Q11. A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system. 

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today's end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software. 

What is Rogue security software? 

A. A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites 

B. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software. 

C. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software. 

D. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software. 

E. Rogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites 

F. This software disables firewalls and establishes reverse connecting tunnel between the victim's machine and that of the attacker 

Answer: BCD


Q12. You receive an email with the following message: 

Hello Steve, 

We are having technical difficulty in restoring user database record after the recent blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com and change your password. http://www.supermailservices.com@0xde.0xad.0xbe.0xef/support/logon.htm If you do not reset your password within 7 days, your account will be permanently disabled locking you out from our e-mail services. Sincerely, Technical Support SuperEmailServices 

From this e-mail you suspect that this message was sent by some hacker since you have been using their e-mail services for the last 2 years and they have never sent out an e-mail such as this. You also observe the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers. You immediately enter the following at Windows 2000 command prompt: 

Ping 0xde.0xad.0xbe.0xef 

You get a response with a valid IP address. 

What is the obstructed IP address in the e-mail URL? 

A. 222.173.190.239 

B. 233.34.45.64 

C. 54.23.56.55 

D. 199.223.23.45 

Answer: A

Explanation: 0x stands for hexadecimal and DE=222, AD=173, BE=190 and EF=239 


Q13. One of the most common and the best way of cracking RSA encryption is to being to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _________________ process, then the private key can be derived. 

A. Factorization 

B. Prime Detection 

C. Hashing 

D. Brute-forcing 

Answer: A

Explanation: In April 1994, an international cooperative group of mathematicians and computer scientists solved a 17-year-old challenge problem, the factoring of a 129-digit number, called RSA-129, into two primes. That is, RSA-129 = 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 = 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. Se more at http://en.wikipedia.org/wiki/RSA_Factoring_Challenge 


Q14. A Buffer Overflow attack involves: 

A. Using a trojan program to direct data traffic to the target host's memory stack 

B. Flooding the target network buffers with data traffic to reduce the bandwidth available to legitimate users 

C. Using a dictionary to crack password buffers by guessing user names and passwords 

D. Poorly written software that allows an attacker to execute arbitrary code on a target system 

Answer: D

Explanation: B is a denial of service. By flooding the data buffer in an application with trash you could get access to write in the code segment in the application and that way insert your own code. 


Q15. Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. 

What would you call this attack? 

A. Interceptor 

B. Man-in-the-middle 

C. ARP Proxy 

D. Poisoning Attack 

Answer: B

Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. 


Q16. James is an IT security consultant as well as a certified ethical hacker. James has been asked to audit the network security of Yerta Manufacturing, a tool manufacturing company in Phoenix. James performs some initial external tests and then begins testing the security from inside the company's network. 

James finds some big problems right away; a number of users that are working on Windows XP computers have saved their usernames and passwords used to connect to servers on the network. This way, those users do not have to type in their credentials every time they want access to a server. James tells the IT manager of Yerta Manufacturing about this, and the manager does not believe this is possible on Windows XP. To prove his point, James has a user logon to a computer and then James types in a command that brings up a window that says "Stored User Names and Passwords". 

What command did James type in to get this window to come up? 

A. To bring up this stored user names and passwords window, James typed in "rundll32.exe storedpwd.dll, ShowWindow" 

B. James had to type in "rundll32.exe keymgr.dll, KRShowKeyMgr" to get the window to pop up 

C. James typed in the command "rundll32.exe storedpwd.dll" to get the Stored User Names and Passwords window to come up 

D. The command to bring up this window is "KRShowKeyMgr" 

Answer: B

Explanation: The Stored User Names and Passwords applet lets you assign user names and passwords to use when needing to authenticate yourself to services in domains other than the one you are currently logged into. The normal way of running this applet can be difficult to find quickly, so here is a way to launch it using a desktop shortcut using the rundll32.exe program: 

Click on START - RUN and type the following (follwed by ENTER): rundll32.exe 

keymgr.dll,KRShowKeyMgr 

http://www.tweakxp.com/article37352.aspx 


Q17. John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong. 

In the context of Session hijacking why would you consider this as a false sense of security? 

A. The token based security cannot be easily defeated. 

B. The connection can be taken over after authentication. 

C. A token is not considered strong authentication. 

D. Token security is not widely used in the industry. 

Answer: B

Explanation: A token will give you a more secure authentication, but the tokens will not help against attacks that are directed against you after you have been authenticated. 


Q18. Jim’s organization has just completed a major Linux roll out and now all of the organization’s systems are running the Linux 2.5 kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ. 

Which built-in functionality of Linux can achieve this? 

A. IP Tables 

B. IP Chains 

C. IP Sniffer 

D. IP ICMP 

Answer: A

Explanation: iptables is a user space application program that allows a system administrator to configure the netfilter tables, chains, and rules (described above). Because iptables requires elevated privileges to operate, it must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /sbin/iptables. IP Tables performs stateful inspection while the older IP Chains only performs stateless inspection. 


Q19. When discussing passwords, what is considered a brute force attack? 

A. You attempt every single possibility until you exhaust all possible combinations or discover the password 

B. You threaten to use the rubber hose on someone unless they reveal their password 

C. You load a dictionary of words into your cracking program 

D. You create hashes of a large number of words and compare it with the encrypted passwords 

E. You wait until the password expires 

Answer: A

Explanation: Brute force cracking is a time consuming process where you try every possible combination of letters, numbers, and characters until you discover a match. 


Q20. Password cracking programs reverse the hashing process to recover passwords.(True/False. 

A. True 

B. False 

Answer: B

Explanation: Password cracking programs do not reverse the hashing process. Hashing is a one-way process. What these programs can do is to encrypt words, phrases, and characters using the same encryption process and compare them to the original password. A hashed match reveals the true password.