Scribd
Upload
12 views5 pages

QUESTIONS2

The document contains a series of questions and answers related to cybersecurity concepts, including defenses against MAC attacks, hash functions, rootkits, two-factor authentication, and incident investigation. Key topics include the importance of port security, collision resistance in hash functions, and the identification of suspicious employee behavior. It also discusses various types of rootkits and security measures such as Single Sign-On and throttling for DoS/DDoS attacks.

Uploaded by

dg6699work
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
12 views5 pages

QUESTIONS2

The document contains a series of questions and answers related to cybersecurity concepts, including defenses against MAC attacks, hash functions, rootkits, two-factor authentication, and incident investigation. Key topics include the importance of port security, collision resistance in hash functions, and the identification of suspicious employee behavior. It also discusses various types of rootkits and security measures such as Single Sign-On and throttling for DoS/DDoS attacks.

Uploaded by

dg6699work
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

1.How do you defend against MAC attacks on a switch?

Disable SPAN port on the switch


Enable SNMP Trap on the switch
Configure IP security on the switch
Enable Port Security on the switch

Correct answer(s) is D

2.How do you defend against MAC attacks on a switch?

Disable SPAN port on the switch


Enable SNMP Trap on the switch
Configure IP security on the switch
Enable Port Security on the switch

Correct answer(s) is D

3.Which property or concept ensures that a hash function will not produce the same
hashed value for two different messages?

Key strength
Bit length
Entropy
Collision resistance

Correct answer(s) is D

4.Jess the hacker runs L0phtCrack's built-in sniffer utility that grabs SMB
password hashes and stores them for offline cracking. Once cracked, these passwords
can provide easy access to whatever network resources the user account has access
to. But Jess is not picking up hashes from the network.
Why?

The network protocol is configured to use SMB Signing


The physical network wire is on fibre optic cable
The network protocol is configured to use IPSEC
L0phtCrack SMB sniffing only works through Switches and not Hubs

Correct answer(s) is A

5.Which of the following are advantages of adopting a Single Sign On (SSO) system?
(Choose two.)

A reduction in password fatigue for users because they do not need to know
multiple passwords when accessing multiple applications
A reduction in network and application monitoring since all recording will be
completed at the SSO system
A reduction in system administration overhead since any user login problems can be
resolved at the SSO system
A reduction in overall risk to the system since network and application attacks
can only happen at the SSO point

Correct answer(s) is AC

6.Rootkits are kernel programs having the ability to hide themselves and cover up
traces of activities. It replaces certain operating system calls and utilities with
its own modified versions of those routines.
Which of the following rootkit modifies the boot sequence of the machine to load
themselves instead of the original virtual machine monitor or operating system?

Hypervisor level rootkit


Kernel level rootkit
Boot loader level rootkit
Library level rootkits

Correct answer(s) is A

7.Which of the following is the structure designed to verify and authenticate the
identity of individuals within the enterprise taking part in a data exchange?

SOA
Biometrics
PKI
Single sign on

Correct answer(s) is C

8.An incident investigator asks to receive a copy of the event logs from all
firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of
an organization that has experienced a possible breach of security. When the
investigator attempts to correlate the information in all of the logs, the sequence
of many of the logged events do not match up. What is the most likely cause?

The attacker altered or erased events from the logs.


Proper chain of custody was not observed while collecting the logs.
The security breach was a false positive.
The network devices are not all synchronized.

Correct answer(s) is A

9.A security analyst is performing an audit on the network to determine if there


are any deviations from the security policies in place.
The analyst discovers that a user from the IT department had a dial-out modem
installed.
Which security policy must the security analyst check to see if dial-out modems are
allowed?

Firewall-management policy
Acceptable-use policy
Remote-access policy
Permissive policy

Correct answer(s) is C

10.What do you call a pre-computed hash?

Sun tables
Apple tables
Rainbow tables
Moon tables

Correct answer(s) is C

11.Joseph has just been hired on to a contractor company of the Department of


Defense as their Senior Security Analyst.
Joseph has been instructed on the company's strict security policies that have been
implemented, and the policies that have yet to be put in place.
Per the Department of Defense, all DoD users and the users of their contractors
must use two-factor authentication to access their networks.
Joseph has been delegated the task of researching and implementing the best two-
factor authentication method for his company.
Joseph's supervisor has told him that they would like to use some type of hardware
device in tandem with a security or identifying pin number.
Joseph's company has already researched using smart cards and all the resources
needed to implement them, but found the smart cards to not be cost effective.
What type of device should Joseph use for two-factor authentication?

Biometric device
OTP
Proximity cards
Security token

Correct answer(s) is D

12.LAN Manager Passwords are concatenated to 14 bytes, and split in half. The two
halves are hashed individually. If the password is 7 characters or less, than the
second half of the hash is always:

0xAAD3B435B51404EE
0xAAD3B435B51404AA
0xAAD3B435B51404BB
0xAAD3B435B51404CC

Correct answer(s) is A

13.If an attacker's computer sends an IPID of 24333 to a zombie (Idle Scanning)


computer on a closed port, what will be the response?

The zombie computer will respond with an IPID of 24334.


The zombie computer will respond with an IPID of 24333.
The zombie computer will not send a response.
The zombie computer will respond with an IPID of 24335.

Correct answer(s) is A

14.What statement is true regarding LM hashes?

LM hashes consist in 48 hexadecimal characters.


LM hashes are based on AES128 cryptographic standard.
Uppercase characters in the password are converted to lowercase.
LM hashes are not generated when the password length exceeds 15 characters.

Correct answer(s) is D

15.Which of the following Trojans would be considered 'Botnet Command Control


Center'?

YouKill DOOM
Damen Rock
Poison Ivy
Matten Kit

Correct answer(s) is C

16.The configuration allows a wired or wireless network interface controller to


pass all traffic it receives to the central processing unit (CPU), rather than
passing only the frames that the controller is intended to receive.
Which of the following is being described?

Port forwarding
Multi-cast mode
WEP
promiscuous mode

Correct answer(s) is D

17.More sophisticated IDSs look for common shellcode signatures. But even these
systems can be bypassed, by using polymorphic shellcode.
This is a technique common among virus writers. It basically hides the true nature
of the shellcode in different disguises.
How does a polymorphic shellcode work?

They encrypt the shellcode by XORing values over the shellcode, using loader code
to decrypt the shellcode, and then executing the decrypted shellcode
They convert the shellcode into Unicode, using loader to convert back to machine
code then executing them
They reverse the working instructions into opposite order by masking the IDS
signatures
They compress shellcode into normal instructions, uncompressed the shellcode using
loader code and then executing the shellcode

Correct answer(s) is A

18.One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement


correctly defines this term?
Answers
Set up routers that access a server with logic to adjust incoming traffic to
levels that will be safe for the server to process
Providers can increase the bandwidth on critical connections to prevent them from
going down in the event of an attack
Replicating servers that can provide additional failsafe protection
Load balance each server in a multiple-server architecture
WHOOPS... Correct answer(s) is A

19.What is the least important information when you analyze a public IP address in
a security alert?
Answers
ARP
Whois
DNS
Geolocation
WHOOPS... Correct answer(s) is A

20.What is this Shellshock bash vulnerability attempting to do on this vulnerable


Linux host? env x='(){:;};echo exploit' bash -c 'cat /etc/passwd'
Answers
Change all password in passwd
Remove the passwd file.
Add new user to the passwd file
Display passwd contents to prompt
WHOOPS... Correct answer(s) is D

21.Most cases of insider abuse can be traced to individuals who are introverted,
incapable of dealing with stress or conflict, and frustrated with their job, office
politics, and lack of respect or promotion. Disgruntled employees may pass company
secrets and intellectual property to competitors for monitory benefits. Here are
some of the symptoms of a disgruntled employee:

These disgruntled employees are the biggest threat to enterprise security. How do
you deal with these
threats? (Select 2 answers)
Answers
Frequently leaves work early, arrive late or call in sick
Spends time surfing the Internet or on the phone
Responds in a confrontational, angry, or overly aggressive way to simple requests
or comments
Always negative; finds fault with everything
Limit access to the applications they can run on their desktop computers and
enforce strict work hour rules
By implementing Virtualization technology from the desktop to the data centre,
organizations can isolate different environments with varying levels of access and
security to various employees
Organizations must ensure that their corporate data is centrally managed and
delivered to users just and when needed
WHOOPS... Correct answer(s) is BC

22.Which of the following are valid types of rootkits? (Choose three.)


Answers
Hypervisor level
Network level
Kernel level
Application level
Physical level
Data access level
WHOOPS... Correct answer(s) is ACD

You might also like