Q31. What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system? 

A. Blind Port Scanning 

B. Idle Scanning 

C. Bounce Scanning 

D. Stealth Scanning 

E. UDP Scanning 

Answer: B

Explanation: from NMAP:-sI <zombie host[:probeport]> Idlescan: This advanced scan method allows fora truly blind TCP port scan of the target (meaning no packets are sent tothe tar- get from your real IP address). Instead, a unique side-channelattack exploits predictable "IP fragmentation ID" sequence generation onthe zombie host to glean information about the open ports on the target. 

Q32. SSL has been seen as the solution to several common security problems. Administrators will often make use of SSL to encrypt communication from point A to point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between point A and B? 

A. SSL is redundant if you already have IDS in place. 

B. SSL will trigger rules at regular interval and force the administrator to turn them off. 

C. SSL will slow down the IDS while it is breaking the encryption to see the packet content. 

D. SSL will mask the content of the packet and Intrusion Detection System will be blinded. 

Answer: D

Explanation: Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload. 

Q33. What type of attack is shown here? 

A. Bandwidth exhaust Attack 

B. Denial of Service Attack 

C. Cluster Service Attack 

D. Distributed Denial of Service Attack 

Answer: B

Q34. Jeffery works at a large financial firm in Dallas, Texas as a securities analyst. Last week, the IT department of his company installed a wireless network throughout the building. The problem is, is that they are only going to make it available to upper management and the IT department. 

Most employees don't have a problem with this since they have no need for wireless networking, but Jeffery would really like to use wireless since he has a personal laptop that he works from as much as he can. Jeffery asks the IT manager if he could be allowed to use the wireless network but he is turned down. Jeffery is not satisfied, so he brings his laptop in to work late one night and tries to get access to the network. Jeffery uses the wireless utility on his laptop, but cannot see any wireless networks available. After about an hour of trying to figure it out, Jeffery cannot get on the company's wireless network. Discouraged, Jeffery leaves the office and goes home. 

The next day, Jeffery calls his friend who works with computers. His friend suggests that his IT department might have turned off SSID broadcasting, and that is why he could not see any wireless networks. How would Jeffrey access the wireless network? 

A. Run WEPCrack tool and brute force the SSID hashes 

B. Jam the wireless signal by launching denial of service attack 

C. Sniff the wireless network and capture the SSID that is transmitted over the wire in plaintext 

D. Attempt to connect using wireless device default SSIDs 

Answer: C

Q35. What makes web application vulnerabilities so aggravating? (Choose two) 

A. They can be launched through an authorized port. 

B. A firewall will not stop them. 

C. They exist only on the Linux platform. 

D. They are detectable by most leading antivirus software. 

Answer: AB

Explanation: As the vulnerabilities exists on a web server, incoming traffic on port 80 will probably be allowed and no firewall rules will stop the attack. 

Q36. eter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? 

Select the best answers. 

A. SNMPUtil 

B. SNScan 

C. SNMPScan 

D. Solarwinds IP Network Browser 

E. NMap 

Answer: ABD


SNMPUtil is a SNMP enumeration utility that is a part of the Windows 2000 resource kit. With SNMPUtil, you can retrieve all sort of valuable information through SNMP. SNScan is a SNMP network scanner by Foundstone. It does SNMP scanning to find open SNMP ports. Solarwinds IP Network Browser is a SNMP enumeration tool with a graphical tree-view of the remote machine's SNMP data. 

Q37. Which of the following tools are used for footprinting?(Choose four. 

A. Sam Spade 

B. NSLookup 

C. Traceroute 

D. Neotrace 

E. Cheops 

Answer: ABCD 

Explanation: All of the tools listed are used for footprinting except Cheops. 

Q38. Sara is making use of Digest Authentication for her Web site. Why is this considered to be more secure than Basic authentication? 

A. Basic authentication is broken 

B. The password is never sent in clear text over the network 

C. The password sent in clear text over the network is never reused. 

D. It is based on Kerberos authentication protocol 

Answer: B

Explanation: Digest access authentication is one of the agreed methods a web page can use to negotiate credentials with a web user (using the HTTP protocol). This method builds upon (and obsoletes) the basic authentication scheme, allowing user identity to be established without having to send a password in plaintext over the network. 

Q39. What did the following commands determine? 

C : user2sid \\earth guest S-1-5-21-343818398-789336058-1343024091-501 

C:sid2user 5 21 343818398 789336058 1343024091 500 Name is Joe Domain is EARTH 

A. That the Joe account has a SID of 500 

B. These commands demonstrate that the guest account has NOT been disabled 

C. These commands demonstrate that the guest account has been disabled 

D. That the true administrator is Joe 

E. Issued alone, these commands prove nothing 

Answer: D

Explanation: One important goal of enumeration is to determine who the true administrator is. In the example above, the true administrator is Joe. 

Q40. The follows is an email header. What address is that of the true originator of the message? 

Return-Path: <bgates@microsoft.com> 

Received: from smtp.com (fw.emumail.com []. 

by raq-221-181.ev1.net (8.10.2/8.10.2. with ESMTP id h78NIn404807 

for <mikeg@thesolutionfirm.com>; Sat, 9 Aug 2003 18:18:50 -0500 

Received: (qmail 12685 invoked from network.; 8 Aug 2003 23:25:25 -0000 

Received: from ([]. 

by smtp.com with SMTP 

Received: from unknown (HELO CHRISLAPTOP. ( 

by localhost with SMTP; 8 Aug 2003 23:25:01 -0000 

From: "Bill Gates" <bgates@microsoft.com> 

To: "mikeg" <mikeg@thesolutionfirm.com> 

Subject: We need your help! 

Date: Fri, 8 Aug 2003 19:12:28 -0400 

Message-ID: <> 

MIME-Version: 1.0 

Content-Type: multipart/mixed; 


X-Priority: 3 (Normal. 

X-MSMail-Priority: Normal 

X-Mailer: Microsoft Outlook, Build 10.0.2627 

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 

Importance: Normal 





E. 8.10.2/8.10.2 

Answer: C

Explanation: Spoofing can be easily achieved by manipulating the "from" name field, however, it is much more difficult to hide the true source address. The "received from" IP address is the true source of the