which holds the least risk of detection?
You wish to determine the operating system and type of web server being used. At the same time
you wish to arouse no suspicion within the target organization.
While some of the methods listed below work, which holds the least risk of detection?
Which of the following command results in packets that will appear to originate from the system at 10.8.8.8?
Perimeter testing means determining exactly what your firewall blocks and what it allows. To
conduct a good test, you can spoof source IP addresses and source ports. Which of the following
command results in packets that will appear to originate from the system at 10.8.8.8? Such a
packet is useful for determining whether the firewall is allowing random packets in or out of your
network.
Which of the following tools can be used for that purpose?
Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display,
or modify ACL’s (access control lists) to files or folders and also one that can be used within batch
files.
Which of the following tools can be used for that purpose? (Choose the best answer)
The URL may appear like this: https://www.xsecurity-bank.com/creditcard.asp?
The GET method should never be used when sensitive data such as credit card is being sent to a
CGI program. This is because any GET command will appear in the URL, and will be logged by
any servers. For example, let’s say that you’ve entered your credit card information into a form that
uses the GET method. The URL may appear like this:
https://www.xsecurity-bank.com/creditcard.asp?cardnumber=453453433532234
The GET method appends the credit card number to the URL. This means that anyone with
access to a server log will be able to obtain this information. How would you protect from this type
of attack?
Which of the following buffer overflow exploits are related to Microsoft IIS web server?
Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose
three)
How will you defend against hardware keyloggers when using public computers and Internet Kiosks?
Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a
covert manner so that the person using the keyboard is unaware that their actions are being
monitored.
How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)
which privilege does the web server software execute?
On a default installation of Microsoft IIS web server, under which privilege does the web server
software execute?
Why did this ping sweep only produce a few responses?
Lauren is performing a network audit for her entire company. The entire network is comprised of
around 500 computers. Lauren starts an ICMP ping sweep by sending one IP packet to the
broadcast address of the network, but only receives responses from around five hosts. Why did
this ping sweep only produce a few responses?
How can this help you in footprint the organization?
You are gathering competitive intelligence on XYZ.com. You notice that they have jobs listed on a
few Internet job-hunting sites. There are two job postings for network and system administrators.
How can this help you in footprint the organization?
What can Wayne infer from this traffic log?
Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a
server and came across some inconsistencies. Wayne finds some IP packets from a computer
purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of
15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of
21. What can Wayne infer from this traffic log?