Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement
he signed with the client, Harold is performing research online and seeing how much exposure the site has
received so far. Harold navigates to google.com and types in the following search. link:www.ghttech.net What
will this search produce?

Why is it a good idea to perform a penetration test from the inside?

The objective of this act was to protect consumers’ personal financial information held by financial institutions
and their service providers.

You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test
for. You conduct a search for IT jobs on Dice.com and find the following information for an open position: 7+
years experience in Windows Server environment 5+ years experience in Exchange 2000/2003 environment
Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are
required MCSA desired, MCSE, CEH preferred No Unix/Linux Experience needed What is this information
posted on the job website considered?

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in
Tokyo. Terri’s duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP
packet to one of the company’s switches with ACK bit and the source address of her machine set. What is
Terri trying to accomplish by sending this IP packet?

What are the security risks of running a “repair” installation for Windows XP?

You have compromised a lower-level administrator account on an Active Directory network of a small company
in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain
Controllers on port 389 using ldp.exe. What are you trying to accomplish here?

Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his
production network. In this honeypot, he has placed a server running Windows Active Directory. He has also
placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download
sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder
accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the
intruder for stealing sensitive corporate information. Why will this not be viable?

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a
DMZ, stateful firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken,
none of the hosts on her network can reach the Internet. Why is that?

Software firewalls work at which layer of the OSI model?