MK0-201 Exam Questions

You have been asked to assist an investigation team in collecting data and evidence related to an internal hacking case. The investigator in charge of the case would like to captur...

What are some of the weaknesses that make LAN Manager Hashes much easier to crack by an attacker? (Select all that apply)

While doing a penetration test you were able to extract a copy of the password database from a Windows Server using a vulnerable SQL server that had a blank password. You now have...

Which of the following password implementation is found only in Windows 2000 and newer Windows versions?

You are the security administrator of company XYZ Inc. You have noticed that one of your users has installed a tool named KerbCrack as well as another tool named KerbSniff on his m...

Bob is doing a penetration test. He was able to get system level access on one of the servers exploiting one of the known weaknesses of the web server. Bob attempted to copy the SA...

Detailed logging is the enemy of all crackers. After getting unauthorized access to a computer, a cracker will attempt to disable logging on the remote hosts that he compromises. I...

Yannick who is a very smart security tester has mentioned to one of his friends that he has found a way of appending data to an existing file using the built in Windows tools and n...

Which of the following would best describe the meaning of steganography?

Julius has been hired to perform a test on company XYZ networks. Julius knows that company XYZ has a large team of security administrators who are very proactive in their security...

One of the last steps taken by an attacker will be to configure permanent access to a compromised system. However, the installation of a backdoor, installation of new processes, an...

Jack, a system administrator at company XYZ, has discovered some new files that were added to one of his servers. One of the files contained programming code; after thorough examin...

Which of the following best describes a Script Kiddie?

Which of the following is the biggest security risk that has been experienced within applications over the past few years?

One key skill a Penetration Tester must possess is documentation. There are different documents that will be produced in the course of doing a penetration test; out of the document...

While exploiting remote targets using exploits, there are a few stages that have to take place. Which of the following stages is the payload which is executed after exploitation?

Which of the following exploits/abuse would all be located at the network layer of the OSI model? (Choose all that applies)

Which of the following penetration framework is Open Source and offers features that are similar to some of its rival commercial tools?

Johnny has just installed a small utility to calculate subnet masks. After installing this utility he was prompted by his firewall to accept a connection outbound to a server he wa...

Spyware is either hardware or software installed on a computer which gather information about the user for later retrieval by whoever controls the Spyware. It is installed without...

Pieces of malware code are getting smarter all the time. It seems it always finds a way of reinstalling itself on a system after it has been removed. If you wish to look for malici...

You have successfully exploited a remote computer. You now have limited privilege on the remote computer. Your tests have revealed that it is possible to download files from the in...

Using Netcat what would be the syntax to setup a listening back door from a compromised Windows Server that will spawn a shell when connecting to the remote server on port 777?

Why are Trojans such as Beast a lot harder to detect? Choose the best answer.

It is common knowledge that a Penetration Test relies on a testers ability to collect information from different sources. Only about 35% to 40% of the information collected will be...

Looking at the graphic below, determine what web site was visited by the user located at IP address 192.168.1.104?

Bob is using a new sniffer called Ethereal. However, it seems that Bob can only see packets that are sent from and to his own network interface card (NIC). He cannot see any traffi...

Looking at the graphic presented below, what version of Internet Protocol was used on the network where this packet was sent? Extract the information from the Hex dump below.

Looking at the graphic presented below, what destination port is highlighted in the Hex dump presented? Extract the information from the Hex dump packet captured below.

Which of the following commands would capture all packets going to and from IP address 192.168.1.2 using tcpdump ?

Having just downloaded a new version of Cain & Abel, you wish to monitor your network for clear text passwords being sent. Knowing you are currently connected to a switch you will...

You were called upon to investigate some strange behavior on Company XYZ networks. Some users have complained that at times the network performance seemed slow, light indicators on...

When a network switch receives a very large quantity of random MAC addresses which would overfill the Content Addressable Memory (CAM) table, how will the switch react?

Jhezza has just arrived at her office and she is checking her stock portfolio as she does every day. She connects to her broker web site and decides to buy some stocks that are hig...

You have just attempted to perform DNS poisoning on the local network DNS server and did not succeed; you decide to launch an attack against routing tables instead. Which of the fo...

This technique consists of using social skills to trick someone into revealing information they should not usually release to unauthorized users. What do we call this technique or...

To uniquely identify an active session, TCPIP protocol will make use of the client IP address and port as well as the destination IP address and port. How are these four elements m...

An attacker must create a spoofed/crafted packet in order to hijack a session. Which of the following would have to be present within the spoofed packet?

You have been reading a series of papers on connection hijacking. However, there were contradictions as to which Operating System would be more vulnerable and which one has predict...

Traditional firewalls have serious limitations where the data payload is not being inspected. These firewalls usually tend to work within the lower layer of the OSI model. What lay...

Which of the following techniques would be effective to get around some of the blocking rules on certain firewalls? The same technique could be used to avoid detection by Intrusion...

Intrusion Detection Systems have multiple ways to decode the information. Which of the following definitions would best describe Protocol Anomaly Detection within an Intrusion Dete...

One of the challenges when doing large scale security tests is the time required. If you have to scan a class B network it might take you a very long time. Scanrand is a tool that...

On a Linux system, which of the following files would contain the list of user accounts, their shell, and their home directories?

Pen testing is another area of security where acronyms and expressions abound. What does the term rooting refers to?

One of your clients has been the victim of a brute force attack against their SSH server. They ask you what could be done to protect their Linux servers. You propose the use of IPT...