Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Which of the following Nmap commands will produce the following output?
Output:Starting Nmap 6.47 (http://nmap.org ) at 2015-05-26 12:50 EDT
Nmap scan report for 192.168.1.1
Host is up (0.00042s latency).
Not shown: 65530 open|filtered ports, 65529 filtered ports
PORT STATE SERVICE
111/tcp open rpcbind
999/tcp open garcon
1017/tcp open unknown
1021/tcp open exp1
1023/tcp open netvenuechat
2049/tcp open nfs
17501/tcp open unknown
111/udp open rpcbind
123/udp open ntp
137/udp open netbios-ns
2049/udp open nfs
5353/udp open zeroconf
17501/udp open|filtered unknown
51857/udp open|filtered unknown
54358/udp open|filtered unknown
56228/udp open|filtered unknown
57598/udp open|filtered unknown
59488/udp open|filtered unknown
60027/udp open|filtered unknown

In cryptanalysis and computer security, ‘pass the hash’ is a hacking technique that allows an attacker to
authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user’s
password, instead of requiring the associated plaintext password as is normally the case.
Metasploit Framework has a module for this technique: psexec. The psexec module is often used by
penetration testers to obtain access to a given system that you already know the credentials for. It was written
by sysinternals and has been integrated within the framework. Often as penetration testers, successfully gain
access to a system through some exploit, use meterpreter to grab the passwords or other methods like
fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values.
Which of the following is true hash type and sort order that is using in the psexec module’s ‘smbpass’?

Which protocol is used for setting up secured channels between two devices, typically in VPNs?

You’re doing an internal security audit and you want to find out what ports are open on all the servers. What is
the best way to find out?

Emil uses nmap to scan two hosts using this command.
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:Nmap scan report for 192.168.99.1
Host is up (0.00082s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
53/tcp open domain
80/tcp open http
161/tcp closed snmp
MAC Address: B0:75:D5:33:57:74 (ZTE)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.9 – 2.6.33
Network Distance: 1 hop
Nmap scan report for 192.168.99.7
Host is up (0.000047s latency).
All 1000 scanned ports on 192.168.99.7 are closed
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops
What is his conclusion?

What is the correct process for the TCP three-way handshake connection establishment and connection
termination?

You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines
has 2 connections, one wired and the other wireless. When you verify the configuration of this Windows system
you find two static routes.
route add 10.0.0.0 mask 255.0.0.0 10.0.0.1
route add 0.0.0.0 mask 255.0.0.0 199.168.0.1
What is the main purpose of those static routes?