A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff
the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other
systems.
However, he is unable to capture any logons though he knows that other users are logging
in.
What do you think is the most likely reason behind this?

A.

There is a NIDS present on that segment.

B.

Kerberos is preventing it.

C.

Windows logons cannot be sniffed.

D.

L0phtcrack only sniffs logons to web servers.

Hackers often raise the trust level of a phishing message by modeling the email to look
similar to the internal email used by the target company. This includes using logos,
formatting, and names of the target company. The phishing message will often use the
name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

A.

Exploration

B.

Investigation

C.

Reconnaissance

D.

Enumeration

What does the –oX flag do in an Nmap scan?

A.

Perform an eXpress scan

B.

Output the results in truncated format to the screen

C.

Output the results in XML format to a file

D.

Perform an Xmas scan

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly
malicious sequence of packets sent to a Web server in the network’s external DMZ. The
packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool
can be used to determine if these packets are genuinely malicious or simply a false
positive?

A.

Protocol analyzer

B.

Network sniffer

C.

Intrusion Prevention System (IPS)

D.

Vulnerability scanner

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has
learnt to use these tools in his lab and is now ready for real world exploitation. He was able
to effectively intercept communications between the two entities and establish credentials
with both sides of the connections. The two remote ends of the communication never
notice that Eric is relaying the information between the two. What would you call this
attack?

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

One of your team members has asked you to analyze the following SOA record. What is
the version?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800
2400.) (Choose four.)

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Which of the following tools can be used for passive OS fingerprinting?

A.

nmap

B.

tcpdump

C.

tracert

D.

ping

Why is a penetration test considered to be more thorough than vulnerability scan?

A.

Vulnerability scans only do host discovery and port scanning by default.

B.

A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a
vulnerability scan does not typically involve active exploitation.

C.

It is not – a penetration test is often performed by an automated tool, while a
vulnerability scan requires active engagement.

D.

The tools used by penetration testers tend to have much more comprehensive
vulnerability databases.

Which definition among those given below best describes a covert channel?

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure

The configuration allows a wired or wireless network interface controller to pass all traffic it
receives to the Central Processing Unit (CPU), rather than passing only the frames that the
controller is intended to receive. Which of the following is being described?

A.

Multi-cast mode

B.

Promiscuous mode

C.

WEM

D.

Port forwarding