Blake is in charge of securing all 20 of his company’s servers. He has enabled hardware and
software firewalls, hardened the operating systems, and disabled all unnecessary services on all
the servers. Unfortunately, there is proprietary AS400 emulation software that must run on one of
the servers that requires the telnet service to function properly. Blake is especially concerned
about this since telnet can be a very large security risk in an organization. Blake is concerned
about how this particular server might look to an outside attacker so he decides to perform some
footprinting, scanning, and penetration tests on the server. Blake telnets into the server using Port
80 and types in the following command:
HEAD / HTTP/1.0
After pressing enter twice, Blake gets the following results: What has Blake just accomplished?

You want to perform advanced SQL Injection attack against a vulnerable website. You are unable
to perform command shell hacks on this server. What must be enabled in SQL Server to launch
these attacks?

A majority of attacks come from insiders, people who have direct access to a company’s computer
system as part of their job function or a business relationship. Who is considered an insider?

Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing
company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes
that she was seeing another person. Kevin, who has an online email account that he uses for most
of his mail, knows that Katy has an account with that same company. Kevin logs into his email
account online and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL
to: http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to
access her email account to see if he can find out any information. What is Kevin attempting here
to gain access to Katy’s mailbox?

Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform
contract work for a large state agency in Michigan. Jeremy’s first task is to scan all the company’s
external websites. Jeremy comes upon a login page which appears to allow employees access to
sensitive areas on the website. James types in the following statement in the username field:
SELECT * from Users where username=’admin’ ?AND password=” AND email like
‘%@testers.com%’
What will the SQL statement accomplish?

An attacker is attempting to telnet into a corporation’s system in the DMZ. The attacker doesn’t
want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful
in connecting to the system. The attacker rechecks that the target system is actually listening on
Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target
system. What could be the reason?

If an attacker’s computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an
open port, what will be the response?

Trojan horse attacks pose one of the most serious threats to computer security. The image below
shows different ways a Trojan can get into a system. Which are the easiest and most convincing
ways to infect a computer?

SSL has been seen as the solution to a lot of common security problems. Administrator will often
time make use of SSL to encrypt communications from points A to point B. Why do you think this
could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic
between point A and B?

Jake is a network administrator who needs to get reports from all the computer and network
devices on his network. Jake wants to use SNMP but is afraid that won’t be secure since
passwords and messages are in clear text. How can Jake gather network information in a secure
manner?