Question 1 0 of 10 points

Following is the partial output of a DNS query: dig -t ANY

;; ANSWER SECTION:
nss.net.au. 86400 IN TXT "v=spf1 ip4:62.69.107.8 a mx
a:www.nss.net.au mx:www.nss.net.au mx:CPE-62-69-107-
8.vic.bigpond.net.au ~all"

Indicate the correct response below

Selected Answer: This represents DNS cache poisoning

Correct Answer: This relates to authentication
Question 2 0 of 10 points
Following is an extract from a mail log:

Aug 10 10:29:14 tuan postfix/smtpd[11005]: reject: RCPT from

unknown[210.110.151.124]: 554 Service unavailable;
[210.110.151.124] blocked using bl.spamcop.net, reason: Blocked - see
http://www.spamcop.net/bl.shtml?210.110.151.124;
from=jones@yahoo.com to=damian@dlk.com.au

Indicate what it represents

Selected Answer: A postfix error

Correct Answer: A remote site is blackholed
Question 3 0 of 10 points
Consider the following log fragment:

Sep 15 14:45:34 tuan portsentry[1003]: attackalert: TCP SYN/Normal

scan from host: 203.194.239.101/203.194.239.101 to TCP port: 21
Sep 15 14:45:34 tuan portsentry[1003]: attackalert: Host
203.194.239.101 has been blocked via wrappers with string: "ALL:
203.194.239.101"
Sep 15 14:45:35 tuan portsentry[1003]: attackalert: Host
203.194.239.101 has been blocked via dropped route using command:
"/sbin/iptables -I INPUT -s 203.194.239.101 -j DROP"

What sort of log is it?

Selected Answer: nmap log file

Correct Answer: Unix system log file
Question 4 0 of 10 points
If I wanted to determine the pid of a problem process in Linux I would
use:

Selected Answer: netstat

 Correct Answer: ps
Question
Needs Grading
5
What is the purpose of an obfuscated url?
Selected Answer: [None Given]
Correct Answer: [None]
Question 6 Needs Grading
What is an attack vector?
Selected An attack vector is a path or means by which a hacker can
Answer: gain access to a computer or network server in order to
deliver a payload or malicious outcome. Attack vectors
enable hackers to exploit system vulnerabilities, including
the human element. Attack vectors include viruses, e-mail
attachments, Web pages, pop-up windows, instant
messages, chat rooms, and deception.
Correct [None]
Answer:
Question
Needs Grading
7
Received: from 39.125.32.155 (39.125.32.155[39.125.32.155])
by ts1-a213.Irkutsk.dial.rol.ru (IMP) with HTTP
for vsg-admin@vsg.edu.au;
Message-ID: 2277201092409870@ts1-a213.Irkutsk.dial.rol.ru
From: "Westpac Products and payments"
To: "vsg-admin@vsg.edu.au"

Is this normal or abnormal? Give two reasons for your answer.

Selected Answer: [None Given]
Correct Answer: [None]
Question 8 0 of 10 points
eth0 Link encap:Ethernet HWaddr 00:E0:29:0A:92:16
inet addr:203.36.129.241 Bcast:203.36.129.255 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:44252726 errors:0 dropped:0 overruns:0 frame:154751
TX packets:28772748 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2953181798 (2816.3 Mb) TX bytes:2031385802 (1937.2 Mb)
Interrupt:10 Base address:0xd000

eth0:1 Link encap:Ethernet HWaddr 00:E0:29:0A:92:16

inet addr:10.0.0.7 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0xd000
 lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:149480 errors:0 dropped:0 overruns:0 frame:0
TX packets:149480 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:19308042 (18.4 Mb) TX bytes:19308042 (18.4 Mb)

ppp0 Link encap:Point-to-Point Protocol

inet addr:139.130.51.24 P-t-P:139.130.51.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500
Metric:1
RX packets:10487 errors:0 dropped:0 overruns:0 frame:0
TX packets:7732 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1488381 (1.4 Mb) TX bytes:864079 (843.8 Kb)

Given the above information state how many physical network

interfaces this system has.

Selected Answer:
3
Correct Answer:
2
Question
0 of 10 points
9
58.102.151.119 - - [07/Aug/2006:03:37:56 +1000] "GET //cgi-
bin/awstats/awstats.pl HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows 98)"
58.102.151.119 - - [07/Aug/2006:03:37:56 +1000] "GET //cgi-
bin/awstats.pl HTTP/1.1" 404 278 "-" "Mozilla/4.0 (compatible; MSIE
6.0; Windows 98)"
58.102.151.119 - - [07/Aug/2006:03:37:57 +1000] "GET //cgi/awstats.pl
HTTP/1.1" 404 274 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows
98)"

What sort of event is recorded above?

Selected A normal web event
Answer:
Correct An abnormal web
Answer: event
Question
0 of 10 points
10
81.168.228.132 - - [07/Aug/2006:22:07:17 +1000] "GET /sumthin
HTTP/1.0" 404 1057 "-""-"

The above event represents:

 Selected None of the above
Answer:
Correct A web probe that disclosed useful
Answer: information
Question
10 of 10 points
11
In relation to the possibility of sniffing of switched ethernet networks,
which of the following statements is true?
Selected manipulation of the address resolution protocol is
Answer: needed
Correct manipulation of the address resolution protocol is
Answer: needed
Question
0 of 10 points
12
Given the following partial directory listing from a Linux system:

drwx------ 10 damian staff 340 Mar 31 2005 telstra

-rwx------ 1 damian staff 162 Mar 31 2005 testppp
-rwx------ 1 damian staff 491 Mar 31 2005 filer

It can be stated that:

Selected users damian and staff can run the program

Answer: testppp
Correct only the user damian can run the programs
Answer:
Question
10 of 10 points
13
Buffer overflows and SQL injection are caused by the same basic
problem (true or false?)
Selected Tru
Answer: e
Correct Tru
Answer: e
Question
Needs Grading
14
In relation to software design, two possible approaches are a monolithic
structure or discrete components.

Which approach is likely to minimize security risks? Why?

Selected [None
Answer: Given]
Correct [None]
 Answer:
Question
0 of 10 points
15
Which of the following vulnerabilities poses the highest risk?
Selected cross site scripting
Answer:
Correct remote zero day
Answer: exploit
Question
10 of 10 points
16
NTOP was demonstrated in the lectures. Select the correct response
from the statements below:

Selected NTOP uses promiscous

Answer: mode
Correct NTOP uses promiscous
Answer: mode
Question
0 of 10 points
17
Hopster is a tool that:
Selected Uses SSH to tunnel out
Answer:
Correct Exploits logical flaws in
Answer: tcp/ip
Question
10 of 10 points
18
telnet penguin.dlk.com.au 25
Trying 203.36.129.244...
Connected to penguin.dlk.com.au.
Escape character is '^]'.
220 penguin.dlk.com.au ESMTP Sendmail 8.9.0.Beta5/8.8.7; Sat, 25
Apr 1998 19:03:
57 +1000
helo tuan.dlk.com.au
250 penguin.dlk.com.au Hello damian@tuan.dlk.com.au
[203.36.129.241], pleased to
meet you
mail from:damian@tuan.dlk.com.au
250 damian@tuan.dlk.com.au... Sender ok
rcpt to:fred@penguin.dlk.com.au
250 fred@penguin.dlk.com.au... Recipient ok
data
354 Enter mail, end with "." on a line by itself
Hi Fred!
 Just testing.
.
250 TAA11462 Message accepted for delivery
quit
221 penguin.dlk.com.au closing connection
Connection closed by foreign host.

From the following statements, select the one that is definately correct:

Selected SMTP
Answer: converstion
Correct SMTP
Answer: converstion
Question
0 of 10 points
19
How many mailservers are involved in this example?
telnet penguin.dlk.com.au 25
Trying 203.36.129.244...
Connected to penguin.dlk.com.au.
Escape character is '^]'.
220 penguin.dlk.com.au ESMTP Sendmail 8.9.0.Beta5/8.8.7; Sat, 25
Apr 1998 19:03:
57 +1000
helo tuan.dlk.com.au
250 penguin.dlk.com.au Hello damian@tuan.dlk.com.au
[203.36.129.241], pleased to
meet you
mail from:damian@tuan.dlk.com.au
250 damian@tuan.dlk.com.au... Sender ok
rcpt to:fred@penguin.dlk.com.au
250 fred@penguin.dlk.com.au... Recipient ok
data
354 Enter mail, end with "." on a line by itself
Hi Fred!
Just testing.
.
250 TAA11462 Message accepted for delivery
quit
221 penguin.dlk.com.au closing connection
Connection closed by foreign host.
Selected
Answer: 2
Correct
Answer: 1
Question
0 of 10 points
20
telnet open.web.proxy.org 80
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
CONNECT host.org:25 HTTP/1.0

HTTP/1.0 200 Connection established

220 host.org ESMTP Sendmail 8.11.6/8.11.6; Tue, 19 Feb

200214:16:51 -0800 (PST)

The above event represents:

Selected A break-in to a mail

Answer: server
Correct Use of proxy for email
Answer: