CEH V6 Study Guide

------------------

1. Jason is the network security administrator for Gunderson International, a gl

obal shipping company based out of New York City. Jason’s company utilizes many
layers of security throughout its network such as network firewalls, applicatio
n firewalls, vlans, operating system hardening, and so on. One thing in particu
lar the company is concerned with is the trustworthiness of data and resources i
n terms of preventing improper and unauthorized changes. Since the company is g
lobal, information is sent constantly back and forth to all its employees all ov
er the world. What in particular is Jason’s company concerned about?
A. Jason’s company is particularly concerned about data integrity. *
B. Authenticity is what the company is most concerned about.
C. The confidentiality of the company’s data is the most important concern for G
underson International.
D. The availability of the data is paramount to any other concern of the company
.
2. Yancey is a network security administrator for a large electric company. Thi
s company provides power for over 100,000 people in Las Vegas. Yancey has worke
d for his company for over 15 years and has become very successful. One day, Ya
ncey comes in to work and finds out that the company will be downsizing and he w
ill be out of a job in two weeks. Yancey is very angry and decides to place log
ic bombs, viruses, Trojans, and backdoors all over the network to take down the
company once he has left. Yancey does not care if his actions land him in jail
for 30 or more years, he just wants the company to pay for what they are doing t
o him. What would Yancey be considered?
A. Yancey would be considered a Suicide Hacker. *
B. Since he does not care about going to jail, he would be considered a Black Ha
t.
C. Because Yancey works for the company currently; he would be a White Hat.
D. Yancey is a Hacktivist Hacker since he is standing up to a company that is do
wnsizing.
3. Heather is a hacktivist working for Green Peace International. She has broke
n into numerous oil and energy companies and exposed their confidential data to
the public. Normally, Heather uses a combination of social engineering and DoS
techniques to gain access to the companies’ networks. Heather has made over 50
fake ID cards and access badges to gain unauthorized access to companies to gain
information as well. If Heather is caught by the federal government, what US l
aw could she be prosecuted under?
A. She could be prosecuted under US law 18 U.S.C § 1029 if caught. *
B. Heather would be charged under 18 U.S.C § 2510, which entails the use of more
than 15 counterfeit items.
C. 18 U.S.C § 9914 is the US law that Heather would be prosecuted under since sh
e used false pretenses to gain unauthorized access.
D. Heather would serve prison time for her actions if prosecuted under US law 18
U.S.C § 2929.
4. Stephanie is the senior security analyst for her company, a manufacturing com
pany in Detroit. Stephanie is in charge of maintaining network security through
out the entire company. A colleague of hers recently told her in confidence tha
t he was able to see confidential corporate information on Stephanie’s external
website. He was typing in URLs randomly on the company website and he found inf
ormation that should not be public. Her friend said this happened about a month
ago. Stephanie goes to the addresses he said the pages were at, but she finds
nothing. She is very concerned about this, since someone should be held account
able if there really was sensitive information posted on the website. Where can
Stephanie go to see past versions and pages of a website?
A. Stephanie can go to Archive.org to see past versions of the company website.
*
B. She should go to the web page Samspade.org to see web pages that might no lon
ger be on the website.
C. If Stephanie navigates to Search.com; she will see old versions of the compan
y website.
D. AddressPast.com would have any web pages that are no longer hosted on the com
pany’s website.
5. You are the chief information officer for your company, a shipping company ba
sed out of Oklahoma City. You are responsible for network security throughout t
he home office and all branch offices. You have implemented numerous layers of
security from logical to physical. As part of your procedures, you perform a ye
arly network assessment which includes vulnerability analysis, internal network
scanning, and external penetration tests. Your main concern currently is the se
rver in the DMZ which hosts a number of company websites. To see how the server
appears to external users, you log onto a laptop at a Wi-Fi hotspot. Since you
already know the IP address of the web server, you create a telnet session to t
hat server and type in the command:
HEAD /HTTP/1.0
After typing in this command, you are presented with the following screen:

What are you trying to do here?

A. You are trying to grab the banner of the web server. *
B. You are attempting to send an html file over port 25 to the web server.
C. You are trying to open a remote shell to the web server.
D. By typing in the HEAD command, you are attempting to create a buffer overflow
on the web server.
6. Kyle is a security consultant currently working under contract for a large fi
nancial firm based in San Francisco. Kyle has been asked by the company to perf
orm any and all tests necessary to ensure that every point of the network is sec
ure. Kyle first performs some passive footprinting. He finds the company’s web
site which he checks out thoroughly for information. Kyle sets up an account wi
th the company and logs on to their website with his information.

Kyle changes the URL to:

This address produces a Page Cannot be Displayed error. Kyle then types in anot
her URL:

What is Kyle attempting here?

A. Kyle is trying incremental substitution to navigate to other pages not normal
ly available. *
B. Kyle is using extension walking to gain access to other web pages.
C. He is using error walking to see what software is being used to host the fina
ncial institution’s website.
D. By changing the address manually, Kyle is attempting ASP poisoning.
7. George is the senior security analyst for Tyler Manufacturing, a motorcycle m
anufacturing company in Seattle. George has been tasked by the president of the
company to perform a complete network security audit. The president is most co
ncerned about crackers breaking in through the company’s web server. This web s
erver is vital to the company’s business since over one million dollars of produ
ct is sold online every year. The company’s web address is at: www.customchopp
ers.com. George decides to hire an external security auditor to try and break i
nto the network through the web server. This external auditor types in the foll
owing Google search attempting to glean information from the web server:

What is the auditor trying to accomplish here?

A. He is trying to search for all web pages on the customchoppers site without e
xtensions of html and htm. *
B. The auditor is having Google retrieve all web pages on the Tyler Manufacturin
g website that either have the extension of html or htm.
C. He is attempting to retrieve all web pages the might have a login page to the
company’s backend database.
D. The auditor that George has hired is trying to find pages with the extension
of html or htm that link directly to customchoppers.com.
8. Jonathan is an IT security consultant working for Innovative Security, an IT
auditing company in Houston. Jonathan has just been hired on to audit the netwo
rk of a large law firm in downtown Houston. Jonathan starts his work by perform
ing some initial passive scans and social engineering. He then uses Angry IP to
scan for live hosts on the firm’s network. After finding some live IP addresse
s, he attempts some firewalking techniques to bypass the firewall using ICMP but
the firewall blocks this traffic. Jonathan decides to use HPING2 to hopefully
bypass the firewall this time. He types in the following command:

What is Jonathan trying to accomplish by using HPING2?

A. Jonathan is attempting to send spoofed SYN packets to the target via a truste
d third party to port 81. *
B. He is using HPING2 to send FIN packets to 10.0.1.24 over port 81.
C. By using this command for HPING2, Jonathan is attempting to connect to the ho
st at 10.0.1.24 through an SSH shell.
D. This HPING2 command that Jonathan is using will attempt to connect to the 10.
0.1.24 host over HTTP by tunneling through port 81.
9. Hayden is the network security administrator for her company, a large marking
firm based in Miami. Hayden just got back from a security conference in Las Ve
gas where they talked about all kinds of old and new security threats; many of w
hich she did not know of. Hayden is worried about the current security state of
her company’s network so she decides to start scanning the network from an exte
rnal IP address. To see how some of the hosts on her network react, she sends o
ut SYN packets to an IP range. A number of IPs responds with a SYN/ACK response
. Before the connection is established she sends RST packets to those hosts to
stop the session. She has done this to see how her intrusion detection system w
ill log the traffic. What type of scan is Hayden attempting here?
A. Hayden is using a half-open scan to find live hosts on her network. *
B. Hayden is attempting to find live hosts on her company’s network by using an
XMAS scan.
C. She is utilizing a SYN scan to find live hosts that are listening on her netw
ork.
D. This type of scan she is using is called a NULL scan.
10. Paul is the systems administrator for One-Time International, a computer man
ufacturing company. Paul is in charge of the company’s older PBX system as well
as its workstations and servers. The company’s internal network is connected t
o the PBX phone system so that customized software applications used by employee
s can use the PBX to dial out to customers. Paul is concerned about crackers br
eaking into his network by way of the PBX. He is particularly worried about war
dialing software that might try all of the company’s numbers to find a way in.
What software utility can Paul use to notify him if any war dialing attempts ar
e made on his PBX?
A. Paul can use SandTrap which would notify him if anyone tries to break into th
e PBX.*
B. If Paul uses ToneLoc, he will be notified by the software when and if anyone
tries to crack into the PBX system.
C. THC Scan would be the best software program for Paul to use if he wants to be
notified of war dialer attacks.
D. Paul needs to use Roadkil’s Detector software to tell if a hacker is trying t
o break into his phone system
11. You are the chief security information analyst for your company Utilize Inco
rporated. You are currently preparing for a future security audit that will be
performed by a consulting company. This security audit is required by company p
olicy. To prepare, you are performing vulnerability analysis, scanning, brute f
orce, and many other techniques. Your network is comprised of Windows as well a
s Linux servers. From one of the client computers running Linux, you open a com
mand shell and type in the following command:

What are you trying to accomplish?

A. You are attempting to establish a null session on the 192.168.2.121 host. *
B. You are trying to connect to this host at the IPC share using the currently l
ogged on user’s credentials.
C. By typing in this command, you are attempting to connect to the SMB share on
the host using an Anonymous connection.
D. You are trying to connect to the localhost share of the client computer.
12. Lauren is a network security officer for her agency, a large state-run agenc
y in California. Lauren has been asked by the IT manager of another state agenc
y to perform a security audit on their network. This audit she has been asked t
o perform will be an external audit. The IT manager thought that Lauren would b
e a great candidate for this task since she does not work for the other agency b
ut is an accomplished IT auditor. The first task that she has been asked to per
form is to attempt to crack user passwords. Since Lauren knows that all state a
gency passwords must abide by the same password policy, she believes she can fin
ish this particular task quickly. What would be the best password attack method
for Lauren to use in this situation?
A. Lauren should use a rule-based attack on the agency’s user passwords. *
B. Lauren can produce the best and fastest results if she uses a dictionary atta
ck.
C. A hyberfil-based password attack would be the best method of password crackin
g in this scenario.
D. She should utilize the reverse-encryption password cracking technique since
she knows the password policy.

13. Simon is the network administrator for his company. Simon is also an IT sec
urity expert with over 10 security-related certifications. Simon has been asked
by the company CIO to perform a comprehensive security audit of the entire netw
ork. After auditing the network at the home office without finding any issues,
he travels to one of the company’s branch offices in New Orleans. The first tas
k that Simon carries out is to set up traffic mirroring on the internal-facing p
ort of that office’s firewall. On this port, he uses Wireshark to capture traff
ic. Alarmingly, he finds a huge number of UDP packets going both directions on
ports 2140 and 3150. What is most likely occurring here?
A. A client inside the network has been infected with the Deep Throat Trojan. *
B. This type of traffic is indicative of the Netbus Trojan.
C. Most likely, a computer inside the network is infected with the SQL Slammer w
orm.
D. Seeing traffic on UDP ports 2140 and 3150 means that a computer is infected w
ith the Bobax Trojan
14. Tyler is the senior security officer for WayUP Enterprises, an online retail
company based out of Los Angeles. Tyler is currently performing a network secu
rity audit for the entire company. After seeing some odd traffic on the firewal
l going outbound to an IP address found to be in North Korea, Tyler decides to l
ook further. Tyler traces the traffic back to the originating IP inside the net
work; which he finds to be a client running Windows XP. Tyler logs onto this cl
ient computer and types in the following command:

What is Tyler trying to accomplish by using this command?

A. Tyler is trying to find out all the ports that are listening on this computer
. *
B. Tyler is using this command to find all the host records that are stored on t
he local client computer.
C. By using this command, Tyler is closing all open TCP and UDP sessions on the
computer.
D. This command will show Tyler if there are any Trojan programs installed on th
is computer.
15. Lyle is a systems security analyst for Gusteffson & Sons, a large law firm i
n Beverly Hills. Lyle’s responsibilities include network vulnerability scans, A
ntivirus monitoring, and IDS monitoring. Lyle receives a help desk call from a
user in the Accounting department. This user reports that his computer is runni
ng very slow all day long and it sometimes gives him an error message that the h
ard drive is almost full. Lyle runs a scan on the computer with the company ant
ivirus software and finds nothing. Lyle downloads another free antivirus applic
ation and scans the computer again. This time a virus is found on the computer.
The infected files appear to be Microsoft Office files since they are in the s
ame directory as that software. Lyle does some research and finds that this vir
us disguises itself as a genuine application on a computer to hide from antiviru
s software. What type of virus has Lyle found on this computer?
A. Lyle has discovered a camouflage virus on the computer. *
B. By using the free antivirus software, Lyle has found a tunneling virus on the
computer.
C. This type of virus that Lyle has found is called a cavity virus.
D. Lyle has found a polymorphic virus on this computer.
16. Miles is a network administrator working for the University of Central Oklah
oma. Miles’ responsibilities include monitoring all network traffic inside the
network and traffic coming into the network. On the university’s IDS, Miles not
ices some odd traffic originating from some client computers inside the network.
Miles decides to use Tcpdump to take a further look.

What is Miles going to accomplish by running this command?

A. Miles is trying to capture all UDP traffic from client1 and the LAN except fo
r traffic to client29. *
B. He is trying to see all UDP traffic between client1 and client29 only.
C. This command will capture all traffic on the internal network except for traf
fic originating from client1 and client29.
D. Miles will be able to capture all traffic on the network originating from cli
ent1 and client29 except UDP traffic.
17. Neil is an IT security consultant working on contract for Davidson Avionics.
Neil has been hired to audit the network of Davidson Avionics. He has been gi
ven permission to perform any tests necessary. Neil has created a fake company
ID badge and uniform. Neil waits by one of the company’s entrance doors and fol
lows an employee into the office after they use their valid access card to gain
entrance. What type of social engineering attack has Neil employed here?
A. Neil has used a tailgating social engineering attack to gain access to the of
fices. *
B. He has used a piggybacking technique to gain unauthorized access.
C. This type of social engineering attack is called man trapping.
D. Neil is using the technique of reverse social engineering to gain access to t
he offices of Davidson Avionics.
18. Xavier is a network security specialist working for a federal agency in Wash
ington DC. Xavier is responsible for maintaining agency security policies, teac
hing security awareness classes, and monitoring the overall health of the networ
k. One of Xavier’s coworkers receives a help desk call from a user who is havin
g issues navigating to certain sites on the Internet. Xavier’s coworker cannot
figure out the issue so he hands it off to Xavier. He logs on to the user’s com
puter and goes to a couple of websites the user said were having issues. When X
avier types in www.Google.com, it takes him to Boogle.com instead. When Xavier
types in Yahoo.com, it takes him to Yahooo.com instead. Xavier checks all the I
P settings on the computer which are static and they appear to be correct. Xavi
er checks the local DNS settings as well as the DNS settings on the server and t
hey are correct. Xavier opens a command window and types in: ipconfig /flushdn
s. When he navigates to the previous sites, he is still directed to the wrong o
nes. What issue is Xavier seeing here on the client computer?
A. This client computer has had the hosts file poisoned. *
B. From this behavior, it is evident that the client computer’s DNS cache has be
en poisoned.
C. Xavier is seeing a computer that has been infected with an IRC bot Trojan.
D. This computer has obviously been hit by a Smurf attack.
19. Javier is a network security consultant working on contract for a state agen
cy in Texas. Javier has been asked to test the agency’s network security from e
very possible aspect. Javier decides to use the Reaper Exploit virus to see if
he can exploit any weaknesses in the company’s email. He infects a couple of co
mputers with the virus and waits for the users of those machines to use their em
ail client. After a short amount of time, he receives numerous emails that were
 copied from those clients; this proving that the client computers are susceptib
le to the Reaper Exploit virus exploiting their email clients. What aspect of e
mail clients does this exploit take advantage of?
A. The Reaper Exploit uses the functionality of DHTML in Internet Explorer, used
by Microsoft Outlook. *
B. This exploit takes advantage of hidden form fields which are used by email cl
ients such as Microsoft Outlook.
C. This Reaper Exploit virus takes advantage of the inherent insecurity in S/MIM
E used by email clients like Outlook.
D. Email clients like Outlook are susceptible to this exploit because they utili
ze XML and XMLS.
20. You are an IT security consultant working on a six month contract with a lar
ge energy company based in Kansas City. The energy company has asked you to per
form DoS attacks against its branch offices to see if their configurations and n
etwork hardening can handle the load. To perform this attack, you craft UDP pac
kets that you know are too large for the routers and switches to handle. You al
so put confusing offset values in the second and later fragments to confuse the
network if it tries to break up the large packets. What type of attack are you
going to attempt on the company’s network?
A. You are going to attempt a teardrop attack to see if their network can handle
the packets. *
B. This type of attack is referred to as a Ping of Death attack since the packet
s use confusing offset values.
C. By changing the characteristics of the UDP packets in this manner, you are tr
ying to use a Smurf attack against the company’s network.
D. This attack is called a SYN attack since the UDP packets are manipulated.
21. Bill is an IT security consultant who has been hired on by an ISP that has r
ecently been plagued by numerous DoS attacks. The ISP did not have the internal
resources to prevent future attacks, so they hired Bill for his expertise. Bil
l looks through the company’s firewall logs and can see from the patterns that t
he attackers were using reflected DoS attacks. What measures can Bill take to h
elp prevent future reflective DoS attacks against the ISP’s network? (Select 2)
A. Bill should have the ISP block port 179 on their firewall to stop these DoS a
ttacks. *
B. He should have them configure their network equipment to recognize SYN source
IP addresses that never complete their connections. *
C. Bill needs to tell the ISP to block all UDP traffic coming in on port 1001 to
prevent future reflective DoS attacks against their network.
D. Bills should configure the ISP’s firewall so that it blocks FIN packets that
are sent to the broadcast address of the company’s internal IP range.
22. Gerald is a certified ethical hacker working for a large financial instituti
on in Oklahoma City. Gerald is currently performing an annual security audit of
the company’s network. One of the company’s primary concerns is how the corpor
ate data is transferred back and forth from the banks all over the city to the d
ata warehouse at the company’s home office. To see what type of traffic is bein
g passed back and forth and to see how secure that data really is, Gerald uses a
session hijacking tool to intercept traffic between a server and a client. Ger
ald hijacks an HTML session between a client running a web application which con
nects to a SQL database at the home office. Gerald does not kill the client’s s
ession; he simply monitors the traffic that passes between it and the server. W
hat type of session attack is Gerald employing here?
A. Gerald is using a passive application level hijack to monitor the client and
server traffic. *
B. He is utilizing a passive network level hijack to see the session traffic use
d to communicate between the two devices.
C. This type of attack would be considered an active application attack since he
is actively monitoring the traffic.
D. This type of hijacking attack is called an active network attack.
23. Theresa is the chief information security officer for her company, a large s
hipping company based out of New York City. In the past, Theresa and her IT emp
loyees manually checked the status of client computers on the network to see if
they had the most recent Microsoft updates. Now that the company has added over
100 more clients to accommodate new departments, Theresa must find some kind of
tool to see whether the clients are up-to-date or not. Theresa decides to use
Qfecheck to monitor all client computers. When Theresa runs the tool, she is re
peatedly told that the software does not have the proper permissions to scan. T
heresa is worried that the operating system hardening that she performs on all c
lients is keeping the software from scanning the necessary registry keys on the
client computers. What registry key permission should Theresa check to ensure t
hat Qfecheck runs properly?
A. She needs to check the permissions of the HKEY_LOCAL_MACHINE\SOFTWARE\Microso
ft\Updates registry key. *
B. Theresa needs to look over the permissions of the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Updates\Microsoft\Patches.
C. In order for Qfecheck to run properly, it must have enough permission to read
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Microsoft\Updates.
D. The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micros
oft must be checked.
24. Leonard is the senior security analyst for his company, Meyerson Incorporate
d. Leonard has recently finished writing security policies for the company that
have just been signed off by management. Every employee has had to sign off on
the policies, agreeing to abide by them or face disciplinary action. One polic
y in particular is being enforced; employees are not allowed to use web-based em
ail clients such as Hotmail, Yahoo, and Gmail. This has been put in place becau
se of virus infections that started with web-based email. While walking through
the office one day, Leonard notices an employee using Hotmail. To prove a poin
t, Leonard sends an email to this users Hotmail account with the following code.

What will this code do on the employee’s computer once the email is opened?
A. This code will create pop-up windows on the employee’s computer until its mem
ory is exhausted. *
B. This HTML code will force the computer to reboot immediately.
C. Once the employee opens the email with this code, his computer will send out
messages to the network with the title of “You are in trouble!”.
D. This code will install a counter on the employee’s computer that will count e
very time that user opens web-based email.
25. Cheryl is a security analyst working for Shintel Enterprises, a publishing c
ompany in Boston. As well as monitoring the security state of the company’s net
work, she must ensure that the company’s external websites are up and running al
l the time. Cheryl performs some quick searches online and finds a utility that
will display a window on her desktop showing the current uptime statistics of t
he websites she needs to watch. This tool works by periodically pinging the web
sites; showing the ping time as well as a small graph that allows Cheryl to view
the recent monitoring history. What tool is Cheryl using to monitor the compan
y’s external websites?
A. She is using Emsa Web monitor to check on the status of the company’s website
s. *
B. Cheryl is utilizing AccessDiver to check on the websites’ status.
C. To monitor her company’s websites, Cheryl is using Acunitex.
D. Cheryl has chosen to use Burp to check on the status of the company’s website
s.
26. James is an IT security consultant as well as a certified ethical hacker. J
ames has been asked to audit the network security of Yerta Manufacturing, a tool
manufacturing company in Phoenix. James performs some initial external tests a
nd then begins testing the security from inside the company’s network. James fi
nds some big problems right away; a number of users that are working on Windows
XP computers have saved their usernames and passwords used to connect to servers
on the network. This way, those users do not have to type in their credentials
every time they want access to a server. James tells the IT manager of Yerta M
anufacturing about this, and the manager does not believe this is possible on Wi
ndows XP. To prove his point, James has a user logon to a computer and then Jam
es types in a command that brings up a window that says “Stored User Names and P
asswords”. What command did James type in to get this window to come up?
A. James had to type in “rundll32.exe keymgr.dll, KRShowKeyMgr” to get the windo
w to pop up. *
B. To bring up this stored user names and passwords window, James typed in “rund
ll32.exe storedpwd.dll, ShowWindow”.
C. The command to bring up this window is “KRShowKeyMgr”.
D. James typed in the command “rundll32.exe storedpwd.dll” to get the Stored Use
r Names and Passwords window to come up.
27. Kevin is an IT security analyst working for Emerson Time Makers, a watch man
ufacturing company in Miami. Kevin and his girlfriend Katy recently broke up af
ter a big fight. Kevin believes that she was seeing another person. Kevin, who
has an online email account that he uses for most of his mail, knows that Katy
has an account with that same company. Kevin logs into his email account online
and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22
Kevin changes the URL to:
http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22
Kevin is trying to access her email account to see if he can find out any inform
ation. What is Kevin attempting here to gain access to Katy’s mailbox?
A. Kevin is trying to utilize query string manipulation to gain access to her em
ail account. *
B. This type of attempt is called URL obfuscation when someone manually changes
a URL to try and gain unauthorized access.
C. By changing the mailbox’s name in the URL, Kevin is attempting directory tran
sversal.
D. He is attempting a path-string attack to gain access to her mailbox.
28. Daryl is the network administrator for the North Carolina Lottery. Daryl is
responsible for all network security as well as physical security. The lottery
recently hired on a web developer to create their website and bring all service
s in house since the lottery’s website was previously hosted and supported by a
third party company. After the developer creates the website, Daryl wants to ch
eck it to ensure it is as secure as possible. The developer created a logon pag
e for lottery retailers to gain access to their financial information. Without
knowing what any of the usernames and passwords are, Daryl tries to bypass the l
ogon page and gain access to the backend. Daryl makes a number of attempts and
he gets the following error message every time.

What can Daryl deduce from this error message?

A. He can tell that the site is susceptible to SQL injection. *
B. From this error, Daryl can see that the site is vulnerable to query string ma
nipulation attacks.
C. This particular error indicates that the page is vulnerable to buffer overflo
ws.
D. Daryl can deduce that the developer did not turn off friendly messages on the
server.
29. Jeremy is web security consultant for Information Securitas. Jeremy has jus
t been hired to perform contract work for a large state agency in Michigan. Jer
emy’s first task is to scan all the company’s external websites. Jeremy comes u
pon a login page which appears to allow employees access to sensitive areas on t
he website. James types in the following statement in the username field:
SELECT * from Users where username=’admin’ -- AND password=’’ AND email like ‘%@
testers.com%’
What will the following SQL statement accomplish?
A. If the page is susceptible to SQL injection, it will look in the Users table
for usernames of admin *
B. This statement will look for users with the name of admin, blank passwords, a
nd email addresses that end in @testers.com.
C. This Select SQL statement will log James in if there are any users with NULL
passwords.
D. James will be able to see if there are any default sa user accounts in the SQ
L database.
30. David is the wireless security administrator for Simpson Audio Visual. Davi
d was hired on after the company was awarded a contract with 100 airports to ins
tall wireless networks. Since these networks will be used by both internal airp
ort employees and visitors to the airports, David decided to go with the de fact
o standard of 802.11b. Every airport wants to use 802.11b with TCP error checki
ng, even though David has said this will slow down the wireless network connecti
on speeds. With this error checking, what will be the resulting speed of the wi
reless networks?
A. Since TCP error checking will be utilized; the effective speed of the wireles
s networks can be up to 5.9 mbps. *
B. The resulting speed of the wireless networks will be up to 7.1 mbps since err
or checking slows down the actual speed.
C. Because TCP error checking has no effect on the actual speed, the airports’ w
ireless networks will function at up to 11 mbps.
D. The resulting speed of the wireless networks for the airports will be up to 2
48 mbps.
31. Oliver is the network security administrator for Foodies Café, a chain of co
ffee shops in the Seattle metropolitan area. Oliver is performing his quarterly
security audit of the entire company, including each coffee shop the company ow
ns. Each café has a wireless hotspot that customers can utilize. The home offi
ce also has a wireless network which is used by employees. While walking around
the outside of the corporate office, Oliver sees a drawing on the sidewalk righ
t next to his building.
What does this symbol signify?
A. This symbol means that someone has found out that the company is using wirele
ss networking with open access and restrictions. *
B. This means that someone knows the corporate wireless network is utilizing a a
ccess points with MAC filtering and WPA encryption.
C. This signifies a hacker has discovered that the company is using WEP encrypti
on for its wireless network.
D. This particular symbol is used to tell others that a nearby wireless access p
oint is using weak encryption.
32. Jacob is the IT manager for Thompson & Sons, a bail bondsman company in Minn
eapolis. Jacob has been told by the company’s president to perform a logical an
d physical security audit for all the offices around the city. Jacob finds that
a number of offices need more physical security. Jacob recommends that these o
ffices add a cage that customers must pass through before entering the main offi
ce. This cage will allow employees in the office to verify the customer’s infor
mation before allowing them access into the building. What is Jacob recommendin
g the offices install for added security?
A. Jacob is recommending that the offices install mantraps at their locations. *
B. He is recommending the offices install physical DMZ’s at their locations.
C. This type of physical security measure is called a piggyback box.
D. He has recommended that these locations install stop-gap cages as an added se
curity measure.
33. Sydney is a certified ethical hacker working as the systems administrator fo
r Galt Riderson International. Sydney is an expert in Linux systems and is util
izing IPTables to protect Linux clients as well as servers. After monitoring th
e firewall log files, Sydney has been fine tuning the firewall on many clients t
o adjust for the best security. Sydney types in the following command:
iptables -A INPUT -s 0/0 -I eth1 -d 192.168.254.121 -p TCP -j ACCEPT
What will this command accomplish for Sydney?
A. This command will allow TCP packets coming in on interface eth1 from any IP
address destined for 192.168.254.121. *
B. By using this command, Sydney will block all TCP traffic coming in on interfa
ce eth1 to the IP address of 192.168.254.121.
C. This command will block all TCP packets with NULL headers from reaching the I
P address of 192.168.254.121.
D. Sydney is using this command to allow all TCP traffic that is outbound from I
P address 192.168.254.121.
34. Lonnie is the chief information officer for Ganderson Trailways, a railroad
shipping company with offices all over the United States. Lonnie had all his sy
stems administrators implement hardware and software firewalls last year to help
ensure network security. On top of these, they implemented IDS/IPS systems thr
oughout the network to check for and stop any bad traffic that may attempt to en
ter the network. Although Lonnie and his administrators believed they were secu
re, a hacker group was able to get into the network and modify files hosted on t
he company’s websites. After searching through firewall and server logs, no one
could find how the hackers were able to get in. Lonnie decides that the entire
network needs to be monitored for critical and essential file changes. This mo
nitoring tool needs to alert administrators whenever a critical file is changed
in any way. What utility could Lonnie and his systems administrators implement
on the company’s network to accomplish this?
A. Lonnie could use Tripwire to notify administrators whenever a critical file i
s changed.*
B. They can implement Strataguard on the network which monitors critical system
and registry files.
C. SnortSam would be the best utility to implement since it keeps track of criti
cal files as well as files it is told to monitor.
D. Lonnie and his systems administrators need to use Loki to monitor specified f
iles on the company’s network.
35. Neville is a network security analyst working for Fenderson Biomedics, a med
ical research company based out of London. Neville has been tasked by his super
visor to ensure that the company is as secure as possible. Neville first examin
es and hardens the OS for all company clients and servers. Neville wants to che
ck the performance and configuration of every firewall and network device to ens
ure they comply with company security policies. Neville has chosen to use Firew
all Informer because it actively and safely tests devices with real-world exploi
ts to determine their security state. What built-in technology used by Firewall
Informer actively performs these exploit tests on network equipment?
A. Firewall Informer uses Blade Software’s Simulated Attack For Evaluation (S.A.
F.E.) technology to actively test network devices. *
B. The built-in technology used by Firewall Informer is a graphical user interfa
ce version of Snort.
C. The technology used to actively perform exploit checking in Firewall Informer
is Blade Software’s Exploit Awareness Safety Yield (E.A.S.Y.).
D. Firewall Informer utilizes a stripped down version of Loki to actively and sa
fely check for possible exploits on network devices.
36. Ursula is a network security analyst as well as a web developer working on c
ontract for a marketing firm in St. Louis. Ursula has been hired on to help str
eamline the company’s website and ensure it meets accessibility laws for that st
ate. After completing all the work that was asked, the marketing firm terminate
s Ursula’s service and does not pay the rest of the money that is owed to her.
Right before she is asked to leave, Ursula writes a small application with the f
ollowing code inserted into it.

What will this code accomplish?

A. This code will create a buffer overflow if the application it resides in is r
un. *
B. This code that Ursula has written will cause the computer it is run on to thr
ow up a URI exception error; essentially crashing the machine.
C. Because the code is written in this manner, it will create a buffer underflow
if it is executed.
D. This code Ursula has inserted into a program will create a format string bug
if executed.
37. Nathan is the senior network administrator for Undulating Innovations, a sof
tware development company in Los Angeles. Nathan’s company typically develops s
ecure email programs for state and local agencies. These programs allow these a
gencies to send and receive encrypted email using proprietary encryption and sig
ning methods. An employee at one of the state agencies has been arrested on sus
picion of leaking sensitive government information to third world countries for
profit. When the US federal government steps in, they seize the employee’s comp
uter and attempt to read email he sent but are not able to because of the encryp
tion software he used. Nathan receives a call from an investigator working for
the CIA on this particular case. The investigator tells Nathan that his company
has to give up the encryption algorithms and keys to the government so they can
 read the email sent by the accused state employee. Under what right does this
investigator have to ask for the encryption algorithms and keys?
A. The federal government can obtain encryption keys from companies under the Go
vernment Access to Keys (GAK) rule. *
B. The CIA investigator can obtain the proprietary keys and algorithms from Nath
an’s company due to Eminent Domain laws.
C. Since this has turned into a federal case, the government has the right to ob
tain proprietary information from Nathan’s company under Juris Prudence laws.
D. The investigator can ask for and obtain the proprietary information due to Ha
beas Corpus laws.
38. Justine is the systems administrator for her company, an international shipp
ing company with offices all over the world. Recent US regulations have forced
the company to implement stronger and more secure means of communication. Justi
ne and other administrators have been put in charge of securing the company’s di
gital communication lines. After implementing email encryption, Justine now nee
ds to implement robust digital signatures to ensure data authenticity and reliab
ility. Justine has decided to implement digital signatures which are a variant
of DSA and that operate on elliptical curve groups. These signatures are more e
fficient than DSA and are not vulnerable to a number field sieve attacks. What
type of signature has Justine decided to implement?
A. Justine has decided to use ECDSA signatures since they are more efficient tha
n DSA signatures. *
B. She has decided to implement ElGamal signatures since they offer more reliabi
lity than the typical DSA signatures.
C. Justine is now utilizing SHA-1 with RSA signatures to help ensure data reliab
ility.
D. These types of signatures that Justine has decided to use are called RSA-PSS
signatures.
39. Charlie is an IT security consultant that owns his own business in Denver.
Charlie has recently been hired by Fleishman Robotics, a mechanical engineering
company also in Denver. After signing service level agreements and other contra
ct papers, Charlie asks to look over the current company security policies. Bas
ed on these policies, Charlie compares the policies against what is actually in
place to secure the company’s network. From this information, Charlie is able t
o produce a report to give to company executives showing which areas the company
is lacking in. This report then becomes the basis for all of Charlie’s remaini
ng tests. What type of initial analysis has Charlie performed to show the compa
ny which areas it needs improvements in?
A. This type of analysis is called GAP analysis. *
B. This initial analysis performed by Charlie is called an Executive Summary.
C. Charlie has performed a BREACH analysis; showing the company where its weak p
oints are.
D. This analysis would be considered a vulnerability analysis.
40. Zane is a network security specialist working for Fameton Automotive, a cust
om car manufacturing company in San Francisco. Zane is responsible for ensuring
that the entire network is as secure as possible. Much of the company’s busine
ss is performed online by customers buying parts and entire cars through the com
pany website. To streamline online purchases, the programming department has de
veloped a new web application that will keep track of inventory and check items
out online for customers. Since this application will be critical to the compan
y, Zane wants to test it thoroughly for any security vulnerabilities. Zane prim
arily focuses on checking the time validity of session tokens, length of those t
okens, and expiration of session tokens while translating from SSL to non-SSL re
sources. What type of web application testing is Zane primarily focusing on?
A. He is most focused on testing the session management of the new web applicati
on. *
B. Zane is putting most of his effort into component checking.
C. By focusing on those specific areas, Zane’s testing is concentrated on input
validation.
D. He is testing the web application’s configuration verification.
41. Giles is the network administrator for his company, a graphics design compan
y based in Dallas. Most of the network is comprised of Windows servers and work
stations, except for some designers that prefer to use MACs. These MAC users ar
e running on the MAC OS X operating system. These MAC users also utilize iChat
to talk between each other. Tommy, one of these MAC users, calls Giles and says
that his computer is running very slow. Giles then gets more calls from the oth
er MAC users saying they are receiving instant messages from Tommy even when he
says he is not on his computer. Giles immediately unplugs Tommy’s computer from
the network to take a closer look. He opens iChat on Tommy’s computer and it sa
ys that it sent a file called latestpics.tgz to all the other MAC users. Tommy
says he never sent those files. Giles also sees that many of the computer’s appl
ications appear to be altered. The path where the files should be has an altere
d file and the original application is stored in the file’s resource fork. What
has Giles discovered on Tommy’s computer?
A. Giles has found the OSX/Leap-A virus on Tommy’s computer. *
B. This behavior is indicative of the OSX/Inqtana.A virus.
C. He has discovered OSX/Chat-burner virus on Tommy’s computer.
D. On Tommy’s computer, Giles has discovered an apparent infection of the OSX/Tr
ansmitter.B virus.
42. Paulette is the systems administrator for Newton Technologies. Paulette hol
ds certifications in both Microsoft areas as well as security such as the CEH.
Paulette is currently performing the yearly security audit for the company’s ent
ire network which includes two branch offices. Paulette travels to one of the b
ranch offices to perform an internal audit at that location. She uses Send ICMP
Nasty Garbage (SING) to find all the routers in the network. All network equip
ment at the home office and branch offices are Cisco equipment. Paulette wants
to check for a particular arbitrary administrative access vulnerability known in
Cisco equipment when certain HTTP requests are made to those routers. If one o
f the router’s IP addresses is 172.16.28.110, what HTTP request could Paulette u
se to see if that router is vulnerable?
A. Paulette could type in: http://172.16.28.110/level/22/exec/show/config/cr to
check if the router is vulnerable. *
B. If she typed in: http://172.16.28.110/level/121/exec/show/admin/config, she
would be able to see if the router is vulnerable to arbitrary administrative acc
ess attacks.
C. By typing in: http://172.16.28.255/level/99/exec/show/config/cr, Paulette wi
ll be able to see if the Cisco router is vulnerable.
D. She needs to navigate to: http://172.16.28.110:2209 to check for its vulnerab
ility.
43. Michael is an IT security consultant currently working under contract for a
large state agency in New York. Michael has been given permission to perform an
y tests necessary against the agency’s network. The agency’s network has come u
nder many DoS attacks in recent months, so the agency’s IT team has tried to tak
e precautions to prevent any future DoS attacks. To test this, Michael attempts
to gain unauthorized access or even overload one of the agency’s Cisco routers
that is at IP address 192.168.254.97. Michael first creates a telnet session ov
er port 23 to the router. He uses a random username and tries to input a very l
arge password to see if that freezes up the router. This seems to have no affec
t on the router yet. What other command could Michael use to attempt to freeze
up the router?
A. Michael could use the command: ping -l 56550 192.168.254.97 -t. *
B. If Michael used the command: ping -r 999 192.168.254.97 -t, he could freeze
up the router and then attempt to gain access.
C. The command: finger -l 9999 192.168.254.97 -m would force the router to free
ze.
D. Ping -l 254 192.168.254.97 would make the router freeze.
44. Cindy is a certified ethical hacker working on contract as an IT consultant
for Dewdrop Enterprises, a computer manufacturing company based in Dallas. Dewd
rop has many sales people that travel all over the state using Blackberry device
s and laptops. These mobile devices are the company’s main concern as far as ne
twork security. About a year ago, one of the company laptops was stolen from a
sales person and sensitive company information was stolen from it. Because of t
his, the company has hired on Cindy to ensure that all mobile devices used by em
ployees are secure. Since many of the employees are now using new laptops with
Windows Vista, Cindy has configured Bitlocker on those devices for hard disk enc
ryption. Cindy then uses the BlackBerry Attack Toolkit along with BBProxy to ch
eck for vulnerabilities on the blackberry devices. As it turns out, these devic
es are vulnerable and she is able to gain access to the corporate network throug
h the Blackberry devices. What type of attack has Cindy used to gain access to
the network through the mobile devices?
A. Cindy has used Blackjacking to gain access to the corporate network. *
B. This type of attack would be called Skipjacking since it is utilizing mobile
devices to gain access to a corporate network.
C. This would be considered a Berryjack attack since it attacks Blackberry devic
es.
D. Cindy is using a MITM attack by using Blackberry devices.
45. Henry is the network administrator for a large advertising firm in Chicago.
As well as ensuring overall network health, Henry is responsible for performing
security audits, vulnerability assessments and penetration tests to check for n
etwork security. Henry has been asked to travel to one of the company’s branch
offices in Taylor Texas to perform a security audit. Right away, Henry notices
how many mobile devices that branch office utilizes including PDA’s, Blackberrie
s, and laptops. To prove a point, Henry wants to show the IT manager at that br
anch office how insecure some of those mobile devices are. In particular, he wa
nts to point out the sensitive information that Palm devices can pass when using
HotSync to synch itself with a computer. What UDP port should Henry listen on
that is used by the Palm OS to find sensitive information?
A. Henry should listen on UDP port 14237 to see the traffic passed back and fort
h when using HotSync. *
B. He should have his device listen on UDP port 16999 to see the traffic passed
from the Palm device.
C. If he listens on UDP port 1219, he will be able to see the traffic.
D. Henry needs to have his device listen on UDP port 14001.
46. Richard is an IT security expert currently making presentations in Las Vegas
at a logical security conference. Richard’s specialty is in Bluetooth technolo
gy and different ways to take advantage of its vulnerabilities. Richard is usin
g one of his Bluetooth enabled cell phones and a Bluetooth enabled laptop to mak
e a demonstration on how to steal information from a wireless device through a B
luetooth connection. Richard shows how to connect to the OBEX Push target and h
ow to perform an OBEX GET request to pull the address book and calendar off the
cell phone. What type of attack is Richard demonstrating here at the conference
?
A. Richard is demonstrating Bluesnarfing by stealing information from a wireless
device through a Bluetooth connection. *
B. He is showing how to perform a Bluejacking attack by exploiting the inherent
weaknesses in Bluetooth connections.
C. This attack that Richard is demonstrating is called a BlueSpam attack.
D. At the conference, Richard is demonstrating how to perform a BlueBack attack
.
47. William is the senior security analyst for Cuthbert & Associates, a large la
w firm in Miami. William is responsible for ensuring complete network security.
William’s boss, the IT director, is trying to convince the owners of the firm
to purchase new Blackberry devices and new Bluetooth enabled laptops. William h
as been telling his boss that using Bluetooth devices like that is not secure.
William’s boss doesn’t believe that Bluetooth devices are a security risk, so he
asks for a demonstration. William obliges his boss by setting up an attack wit
h his personal laptop and his boss’ Bluetooth enabled phone. William uses Logic
al Link Control and Adaptation Layer Protocol ( L2CAP) to send oversized packets
to his boss’ phone. This attack overloads the phone and William is able to do
whatever he wants to with the device now. What type of attack has William just
demonstrated to his boss?
A. He has shown his boss how to perform a Bluesmacking attack. *
B. William has performed a Bluesnarf attack on his boss’ phone.
C. This type of attack is called a BlueDump attack.
D. William was able to demonstrate to his boss how to perform a Bluejacking atta
ck.
48. Blake is an IT security consultant, specializing in PBX and VoIP implementat
ion testing. Blake has been recently hired on my Thwarting Enterprises, a broke
rage firm in New York City. The company heard through contacts that Blake was t
he best in the business as far as examining and securing VoIP network implementa
tions. About a year ago, Thwarting Enterprises installed a Cisco VoIP system th
roughout their office to replace the older PBX system. They have now brought Bl
ake in to test its security, or lack thereof. Blake first begins his testing by
finding network devices on the network that might be used for VoIP. Blake pref
ers to use UDP scanning because of its quickness. Blake finds a target on the n
etwork that looks promising and begins to perform a scan against it by sending p
ackets with empty UDP headers to each port. Almost all of the ports respond wit
h the error of “ICMP port unreachable”. From these errors, what can Blake deduc
e about these ports?
A. From this error, Blake can tell that these ports are not being used. *
B. This specific error means that the ports are currently in stealth mode.
C. Blake can deduce that the ports that respond with this error are open and lis
tening.
D. He can tell that these specific ports are in hybrid mode.
49. Vicki is the IT manager for her company, an online retail business in Seattl
e. Vicki was recently given budget approval by the CIO to purchase 100 VoIP pho
nes and all the VoIP networking equipment needed to make a complete VoIP impleme
ntation. Vicki and her employees install all the phones and set up the servers
needed to run the new system. After about three months of setup, everything has
been completed and the system is finally stable. Because she is not very famil
iar with VoIP security, she attends a VoIP security seminar which she finds very
informative. One interesting piece of information she learns of is that most V
oIP phones are installed with an imbedded OS called VxWorks. This, she finds ou
t, is also what the VoIP phone manufacturer installed on all her company’s new V
oIP phones. Vicki also learns that there is a default remote debugger on all th
ese phones that listens on a specific port in case a remote administrator needs
to do some troubleshooting. Vicki sees this as a large security problem. Inste
ad of going to each and every new phone to turn off this feature, she decides to
block the necessary port on the firewall to save time. What port should Vicki
block at the firewall so no external connections can be made directly to the VoI
P phones?
A. Vicki needs to block TCP port 17185 at the firewall to prevent the default de
bugger program from communicating outside the network. *
B. She should block UDP port 21972 at the firewall to keep the remote debugging
feature on the VoIP phones from being used.
C. TCP port 9121 should be blocked at the firewall to keep anyone from using the
remote admin debugging software.
D. She needs to block any traffic on the firewall coming in on or going out on T
CP port 4290.
50. Steven is the senior network administrator for Onkton Incorporated, an oil w
ell drilling company in Oklahoma City. Steven and his team of IT technicians ar
e in charge of keeping inventory for the entire company; including computers, so
ftware, and oil well equipment. To keep track of everything, Steven has decided
to use RFID tags on their entire inventory so they can be scanned with either a
wireless scanner or a handheld scanner. These RFID tags hold as much informati
on as possible about the equipment they are attached to. When Steven purchased
these tags, he made sure they were as state of the art as possible. One feature
he really liked was the ability to disable RFID tags if necessary. This comes
in very handy when the company actually sells oil drilling equipment to other co
mpanies. All Steven has to do is disable the RFID tag on the sold equipment and
it cannot give up any information that was previously stored on it. What techn
ology allows Steven to disable the RFID tags once they are no longer needed?
A. RFID Kill Switches built into the chips enable Steven to disable them. *
B. The technology used to disable an RFIP chip after it is no longer needed, or
possibly stolen, is called RSA Blocking.
C. Newer RFID tags can be disabled by using Terminator Switches built into the c
hips.
D. The company’s RFID tags can be disabled by Steven using Replaceable ROM techn
ology.
51. Leonard is a systems administrator who has been tasked by his supervisor to
slow down or lessen the amount of SPAM their company receives on a regular basis
. SPAM being sent to company email addresses has become a large problem within
the last year for them. Leonard starts by adding SPAM prevention software at th
e perimeter of the network. He then builds a black list, white list, turns on M
X callbacks, and uses heuristics to stop the incoming SPAM. While these techniq
ues help some, they do not prevent much of the SPAM from coming in. Leonard dec
ides to use a technique where his mail server responds very slowly to outside co
nnected mail servers by using multi-line SMTP responses. By responding slowly t
o SMTP connections, he hopes that SPAMMERS will see this and move on to easier a
nd faster targets. What technique is Leonard trying to employ here to stop SPAM
?
A. He is using the technique called teergrubing to delay SMTP responses and hope
fully stop SPAM. *
B. This technique that Leonard is trying is referred to as using a Sender Policy
Framework to aid in SPAM prevention.
C. Leonard is trying to use the Transparent SMTP Proxy technique to stop incomin
g SPAM.
D. To stop SPAM, Leonard is using the technique called Bayesian Content Filterin
g.
52. Jacob is the systems administrator for Haverson Incorporated, a food process
ing company in Boston. Jacob is responsible for all equipment on the network as
well as network security. After attending the CEH class and passing the CEH te
st, Jacob wants to make some changes on the network to ensure network security.
Since there are three company computers in a publicly accessible area, he wants
to lock those machines down as much as possible. Jacob wants to make sure that
no one can use USB flash drives on those computers; while still allowing USB mi
ce and keyboards to work. What can Jacob do to prevent USB flash drives from wo
rking on these publicly available computers? (Select 2)
A. Jacob needs to change the registry value to “4” at HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\UsbStor\Start *
B. He needs to rename the files UsbStor.inf and UsbStor.pnf. *
C. Jacob should delete the registry key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentCont
rolSet\Services\Usbhub
D. To disable USB drives, he should rename the USBFile.sys and StoreDrive.inf fi
les.
53. Lyle is the network security analyst for his company, a large state agency i
n Florida. Lyle is responsible for ensuring the agency’s network security; inclu
ding everything from mobile users to internal databases. Lyle has been charged
with performing a security audit to comply with state regulations that were just
passed. Lyle begins to test different aspects of the network, including the ma
ny Oracle databases that are utilized. Lyle finds out that the Oracle DBA creat
ed all of the databases with the simple create database command. After finding
this out, Lyle is able to exploit the default user accounts that were created fo
r these databases. What is the default user account created for Oracle database
s when the create database command is used?
A. The default user account created for Oracle databases is called OUTLN. *
B. Oracle creates the default user account DEFAULT when the create database comm
and is used.
C. SYSTEM is the default user account created in Oracle.
D. The default account created when using the create database command on Oracle
databases is called SYSOP.
54. John is the senior research security analyst for Terror Trends International
, a research foundation that provides terrorism information to companies as well
as governments. John and his team have been monitoring terrorist cyber traffic
for over eight years now and have noticed an interesting trend. Through transl
ated bulletin posts and intercepted email communications, they have seen terrori
st and extremist groups use less conventional means of communication on the Inte
rnet. They appear to be using technologies like social-networking sites, eBay,
and even environments like Second Life. By using these new communication method
s, it has made the job of John and his research team much harder. What are thes
e Internet communication environments referred to?
A. These are called Web 2.0 environments. *
B. These environments are often referred to as Internet2.
C. These collaborative areas on the Internet are called Centrix environments.
D. Environments such as these used by terrorists and common people alike are cal
led Symbiotic Networks.
55. Stephan is the senior security analyst for NATO, currently working out of Am
sterdam. Stephan has been assigned to research terrorist activities, specifical
ly cyber Jihad. Stephan was recently given a computer that was seized from a te
rrorist cell in London. After breaking through the disk encryption, Stephan and
his team were able to read files and their contents on the computer. Stephan f
ound a copy of Mujahedeen Secrets 2 in a hidden folder that the terrorists were
apparently using to hide their communications on the Internet. Unfortunately, t
he other files used by the application were not in that same directory. What fi
le should Stephan look for on the computer if he wants to find the file that sto
res all the keys used by Mujahedeen Secrets 2?
A. Stephan needs to look for AsrarKeys.db on the computer. *
B. To find the file used by Mujahedeen Secrets 2 to store keys, Stephan should l
ook for KeyFob.db.
C. He should search on the computer for Secrets2.db.
D. Stephan and his team need look for the file LockedAsrar.db on the computer.
56. Frederick is a security research analyst for the Department of Defense. Fre
derick was recently assigned to the cyber defense unit based in Washington D.C.
He has been researching terrorist activity online through bulletin boards, soci
al networking sites, and other extremist websites. One of Frederick’s colleague
s was able to obtain a copy of Mujahedeen Secrets 2 for him to check out. When
Frederick’s boss hears of this, he tells Frederick he wants to be briefed on eve
ry aspect of the software within 2 days. Since the help file was in Arabic, Fre
derick had to translate the 60 some odd pages which took him over 6 hours. By t
he time that his boss’ briefing came around, Frederick was only able to research
and look through half of the application. Frederick’s boss asks him specifical
ly about the File Shredder module of the software; which Frederick was not able
to research. Frederick’s boss wants to know what the maximum number of passes t
he program uses when deleting files from a computer. What should Frederick’s an
swer be?
A. Mujahedeen Secrets 2 can be set to make a maximum number of 10 passes over a
file to delete it from a computer. *
B. Frederick should tell his boss that the application can make a maximum number
of 99 passes to delete a file.
C. This application is able to make a maximum number of 5 passes over a file to
completely delete it from a computer.
D. Frederick should reply by saying that the application can make a maximum numb
er of 299 passes.
57. Jacob is the network administrator for Richardson Electric, a heating and ai
r conditioning company based out of Wichita. Jacob is responsible for the entir
e corporate network, including its security. Jacob has recently been receiving
numerous calls from users stating that they receive pop-ups all the time. These
users’ computers are all running Windows XP SP2. Jacob checks their Internet E
xplorer settings and the pop-up blocker is on for every machine. Jacob decides
to install a couple of other free browsers that have pop-up blockers, and the co
mputers still receive numerous pop-ups. Jacob downloads free spyware and adware
removal software to scan these computers. The scans return no results, and the
computers are still getting numerous pop-ups. Jacob does not have any money in
his budget to buy any commercial products to stop this issue. What no-cost set
ting could Jacob make to stop pop-ups on these computers?
A. Jacob can edit the hosts file on these computers by adding the addresses of t
hese pop-up sites and pointing them to 127.0.0.1. *
B. He can manually add the registry key of “HKEY_LOCAL_MACHINE\SOFTWARE\Microsof
t\Windows\CurrentVersion\BlockPopups” with a value of “1”.
C. To block pop-ups, he can edit the hosts file on these computers and add entri
es for the pop-up sites and point them to the broadcast address for their partic
ular subnet.
D. Jacob can modify the Windows Firewall settings on these computers to block po
p-ups.
58. Natalie is the IT security administrator for Sheridan Group, an investment c
ompany based in Detroit. Natalie has been getting reports from the help desk th
at users are having issues when they go to a particular vendor’s website; a comp
any that sells paper. They report strange browser behavior such as pop-ups, bro
wser redirection, and so on. These users also state they have been getting SPAM
related to paper products, similar to those being provided by the vendor. Nata
lie scans these computers for viruses, adware, and spyware and turns up nothing.
Natalie has one of these users navigate to the vendor’s website and sees the o
dd browser behavior. Natalie decides to take a look at the source code of that
website to see if she can pull out anything of use. Natalie finds many places i
n the source code referring to a jpg file that is only one pixel in height and o
ne pixel in width. What has Natalie discovered here in the source code?
A. Natalie has discovered Web Bugs in the source code. *
B. She has found hidden Form Fields in the source code of the vendor’s website.
C. She has discovered an apparent use of stegonagraphy in the source code.
D. This type of code is indicative of a Web Virus.
59. Michelle is a CPA working in the Accounting department for Beyerton & Associ
ates. Michelle works on a Windows XP SP2 computer. Michelle’s daily duties tak
e up about 6 hours out of her 8 hour workday. This leaves her about 2 hours a d
ay where she can surf the Internet. Michelle goes to Myspace.com quite a bit du
ring this free time to stay in touch with friends. After a new IT policy is imp
lemented, sites like Myspace are blocked so users cannot get to them. The IT de
partment is using an Internet filter to block specific websites such as Myspace.
Michelle really wants to go to Myspace to stay in touch with the people she kn
ows, even though it is now prohibited by an IT policy. What could Michelle do t
o still gain access to Myspace.com?
A. Michelle can use Proxify.net to navigate to Myspace. *
B. Michelle can edit her local hosts file to get around the Internet filter.
C. She can navigate to Redirect.com to serve as a proxy; letting her navigate to
Myspace.
D. She can turn off Windows Firewall on her computer.
60. Bonnie is an IT security consultant currently working out of her home. She
is able to perform much of her job through her home network when performing exte
rnal footprinting, scanning, and pen testing. Bonnie has a number of computers
running on different operating systems from Windows XP SP2 to Fedora. She uses
two desktops that run as servers for her home network; handing out DHCP numbers,
performing DNS lookups, and so on. Bonnie also utilizes an IDS to watch any tr
affic that might try to get into her network. One day, Bonnie sees some odd tra
ffic trying to connect to her internal computers. Bonnie decides to download an
d install NetDefender on her Windows computers to block malicious traffic. All
of her Windows computers are running Windows XP SP2 with the default install. B
onnie tries to start NetDefender, but receives an error that it cannot start. W
hy can’t Bonnie get NetDefender to start on her Windows computers?
A. She needs to stop the Windows firewall before starting NetDefender. *
B. She cannot start NetDefender because the computers are getting dynamic IPs.
C. To get NetDefender to work properly, Bonnie needs to allow TCP port 559 in th
e Windows firewall settings.
D. She cannot get NetDefender to work because it is only meant to run on Linux-b
ased computers.
61. You are the CIO for Avantes Finance International, a global finance company
based in Geneva. You are responsible for network functions and logical security
throughout the entire corporation. Your company has over 250 servers running W
indows Server, 5000 workstations running Windows Vista, and 200 mobile users wor
king from laptops on Windows XP. Last week, 10 of your company’s laptops were s
tolen from salesmen while at a conference in Amsterdam. These laptops contained
proprietary company information. While doing damage assessment on the possible
public relations nightmare this may become, a news story leaks about the stolen
laptops and also that sensitive information from those computers was posted to
a blog online. What built-in Windows feature could you have implemented to prot
ect the sensitive information on these laptops?
A. You could have implemented Encrypted File System (EFS) to encrypt the sensiti
ve files on the laptops. *
B. You should have used 3DES which is built into Windows.
C. If you would have implemented Pretty Good Privacy (PGP) which is built into W
indows, the sensitive information on the laptops would not have leaked out.
D. You should have utilized the built-in feature of Distributed File System (DFS
) to protect the sensitive information on the laptops.
62. Tommy is the systems administrator for his company, a large law firm based i
n New York City. Since Tommy’s company employs many telecommuters and mobile us
ers, he has to administer over 100 laptops. Due to laptop theft within the last
couple of years, Tommy has convinced management to purchase PAL PC Tracker to i
nstall on all company laptops. Tommy chose this software because of its ability
to track equipment and its ability to notify administrators if the laptop has b
een stolen. What method is used by PAL PC Tracker to notify administrators of a
laptop’s location?
A. PAL PC Tracker can send stealth email to a predetermined address whenever a t
racked computer is connected to the Internet. *
B. This software sets off a loud alarm when sent a signal from an administrator,
alerting anyone in the vicinity of the laptop.
C. PAL PC Tracker sends a page to a predetermined phone number through any wirel
ess signal it can find.
D. When a laptop is classified as missing or stolen, PAL PC Tracker will send HT
TP messages to a predetermined website when the equipment is connected to the In
ternet.
63. Shayla is an It security consultant, specializing in social engineering and
external penetration tests. Shayla has been hired on by Treks Avionics, a subco
ntractor for the Department of Defense. Shayla has been given authority to perf
orm any and all tests necessary to audit the company’s network security. No emp
loyees for the company, other than the IT director, know about Shayla’s work she
will be doing. Shayla’s first step is to obtain a list of employees through co
mpany website contact pages. Then she befriends a female employee of the compan
y through an online chat website. After meeting with the female employee numero
us times, Shayla is able to gain her trust and they become friends. One day, Sh
ayla steals the employee’s access badge and uses it to gain unauthorized access
to the Treks Avionics offices. What type of insider threat would Shayla be cons
idered?
A. She would be considered an Insider Affiliate. *
B. Because she does not have any legal access herself, Shayla would be considere
d an Outside Affiliate.
C. Shayla is an Insider Associate since she has befriended an actual employee.
D. Since Shayla obtained access with a legitimate company badge; she would be co
nsidered a Pure Insider.
64. Lori is a certified ethical hacker as well as a certified hacking forensics
investigator working as an IT security consultant. Lori has been hired on by Ki
ley Innovators, a large marketing firm that recently underwent a string of theft
s and corporate espionage incidents. Lori is told that a rival marketing compan
y came out with an exact duplicate product right before Kiley Innovators was abo
ut to release it. The executive team believes that an employee is leaking infor
mation to the rival company. Lori questions all employees, reviews server logs,
and firewall logs; after which she finds nothing. Lori is then given permissio
n to search through the corporate email system. She searches by email being sen
t to and sent from the rival marketing company. She finds one employee that app
ears to be sending very large email to this other marketing company, even though
they should have no reason to be communicating with them. Lori tracks down the
actual emails sent and upon opening them, only finds picture files attached to
them. These files seem perfectly harmless, usually containing some kind of joke
. Lori decides to use some special software to further examine the pictures and
finds that each one had hidden text that was stored in each picture. What tech
nique was used by the Kiley Innovators employee to send information to the rival
marketing company?
A. The employee used steganography to hide information in the picture attachment
s. *
B. The Kiley Innovators employee used cryptography to hide the information in th
e emails sent.
C. The method used by the employee to hide the information was logical watermark
ing.
D. By using the pictures to hide information, the employee utilized picture fuzz
ing.
65. Tarik is the systems administrator for Qwerty International, a computer part
s manufacturing company in San Francisco. Tarik just passed his certified ethic
al hacker test and now wants to implement many of the things he learned in class
. The first project that Tarik completes is to create IT security policies that
cover everything security related from logical to physical. Through management
approval, all employees must sign and agree to the policies or face disciplinar
y action. One policy in particular, network file access, is of importance to Ta
rik and his superiors because of past incidents where employees accessed unautho
rized documents. Tarik has fine-tuned the ACL’s to where no one can access info
rmation outside of their department’s network folder. To catch anyone that migh
t attempt to access unauthorized files or folders, Tarik creates a folder in the
root of the network file share. Tarik names this folder “HR-Do Not Open”. In
this folder, Tarik creates many fake HR documents referring to personal informat
ion of employees that do not exist. In each document, he places headers and foo
ters that read “Do Not Print or Save”. Then Tarik sets up logging and monitorin
g to see if anyone accesses the folder and its contents. After only one week, T
arik records two separate employees opening the fake HR files, printing them, an
d saving them to their personal directories. What has Tarik set up here to catc
h employees accessing unauthorized documents?
A. Tarik has set up a Honeytoken to catch employees accessing unauthorized files
. *
B. He has configured a Honeypot to log when employees access unauthorized files.
C. Since this was set up on an internal network, this would be considered a Tar
Pit.
D. Tarik has configured a network Black Hole.
66. Marshall is the information security manager for his company. Marshall was
just hired on two months ago after the last information security manager retired
. Since the last manager did not implement or even write IT policies, Marshall
has begun writing IT security policies to cover every conceivable aspect. Marsh
all’s supervisor has informed him that while most employees will be under one se
t of policies, ten other employees will be under another since they work on comp
uters in publicly-accessible areas. Per his supervisor, Marshall has written tw
o sets of policies. For the users working on publicly-accessible computers, the
ir policies state that everything is forbidden. They are not allowed to browse
the Internet or even use email. The only thing they can use is their work relat
ed applications like Word and Excel. What types of policies has Marshall writte
n for the users working on computers in the publicly-accessible areas?
A. He has written Paranoid policies for these users in public areas. *
B. Marshall has created Prudent policies for the computer users in publicly-acce
ssible areas.
C. These types of policies would be considered Promiscuous policies.
D. He has implemented Permissive policies for the users working on public comput
ers.
67. Theresa is an IT security analyst working for the United Kingdom Internet Cr
imes Bureau in London. Theresa has been assigned to the software piracy divisio
n which focuses on taking down individual and organized groups that distribute c
opyrighted software illegally. Theresa and her division have been responsible f
or taking down over 2,000 FTP sites hosting copyrighted software. Theresa’s sup
ervisor now wants her to focus on finding and taking down websites that host ill
egal pirated software. What are these sights called that Theresa has been taske
d with taking down?
A. These sites that host illegal copyrighted software are called Warez sites. *
B. These sites that Theresa has been tasked to take down are called uTorrent sit
es.
C. These websites are referred to as Dark Web sites.
D. Websites that host illegal pirated versions of software are called Back Door
sites.
68. You are the systems administrator for your company, a medium-sized state age
ncy in Oregon. You are responsible for all workstations, servers, network equip
ment, and software. You have two junior IT staff that field help desk calls as
their primary duty. Since you are on a limited budget, you have had to get by w
ith outdated hardware and software for many years. After a small increase in yo
ur budget this year, you decide to purchase Microsoft Office 2007 for your agenc
y. This software is licensed for only one copy; but you give it to your junior
IT staff and tell them to install it on every computer in the agency. What have
you asked your IT staff to install on all the computers in the agency?
A. You have asked them to install abusive copies of the Office 2007 software. *
B. You have instructed your IT staff to install pirated copies of Office 2007 on
every computer.
C. By installing one licensed copy, you are asking your staff to use cracked cop
ies of Office 2007.
D. Installing one licensed copy on many different computers is called using an O
EM copy.
69. Calvin is the IT manager for Riverson & Associates, an advertising firm base
d out of Toronto. Calvin is responsible for all IT related situations. The fir
m’s marketing director has asked Calvin to purchase a graphics editing applicati
on to install on two computers in the marketing department. Calvin makes the pu
rchase and receives the software in the mail one week later. Calvin installs th
e software on the two requested computers. When the marketing users try to use
the software, it says they need to “Insert device for validation”. Calvin calls
the software company to find out what the issue is. Calvin thought there was a
CD key that needed to be used on installation but the company’s support represe
ntative said there should have been a USB device included in the software box.
Calvin looks through the software boxes and finds two USB devices. After pluggi
ng the devices into the computers in marketing, the graphics software works prop
erly. What kind of license validation was used to make the graphics software wo
rk correctly?
A. The software company used dongles to ensure license validation. *
B. These USB devices are called hardware validators.
C. The company used logic gates to ensure license validation.
D. The USB devices the software required for license validation are called logic
keys.
70. Harold is a software application developer for 24/7 Gaming Incorporated, an
online gaming company that hosts over 25 online game environments. Harold has w
orked at the company for over 8 years and has risen up through the ranks. One d
ay, Harold comes in to work and is informed that his position is being terminate
d in two weeks for budget reasons. Harold is furious because of all the time an
d effort he has invested in the company. Harold decides to get revenge so he im
plants some hacks into the code of one online game the company hosts. He tells
his friends how to access the code; which lets them see through walls and other
objects within the game while other players cannot. What type of exploit has Ha
rold inserted into the online game?
A. Harold has created a Wall Hack to allow his friends to see through walls and
objects in the game. *
B. He has inserted an Aimbot hack into the game giving his friends an unfair adv
antage over other players.
C. Harold has hacked the online game by inserting a Cham hack into the environme
nt.
D. This type of code exploit is called Strafe-jumping.
71. Wesley is an IT technician working for Bonner-Riddel, a research foundation
located in Lansing. Wesley works on both Windows and Linux-based machines, but
enjoys tweaking and customizing open source applications more. Wesley has been
using a Concurrent Versions System (CVS) to monitor the latest additions and rev
isions to source code he likes to work on. Wesley likes CVS but has issues when
some items are partially checked-in. A colleague of his told him about another
way to monitor source code; this method even tracks directory versioning. What
monitoring method is Wesley’s colleague recommending?
A. He is recommending that Wesley use Subversion Repositories for monitoring. *
B. Wesley’s colleague is recommending that he use Granular Repositories for moni
toring.
C. His colleague has suggested Wesley use Reverse Zone Repositories.
D. He is suggesting the use of Recursive Repositories.
72. Ralph is the network administrator for his company. As well as being respon
sible for the logical and physical network, he is in charge of logical and physi
cal security. Ralph is currently performing a security audit of the company’s n
etwork, including its two internally-hosted websites. These websites utilize RS
S feeds to update subscribers on current information. While performing his audi
t, Ralph is flagged to some irregular code in one of the website pages.

What is the purpose of this code?

A. This code is will log all keystrokes. *
B. This JavaScript code will use a Web Bug to send information back to another s
erver.
C. This code snippet will send a message to a server at 192.154.124.55 whenever
the “escape” key is pressed.
D. This bit of JavaScript code will place a specific image on every page of the
RSS feed.
73. Steven is the help desk manager for Fortified Investors, an investment firm
based in Boston. Steven is responsible for fielding all help desk calls from co
mpany employees. Steven is getting numerous calls from users stating that when
they navigate to one of the company vendor’s websites, their Internet Explorer b
rowser starts to behave abnormally by pulling up pop-ups and being redirected to
other pages. All the users that have called Steven are using Internet Explorer
for their browsers. Steven checks the source code of the vendor’s page and see
s some odd scripts in the source code. The employees still need to access the v
endor’s page to perform their work duties so Steven decides to download and inst
all Firefox on these users’ computers. When browsing with Firefox, the users do
not see any odd behavior on the website as before. Why are they not seeing the
same odd behavior when browsing the vendor website with Firefox?
A. They are not having issues because Firefox does not support VBScript and Acti
veX. *
B. The users are not experiencing the same issues with Firefox as with Internet
Explorer because Firefox does not support JavaScript.
C. Their new Firefox browsers are not showing the same odd behavior because Fire
fox does not support DHTML and XML.
D. The vendor’s website is not displaying the same behavior because Firefox only
supports HTML and DHTML.
74. Ryan is the network administrator for Hammerstein Incorporated, a sign manuf
acturing company in Chicago. Ryan holds certificates for certified ethical hack
er and certified hacking forensics investigator. Ryan prefers to use Linux-base
d operating systems, but has to work on Windows computers for much of his work-r
elated duties. Ryan also prefers to use Netscape Navigator on his Windows compu
ters because he believes it is more secure than Internet Explorer. While readin
g a security-related article online one day, he reads that Netscape Navigator ha
s an issue with improperly validating SSL sessions which worries him greatly. W
hat add-on provided for Netscape Navigator could Ryan install that would allevia
te this issue of not properly validating SSL sessions?
A. Ryan can install the Personal Security Manager add-on for Netscape Navigator.
*
B. He needs to download and install the SSL Fixer add-on for Netscape Navigator.
C. If Ryan installs the Safety Zone Navigator add-on, his Netscape Navigator bro
wser will no longer improperly handle SSL sessions.
D. Ryan should download and install the Session Manager add-on for Netscape Navi
gator.
75. Ursula is the systems administrator for GateTime Enterprises, a clock manufa
cturing company in Atlanta. Ursula is in charge of all network equipment as wel
l as network security. Ursula has recently created a set of IT security policie
s which include an acceptable use policy that all employees must sign. Ursula w
ants to install software on a proxy server that will monitor all user Internet t
raffic, enable her to administer Internet policy settings in one place, and prev
ent avoidance of the new acceptable use policy. What kind of proxy server does
Ursula want to implement?
A. Ursula wants to implement an Intercepting Proxy server. *
B. She wants to implement a Forced Proxy server.
C. This would be considered a Split Proxy server since all Internet activity mus
t pass through it.
D. By funneling all Internet traffic through one server, she is implementing a R
everse Proxy server.
76. Travis is an administrative assistant to the executive director of Thuel Ene
rgy, an oil and gas company based in Oklahoma City. Travis has an IT degree, bu
t was not able to get a technical job because of the competitive job market. Tr
avis likes to surf the Internet at work when he has time. He likes to go to soc
ial networking sites to chat with friends and meet new people. Unfortunately, h
is company has recently enacted a computer use and acceptable use policy that pr
ohibits employees from going to social networking sites. To further keep users
from sites they should not go to, the IT department installs a proxy server that
specifically blocks certain websites. Trying to outsmart the company policies,
Travis installs a virtual machine on his computer and a proxy server on that vi
rtual machine. Through the proxy on his own computer, he is able to get around
the company’s Internet proxy and get to the websites he wants to. What type of
proxy has Travis installed on his own computer?
A. Travis has installed a Circumventor Proxy on his work computer. *
B. He has installed a Transparent Proxy to bypass the company’s Internet policie
s.
C. By installing a proxy on his own computer to bypass another proxy, Travis has
implemented a Split Proxy.
D. This would be considered a Reverse Proxy.
77. Stewart is an IT security analyst for his company. Stewart is responsible f
or network security of his entire company. Stewart also does a vast amount of s
ecurity research when time permits. This research usually takes him to websites
that might not have the safest content. Stewart decides to install Proxomitron
on his computer for web filtering. This should help his browser remove banner
ads, Java scripts, offsite images, flash animation, and other potentially harmfu
l objects. What port must Stewart configure his browser to utilize in order to
use Proxomitron?
A. His browser must use the local port 8080 on his computer. *
B. The local host browser must be configured to use 548 on his computer in order
to function.
C. The browser needs to use port 9000.
D. It must be set to utilize port 10421.
78. Harold is the network administrator for Wintrex Systems, a software developm
ent company in Salt Lake City. Harold is responsible for all physical and logic
al network equipment. Wintrex Systems sells most of their products online, so t
hey have a large retail-oriented website where customers can purchase anything t
he company offers. All company workstations are running Windows XP and all serv
ers are running Windows Server 2003. For inventory and product management, Wint
rex uses many SQL Server 2005 databases. Harold has been informed by the compan
y’s CIO that he needs to implement some kind of protection for the corporate dat
abases to prevent intrusions, SQL injection, data leakage, regulatory compliance
, and so on. Harold is not too familiar with database software or protection, b
ut is inclined to use a company like Symantec since they provide the company’s v
irus, backup, and IPS software. If Harold wants to use Symantec, what software
product could he acquire from them that would serve his needs to protect the com
pany’s SQL databases?
A. He could use the Symantec Database Security solution that they provide. *
B. Symantec provides a software package call SQL Protector that would perform al
l the tasks that Harold needs.
C. He could install and use Symantec SQL Suite which would help Harold perform a
ll the tasks the CIO has requested.
D. He should use Symantec’s Data Guard Pro to protect the company’s data housed
in the SQL databases.
79. Justin is an electrical engineer working for ZenWorks Navigation, a Global P
ositioning device manufacturing company based in Las Vegas. Justin and a team o
f other engineers are working on the latest GPS handheld system for the company.
ZenWorks previously only produced GPS systems for airplanes, but now wants to
branch out to the individual consumer market. Currently, Justin is trying to wo
rk out errors the devices are experiencing in regards to four variables (latitud
e, longitude, altitude, and time) on the accuracy of a three-dimensional fix. Un
til this issue is resolved, the new devices cannot be finished. What GPS-relate
d issue is Justin currently working on?
A. Justin is working on the Geometric Dilution of Precision problem. *
B. This issue would be considered a problem with the Local Area Augmentation Sys
tem.
C. When a GPS device is having issues with these four variables, it is considere
d a problem with the Wide Area Augmentation System.
D. Justin is experiencing issues with the Signal to Noise Ratio.
80. Theo is an IT security consultant that was just hired on by the city of Seat
tle. Theo has been asked to map out free available wireless hotspots on a chart
that will be published by the city. Theo has never mapped wireless hotspots ov
er such a large range, so he buys software and GPS devices that he thinks will d
o the job. Theo buys two software programs, one for finding the hotspots and on
e to precisely locate his whereabouts on a city map. These two pieces of softwa
re will utilize two GPS devices. To run both these devices at the same time, Th
eo downloads and installs a GPS service daemon on his laptop running Windows XP
SP2 so the GPS applications will not conflict with each other. When Theo opens
both GPS programs, they say they cannot communicate with the GPS devices. What
does Theo need to do to ensure the GPS applications can communicate with the GPS
devices?
A. Theo needs to open TCP port 2947 on the Windows firewall so they can communic
ate. *
B. He should open TCP port 1699 on his local Windows firewall so the application
s can talk to the devices.
C. He needs to install the GPS daemon service on a Linux-based computer since it
will not work on a Windows computer.
D. UDP port 1121 needs to be open on his laptop’s Windows firewall.
81. Mary is a field service technician for Garmin which makes all kinds of GPS d
evices. Mary has been called out to a car rental company that purchased over 10
00 GPS devices to be installed in their rental cars. Almost all the devices app
ear to be getting an error message when they are started up. Mary’s company has
decided to send her out to the car rental company instead of them sending back
every GPS device. When Mary gets to the company, she troubleshoots a number of
the devices but cannot figure out what the issue is. She calls her company’s cu
stomer support line for some help. The service rep on the phone tells her to fo
rce the devices to perform a cold start. How can Mary force the devices to perf
orm a cold start?
A. She must hold the Page key down while the units are powering up. *
B. Mary should hold the Mark key down until the units are forced to perform a co
ld start.
C. Mary needs to hold the Enter key down until they reboot.
D. She needs to hold down the Reset key for at least 20 seconds.
82. Darren is the network administrator for Greyson & Associates, a large law fi
rm in Houston. Darren is responsible for all network functions as well as any d
igital forensics work that is needed. Darren is examining the firewall logs one
morning and notices some unusual activity. He traces the activity target to on
e of the firm’s internal file servers and finds that many documents on that serv
er were destroyed. After performing some calculations, Darren finds the damage
to be around $75,000 worth of lost data. Darren decides that this incident shou
ld be handled and resolved within the same day of its discovery. What incident
level would this situation be classified as?
A. This situation would be classified as a mid-level incident. *
B. Since there was over $50,000 worth of loss, this would be considered a high-l
evel incident.
C. Because Darren has determined that this issue needs to be addressed in the sa
me day it was discovered, this would be considered a low-level incident.
D. This specific incident would be labeled as an immediate-level incident.
83. Lyle is the IT director for his company, a large food processing plant in No
rth Carolina. After undergoing a disastrous incident last year where data was d
eleted by a hacker, Lyle has begun creating an incident response team made up of
employees from varying departments. Lyle is now assigning different roles and
responsibilities to the different team members. When handling computer-related i
ncidents, which IT role should be responsible for recovery, containment, and pre
vention to constituents?
A. The Network Administrator should be responsible for recovery, containment, a
nd prevention. *
B. Lyle should be responsible for these issues in computer-related incident hand
ling.
C. The CEO of the company should ultimately be responsible for these types of is
sues.
D. The Security Administrator should be held responsible for recovery, containme
nt, and prevention.
84. Pauline is the IT manager for Techworks, an online retailer based out of St.
Louis. Pauline is in charge of 8 IT employees which include 3 developers. The
se developers have recently created a new checkout website that is supposed to b
e more secure than the one currently being used by the company. After numerous
fraud attempts on the website, the company’s CIO decided that there needed to be
a change; creating a more secure checkout portal that will check for potential
fraud. This new portal checks for fraud by looking for multiple orders that are
to be delivered to the same address but using different cards, different orders
originating from the same IP address, credit card numbers vary by only a few di
gits, and users repeatedly submiting the same credit card numbers with different
expiration dates. What fraud detection technique will the new retail portal be
using?
A. The portal will be using pattern detection to check for potential fraud. *
B. The new site created by the developers will be using reverse lookup detection
to see if fraud is involved.
C. The developers have written the new portal to utilize round robin checking to
see if visitors are attempting fraud.
D. The new website portal will be using anomaly variance detection to look for f
raud in transactions on the site.
85. Hanna is the network administrator for her company. Hanna is responsible fo
r all network functions, including corporate email. Hanna receives a call from
the Director of Administration one morning saying he cannot access one of his ar
chive files. Hanna goes to the director’s office and tries to open the archive
file from inside his Outlook 2003 client. The program says that she needs a pas
sword to open the file. Apparently, the director password protected the archive
file without realizing it. What program could Hanna use to recover the archive
password for the director?
A. She could download and install PstPassword to recover the password of the arc
hive file. *
B. Outlook Revealer would be the best application to recover the password.
C. Hanna could run ArchiveRestore to find the password for the archive file.
D. She should use PwdRecover Toolset to retrieve the password for the archive fi
le.
86. Heather is the network administrator for her company, a small medical billin
g company in Billings. Since the company handles personal information for thous
ands of clients, they must comply with HIPAA rules and regulations. Heather dow
nloads all the HIPAA requirements for information security and begins an audit o
f the company. Heather finds out that many of the billing technicians have been
sending sensitive information in PDF documents to outside companies. To protec
t this information, they have been password protecting the PDF documents. Heath
er has informed all the technicians that this method of protecting the data is n
ot safe enough. Why is using passwords to protect PDF documents not enough to s
afeguard against information leakage?
A. This is not enough protection because PDF passwords can easily be cracked by
many different software applications. *
B. The technicians should not only rely on PDF passwords because the passwords a
re sent as an attached text file went sent through email.
C. Since PDF password protection alone does not comply with SOX; they should not
solely rely on them for protection.
D. PDF passwords are not reliable because they are completely stripped off from
the documents once they are passed through email.
87. You are the IT manager for a small investment firm in Los Angeles. Includin
g you, the firm only employs a total of 20 people. You were hired on last month
to take over the position of the last IT manager that was fired. The last mana
ger did not have any security measures in place for the firm’s network; which le
d to a data breach. You have decided to purchase the Check Point firewall model
Firewall-1 to help secure the network. You have chosen this particular firewal
l because of its adaptive and intelligent inspection technology that protects bo
th the network and application layers. What built-in technology used by Check P
oint firewalls protects traffic on both the network and application layers?
A. Check Point firewalls use the INSPECT technology. *
B. They utilize built-in technology called SORT.
C. You have chosen a Check Point firewall because of its adaptive STINGER techno
logy.
D. The built-in technology used by Check Point firewalls for traffic inspection
is called SEARCH & DESTROY.
88. Dylan is the systems administrator for Intern Support Staffing, an IT staffi
ng company in Oregon. All workstations on the company’s network are running Win
dows XP SP2 except for three laptops that run MAC OS X. Even though Dylan has s
etup and configured a hardware firewall for the company, a recent audit suggeste
d he utilize application-level firewalls for all workstations and mobile compute
rs. Dylan configures the Windows Firewall settings for the Windows computers.
Dylan then downloads and installs Doorstop X Firewall onto the MAC laptops. Aft
er installation, none of the MAC laptops can connect to any other computers on t
he network. Why are these laptops not able to connect to other computers after
Dylan installed Doorstop X Firewall?
A. The laptops cannot connect because all TCP ports are protected by default whe
n Doorstop X Firewall is installed. *
B. They cannot make a connection because he needs to modify the firewall.conf fi
le before they can use the software properly.
C. Dylan needs to modify the local firewall.data files on all the MAC laptops be
fore they can function properly.
D. They cannot connect to other computers on the network because Dylan needs to
install the “Network Services for MAC” piece on all the Windows workstations.
89. Geoffrey is the systems administrator for Veering Incorporated, a custom car
manufacturer in California. Geoffrey administers the corporate Windows Server
2003 Active Directory network. He is also responsible for logical security. Al
l computers are under one domain named veering.com. Geoffrey has organized all
user accounts by placing them in an Organizational Unit (OU) named Company Users
. He has also created another OU named Company Computers that contains all comp
uter accounts. After implementing a strong password policy through Active Direc
tory, the executive team tells Geoffrey the policy is too stringent for them and
they would like their own policy. How can Geoffrey apply a different policy to
 the members of the executive team?
A. Geoffrey must create a new domain and move their user accounts to that domain
. *
B. He needs to move their user accounts to a different OU, create a new password
policy for that OU, and deny the other policy from applying to that OU.
C. Geoffrey needs to move their computer accounts to a different OU, create a ne
w password policy for that OU, and deny the other policy from applying to that O
U.
D. He can create a WMI filter that keeps the current policy from applying to the
ir machines.
90. Kevin is the systems administrator for Inktime International, an ink cartrid
ge replacement company based out of New Orleans. €Kevin has been told by his bos
s that he needs to change the password policy on the network.
Users are apparently reusing passwords over and over and changing them immediate
ly whenever IT resets their passwords for them.
Kevin s boss doesn t want users to be able to change their passwords so often or
be able to change their password right after IT resets their passwords. €The co
mpany s network consists of one 2003 Active Directory domain. €What password pol
icy settings does Kevin need to adjust to accomplish what his boss has asked him
to do? (Select 2)
A. Kevin needs to adjust the "Minimum Password Age" setting. *
B. He should change the "Enforce Password History" setting in the Group Policy s
ettings module. *
C. Kevin should adjust the "Maximum Password Age" Group Policy setting.
D. To accomplish what his boss has asked, Kevin needs to adjust the "Enforce Use
r Change at Next Logon" policy.
91. Charlie is the systems administrator for his company, an aeronautics enginee
ring company based in Dallas. Charlie is responsible for the entire network whi
ch consists of one Server 2008 Active Directory domain. All user accounts are i
n respective department Organizational Units (OU) such as Accounting Users, HR U
sers, and so on. All computer accounts are in respective department OUs such as
Accounting Computers, HR Computers, and so on. The user accounts for the compa
ny’s management team are all under the Management Users OU. The computer accoun
ts for the company’s management team are all under the Management Computers OU.
Charlie has assigned a fine-grained password policy to only the management team
because they wanted a different password policy than the rest of the company.
According to company policy, all user accounts must have a password expiration p
olicy applied to them. The management team does not want to have to deal with c
hanging their passwords often like the other users. What is the maximum passwor
d age that Charlie can set for the management team in a Server 2008 Active Direc
tory domain?
A. The maximum age of a password in 2008 is 999 days. *
B. This is not possible since only one password policy can be set per domain in
2008.
C. The maximum age for passwords that Charlie can set for the management team is
9999 days.
D. He can adjust the password policy to allow for up to 99 days on password age.
92. Sherral is the systems administrator for Trigon Technologies, a software dev
elopment company in Wichita. She oversees the entire network which consists of
one Windows Server 2003 Active Directory domain. To accommodate 20 new mobile u
sers, Sherral has enabled Challenge Handshake Authentication Protocol (CHAP) and
remote access to let the remote users get into the network from the outside. A
fter applying these settings, Sherral receives calls from the remote users stati
ng that they cannot authenticate with the network. What password policy change
must she configure to allow the remote users access to the network?
A. She must enable the “Store password using reversible encryption for all users
in the domain” setting in the Default Domain Group Policy. *
B. Sherral needs to disable the “Require Kerberos Authentication” setting in the
Default Domain Group Policy.
C. So that remote workers using CHAP can connect to an Active Directory domain,
Sherral must enable the “Allow logon using CHAP” setting in the Default Domain G
roup Policy.
D. To allow these new remote users access, she needs to enable the “Password mus
t meet complexity requirements” setting.
93. Willem is the network administrator for his company, a toy manufacturing com
pany in London. Willem manages the entire company’s network which consists of o
ne Server 2003 Active Directory domain. Willem was hired on last month to repla
ce the last administrator that retired. To Willem’s amazement, the company prev
iously had no password policies in place. The CIO has just recently created new
network policies which include a comprehensive password policy. This new passw
ord policy states that every password setting in group policy must be set. Afte
r implementing this new policy, many users are calling Willem and stating that t
hey locked themselves out of their accounts. The CIO’s policy states that once
a user locks him or herself out, they must wait a period of time until that acco
unt is unlocked. Willem has convinced the CIO to let him change that specific p
assword policy so that Willem must manually unlock user accounts when they call.
What setting must Willem adjust to ensure that user accounts must be manually
reset by him when they are locked out?
A. Willem should change the “Account Lockout Duration” setting to zero minutes.
*
B. He needs to adjust the “Account Lockout Duration” setting to 99,999 minutes.
C. By setting the “Account Lockout Duration” policy to disabled, he will have to
manually unlock every locked user account.
D. William needs to change the “Account Lockout Threshold” to zero minutes.
94. Richard is the systems administrator for BillRight Incorporated, a medical b
illing company in Minneapolis. Richard is currently writing the company’s IT se
curity policies. Based on instructions from the IT director, Richard has writte
n the password policy to require complex passwords, passwords must be at least 8
characters, and user accounts will be locked out after 5 unsuccessful attempts
to help prevent against brute force attacks. One of the IT policies also states
that user computers must utilize a password protected screensaver that is activ
ated after 20 minutes of inactivity. Richard wants the logon attempts to unlock
a screensaver to apply towards the number of attempts that will lockout a user
account if tried too many times. How can Richard apply this setting across the
network if it is running under one Windows Server 2003 Active Directory domain?
A. Richard needs to enable the “Interactive logon: Require Domain Controller aut
hentication to unlock workstation” setting in Group Policy. *
B. He should enable the “Domain Controller: Require screensaver authentication t
o unlock” setting.
C. This can be set in Group Policy by enabling the “Interactive logon: Require l
ocal SAM authentication to unlock workstation” setting.
D. Richard can apply this setting network-wide if he enables “Domain Controller:
Authenticate workstation unlocking”.
95. Jerald is the systems administrator for his company. Jerald is responsible
for all servers, workstations, and network security. Based on company policy, e
very available auditing feature is turned on for the network through Group Polic
y. Jerald comes in to work one morning and two of his Domain Controllers are co
mpletely shut down. Jerald boots the two machines up and checks their event log
s. Then Jerald checks the firewall logs to see if anything stands out. From th
e event and firewall logs, it appears that a hacker was able to gain access to t
he two servers using an old unused service account that had a weak password. Th
e hacker then was apparently able to generate millions of erroneous events in th
e server event logs which caused them to shut down. What setting does Jerald ne
ed to adjust to prevent this same issue from happening again?
A. Jerald needs to disable the “Audit: Shut down system immediately if unable to
log security audits” setting. *
B. He should enable the “Domain member: Do not shut down system if unable to log
events” setting.
C. To prevent the servers from shutting down in the future, Jerald needs to disa
ble logging on those two Domain Controllers.
D. Jerald should enable the “Audit: Do not shut down system if events can no lon
ger be logged” setting.
96. Raul is the network administrator for Davidson Pipe, an oil pipeline manufac
turing company in San Antonio. Raul manages a team of 10 IT personnel which inc
ludes two software developers. The company network consists of one Windows Serv
er 2003 Active Directory domain. These developers have recently created a custo
m inventory application that will run on one of the company’s servers and all th
e workstations. Raul has created a domain account on the network which will ser
ve as the service account used by the new custom application. The developers ha
ve informed Raul that this service account will need to run as a process on clie
nt computers and will need to be able to use the identity of any user and access
the resources authorized to that user. Raul wants to make one centralized sett
ing change on the network to make sure the service account will work properly wh
en running the application. What Group Policy setting can Raul edit to affect t
his change on the network?
A. Raul needs to add the new service account to the list of users in the “Act as
part of the operating system” Default Domain Group Policy. *
B. He should add the new service account to the users list in the “Act as SYSTEM
account on domain computers” Default Domain Group Policy.
C. If he adds the new service account to the list of users in the “Impersonate a
client after authentication” setting in the Default Domain Group Policy, the ap
plication will work properly.
D. He needs to add this service account to the users list in the “Replace a proc
ess level token” Default Domain Group Policy.
97. Louis is the senior systems administrator for the University of Eastern Wyom
ing. Louis manages 25 IT technicians and junior systems administrators. The Un
iversity’s network consists of one Windows Server 2003 Active Directory domain.
All domain user accounts are contained in one Organizational Unit (OU) called S
taff. All domain computer accounts are contained in one OU called Computer Acco
unts. Louis wants one of his junior systems administrators, Steven, to be able
to add workstations to the domain. All computer accounts are added to the Compu
ter Accounts OU by default when they are joined to the domain. Louis has given
the “Add workstations to domain” permission to Steven’s user account, but he is
still not able to add computer accounts to the domain. What else does Louis nee
d to do to ensure that Steven can add computers to the domain?
A. Louis needs to give Steven “Create computer objects” permission for the Compu
ter Accounts OU. *
B. To allow Steven the permission to add computers to the domain, Louis needs to
make Steven a Domain Admin.
C. Steven needs the “Create nisMap Objects” permission for the Computer Accounts
OU.
D. Louis should give Steven the “Take ownership of” permission for the Computer
Accounts OU.
98. Jayson is the network administrator for Consultants Galore, an IT consulting
firm based in Kansas City. Jayson is responsible for the company’s entire netw
ork which consists of one Windows Server 2003 Active Directory domain. Almost a
ll employees have Remote Desktop access to the servers so they can perform their
work duties. Jayson has created a security group in Active Directory called “R
DP Deny” which contains all the user accounts that should not have Remote Deskto
p permission to any of the servers. What Group Policy change can Jayson make to
ensure that all users in the “RDP Deny” group cannot access the company servers
through Remote Desktop?
A. Jayson needs to add the “RDP Deny” group to the “Deny logon through Terminal
Services” policy. *
B. He should add the “RDP Deny” group to the “Deny RDP connections to member ser
vers” policy.
C. By adding the “RDP Deny” group to the “Deny logon as a service” policy, the u
sers in that security group will not be able to establish remote connections to
any of the servers.
D. Jayson should add the “RDP Deny” group into the list of Restricted Groups to
prevent the users from accessing servers remotely.
99. Phillip is the systems administrator for Photopia Incorporated, a camera man
ufacturing company in Des Moines. Phillip is responsible for the company’s enti
re network which consists of one 2003 Active Directory domain. Some computer ac
counts have been placed in a special Organizational Unit (OU) called Restricted
Computer Accounts because those computers have been placed outside the firewall
to allow for video conferencing. These computers are all running Windows XP SP2
. These computers have very stringent group policies applied to them so they ca
n be as secure as possible. In particular, the “Accounts: Administrator account
status” setting in group policy is set to disabled. While performing a securit
y audit, Phillip finds some hacking software on one of the computers in the Rest
ricted Computer Accounts OU. He immediately takes that computer offline to keep
it from infecting or contaminating any more computers. Phillip cannot logon to
the computer as an administrator since the group policy was set to disable that
account. How can Phillip logon to this computer as administrator if he must ke
ep if offline?
A. Phillip can logon as the administrator if he boots the computer in Safe Mode.
*
B. If Phillip runs the gpupdate command on the computer, he will be able to logo
n as the administrator.
C. He needs to run the gpresult /force command on the computer.
D. Phillip should boot the computer in VGA mode.
100. Lionel is an IT security consultant currently working on contract for a car
manufacturing company in Philadelphia. Lionel has been brought in to asses the
company’s network security state. This manufacturing company’s network is comp
rised of one 2003 Active Directory domain. He has been given permission to perf
orm any and all necessary tests against the network. Lionel interviews the IT s
taff for the company to get a feel for the logical security measures they have a
lready put in place. The IT manager for the company says that the biggest secur
ity precaution they have taken is to rename the administrator account on the net
work. The manager believes that this will keep any hackers from ever using the
administrator account to perform attacks. Lionel informs the IT manager that wh
ile changing the administrator name is a good idea, the account can still possib
ly be cracked. How can an administrator account still be cracked even though th
e name has been changed?
A. The SID for the administrator account does not change. *
B. The administrator name will still be used if connecting through a NULL sessio
n.
C. An administrator account can still be cracked because the GUI for that accoun
t does not change when the name itself is changed.
D. It can still be cracked since the name is still stored in clear text as “admi
nistrator” in the local SAM database.