be cracked using which type of attack?
- A. Brute force
- B. Hybrid
- C. Dictionary
- D. Zero day exploit
Answer 112. Option B.
Explanation: A hybrid attack substitutes numbers and special characters for letters.
Question 113. Which of the following is a countermeasure for authentication hijacking?
- A. Authentication logging
- B. Kerberos
- C. SSL
- D. Active Directory
Answer 113. Option C.
Explanation: SSL is a countermeasure for authentication hijacking.
Question 114. Why is a web server more commonly attacked than other systems?
- A. Always accessible
- B. Does not require much hacking ability
- C. Difficult to exploit
- D. Simple to exploit
Answer 114. Option A.
Explanation: A web server is always accessible, so a hacker can hack it more easily than less-available systems.
Question 115. A client-server program that resides on a web server is called a/an ____________.
- A. Internet program
- B. Web application
- C. Patch
- D. Configuration file
Answer 115. Option B.
Explanation: Web applications are client-server programs that reside on a web server.
Question 116. Which is a countermeasure to a directory-traversal attack?
- A. Enforce permissions to folders.
- B. Allow everyone access to the default page only.
- C. Allow only registered users to access the home page of a website.
- D. Make all users log in to access folders.
Answer 116. Option A.
Explanation: A countermeasure to a directory-traversal attack is to enforce permissions to folders.
Question 117. What is it called when a hacker inserts programming commands into a web form?
- A. Form tampering
- B. Command injection
- C. Buffer overflow
- D. Web form attack
Answer 117. Option B.
Explanation: Command injection involves a hacker entering programming commands into a web form in order to get the web server to execute the commands.
Question 118. Entering Password::blah’ or 1=1- into a web form in order to get a password is an example of what type of attack?
- A. Buffer overflow
- B. Heap-based overflow
- C. Stack-based overflow
- D. SQL injection
Answer 118. Option D.
Explanation: Use of a single quote indicates a SQL injection attack.
Question 119. Replacing NOPs with other code in a buffer-overflow mutation serves what purpose?
- A. Bypassing an IDS
- B. Overwriting the return pointer
- C. Advancing the return pointer
- D. Bypassing a firewall
Answer 119. Option A.
Explanation: The purpose of mutating a buffer overflow by replacing NOPs is to bypass an IDS.
Question 120. Which of the following is used to store dynamically allocated variables?
- A. Heap overflow
- B. Stack overflow
- C. Heap
- D. Stack
Answer 120. Option C.
Explanation: A heap is using to store dynamic variables.
Question 121. What is the first step in a SQL injection attack?
- A. Enter arbitrary commands at a user prompt.
- B. Locate a user input field on a web page.
- C. Locate the return pointer.
- D. Enter a series of NOPs.
Answer 121. Option B.
Explanation: The first step in a SQL injection attack is to locate a user input field on a web page using a web browser.
Question 122. What command is used to retrieve information from a SQL database?
- A. INSERT
- B. GET
- C. SET
- D. SELECT
Answer 122. Option D.
Explanation: The command to retrieve information from a SQL database is SELECT.
Question 123. Which of the following is a countermeasure for buffer overflows?
- A. Not using single quotes
- B. Securing all login pages with SSL
- C. Bounds checking
- D. User validation
Answer 123. Option C.
Explanation: Performing bounds checking is a countermeasure for buffer overflow attacks.
Question 124. What does NOP stand for?
- A. No Operation
- B. Network Operation Protocol
- C. No Once Prompt
- D. Network Operation
Answer 124. Option A.
Explanation: NOP is an acronym for No Operation.
Question 125. A hacker needs to be familiar with the memory address space and techniques of buffer overflows
in order to launch a buffer overflow attack.
- A. True
- B. False
Answer 125. Option B
Explanation: A hacker can run a prewritten exploit to launch a buffer overflow.
Question 126. Why are many programs vulnerable to SQL injection and buffer overflow attacks?
- A. The programs are written quickly and use poor programming techniques.
- B. These are inherent flaws in any program.
- C. The users have not applied the correct service packs.
- D. The programmers are using the wrong programming language.
Answer 126. Option A.
Explanation: Programs can be exploited because they’re written quickly and poorly.
Question 127. Which command would a hacker enter in a web form field to obtain a directory listing?
- A. Blah’;exec master..xp_cmdshell “dir *.*”–
- B. Blah’;exec_cmdshell “dir c:\*.* /s >c:\directory.txt”–
- C. Blah’;exec master..xp_cmdshell “dir c:\*.* /s >c:\directory.txt”–
- D. Blah’;exec cmdshell “dir c:\*.* “–
Answer 127. Option C.
Explanation: Blah’;exec master..xp_cmdshell “dir c:\*.* /s >c:\directory.txt”– is the command to obtain a directory listing utilizing SQL injection.
Question 128. What are two types of buffer overflow attacks?
- A. Heap and stack
- B. Heap and overflow
- C. Stack and memory allocation
- D. Injection and heap
Answer 128. Option A.
Explanation: Heap and stack are the two types of buffer overflows.
Question 129. Which of the following security solutions uses the same key for both encryption and authentication?
- A. WPA
- B. WPA2
- C. WEP
- D. 802.11i
Answer 129. Option C.
Explanation: WEP uses the same key for encryption and authentication.
Question 130. WEP stands for what?
- A. Wireless Encryption Protocol
- B. Wired Equivalent Privacy
- C. Wireless Encryption Privacy
- D. Wired Encryption Protocol
Answer 130. Option B.
Explanation: WEP is an acronym for Wired Equivalent Privacy.
Question 131. What makes WEP crackable?
- A. Same key used for encryption and authentication
- B. Length of the key
- C. Weakness of IV
- D. RC4
Answer 131. Option C.
Explanation: WEP is crackable because of the lack of sophistication in using the IV when deploying RC4.
Question 132. Which form of encryption does WPA use?
- A. AES
- B. TKIP
- C. LEAP
- D. Shared key
Answer 132. Option B.
Explanation: WPA uses TKIP.
Question 133. Which form of authentication does WPA2 use?
- A. Passphrase only
- B. 802.1x/EAP/RADIUS
- C. Passphrase or 802.1x/EAP/RADIUS
- D. AES
Answer 133. Option C.
Explanation: WPA2 uses either a passphrase in personal mode or 802.1x/EAP/RADIUS in enterprise mode.
Question 134. 802.11i is most similar to which wireless security standard?
- A. WPA2
- B. WPA
- C. TKIP
- D. AES
Answer 134. A.
Explanation: 802.11i is almost the same as WPA2.
Question 135. Which of the following is a layer 3 security solution for WLANs?
- A. MAC filter
- B. WEP
- C. WPA
- D. VPN
Answer 135. Option D.
Explanation: A VPN is a layer 3 security solution for WLANs.
Question 136. A device that sends deauth frames is performing which type of attack against the WLAN?
- A. Denial of Service
- B. Cracking
- C. Sniffing
- D. MAC spoofing
Answer 136. Option A.
Explanation: A DoS can be performed by a device sending constant deauth frames.
Question 137. The most dangerous type of attack against a WLAN is _______________.
- A. WEP cracking
- B. Rogue access point
- C. Eavesdropping
- D. MAC spoofing
Answer 137. Option B.
Explanation: A rogue AP is the most dangerous attack against a WLAN because it gives a hacker an open door into the network.
Question 138. 802.11i is implemented at which layer of the OSI model?
- A. Layer 1
- B. Layer 2
- C. Layer 3
- D. Layer 7
Answer 138. Option B.
Explanation: 802.11i is a layer 2 technology.
Question 139. Who is responsible for implementing physical security? (Choose all that apply.)
- A. The owner of the company
- B. Chief information officer
- C. IT managers
- D. Employees
Answer 139. Options A, B, C, D.
Explanation: The chief information officer, along with all the employees, is responsible for implementing physical security.
Question 140 What factor does impact physical security?
- A. Encryption in use on the network
- B. Flood or fire
- C. IDS implementation
- D. Configuration of firewall
Answer 140. Option B.
Explanation: A fire or flood are factors that can affect physical security while all the others are technical security issues.
Question 141. Physical security is designed to prevent what?
- A. Stealing confidential data
- B. Hacking systems from the inside
- C. Hacking systems from the Internet
- D. Physical access
Answer 141. Options A, B, D.
Explanation: Physical security is designed to prevent stealing of confidential data, hacking systems from the inside, and physical access restricted to authorized personnel. Technical security defends against hacking systems from the Internet.