Beruflich Dokumente
Kultur Dokumente
------------------
This address produces a Page Cannot be Displayed error. Kyle then types in anot
her URL:
13. Simon is the network administrator for his company. Simon is also an IT sec
urity expert with over 10 security-related certifications. Simon has been asked
by the company CIO to perform a comprehensive security audit of the entire netw
ork. After auditing the network at the home office without finding any issues,
he travels to one of the company’s branch offices in New Orleans. The first tas
k that Simon carries out is to set up traffic mirroring on the internal-facing p
ort of that office’s firewall. On this port, he uses Wireshark to capture traff
ic. Alarmingly, he finds a huge number of UDP packets going both directions on
ports 2140 and 3150. What is most likely occurring here?
A. A client inside the network has been infected with the Deep Throat Trojan. *
B. This type of traffic is indicative of the Netbus Trojan.
C. Most likely, a computer inside the network is infected with the SQL Slammer w
orm.
D. Seeing traffic on UDP ports 2140 and 3150 means that a computer is infected w
ith the Bobax Trojan
14. Tyler is the senior security officer for WayUP Enterprises, an online retail
company based out of Los Angeles. Tyler is currently performing a network secu
rity audit for the entire company. After seeing some odd traffic on the firewal
l going outbound to an IP address found to be in North Korea, Tyler decides to l
ook further. Tyler traces the traffic back to the originating IP inside the net
work; which he finds to be a client running Windows XP. Tyler logs onto this cl
ient computer and types in the following command:
What will this code do on the employee’s computer once the email is opened?
A. This code will create pop-up windows on the employee’s computer until its mem
ory is exhausted. *
B. This HTML code will force the computer to reboot immediately.
C. Once the employee opens the email with this code, his computer will send out
messages to the network with the title of “You are in trouble!”.
D. This code will install a counter on the employee’s computer that will count e
very time that user opens web-based email.
25. Cheryl is a security analyst working for Shintel Enterprises, a publishing c
ompany in Boston. As well as monitoring the security state of the company’s net
work, she must ensure that the company’s external websites are up and running al
l the time. Cheryl performs some quick searches online and finds a utility that
will display a window on her desktop showing the current uptime statistics of t
he websites she needs to watch. This tool works by periodically pinging the web
sites; showing the ping time as well as a small graph that allows Cheryl to view
the recent monitoring history. What tool is Cheryl using to monitor the compan
y’s external websites?
A. She is using Emsa Web monitor to check on the status of the company’s website
s. *
B. Cheryl is utilizing AccessDiver to check on the websites’ status.
C. To monitor her company’s websites, Cheryl is using Acunitex.
D. Cheryl has chosen to use Burp to check on the status of the company’s website
s.
26. James is an IT security consultant as well as a certified ethical hacker. J
ames has been asked to audit the network security of Yerta Manufacturing, a tool
manufacturing company in Phoenix. James performs some initial external tests a
nd then begins testing the security from inside the company’s network. James fi
nds some big problems right away; a number of users that are working on Windows
XP computers have saved their usernames and passwords used to connect to servers
on the network. This way, those users do not have to type in their credentials
every time they want access to a server. James tells the IT manager of Yerta M
anufacturing about this, and the manager does not believe this is possible on Wi
ndows XP. To prove his point, James has a user logon to a computer and then Jam
es types in a command that brings up a window that says “Stored User Names and P
asswords”. What command did James type in to get this window to come up?
A. James had to type in “rundll32.exe keymgr.dll, KRShowKeyMgr” to get the windo
w to pop up. *
B. To bring up this stored user names and passwords window, James typed in “rund
ll32.exe storedpwd.dll, ShowWindow”.
C. The command to bring up this window is “KRShowKeyMgr”.
D. James typed in the command “rundll32.exe storedpwd.dll” to get the Stored Use
r Names and Passwords window to come up.
27. Kevin is an IT security analyst working for Emerson Time Makers, a watch man
ufacturing company in Miami. Kevin and his girlfriend Katy recently broke up af
ter a big fight. Kevin believes that she was seeing another person. Kevin, who
has an online email account that he uses for most of his mail, knows that Katy
has an account with that same company. Kevin logs into his email account online
and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22
Kevin changes the URL to:
http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22
Kevin is trying to access her email account to see if he can find out any inform
ation. What is Kevin attempting here to gain access to Katy’s mailbox?
A. Kevin is trying to utilize query string manipulation to gain access to her em
ail account. *
B. This type of attempt is called URL obfuscation when someone manually changes
a URL to try and gain unauthorized access.
C. By changing the mailbox’s name in the URL, Kevin is attempting directory tran
sversal.
D. He is attempting a path-string attack to gain access to her mailbox.
28. Daryl is the network administrator for the North Carolina Lottery. Daryl is
responsible for all network security as well as physical security. The lottery
recently hired on a web developer to create their website and bring all service
s in house since the lottery’s website was previously hosted and supported by a
third party company. After the developer creates the website, Daryl wants to ch
eck it to ensure it is as secure as possible. The developer created a logon pag
e for lottery retailers to gain access to their financial information. Without
knowing what any of the usernames and passwords are, Daryl tries to bypass the l
ogon page and gain access to the backend. Daryl makes a number of attempts and
he gets the following error message every time.