EnsurepassQUESTION 841 What type of attack changes its signature and/or payload to avoid detection by antivirus programs?   A. Polymorphic B. Rootkit C. Boot sector D. File infecting   Answer: A  In computer terminology,polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses,shellcodes and computer worms to hide their presence.     QUESTION 842 You may be able to identify Read more [...]
EnsurepassQUESTION 831 Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the pEchoq command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page again in vain. What is the probable cause of Billos problem?   A. The system is a Read more [...]
EnsurepassQUESTION 821 Which one of the following attacks will pass through a network layer intrusion detection system undetected?   A. A teardrop attack B. A SYN flood attack C. A DNS spoofing attack D. A test.cgi attack   Answer: D  Because a network-based IDS reviews packets and headers,it can also detect denial of service (DoS) attacks Not A or B: The following sections discuss some of the possible DoS attacks available. Smurf Fraggle SYN Flood Teardrop DNS DoS Read more [...]
EnsurepassQUESTION 811 Rebecca is a security analyst and knows of a local root exploit that has the ability to enable local users to use available exploits to gain root privileges. This vulnerability exploits a condition in the Linux kernel within the execve() system call. There is no known workaround that exists for this vulnerability. What is the correct action to be taken by Rebecca in this situation as a recommendation to management?   A. Rebecca should make a recommendation to disable Read more [...]
EnsurepassQUESTION 801 Joe the Hacker breaks into XYZos Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode. What can Joe do to hide the wiretap program from being detected by ifconfig command?   A. Block Read more [...]
EnsurepassQUESTION 791 You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe. What caused this? A. The Morris worm B. The PIF virus C. Trinoo D. Nimda E. Code Red F. Ping of Death   Answer: D  The Nimda worm modifies all web content files it finds. As a result,any user browsing web content on the system,whether via the file system or via a web server,may download a copy of the worm. Some browsers may automatically Read more [...]
EnsurepassQUESTION 781 Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP. How can he generate traffic on the network so that he can capture enough packets to crack the WEP key?   A. Use any ARP requests found in the capture B. Derek can use a session replay on the packets captured Read more [...]
EnsurepassQUESTION 771 802.11b is considered a ____________ protocol.   A. Connectionless B. Secure C. Unsecure D. Token ring based E. Unreliable   Answer: C  802.11b is an insecure protocol. It has many weaknesses that can be used by a hacker.     QUESTION 772 While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the Read more [...]
EnsurepassQUESTION 761 Look at the following SQL query. SELECT * FROM product WHERE PCategory='computers' or 1=1--' What will it return? Select the best answer.   A. All computers and all 1's B. All computers C. All computers and everything else D. Everything except computers   Answer: C  The 1=1 tells the SQL database to return everything,a simplified statement would be SELECT * FROM product WHERE 1=1 (which will always be true for all columns). Thus,this query Read more [...]
EnsurepassQUESTION 751 _________ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.   A. Mandatory Access Control B. Authorized Access Control C. Role-based Access Control D. Discretionary Access Control   Answer: A  In computer security,mandatory access control Read more [...]
EnsurepassQUESTION 741 Clive has been hired to perform a Black-Box test by one of his clients. How much information will Clive obtain from the client before commencing his test?   A. IP Range,OS,and patches installed. B. Only the IP address range. C. Nothing but corporate name. D. All that is available from the client site.   Answer: C  Penetration tests can be conducted in one of two ways: black-box (with no prior knowledge the infrastructure to be tested) or white-box Read more [...]