NEW QUESTION 1
In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack?

• A. Do not reply to email messages or popup ads asking for personal or financial information
• B. Do not trust telephone numbers in e-mails or popup ads
• C. Review credit card and bank account statements regularly
• D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks
• E. Do not send credit card numbers, and personal or financial information via e-mail

Answer: D

NEW QUESTION 2
Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

• A. Hardware, Software, and Sniffing.
• B. Hardware and Software Keyloggers.
• C. Passwords are always best obtained using Hardware key loggers.
• D. Software only, they are the most effective.

Answer: A

NEW QUESTION 3
When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.
How would an attacker exploit this design by launching TCP SYN attack?

• A. Attacker generates TCP SYN packets with random destination addresses towards a victim host
• B. Attacker floods TCP SYN packets with random source addresses towards a victim host
• C. Attacker generates TCP ACK packets with random source addresses towards a victim host
• D. Attacker generates TCP RST packets with random source addresses towards a victim host

Answer: B

NEW QUESTION 4
What is the minimum number of network connections in a multihomed firewall?

• A. 3
• B. 5
• C. 4
• D. 2

Answer: A

NEW QUESTION 5
Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning. What should Bob recommend to deal with such a threat?

• A. The use of security agents in clients’ computers
• B. The use of DNSSEC
• C. The use of double-factor authentication
• D. Client awareness

Answer: B

NEW QUESTION 6
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

• A. There is no way to tell because a hash cannot be reversed
• B. The right most portion of the hash is always the same
• C. The hash always starts with AB923D
• D. The left most portion of the hash is always the same
• E. A portion of the hash will be all 0's

Answer: B

NEW QUESTION 7
The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?

• A. Multi-cast mode
• B. Promiscuous mode
• C. WEM
• D. Port forwarding

Answer: B

NEW QUESTION 8
Which command can be used to show the current TCP/IP connections?

• A. Netsh
• B. Netstat
• C. Net use connection
• D. Net use

Answer: A

NEW QUESTION 9
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

• A. File system permissions
• B. Privilege escalation
• C. Directory traversal
• D. Brute force login

Answer: A

NEW QUESTION 10
Which of the following is a low-tech way of gaining unauthorized access to systems?

• A. Social Engineering
• B. Eavesdropping
• C. Scanning
• D. Sniffing

Answer: A

NEW QUESTION 11
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?

• A. The network devices are not all synchronized.
• B. Proper chain of custody was not observed while collecting the logs.
• C. The attacker altered or erased events from the logs.
• D. The security breach was a false positive.

Answer: A

NEW QUESTION 12
A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

• A. Attempts by attackers to access the user and password information stored in the company’s SQL database.
• B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.
• C. Attempts by attackers to access password stored on the user’s computer without the user’s knowledge.
• D. Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

Answer: B

NEW QUESTION 13
While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

• A. Conduct stealth scan
• B. Conduct ICMP scan
• C. Conduct IDLE scan
• D. Conduct silent scan

Answer: A

NEW QUESTION 14
What does a firewall check to prevent particular ports and applications from getting packets into an organization?

• A. Transport layer port numbers and application layer headers
• B. Presentation layer headers and the session layer port numbers
• C. Network layer headers and the session layer port numbers
• D. Application layer port numbers and the transport layer headers

Answer: A

NEW QUESTION 15
Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.
What would Yancey be considered?

• A. Yancey would be considered a Suicide Hacker
• B. Since he does not care about going to jail, he would be considered a Black Hat
• C. Because Yancey works for the company currently; he would be a White Hat
• D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Answer: A

NEW QUESTION 16
Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

• A. Scanning
• B. Footprinting
• C. Enumeration
• D. System Hacking

Answer: B

NEW QUESTION 17
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

• A. Traceroute
• B. Hping
• C. TCP ping
• D. Broadcast ping

Answer: B

NEW QUESTION 18
What is correct about digital signatures?

• A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
• B. Digital signatures may be used in different documents of the same type.
• C. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
• D. Digital signatures are issued once for each user and can be used everywhere until they expire.

Answer: A

NEW QUESTION 19
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.
A camera captures people walking and identifies the individuals using Steve’s approach.
After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

• A. Although the approach has two phases, it actually implements just one authentication factor
• B. The solution implements the two authentication factors: physical object and physical characteristic
• C. The solution will have a high level of false positives
• D. Biological motion cannot be used to identify people

Answer: B

NEW QUESTION 20
A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank?

• A. Place a front-end web server in a demilitarized zone that only handles external web traffic
• B. Require all employees to change their anti-virus program with a new one
• C. Move the financial data to another server on the same IP subnet
• D. Issue new certificates to the web servers from the root certificate authority

Answer: A

NEW QUESTION 21
The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

• A. $1320
• B. $440
• C. $100
• D. $146

Answer: D

NEW QUESTION 22
Windows LAN Manager (LM) hashes are known to be weak.
Which of the following are known weaknesses of LM? (Choose three.)

• A. Converts passwords to uppercase.
• B. Hashes are sent in clear text over the network.
• C. Makes use of only 32-bit encryption.
• D. Effective length is 7 characters.

Answer: ABD

NEW QUESTION 23
To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

• A. Randomizing
• B. Bounding
• C. Mutating
• D. Fuzzing

Answer: D

NEW QUESTION 24
One of your team members has asked you to analyze the following SOA record.
What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

• A. 200303028
• B. 3600
• C. 604800
• D. 2400
• E. 60
• F. 4800

Answer: D

NEW QUESTION 25
......