Q181. What hacking attack is challenge/response authentication used to prevent?
A. Replay attacks
B. Scanning attacks
C. Session hijacking attacks
D. Password cracking attacks
Answer: A
Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it. With a challenge/response authentication you ensure that captured packets can’t be retransmitted without a new authentication.
Q182. Spears Technology, Inc is a software development company located in Los Angeles, California. They reported a breach in security, stating that its “security defenses has been breached and exploited for 2 weeks by hackers. “The hackers had accessed and downloaded 90,000 address containing customer credit cards and password. Spears Technology found this attack to be so to law enforcement officials to protect their intellectual property.
How did this attack occur? The intruder entered through an employees home machine, which was connected to Spears Technology, Inc’s corporate VPN network. The application called BEAST Trojan was used in the attack to open a “Back Door” allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge.
The hackers were traced back to Beijing China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Spears Technology’s network from a remote location, posing as employees. The intent of the attacker was to steal the source code for their VOIP system and “hold it hostage” from Spears Technology, Inc exchange for ransom.
The hackers had intended on selling the stolen VOIP software source code to competitors.
How would you prevent such attacks from occurring in the future at Spears Technology?
A. Disable VPN access to all your employees from home machines
B. Allow VPN access but replace the standard authentication with biometric authentication
C. Replace the VPN access with dial-up modem access to the company’s network
D. Enable 25 character complex password policy for employees to access the VPN network.
Answer: A
Explanation: As long as there is a way in for employees through all security measures you can’t be secure because you never know what computer the employees use to access recourses at their workplace.
Q183. What type of session hijacking attack is shown in the exhibit?
A. Session Sniffing Attack
B. Cross-site scripting Attack
C. SQL Injection Attack
D. Token sniffing Attack
Answer: A
Q184. John wishes to install a new application onto his Windows 2000 server.
He wants to ensure that any application he uses has not been Trojaned.
What can he do to help ensure this?
A. Compare the file's MD5 signature with the one published on the distribution media
B. Obtain the application via SSL
C. Compare the file's virus signature with the one published on the distribution media
D. Obtain the application from a CD-ROM disc
Answer: A
Explanation: MD5 was developed by Professor Ronald L. Rivest of MIT. What it does, to quote the executive summary of rfc1321, is:
[The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.
In essence, MD5 is a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods.
Q185. Steven the hacker realizes that the network administrator of company is using syskey to protect organization resources in the Windows 2000 Server. Syskey independently encrypts the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to brute force dictionary attacks on the hashes. Steven runs a program called “SysCracker” targeting the Windows 2000 Server machine in attempting to crack the hash used by Syskey. He needs to configure the encryption level before he can launch attach.
How many bits does Syskey use for encryption?
A. 40 bit
B. 64 bit
C. 256 bit
D. 128 bit
Answer: D
Explanation: SYSKEY is a utility that encrypts the hashed password information in a SAM database using a 128-bit encryption key.
Q186. While footprinting a network, what port/service should you look for to attempt a zone transfer?
A. 53 UDP
B. 53 TCP
C. 25 UDP
D. 25 TCP
E. 161 UDP
F. 22 TCP
G. 60 TCP
Answer: B
Explanation: IF TCP port 53 is detected, the opportunity to attempt a zone transfer is there.
Q187. Why is Social Engineering considered attractive by hackers and also adopted by experts in the field?
A. It is done by well known hackers and in movies as well.
B. It does not require a computer in order to commit a crime.
C. It is easy and extremely effective to gain information.
D. It is not considered illegal.
Answer: C
Explanation: Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim. The term has been popularized in recent years by well known (reformed) computer criminal and security consultant Kevin Mitnick who points out that it's much easier to trick someone into giving you his or her password for a system than to spend the effort to hack in. He claims it to be the single most effective method in his arsenal.
Q188. You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.
-DNS query is sent to the DNS server to resolve www.google.com
-DNS server replies with the IP address for Google?
-SYN packet is sent to Google.
-Google sends back a SYN/ACK packet
-Your computer completes the handshake by sending an ACK
-The connection is established and the transfer of data commences
Which of the following packets represent completion of the 3-way handshake?
A. 4th packet
B. 3rdpacket
C. 6th packet
D. 5th packet
Answer: D
Q189. Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?
A. Port Scanning
B. Single Scanning
C. External Scanning
D. Vulnerability Scanning
Answer: D
Q190. You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks?
A. System services
B. EXEC master access
C. xp_cmdshell
D. RDC
Answer: C