312-50v7 Ethical Hacking and Countermeasures V7 Part 2 Exam Set 1

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?


Options are :

  • Perform a hybrid attack.
  • Perform a brute force attack
  • Perform a dictionary attack.
  • Perform an attack with a rainbow table. (Correct)

Answer : Perform an attack with a rainbow table.

Which of the following is considered an acceptable option when managing a risk?


Options are :

  • Reject the risk.
  • Initiate the risk.
  • Mitigate the risk. (Correct)
  • Deny the risk.

Answer : Mitigate the risk.

A company has made the decision to host their own email and basic web services. The administrator needs to set up the external firewall to limit what protocols should be allowed to get to the public part of the company's network. Which ports should the administrator open? (Choose three.)


Options are :

  • Port 22
  • Port 80 (Correct)
  • Port 23
  • Port 25 (Correct)
  • Port 53 (Correct)

Answer : Port 80 Port 25 Port 53

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?


Options are :

  • SQL injection
  • Cross-site scripting
  • XML denial of service issues (Correct)
  • VPath injection

Answer : XML denial of service issues

A covert channel is a channel that


Options are :

  • transfers information over, within a computer system, or network that is outside of the security policy. (Correct)
  • transfers information over, within a computer system, or network that is encrypted.
  • transfers information over, within a computer system, or network that is within the security policy.
  • transfers information via a communication path within a computer system, or network for transfer of data.

Answer : transfers information over, within a computer system, or network that is outside of the security policy.

John the Ripper is a technical assessment tool used to test the weakness of which of the following?


Options are :

  • Passwords (Correct)
  • Usernames
  • Firewall rulesets
  • File permissions

Answer : Passwords

Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?


Options are :

  • DataThief
  • SQLInjector (Correct)
  • Cain and Abel
  • NetCat

Answer : SQLInjector

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?


Options are :

  • Registration of critical penetration testing for the Department of Homeland Security and public and private sectors
  • Maintenance of the nationís Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure
  • Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security (Correct)
  • Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Answer : Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

One way to defeat a multi-level security solution is to leak data via


Options are :

  • a bypass regulator
  • asymmetric routing
  • steganography
  • a covert channel (Correct)

Answer : a covert channel

During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?


Options are :

  • The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.
  • The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key
  • The tester must capture the WPA2 authentication handshake and then crack it. (Correct)
  • The tester must use the tool inSSIDer to crack it using the ESSID of the network.

Answer : The tester must capture the WPA2 authentication handshake and then crack it.

A security engineer is attempting to map a companyís internal network. The engineer enters in the following. What type of scan is this?


Options are :

  • Quick scan
  • Intense scan
  • Comprehensive scan
  • Stealth scan (Correct)

Answer : Stealth scan

In the software security development life cyle process, threat modeling occurs in which phase?


Options are :

  • Implementation
  • Verification
  • Requirements
  • Design (Correct)

Answer : Design

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect's workstation. He comes across a file that is just called "file.txt" but when he opens it, he finds the following: What can he infer from this file?


Options are :

  • An encrypted file
  • A picture that has been renamed with a .txt extension
  • A buffer overflow (Correct)
  • An encoded file

Answer : A buffer overflow

Which of the following identifies the three modes in which Snort can be configured to run?


Options are :

  • Sniffer, Packet Logger, and Network Intrusion Detection System (Correct)
  • Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System
  • Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System
  • Sniffer, Packet Logger, and Host Intrusion Prevention System

Answer : Sniffer, Packet Logger, and Network Intrusion Detection System

Botnets are networks of compromised computers that are controlled remotely and surreptitiously by one or more cyber criminals. How do cyber criminals infect a victim's computer with bots? (Select 3 answers)


Options are :

  • Attackers physically visit every victim's computer to infect them with malicious software
  • Attackers use phishing or spam emails that contain links or attachments (Correct)
  • None
  • Spammers scan the Internet looking for computers that are unprotected and use these "open-doors" to install malicious software (Correct)
  • Home computers that have security vulnerabilities are prime targets for botnets (Correct)

Answer : Attackers use phishing or spam emails that contain links or attachments Spammers scan the Internet looking for computers that are unprotected and use these "open-doors" to install malicious software Home computers that have security vulnerabilities are prime targets for botnets

Which type of scan measures a person's external features through a digital video camera?


Options are :

  • Facial recognition scan (Correct)
  • Retinal scan
  • Signature kinetics scan
  • Iris scan

Answer : Facial recognition scan

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?


Options are :

  • Tear Drop
  • Fraggle
  • MAC Flood (Correct)
  • Smurf

Answer : MAC Flood

Which of the following is a hashing algorithm?


Options are :

  • PGP
  • ROT13
  • DES
  • MD5 (Correct)

Answer : MD5

Which of the following are valid types of rootkits? (Choose three.)


Options are :

  • Application level (Correct)
  • Network level
  • Hypervisor level (Correct)
  • Kernel level (Correct)

Answer : Application level Hypervisor level Kernel level

A company is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purposes. This could lead to prosecution for the sender and for the company's directors if, for example, outgoing email was found to contain material that was pornographic, racist, or likely to incite someone to commit an act of terrorism. You can always defend yourself by "ignorance of the law" clause.


Options are :

  • FALSE (Correct)
  • TRUE

Answer : FALSE

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?


Options are :

  • MD5
  • MD4
  • HAVAL
  • SHA-1 (Correct)

Answer : SHA-1

What is the broadcast address for the subnet 190.86.168.0/22?


Options are :

  • 190.86.255.255
  • 190.86.169.255
  • 190.86.171.255 (Correct)
  • 190.86.168.255

Answer : 190.86.171.255

__________ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer


Options are :

  • NetBIOS vulnerability
  • Alternate Data Streams (Correct)
  • Merge Streams
  • Steganography

Answer : Alternate Data Streams

You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?


Options are :

  • Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1
  • Break the Trojan into multiple smaller files and zip the individual pieces
  • Convert the Trojan.exe file extension to Trojan.txt disguising as text file (Correct)
  • Change the content of the Trojan using hex editor and modify the checksum

Answer : Convert the Trojan.exe file extension to Trojan.txt disguising as text file

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?


Options are :

  • An attacker, working slowly enough, can evade detection by the IDS (Correct)
  • The IDS will not distinguish among packets originating from different sources.
  • Network packets are dropped if the volume exceeds the threshold.
  • Thresholding interferes with the IDSí ability to reassemble fragmented packets.

Answer : An attacker, working slowly enough, can evade detection by the IDS

Passive reconnaissance involves collecting information through which of the following?


Options are :

  • Man in the middle attacks
  • Publicly accessible sources (Correct)
  • Social engineering
  • Network traffic sniffing

Answer : Publicly accessible sources

What two things will happen if a router receives an ICMP packet, which has a TTL value of 1, and the destination host is several hops away? (Select 2 answers)


Options are :

  • The router will increment the TTL value and forward the packet to the next router on the path to the destination host.
  • The router will decrement the TTL value and forward the packet to the next router on the path to the destination host
  • The router will discard the packet (Correct)
  • The router will send a time exceeded message to the source host (Correct)

Answer : The router will discard the packet The router will send a time exceeded message to the source host

Which of the following is optimized for confidential communications, such as bidirectional voice and video?


Options are :

  • MD4
  • MD5
  • RC4 (Correct)
  • RC5

Answer : RC4

Least privilege is a security concept that requires that a user is


Options are :

  • given privileges equal to everyone else in the department.
  • trusted to keep all data and access to that data under their sole control
  • given root or administrative privileges.
  • limited to those functions required to do the job. (Correct)

Answer : limited to those functions required to do the job.

Which of the following LM hashes represents a password of less than 8 characters?


Options are :

  • CEC52EB9C8E3455DC2265B23734E0DAC
  • 0182BD0BD4444BF836077A718CCDF409
  • BA810DBA98995F1817306D272A9441BB (Correct)
  • B757BF5C0D87772FAAD3B435B51404EE (Correct)
  • 44EFCE164AB921CQAAD3B435B51404EE

Answer : BA810DBA98995F1817306D272A9441BB B757BF5C0D87772FAAD3B435B51404EE

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions