312-50V9 Practice Questions

The following is an entry captured by a network IDS.You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the...

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? Select the best answers.

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

What tool can crack Windows SMB passwords simply by listening to network traffic? Select the best answer.

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enum...

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack i...

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm througho...

Study the snort rule given below: From the options below, choose the exploit against which this rule applies.

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other syste...

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decryp...

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtC...

What is the algorithm used by LM for Windows2000 SAM?

E-mail scams and mail fraud are regulated by which of the following?

Which of the following LM hashes represent a password of less than 8 characters? (Select 2)

Which of the following is the primary objective of a rootkit?

This kind of password cracking method uses word lists in combination with numbers and special characters:

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

When discussing passwords, what is considered a brute force attack?

Which of the following are well know password-cracking programs?(Choose all that apply.

Password cracking programs reverse the hashing process to recover passwords.(True/False.)

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an atta...

Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three)

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand th...

An attacker runs netcat tool to transfer a secret file between two hosts. Machine A: netcat -l -p 1234 < secretfile Machine B: netcat 192.168.3.4 > 1234 He is worried about informa...

Fingerprinting an Operating System helps a cracker because:

In the context of Windows Security, what is a 'null' user?

What does the following command in netcat do? nc -l -u -p55555 < /etc/passwd

What hacking attack is challenge/response authentication used to prevent?

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then sca...

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction...

ViruXine.W32 virus hides their presence by changing the underlying executable code. This Virus code mutates while keeping the original algorithm intact, the code changes itself eac...

"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what wi...

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c What is the hexadecimal value of NOP instruction?

This TCP flag instructs the sending system to transmit all buffered data immediately.

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below: You are hired to conduct security testing on their netwo...

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and...

Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

What port number is used by LDAP protocol?

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already...

Within the context of Computer Security, which of the following statements describes Social Engineering best?

In Trojan terminology, what is a covert channel?

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destina...

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for ov...