1. Examine the Wireshark TCP flow capture here:
Which of the following represents the next appropriate acknowledgement from Host A?
A. Sequence Number 701, Acknowledgement Number 3986.
B. Sequence Number 701, Acknowledgement Number 2664.
C. Sequence Number 2664, Acknowledgement Number 2023.
D. Sequence Number 2664, Acknowledgement Number 701.
2. You have established a netcat connection to a target machine. Which flag can be used to launch a program?
A. -p
B. -a
C. -l
D. -e
3. Which virus type will rewrite itself after each new infection?
A. Multipartite
B. Metamorphic
C. Cavity
D. Macro
4. A pen test colleague is carrying out attacks. In one attack, she attempts to guess the ISN for a TCP session. Which attack is she most likely carrying out?
A. XSS
B. Session splicing
C. Session hijacking
D. Multipartite attack
5. Malware takes many forms and is activated on a machine in a variety of ways. Which of the following malware types does not require user intervention to spread?
A. Trojan
B. Virus
C. Worm
D. Polymorphic
6. An attacker is attempting a DoS against a machine. She first spoofs the target’s IP address and then begins sending large amounts of ICMP packets containing the MAC address FF: FF: FF: FF: FF: FF. What attack is underway?
A. ICMP flood
B. Ping of Death
C. SYN flood
D. Smurf
E. Fraggle
7. Tripwire is one of the most popular tools to protect against Trojans. Which of the following statements best describes Tripwire?
A. Tripwire is a signature-based antivirus tool.
B. Tripwire is a vulnerability assessment tool used for port scanning.
C. Tripwire is a file integrity program.
D. Tripwire is a session-splicing tool.
8. Which of the following tools are good choices for session hijack attempts? (Choose all that apply.)
A. Ettercap
B. Netcat
C. Hunt
D. Nessus
9. In regard to Trojans, which of the following best describes a “wrapper”?
A. The legitimate file the Trojan is attached to.
B. A program used to bind the Trojan to a legitimate file.
C. Encryption methods used for a Trojan.
D. Polymorphic code used to avoid detection by antivirus programs.
10. What is the default port used by RAT?
A. 31337
B. 1095
C. 1524
D. 7777
E. 666
11. Which of the following is a legitimate communication path for the transfer of data?
A. Overt
B. Covert
C. Authentic
D. Imitation
E. Actual
12. Which Trojan is well known for attempting to steal banking information from infected machines?
A. Apocalypse
B. HTTP RAT
C. Zeus
D. BioDox
13. A pen test team member types the following command:
Which of the following is true regarding this attempt?
A. The attacker is attempting to connect to an established listening port on a remote computer.
B. The attacker is establishing a listening port on his machine for later use.
C. The attacker is attempting a DoS against a remote computer.
D. The attacker is attempting to kill a service on a remote machine.
14. Examine the partial command line output listed here:
Which of the following is a true statement regarding the output?
A. This is output from a netstat –an command.
B. This is output from a netstat –b command.
C. This is output from a netstat –e command.
D. This is output from a netstat –r command.
15. You are discussing malware with a new pen test member who asks about restarting executables. Which registry keys within Windows automatically run executables and instructions? (Choose all that apply.)
A. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServicesOnce
B. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices
C. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce
D. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
16. Which of the following best describes a sheepdip computer?
A. A system used to confuse malware developers, attracting them away from real network systems.
B. A system that has multiple malware infections.
C. A system used to screen physical media for malware.
D. A system infected with botnet malware.
17. Which denial of service attack involves sending SYN packets to a target machine, but never responding to any of the SYN/ACK replies?
A. SYN flood
B. SYN attack
C. Smurf
D. LOIC
18. A user sees the following pop-up window appear:
Which of the following best describes the pop-up?
A. A hardware corrupted USB drive is inserted into the machine.
B. The pop-up is purely informational.
C. The pop-up indicates a Conficker worm propagation attempt.
D. None of the above.
19. IPSec is an effective preventative measure against session hijacking. Which IPSec mode encrypts only the data payload?
A. Transport
B. Tunnel
C. Protected
D. Spoofed
20. Which of the following are MITM session hijacking tools? (Choose all that apply.)
A. Netcat
B. LOIC
C. Hunt
D. Paros
E. T-sight
F. Nmap
21. Which of the following best describes the comparison between spoofing and session hijacking?
A. Spoofing and session hijacking are the same thing.
B. Spoofing interrupts a client’s communication whereas hijacking does not.
C. Hijacking interrupts a client’s communication whereas spoofing does not.
D. Hijacking emulates a foreign IP address whereas spoofing refers to MAC addresses.
22. Which of the following is an effective deterrent against session hijacking?
A. Install and use an HIDS on the system.
B. Install and use Tripwire on the system.
C. Enforce good password policy.
D. Use unpredictable sequence numbers.
23. A pen test team member types the following command:
Which of the following are true regarding this command? (Choose all that apply.)
A. Ettercap is being configured for a GUI interface.
B. Ettercap is being configured as a sniffer.
C. Ettercap is being configured for text mode.
D. Ettercap is being configured for manual mode.
E. Ettercap is being configured for a man-in-the-middle attack.
24. Within a TCP packet dump, a packet is noted with the SYN flag set and a sequence number set at A13F. What should the acknowledgement number in the return SYN/ACK packet be?
A. A131
B. A130
C. A140
D. A14F
25. When is session hijacking performed?
A. Before the three-step handshake
B. During the three-step handshake
C. After the three-step handshake
D. After a FIN packet
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.