Topic 1: Exam Pool A
When analyzing the IDS logs, the system administrator noticed an alert was logged when
the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?
A.
False negative
B.
True negative
C.
True positive
D.
False positive
False positive
Explanation:
True Positive - IDS referring a behavior as an attack, in real life it is
True Negative - IDS referring a behavior not an attack and in real life it is not
False Positive - IDS referring a behavior as an attack, in real life it is not
False Negative - IDS referring a behavior not an attack, but in real life is an attack.
False Negative - is the most serious and dangerous state of all !!!!
Under what conditions does a secondary name server request a zone transfer from a
primary name server?
A.
When a primary SOA is higher that a secondary SOA
B.
When a secondary SOA is higher that a primary SOA
C.
When a primary name server has had its service restarted
D.
When a secondary name server has had its service restarted
E.
When the TTL falls to zero
When a primary SOA is higher that a secondary SOA
A large mobile telephony and data network operator has a data center that houses network
elements. These are essentially large computers running on Linux. The perimeter of the
data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?
A.
Network elements must be hardened with user ids and strong passwords. Regular
security tests and audits should be performed.
B.
As long as the physical access to the network elements is restricted, there is no need for
additional measures.
C.
There is no need for specific security measures on the network elements as long as
firewalls and IPS systems exist.
D.
The operator knows that attacks and down time are inevitable and should have a
backup site.
Network elements must be hardened with user ids and strong passwords. Regular
security tests and audits should be performed.
An attacker with access to the inside network of a small company launches a successful
STP manipulation attack. What will he do next?
A.
He will create a SPAN entry on the spoofed root bridge and redirect traffic to his
computer.
B.
He will activate OSPF on the spoofed root bridge.
C.
He will repeat this action so that it escalates to a DoS attack.
D.
He will repeat the same attack against all L2 switches of the network.
He will create a SPAN entry on the spoofed root bridge and redirect traffic to his
computer.
Which system consists of a publicly available set of databases that contain domain name
registration contact information?
A.
WHOIS
B.
CAPTCHA
C.
IANA
D.
IETF
WHOIS
What is the proper response for a NULL scan if the port is closed?
A.
SYN
B.
ACK
C.
FIN
D.
PSH
E.
RST
F.
No response
RST
Shellshock allowed an unauthorized user to gain access to a server. It affected many
Internet-facing services, which OS did it not directly affect?
A.
Linux
B.
Unix
C.
OS X
D.
Windows
Windows
Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
A.
nessus
B.
tcpdump
C.
ethereal
D.
jack the ripper
tcpdump
Tcpdump is a data-network packet analyzer computer program that runs under a command-line interface. It allows the user to display TCP/IP and other packets being
transmitted or received over a network to which the computer is attached. Distributed under
the BSD license, tcpdump is free software.
https://www.wireshark.org/
Wireshark is a free and open-source packet analyzer. It is used for network
troubleshooting, analysis, software and communications protocol development, and
education.
NOTE: Wireshark is very similar to tcpdump, but has a graphical front-end, plus some
integrated sorting and filtering options.
Which regulation defines security and privacy controls for Federal information systems and
organizations?
A.
HIPAA
B.
EU Safe Harbor
C.
PCI-DSS
D.
NIST-800-53
NIST-800-53
Explanation:
NIST Special Publication 800-53 provides a catalog of security and privacy controls for all
U.S. federal information systems except those related to national security. It is published by
the National Institute of Standards and Technology, which is a non-regulatory agency of the
United States Department of Commerce. NIST develops and issues standards, guidelines,
and other publications to assist federal agencies in implementing the Federal Information
Security Modernization Act of 2014 (FISMA) and to help with managing cost-effective
programs to protect their information and information systems.
An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines. Which one
of the following tools the hacker probably used to inject HTML code?
A.
Wireshark
B.
Ettercap
C.
Aircrack-ng
D.
Tcpdump
Ettercap
You have successfully comprised a server having an IP address of 10.10.0.5. You would
like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use?
A.
nmap -T4 -q 10.10.0.0/24
B.
nmap -T4 -F 10.10.0.0/24
C.
nmap -T4 -r 10.10.1.0/24
D.
nmap -T4 -O 10.10.0.0/24
nmap -T4 -F 10.10.0.0/24
Explanation: https://nmap.org/book/man-port-specification.html
NOTE: In my opinion, this is an absolutely wrong statement of the question. But you may
come across a question with a similar wording on the exam. What does "fast" mean? If we
want to increase the speed and intensity of the scan we can select the mode using the -T
flag (0/1/2/3/4/5). At high -T values, we will sacrifice stealth and gain speed, but we will not
limit functionality.
«nmap -T4 -F 10.10.0.0/24» This option is "correct" because of the -F flag.
-F (Fast (limited port) scan)
Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the
most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100.
Technically, scanning will be faster, but just because we have reduced the number of ports
by 10 times, we are just doing 10 times less work, not faster.
Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool
"SIDExtractor". Here is the output of the SIDs:
From the above list identify the user account with System Administrator privileges.
A.
John
B.
Rebecca
C.
Sheela
D.
Shawn
E.
Somia
F.
Chang
G.
Micah
Chang
| Page 4 out of 48 Pages |
| Previous |