Chat with AIExam 5: Networks and Services
Exam 1: Ethical Hacking and Testing52 Questions
Exam 2: Information Gathering65 Questions
Exam 3: Malicious Code58 Questions
Exam 4: Operating Systems and Applications63 Questions
Exam 5: Networks and Services64 Questions
Select questions type
Janet wants a no cost solution to blocking certain applications from lauching pop-up windows while she is surfing the web. She had tried everything her old Windows XP computer can run. Alternative browsers, freeware spyware scanner, nothing helps.
(Multiple Choice)
4.7/5 
(30)
(30) Dylan found a vulnerability on a web application that let him copy the sessionID out of a local cookie and place it into another cookie, therefore assuming the identity of the original user. The problem is that the server also associates the originating IP address. Dylan simply spoofs that address but he then finds he cannot establish an interactive session with the server. Why?
(Multiple Choice)
4.8/5 (30)
(30) Bruno wishes to carry out a session hijack attack between hosts "Jaguar" and "Puma". They are in an established state. Puma has a receive window of 300 and Jaguar has a receive window of 350. Jaguar has just received byte 500 from Puma and Acknowledged.
What is the range of sequence numbers that Jaguar will now accept from Puma?
(Multiple Choice)
4.9/5 (40)
(40) Using Hping, you wish to enumerate the rules of a firewall. You direct the traffic to a confirmed host and set the TTL value to one hop past the firewall, also incrementing the destination port by one with each packet. Return ICMP type 11 messages will tell you want the firewall allowed to pass.
What is this technique called?
(Multiple Choice)
4.9/5 (31)
(31) Using netcat, cryptcat, or ncat to transfer files across a network is a common practice for a pentester because any port that will pass through the filters between the target and tiger box can be used. Which of the following commands will transfer a binary file on a commonly unfiltered web port?
(Multiple Choice)
4.9/5 (30)
(30) You just hired a new graphic artist to work on your web site. You are cheap, and don't want to spring for a programmer because web design is all the same anyway. The new guy you hired is an expert at photoshop but hates coding tell him "Look, this makes no sense. Just follow a few of these pointers and you will be fine."
In the interest of security, what is one of the things you will tell him?
(Multiple Choice)
4.8/5 (38)
(38) Which of the following tools can be used to collect webpages for offline browsing?
(Multiple Choice)
4.8/5 (33)
(33) Curtis works for a small company. His boss isn't too interested in security issues as he isn't certain the risk is high enough. Still, Curtis wants to implement something that can collect data about just how often they are attacked, and from this, perhaps create a business case for why security must be taken seriously. He needs to know even when a simple scan is taking place.
That tool can he use?
(Multiple Choice)
4.7/5 (37)
(37) Jeremy knows that the network has been breached and several important files have been modified. After analyzing the access and firewall logs, he can't come to any sort of conclusion about exactly what happened. In the future, he wants to make sure he can detect when certain files change, then maybe use honey tokens to catch the intruders.
Of the following will accomplish this task?
(Multiple Choice)
4.7/5 (40)
(40) Assuming your own address is 192.168.1.1, what display filter could be used to show all traffic other than web and mail.
(Multiple Choice)
4.9/5 (37)
(37) You have been asked to setup a wireless intrusion detection system. Which of the following products fills this function?
(Multiple Choice)
4.9/5 (33)
(33) What is the most accurate statement below regarding the following snort rule:
Alert tcp any any -> any 111 (content:"|00 01 86 A5|"; \ msg: "mountd access";)
(Multiple Choice)
4.9/5 (33)
(33) Which of the following snort rules looks for FTP login attempts?
(Multiple Choice)
4.9/5 (39)
(39) Which of the following attacks are not considered "Active Sniffing"?
(Multiple Choice)
4.8/5 (29)
(29) Which of the following forms of attack depends on an already established connection between hosts?
(Multiple Choice)
4.8/5 (39)
(39) ARP spoofing works in part because Ethernet hardware has no way of knowing if there is another NIC on the network with the same MAC address or not. True or False?
(True/False)
4.8/5 (36)
(36) You wish to capture a set of data for about 10 minutes from a host that you only have command line access to. You use TCPDump for the capture, but find it is hard to work with. You aren't so much interested in the data within the packets but statistics about how much data and of what type is being sent.
Which of the following tools can be used along with your sniffer to collect this data?
(Multiple Choice)
4.9/5 (44)
(44) Leo wants to secure his wireless network. He implements WAP2, installs directional antennas and implements rouge infrastructure testing. What else does he need to consider? (choose up to 4)
(Multiple Choice)
4.7/5 (32)
(32) Which of the following tools cannot be used to perform a dictionary guessing attack on a web application?
(Multiple Choice)
4.8/5 (39)
(39) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)