Which are methods that attackers use to find buffer overflows?Choose all that apply.
A. Trial and error
B. Decompile the executable binary of the application
C. Decompile the executable binary of a software patch
D. Analyze source code,if available
Having just downloaded a new version of Cain and Abel,you wish to monitor your network for clear text passwords being sent.
Knowing you are currently connected to a switch you will attempt to perform an ARP poisoning attack that will let you look at all the packets and not only packets sent to your own machine.
What would you call this type of sniffing?
A. Passing Sniffing
B. Active Sniffing
C. ARP Sniffing
D. All stations sniffing
Dozens of methodologies exist on the market today.Most of them follow the very high level steps.
Which of the following would represent the most common and logical approach to penetration testing from the first step being accomplished on the left to the last step being done on the right side of the statement below?
A. Scanning,Footprinting,Enumeration,Penetration
B. Footprinting,Enumeration,Scanning,Penetration
C. Footprinting,Scanning,Enumeration,Penetration
D. Penetration,Enumeration,Scanning,Footprinting
Which of the following password implementation is found only in Windows 2000 and newer Windows versions?
A. LM
B. NTLM
C. NTLMv2
D. Kerberos
MS SQL server makes use of Stored Procedures.There is an extended stored procedure called sp_makewebtask that can be used with data being returned from executed queries.What would you use this stored procedure for?
A. It is used to start a new web server instance
B. It is used to create and HTML page
C. It is used to perform an entry within a database
D. It is used to schedule a job task
Doing Operating System identification remotely is an art that requires analysis of responses from packets being sent.In order to do so efficiently,a methodology called fuzzy logic is often used. Which of the following would best describe what fuzzy logic is?
A. A problem solving control system
B. A special type of port scan
C. An operating system feature
D. A hardware device for OS identification
One of your clients has been the victim of a brute force attack against their SSH server.
They ask you what could be done to protect their Linux servers.You propose the use of IP Tables (the built in kernel firewall) to limit connection attempts to protect their servers.You agree with your client to limit connections to the SSH port to a maximum of only three trials per minutes consideirng there is only one administrator who has a valid need to connect remotely onto this port.
If the threshold of three connectors is exceeded,the attacker will have to wait for another 60 seconds before it will resume allowing connections again.
Which of the following IP Tables entry would meet your clients needs?
A. iptables-A INPUT -p tcp -dport 23 -m state -state NEW -m recent -update -second 60 -hitcount4 -rttl name SSH -j DROP
B. iptables-A INPUT -p tcp -dport 22 -m state -state NEW -m recent -update -second 60 -hit count3 -rttl name SSH -j DROP
C. iptables-A INPUT -p tcp -dport 22 -m state -state NEW -m recent -update -second 60 -hitcount4 -rttl name SSH -j DROP
D. iptables-A OUTPUT -p tcp -dport 23 -m state -state NEW -m recent -update -second 60 -hitcount4 -rttl name SdSH -j DROP
What is one possible method that hackers can use to sniff SSL connections?Choose the best answer.
A. Use dsniff
B. Act as a man in the middle between the client and the webserver and send the client a fake certificate that the user will accept as legitimate
C. Use SSLSniff to sniff the session key exchange
D. Use SSL Relay
Cracking encryption is often impossible due to time constraints whereby it would take hundreds of years in some cases.
Great advancement has taken place lately regarding the cracking of password based on the time memory trade-off.
Such an attack allows an attacker to crack the password within a very short period of time.
Under the memory trade-off technique,which of the followig would be used to speed the cracking of password?
A. Large dictionaries
B. Large collection of common passwords
C. Pre Computed hashes tables
D. Pre sorted dictionaries will most likely matches tried first
Keen administrators (the enemy of penetration testers)will take great steps in order to collect logs on different servers.By having a detailed log of activities they may be able to detect abnormal activities.
A skilled intruder will attempt to modify the logging policy in order to prevent the administrator from having access to his detailed log.What command line tool could an attacker use to disable auditing on a Windows server?
A. Syslog
B. Eventlog
C. Auditpol
D. Auditlog