What is the advantage in encrypting the communication between the agent and the monitor in an
Intrusion Detection System?

There is a WEP encrypted wireless access point (AP) with no clients connected. In order to crack
the WEP key, a fake authentication needs to be performed. What information is needed when
performing fake authentication to an AP? (Choose two.)

Study the following exploit code taken from a Linux machine and answer the questions below:
echo “ingreslock stream tcp nowait root /bin/sh sh –I” > /tmp/x;
/usr/sbin/inetd –s /tmp/x;
sleep 10;

/bin/ rm –f /tmp/x AAAA…AAA
In the above exploit code, the command “/bin/sh sh –I” is given.
What is the purpose, and why is ‘sh’ shown twice?

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and
analyzes the received response?

The programmers on your team are analyzing the free, open source software being used to run
FTP services on a server. They notice that there is an excessive number of fgets() and gets() on
the source code. These C++ functions do not check bounds.
What kind of attack is this program susceptible to?

How do employers protect assets with security policies pertaining to employee surveillance
activities?

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary
data storage area) then it was intended to hold.
What is the most common cause of buffer overflow in software today?

When analyzing the IDS logs, the system administrator noticed an alert was logged when the
external router was accessed from the administrator’s computer to update the router configuration.
What type of an alert is this?

The following exploit code is extracted from what kind of attack?

Which of the following parameters enables NMAP’s operating system detection feature?