You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco
router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement
numbers to successfully hijack the telnet session.
Here is the captured data in tcpdump.

What are the next sequence and acknowledgement numbers that the router will send to the victim

machine?

Hayden is the network security administrator for her company, a large finance firm based in Miami.
Hayden just returned from a security conference in Las Vegas where they talked about all kinds of
old and new security threats; many of which she did not know of. Hayden is worried about the
current security state of her company’s network so she decides to start scanning the network from
an external IP address. To see how some of the hosts on her network react, she sends out SYN
packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the
connection is established she sends RST packets to those hosts to stop the session. She does
this to see how her intrusion detection system will log the traffic. What type of scan is Hayden
attempting here?

Web servers are often the most targeted and attacked hosts on organizations’ networks. Attackers
may exploit software bugs in the Web server, underlying operating system, or active content to
gain unauthorized access.

Identify the correct statement related to the above Web Server installation?

If an attacker’s computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on a
closed port, what will be the response?

Jacob is looking through a traffic log that was captured using Wireshark. Jacob has come across
what appears to be SYN requests to an internal computer from a spoofed IP address. What is
Jacob seeing here?

Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers)

Perimeter testing means determining exactly what your firewall blocks and what it allows. To
conduct a good test, you can spoof source IP addresses and source ports. Which of the following
command results in packets that will appear to originate from the system at 10.8.8.8? Such a
packet is useful for determining whether the firewall is allowing random packets in or out of your
network.

The GET method should never be used when sensitive data such as credit card is being sent to a
CGI program. This is because any GET command will appear in the URL, and will be logged by
any servers. For example, let’s say that you’ve entered your credit card information into a form that
uses the GET method. The URL may appear like this:
https://www.xsecurity-bank.com/creditcard.asp?cardnumber=453453433532234
The GET method appends the credit card number to the URL. This means that anyone with
access to a server log will be able to obtain this information. How would you protect from this type
of attack?

Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a
covert manner so that the person using the keyboard is unaware that their actions are being monitored.

How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)

Lauren is performing a network audit for her entire company. The entire network is comprised of
around 500 computers. Lauren starts an ICMP ping sweep by sending one IP packet to the
broadcast address of the network, but only receives responses from around five hosts. Why did
this ping sweep only produce a few responses?