Beruflich Dokumente
Kultur Dokumente
Pregunta 1:
Which DoS attack sends traffic to the target with a spoofed IP of the target
itself?
a- Land
b- Teardrop
c- SYN flood
d- Smurf
Explicación:A land attack fits this description. Smurf Attacks deal with ICMP echo
requests going back to a spoofed target address. SYN floods use custom packets that
barrage a target with requests. Teardrop attacks use custom fragmented packets that
have overlapping offsets.
Pregunta 2:
If you can’t gain enough information directly from a target, what is another
option?
a- Competitive analysis
b- EDGAR
c- Scanning
d- Social engineering
Explicación:. Competitive analysis can prove very effective when you’re trying to gain
more detailed information about a target. Competitive analysis relies on looking at a
target’s competitors in an effort to find out more about the target.
Pregunta 3:
Which of the following is not typically used during footprinting?
a- Email
b- Port scanning
c- Search engines
d- Google hacking
Explicación:Port scanning is typically reserved for later stages of the attack process.
Pregunta 4:
Jason is the local network administrator who has been tasked with securing the
network from possible DoS attacks. Within the last few weeks, some traffic logs
appear to have internal clients making requests from outside the internal LAN.
Based on the traffic Jason has been seeing, what action should he take?
a- Implement ingress filtering
b- Implement egress filtering
c- Trottle network traffic
d- Update antivirus definitions
Explicación:Throttling network traffic will slow down a potential DoS attack; however,
an ingress filter will check for internal addresses coming in from the public side. This is
a good indicator of a spoofed IP.
Pregunta 5:
Which of the following best describes footprinting?
a- Discussion with people
b- Enumeration of services
c- Investigation of a target
d- Discovery of services
Pregunta 6:
Which of the following is used to access content outside the root of a website?
a- SQL injection
b- Brute forcé
c- Port scanning
d- Directory traversal
Explicación:Directory traversals are used to browse outside the root of the site or
location and access files or directories that should otherwise be hidden.
Pregunta 7:
Databases can be a victim of code exploits depending on which of the
following?
a- Patches
b- Configuration
c- Client version
d- Vendor
Pregunta 8:
What is the role of social engineering?
a- To gain information about posts and cameras
b- To gain information about social media
c- To gain information from human beings
d- To gain information about computers
Pregunta 9:
What is the hexadecimal value of a NOP instruction in an Intel system?
a- 0x99
b- 0x90
c- 0x80
d- 99x0
Pregunta 10:
Footprinting has two phases. What are they?
a- Social and anonymous
b- Active and pseudonymous
c- Scanning and enumerating
d- Active and passive
Explicación:Footprinting is typically broken into active and passive phases, which are
characterized by how aggressive the process actually is. Active phases are much
more aggressive than their passive counterparts.
Pregunta 11:
Why use Google hacking?
a- To look for information about google
b- To fine-tune search results
c- To speed up searches
d- To target domain
Pregunta 12:
Which of the following can prevent bad input from being presented to an
application through a form?
a- Directory traversing
b- Request filtering
c- Input scanning
d- Input validation
Explicación:Input validation is the process of checking input for correctness prior to its
being accepted by an application. Unlike filtering, which works on the server side,
validation works on the client side and prevents bad input from making it to the server.
Pregunta 13:
WEP is designed to offer security comparable to which of the following?
a- Wired networks
b- Bluetooth
c- IPv6
d- IrDA
Pregunta 14:
Which of the following would be a very effective source of information as it
relates to social engineering?
a- Social networking
b- Port scanning
c- Job boards
d- Websites
Pregunta 15:
Footprinting can determine all of the following except __________?
a- Hardware types
b- Business processes
c- Distribution and number of personnel
d- Software types
Pregunta 16:
Which of the following is designed to locate wireless access points?
a- Site survey
b- Traffic analysis
c- Pattern recognition
d- Cracking
Explicación:The purpose of a site survey is to map out a site and locate access points
and other wireless-enabled devices.
Pregunta 17:
Which of the following can be used to tweak or fine-tune search results?
a- Refining
b- Hacking
c- Operators
d- Archiving
Explicación:Operators such as filetype are used to manipulate search results for
some search engines such as Google.
Pregunta 18:
Which of the following operates at 5 GHz?
a- 802.11b
b- 802.11a
c- 802.11g
d- 802.11i
Pregunta 19:
Android is based on which operating system?
a- Windows
b- Unix
c- Linux
d- OS X
Explicación
Android is based on Linux.
Pregunta 20:
Which tool can trace the path of a packet?
a- DNS
b- Ping
c- Whois
d- Tracert
Explicación:Tracert is a tool used to trace the path of a packet from source to ultimate
destination.
PARTE 5
Pregunta 1:
Which of the following types of attack has no flags set?
a- NULL
b- FIN
c- SYN
d- Xmas tree
Explicación: A NULL scan has no flags configured on its packets.
Pregunta 2:
Which of the following is used to perform customized network scans?
a- AirPcap
b- Nessus
c- Nmap
d- Wireshark
Explicación:Nmap is a utility used to scan networks and systems and for other
types of custom scans.
Pregunta 3:
Which best describes a vulnerability scan?
a- A way to automate the Discovery of vulnerabilities
b- A proxy attack
c- A way to diagram a network
d- A way to find open ports
Pregunta 4:
A full-open scan means that the three-way handshake has been completed.
What is the difference between this and a half-open scan?
a- A half-open uses TCP
b- A half-open does not include the final ACK
c- A half-open includes the final ACK
d- A half-open uses UDP
Pregunta 6:
SaaS is a cloud hosting environment that offers what?
a- Testing options
b- Improved security
c- Software hosting
d- Development options
Pregunta 7:
What is the proper sequence of the TCP three-way-handshake?
a- SYN-ACK.ACK.ACK
b- SYN-SYN,SYN-ACK,SYN
c- SYN,SYN-ACK.ACK
d- ACK, SYN-ACK,SYN
Explicación:Remember this three-way handshake sequence; you will see it quite a bit
in packet captures when sniffing the network. Being able to identify the handshake
process allows you to quickly find the beginning of a data transfer.
Pregunta 8:
What is the purpose of a proxy?
a- To assist in scanning
b- To keep a scan hidden
c- To perform a scan
d- To automate the Discovery of vulnerabilities
Pregunta 9:
Physical security can prevent which of the following?
a- FTP
b- Tailgating
c- Cracking
d- DDoS
Pregunta 10:
A public and private key system differs from symmetric because it uses which of
the following?
a- One algorithm
b- Two keys
c- Two algorithms
d- One key
Explicación:A public and private key are mathematically related keys, but they
are not identical. In symmetric systems only one key is used at a time.
Pregunta 11:
Which of the following is not a flag on a packet?
a- END
b- RST
c- URG
d- PSH
Explicación:END is not a type of flag. Valid flags are ACK, FIN, SYN, URG, RST,
and PSH.
Pregunta 12:
Which of the following is used for banner grabbing?
a- Wireshark
b- Telnet
c- FTP
d- SSH
Explicación:Telnet is used to perform banner grabs against a system. However, other
tools are available to do this as well.
Pregunta 13:
Which of the following can be used to identify a firewall?
a- Google hacking
b- Email
c- Search engines
d- Port scanning
Pregunta 14:
What is the sequence of the three-way handshake?
a- SYN,ACK,ACK
b- SYN,ACK,SYN-ACK
c- SYN,SYN-ACK
d- SYN,SYN-ACK,ACK
Pregunta 15:
What is the three-way handshake?
a- The opening sequence of a TCP connection
b- A type of half-open scan
c- Part of a UDP scan
d- A Xmas tree scan
Pregunta 16:
Which network topology uses a token-based access methodology?
a- Bus
b- Ring
c- Star
d- Ethernet
Pregunta 17:
An HIDS is used to monitor activity on which of the following?
a- Application
b- Host
c- Network
d- Log file
Pregunta 18:
What is an ICMP echo scan?
a- A SYN scan
b- A ping sweep
c- A Xmas tree scan
d- Part of a UDP scan
Pregunta 19:
Which of these protocols is a connection-oriented protocol?
a- FTP
b- UDP
c- POP3
d- TCP
Explicación:SYN flags are seen only on TCP-based transmissions and not in UDP
transmissions of any kind.
PARTE 6
Pregunta 1:
SNScan is used to access information for which protocol?
a- SMTP
b- FTP
c- HTTP
d- SNMP
Explicación:SNScan is designed to access and display information for SNMP.
Pregunta 2:
Enumeration does not uncover which of the following pieces of information?
a- Services
b- Ports
c- Shares
d- User accounts
Explicación:Ports are usually uncovered during the scanning phase and not the
enumeration phase.
Pregunta 3:
Enumeration is useful to system hacking because it provides which of the
following?
a- IP ranges
b- Configurations
c- Passwords
d- Usernames
Explicación:Usernames are especially useful in the system hacking process
because they allow you to target accounts for password cracking.
Pregunta 4:
Which ports does SNMP use to function?
a- 161 and 162
b- 389 and 160
c- 160 and 162
d- 160 and 161
Pregunta 5:
Which kind of values is injected into a connection to the host machine in an
effort to increment the sequence number in a predictable fashion?
a- Bit
b- Null
c- IP
d- Counted
Pregunta 6:
__________ involves grabbing a copy of a zone file.
a- Zone update
b- Zone transfer
c- Nslookup transfers
d- DNS transfer
Explicación:Zone transfers are used to retrieve a copy of the zone file from a
server and store it in another location.
Pregunta 7:
During a Xmas tree scan what indicates a port is closed?
a- RST
b- SYN
c- ACK
d- No return response
Explicación:An RST indicates the port is closed in many of the TCP scan types. The
RST is sent in response to a connection request and the RST indicates that the port is
not available.
Pregunta 8:
Which of the following would confirm a user named chell in SMTP?
a- expn –u chell
b- expn chell
c- vrfy chell
d- vrfy –u chell
Explicación:vrfy chell, the verify command, is used within SMTP to verify that
the object provided is legitimate.
Pregunta 9:
Which mechanism can be used to influence a targeted individual?
a- Means of dress or appearance
b- Physical controls
c- Training
d- Technological controls
Pregunta 10:
Phishing can be mitigated through the use of __________.
a- Spam Filtering & Education
b- Anti-malware
c- Spam filtering
d- Antivirus
e- Education
Explicación:Education and spam filtering are tremendously helpful at lessening
the impact of phishing. Pure antivirus and anti-malware typically do not include
this functionality unless they are part of a larger suite.
Pregunta 11:
A __________ is used to represent a password.
a- Hash
b- Rootkit
c- NULL sesión
d- Rainbow table
Pregunta 12:
LDAP is used to perform which function?
a- Query a database
b- Query a directory
c- Query a network
d- Query a file system
Pregunta 13:
SMTP is used to perform which function?
a- Monitor network equipment
b- Transmit status information
c- Send email messages
d- Transfer files
Pregunta 14:
VRFY is used to do which of the following?
a- Expand a mailing list
b- Validate an email server
c- Validate an email address
d- Test a connection
Pregunta 15:
SNMP is used to do which of the following?
a- Transfer files
b- Synchronize clocks
c- Monitor network devices
d- Retrieve mail from a server
Explicación:SNMP is used to monitor and send messages to network devices.
Pregunta 16:
What is the best option for thwarting social-engineering attacks?
a- Physical controls
b- Training
c- Technology
d- Policies
Explicación:Training is the best and most effective method of blunting the impact of
social engineering. Addressing the problem through education can lessen the need for
some countermeasures.
Pregunta 17:
Which of the following is not a Trojan?
a- Subseven
b- BO2K
c- TCPTROJAN
d- LOKI
Explicación:TCPTROJAN is not a Trojan. All the other utilities on this list are
different forms of Trojans.
Pregunta 18:
Network-level hijacking focuses on the mechanics of a connection such as the
manipulation of packet sequencing. What is the main focus of web app session
hijacking?
a- Breaking user logins
b- Traffic redirection
c- Resource DoS
d- Stealing sesión IDs
Pregunta 19:
A __________ is a type of offline attack.
a- Birthday attack
b- Rainbow attack
c- Cracking attack
d- Hashing attack
Pregunta 20:
Zombies Inc. is looking for ways to better protect their web servers from
potential DoS attacks. Their web admin proposes the use of a network appliance
that receives all incoming web requests and forwards them to the web server.
He says it will prevent direct customer contact with the server and reduce the
risk of DoS attacks. What appliance is he proposing?
a- IDS
b- Reverse proxy
c- Web proxy
d- Firewall