Topic 1: Exam Pool A
Which of the following tools performs comprehensive tests against web servers, including
dangerous files and CGIs?
A.
Nikto
B.
John the Ripper
C.
Dsniff
D.
Snort
Nikto
Explanation:
https://en.wikipedia.org/wiki/Nikto_(vulnerability_scanner)
Nikto is a free software command-line vulnerability scanner that scans web servers for
dangerous files/CGIs, outdated server software, and other problems. It performs generic
and server types specific checks. It also captures and prints any cookies received. The
Nikto code itself is free software, but the data files it uses to drive the program are not.
Tess King is using the nslookup command to craft queries to list all DNS information (such
as Name Servers, host names, MX records, CNAME records, glue records (delegation for
child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.
What do you think Tess King is trying to accomplish? Select the best answer.
A.
A zone harvesting
B.
A zone transfer
C.
A zone update
D.
A zone estimate
A zone transfer
What is the purpose of a demilitarized zone on a network?
A.
To scan all traffic coming through the DMZ to the internal network
B.
To only provide direct access to the nodes within the DMZ and protect the network
behind it
C.
To provide a place to put the honeypot
D.
To contain the network devices you wish to protect
To only provide direct access to the nodes within the DMZ and protect the network
behind it
Which mode of IPSec should you use to assure security and confidentiality of data within
the same LAN?
A.
ESP transport mode
B.
ESP confidential
C.
AH permiscuous
D.
AH Tunnel mode
ESP transport mode
Todd has been asked by the security officer to purchase a counter-based authentication
system. Which of the following best describes this type of system?
A.
A biometric system that bases authentication decisions on behavioral attributes.
B.
A biometric system that bases authentication decisions on physical attributes
C.
An authentication system that creates one-time passwords that are encrypted with
secret keys
D.
An authentication system that uses passphrases that are converted into virtual
passwords.
An authentication system that creates one-time passwords that are encrypted with
secret keys
Bob, a network administrator at BigUniversity, realized that some students are connecting
their notebooks in the wired network to have Internet access. In the university campus,
there are many Ethernet ports available for professors and authorized visitors but not for
students.
He identified this when the IDS alerted for malware activities in the network. What should
Bob do to avoid this problem?
A.
Disable unused ports in the switches
B.
Separate students in a different VLAN
C.
Use the 802.1x protocol
D.
Ask students to use the wireless network
Use the 802.1x protocol
You have gained physical access to a Windows 2008 R2 server which has an accessible
disc drive. When you attempt to boot the server and log in, you are unable to guess the
password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool
can change any user’s password or activate disabled Windows accounts?
A.
John the Ripper
B.
SET
C.
CHNTPW
D.
Cain & Abel
CHNTPW
What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming
through the firewall if your network is comprised of Windows NT, 2000, and XP?
A.
110
B.
135
C.
139
D.
161
E.
445
F.
1024
135
139
445
What is not a PCI compliance recommendation?
A.
Use a firewall between the public network and the payment card data.
B.
Use encryption to protect all transmission of card holder data over any public network.
C.
Rotate employees handling credit card transactions on a yearly basis to different
departments.
D.
Limit access to card holder data to as few individuals as possible.
Rotate employees handling credit card transactions on a yearly basis to different
departments.
Explanation:
https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security
parameters.
Protect Cardholder Data
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software or programs.
6. Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
Maintain an Information Security Policy
12. Maintain a policy that addresses information security for employees and contractors.
A hacker is an intelligent individual with excellent computer skills and the ability to explore a
computer’s software and hardware without the owner’s permission. Their intention can
either be to simply gain knowledge or to illegally make changes.
Which of the following class of hacker refers to an individual who works both offensively
and defensively at various times?
A.
White Hat
B.
Suicide Hacker
C.
Gray Hat
D.
Black Hat
Gray Hat
| Page 1 out of 57 Pages |
Copyright © - All Rights Reserved