Topic 1: Exam Pool A
To determine if a software program properly handles a wide range of invalid input, a form of
automated testing can be used to randomly generate invalid input in an attempt to crash
the program.
What term is commonly used when referring to this type of testing?
A.
Randomizing
B.
Bounding
C.
Mutating
D.
Fuzzing
Fuzzing
Which of the following viruses tries to hide from anti-virus programs by actively altering and
corrupting the chosen service call interruptions when they are being run?
A.
Macro virus
B.
Stealth/Tunneling virus
C.
Cavity virus
D.
Polymorphic virus
Stealth/Tunneling virus
What is the known plaintext attack used against DES which gives the result that encrypting
plaintext with one DES key followed by encrypting it with a second DES key is no more
secure than using a single key?
A.
Man-in-the-middle attack
B.
Meet-in-the-middle attack
C.
Replay attack
D.
Traffic analysis attack
Meet-in-the-middle attack
Explanation:
https://en.wikipedia.org/wiki/Meet-in-the-middle_attack
The meet-in-the-middle attack (MITM), a known plaintext attack, is a generic space–time
tradeoff cryptographic attack against encryption schemes that rely on performing multiple
encryption operations in sequence. The MITM attack is the primary reason why Double
DES is not used and why a Triple DES key (168-bit) can be bruteforced by an attacker with
256 space and 2112 operations.
The intruder has to know some parts of plaintext and their ciphertexts. Using meet-in-the-middle attacks it is possible to break ciphers, which have two or more secret keys for
multiple encryption using the same algorithm. For example, the 3DES cipher works in this
way. Meet-in-the-middle attack was first presented by Diffie and Hellman for cryptanalysis
of DES algorithm.
Which of the following incident handling process phases is responsible for defining rules,
collaborating human workforce, creating a back-up plan, and testing the plans for an
organization?
A.
Preparation phase
B.
Containment phase
C.
Identification phase
D.
Recovery phase
Preparation phase
While using your bank’s online servicing you notice the following string in the URL bar:
“http: // www. MyPersonalBank. com/
account?id=368940911028389&Damount=10980&Camount=21”
You observe that if you modify the Damount & Camount values and submit the request,
that data on the web page reflects the changes.
Which type of vulnerability is present on this site?
A.
Cookie Tampering
B.
SQL Injection
C.
Web Parameter Tampering
D.
XSS Reflection
Web Parameter Tampering
Based on the following extract from the log of a compromised machine, what is the hacker
really trying to steal?
A.
har.txt
B.
SAM file
C.
wwwroot
D.
Repair file
SAM file
You just set up a security system in your network. In what kind of system would you find
the following string of characters used as a rule within its configuration? alert tcp any any ->
192.168.100.0/24 21 (msg: ““FTP on the network!””;)
A.
A firewall IPTable
B.
FTP Server rule
C.
A Router IPTable
D.
An Intrusion Detection System
An Intrusion Detection System
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy
servers, and Intrusion Detection Systems (IDS) on the network of an organization that has
experienced a possible breach of security. When the investigator attempts to correlate the
information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?
A.
The network devices are not all synchronized.
B.
Proper chain of custody was not observed while collecting the logs
C.
The attacker altered or erased events from the logs.
D.
The security breach was a false positive.
The network devices are not all synchronized.
Explanation: Many network and system administrators don't pay enough attention to
system clock accuracy and time synchronization. Computer clocks can run faster or slower
over time, batteries and power sources die, or daylight-saving time changes are forgotten.
Sure, there are many more pressing security issues to deal with, but not ensuring that the
time on network devices is synchronized can cause problems. And these problems often
only come to light after a security incident.
If you suspect a hacker is accessing your network, for example, you will want to analyze
your log files to look for any suspicious activity. If your network's security devices do not
have synchronized times, the timestamps' inaccuracy makes it impossible to correlate log
files from different sources. Not only will you have difficulty in tracking events, but you will
also find it difficult to use such evidence in court; you won't be able to illustrate a smooth
progression of events as they occurred throughout your network.
Which DNS resource record can indicate how long any "DNS poisoning" could last?
A.
MX
B.
SOA
C.
NS
D.
TIMEOUT
SOA
A technician is resolving an issue where a computer is unable to connect to the Internet
using a wireless access point. The computer is able to transfer files locally to other
machines, but cannot successfully reach the Internet. When the technician examines the IP
address and default gateway they are both on the 192.168.1.0/24. Which of the following
has occurred?
A.
The computer is not using a private IP address
B.
The gateway is not routing to a public IP address.
C.
The gateway and the computer are not on the same network
D.
The computer is using an invalid IP address.
The gateway is not routing to a public IP address.
Explanation:
https://en.wikipedia.org/wiki/Private_network
In IP networking, a private network is a computer network that uses private IP address
space. Both the IPv4 and the IPv6 specifications define private IP address ranges. These
addresses are commonly used for local area networks (LANs) in residential, office, and
enterprise environments.
Private network addresses are not allocated to any specific organization. Anyone may use
these addresses without approval from regional or local Internet registries. Private IP
address spaces were originally defined to assist in delaying IPv4 address exhaustion. IP
packets originating from or addressed to a private IP address cannot be routed through the
public Internet.
The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers
Authority (IANA) to reserve the following IPv4 address ranges for private networks:
· 10.0.0.0 – 10.255.255.255
· 172.16.0.0 – 172.31.255.255
· 192.168.0.0 – 192.168.255.255
Backbone routers do not allow packets from or to internal IP addresses. That is, intranet
machines, if no measures are taken, are isolated from the Internet. However, several
technologies allow such machines to connect to the Internet.
· Mediation servers like IRC, Usenet, SMTP and Proxy server
· Network address translation (NAT)
· Tunneling protocol
NOTE: So, the problem is just one of these technologies.
The establishment of a TCP connection involves a negotiation called three-way handshake.
What type of message does the client send to the server in order to begin this negotiation?
A.
ACK
B.
SYN
C.
RST
D.
SYN-ACK
SYN
Which of the following tools are used for enumeration? (Choose three.)
A.
SolarWinds
B.
USER2SID
C.
Cheops
D.
SID2USER
E.
DumpSec
USER2SID
SID2USER
DumpSec
| Page 3 out of 48 Pages |
| Previous |