After a client sends a connection request (SYN) packet to the server, the server will respond
(SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by
the client. This sequence number is predictable; the attack connects to a service first with its own
IP address, records the sequence number chosen, and then opens a second connection from a
forged IP address. The attack doesn’t see the SYN-ACK (or any other packet) from the server, but
can guess the correct responses. If the source IP address is used for authentication, then the
attacker can use the one-sided communication to break into the server. What attacks can you
successfully launch against a server using the above technique?

Which of the following represent weak password? (Select 2 answers)

Harold just got home from working at Henderson LLC where he works as an IT technician. He was
able to get off early because they were not too busy. When he walks into his home office, he
notices his teenage daughter on the computer, apparently chatting with someone online. As soon
as she hears Harold enter the room, she closes all her windows and tries to act like she was
playing a game. When Harold asks her what she was doing, she acts very nervous and does not
give him a straight answer. Harold is very concerned because he does not want his daughter to
fall victim to online predators and the sort. Harold doesn’t necessarily want to install any programs
that will restrict the sites his daughter goes to, because he doesn’t want to alert her to his trying to
figure out what she is doing. Harold wants to use some kind of program that will track her activities
online, and send Harold an email of her activity once a day so he can see what she has been up
to. What kind of software could Harold use to accomplish this?

You are performing a port scan with nmap. You are in hurry and conducting the scans at the
fastest possible speed. However, you don’t want to sacrifice reliability for speed. If stealth is not an
issue, what type of scan should you run to get very reliable results?

Blane is a security analyst for a law firm. One of the lawyers needs to send out an email to a client
but he wants to know if the email is forwarded on to any other recipients. The client is explicitly
asked not to re-send the email since that would be a violation of the lawyer’s and client’s
agreement for this particular case. What can Blane use to accomplish this?

You ping a target IP to check if the host is up. You do not get a response. You suspect ICMP is
blocked at the firewall. Next you use hping2 tool to ping the target host and you get a response.
Why does the host respond to hping2 and not ping packet?

John is the network administrator of XSECURITY systems. His network was recently
compromised. He analyzes the log files to investigate the attack. Take a look at the following Linux
log file snippet. The hacker compromised and “owned” a Linux machine. What is the hacker trying
to accomplish here?

Blake is in charge of securing all 20 of his company’s servers. He has enabled hardware and
software firewalls, hardened the operating systems, and disabled all unnecessary services on all
the servers. Unfortunately, there is proprietary AS400 emulation software that must run on one of
the servers that requires the telnet service to function properly. Blake is especially concerned
about this since telnet can be a very large security risk in an organization. Blake is concerned

about how this particular server might look to an outside attacker so he decides to perform some
footprinting, scanning, and penetration tests on the server. Blake telnets into the server using Port
80 and types in the following command:
HEAD / HTTP/1.0
After pressing enter twice, Blake gets the following results: What has Blake just accomplished?

You want to perform advanced SQL Injection attack against a vulnerable website. You are unable
to perform command shell hacks on this server. What must be enabled in SQL Server to launch
these attacks?

Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing
company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes
that she was seeing another person. Kevin, who has an online email account that he uses for most
of his mail, knows that Katy has an account with that same company. Kevin logs into his email
account online and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL
to: http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to
access her email account to see if he can find out any information. What is Kevin attempting here
to gain access to Katy’s mailbox?