John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server.

The output of the scanning test is as follows:

C.\whisker.pl -h target_IP_address

-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =

= Host: target_IP_address

= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1

mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22

+ 200 OK: HEAD /cgi-bin/printenv

John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following is a valid IP address for class B Networks?

Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included in the hacking process?

You have been assigned the job of configuring wireless networks for a large company. The security of these networks is of great importance. One of the tools that you can use for applying security is Wireless Transport Layer Security (WTLS). What are the goals of using this tool?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following Linux rootkits is installed via stolen SSH keys?

Which of the following statements best describes a certification authority?

Which of the following security protocols are based on the 802.11i standard?

Each correct answer represents a complete solution. Choose all that apply.

In which of the following DoS attacks does an attacker send an ICMP packet larger than 65,536 bytes to the target system?

John works as an Office Assistant in DataSoft Inc. He has received an e-mail from duesoft_lotterygroup@us.com with the following message:

The DueSoft Lottery Incorporation

This is to inform you that you have just won a prize of $7,500.00 for this year's Annual Lottery promotion, which was organized by Msn/Yahoo Lottery in conjunction with DueSoft. We collect active online e-mails and select five people every year as our winners through an electronic balloting machine. Please reply within three days of receiving this e-mail with your full details like Name, Address, Sex, Occupation, Age, State, Telephone number, and Country to claim your prize.

If John replies to this e-mail, which of the following attacks may he become vulnerable to?

The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for PassGuide Software Systems Pvt. Ltd.? (Click the Exhibit button on the toolbar to see the case study.)

Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?

Maria works as a professional Ethical Hacker. She recently has been assigned a project to test the security of www.we-are-secure.com. The company has provided the following information about the infrastructure of its network:

·Network diagrams of the we-are-secure infrastructure

·Source code of the security tools

· IP addressing information of the we-are-secure network

Which of the following testing methodologies is we-are-secure.com using to test the security of its network?

You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement?

Each correct answer represents a complete solution. Choose two.

Which of the following components are usually found in an Intrusion detection system (IDS)?

Each correct answer represents a complete solution. Choose two.

Which of the following attacks CANNOT be detected by an Intrusion Detection System (IDS)?

Each correct answer represents a complete solution. Choose all that apply.

Peter works as a professional Computer Hacking Forensic Investigator for eLaw-Suit law firm. He is working on a case of a cyber crime. Peter knows that the good investigative report should not only communicate the relevant facts, but also present expert opinion. This report should not include the cases in which the expert acted as a lay witness. Which of the following type of witnesses is a lay witness?

Which of the following statements are true about session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

In which of the following access control models can a user not grant permissions to other users to see a copy of an object marked as secret that he has received, unless they have the appropriate permissions?

Which of the following is used to provide a protective shield for the data passing over the Internet?

Maria works as the Chief Security Officer for PassGuide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

Which of the following is used over the Internet for better security?

Which of the following codes is used to crack Windows login passwords?

A ________ attack is designed to bring loss of network connectivity and services by consuming the bandwidth of a user's network.

Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?

Which of the following is provided by Digital signatures?

A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?

Peter works as a professional Computer Hacking Forensic Investigator for eLaw-Suit law firm. He is working on a case of a cyber crime. Peter knows that the good investigative report should not only communicate the relevant facts, but also present expert opinion. This report should not include the cases in which the expert acted as a lay witness. Which of the following type of witnesses is a lay witness?

An Anti-Virus software is used to prevent, detect, and remove malware from a system, including computer viruses, worms, and Trojan horses. Which of the following companies are the providers of Anti-virus softwares?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following protocols is used the most by web servers?

In which of the following techniques does an attacker take network traffic coming towards a host at one port and forward it from that host to another host?

Which of the following is an example of a low-interaction production honeypot that is developed and sold by the Swiss company Netsec?

Which of the following attacks is used to hack simple alphabetical passwords?

Which of the following commands is used in Mac OS X to exit Open Firmware and to continue the booting process?

Cola Co. manufactures, markets, sells, and distributes non-alcoholic potables such as Lemcaa and Thunder Up under its brand name Cola and uses green and red logo. Mola Co., a new company, starts manufacturing, marketing, selling, and distributing non-alcoholic potables like Lumca and Cloud Up under its brand name Mola and uses green and red logo. Which of the following violations has been committed by Mola Co.?

Which of the following attacks is a man-in-the-middle exploit where a third party can gain HTTPS cookie data?

You work as a Network Administrator for Infonet Inc. The company's office has a wireless network. Wireless access point on the network works as a router and DHCP server. You want to configure a laptop to connect to the wireless network. What will you configure on the laptop to accomplish the task?

Which of the following tools is used to catch someone installing a rootkit or running a packet sniffer?

Which of the following tools will you use to prevent from session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following viruses/worms uses the buffer overflow attack?

Which of the following malware spread through the Internet and caused a large DoS attack in

1988?

You work as a Network Administrator for DataSoft Inc. The company needs a secure network. You have been assigned the task to track the network attacks that have occurred within the last one month. To accomplish the task, you need to scan the log files for suspicious events and patterns.

Which of the following will you use to scan the log files?

You have made a program secure.c to display which ports are open and what types of services are running on these ports. You want to write the program's output to standard output and simultaneously copy it into a specified file. Which of the following commands will you use to accomplish the task?

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He observes that the We-are-secure server is vulnerable to a special type of DoS attack and he makes the following suggestions to the security authority to protect the server from this DoS attack. The countermeasures against this type of DoS attack are as follows:

l Disabling IP-directed broadcasts at the We-are-secure router

l Configuring local computers so as not to respond to such ICMP packets that are configured to be sent to IP broadcast addresses

Which of the following DoS attacks has John discovered as a vulnerability for the We-are-secure security network?

Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?

Mark has been assigned a project to configure a wireless network for a company. The network should contain a Windows 2003 server and 30 Windows XP client computers. Mark has a single dedicated Internet connection that has to be shared among all the client computers and the server. The configuration needs to be done in a manner that the server should act as a proxy server for the client computers. Which of the following programs can Mark use to fulfill this requirement?

Which of the following needs to be documented to preserve evidences for presentation in court?

You manage a Windows Server 2008 server named uCert1 in a domain named PassGuide.com.

uCert1 has the Web Server (IIS) role installed and hosts an intranet Web site named

PassGuideInternal.

You want to ensure that all authentication traffic to the Web site is encrypted securely without the use of SSL. You disable Anonymous Authentication. What else should you do?

Which of the following software can be used to protect a computer system from external threats (viruses, worms, malware, or Trojans) and malicious attacks?

Each correct answer represents a part of the solution. Choose all that apply.

Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?

Which of the following wireless networks transmits data probably at 115 Kbps?