Ethical Hacking and Countermeasures V8
Question No: 521 – (Topic 6)
One of your team members has asked you to analyze the following SOA record. What is the version?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600
3600 604800 2400.
Explanation: The SOA starts with the format of YYYYMMDDVV where VV is the version.
Question No: 522 – (Topic 6)
The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log
given below and answer the following question:
(Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source – destination entries from log entries.)
What can you infer from the above log?
The system is a windows system which is being scanned unsuccessfully.
The system is a web application server compromised through SQL injection.
The system has been compromised and backdoored by the attacker.
The actual IP of the successful attacker is 22.214.171.124.
Question No: 523 – (Topic 6)
While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.
What is the most likely cause behind this response?
The firewall is dropping the packets.
An in-line IDS is dropping the packets.
A router is blocking ICMP.
The host does not respond to ICMP packets.
Explanation: Type 3 message = Destination Unreachable [RFC792], Code 13 (cause) = Communication Administratively Prohibited [RFC1812]
Question No: 524 – (Topic 6)
Which of the following activities will NOT be considered as passive footprinting?
Go through the rubbish to find out any information that might have been discarded.
Search on financial site such as Yahoo Financial to identify assets.
Scan the range of IP address found in the target DNS database.
Perform multiples queries using a search engine.
Explanation: Passive footprinting is a method in which the attacker never makes contact with the target systems. Scanning the range of IP addresses found in the target DNS is considered making contact to the systems behind the IP addresses that is targeted by the scan.
Question No: 525 – (Topic 6)
While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?
Scan more slowly.
Do not scan the broadcast IP.
Spoof the source IP address.
Only scan the Windows systems.
Explanation: Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time.
Question No: 526 – (Topic 6)
What are the default passwords used by SNMP? (Choose two.)
Explanation: Besides the fact that it passes information in clear text, SNMP also uses well-known passwords. Public and private are the default passwords used by SNMP.
Question No: 527 – (Topic 6)
NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish?
gt; server lt;ipaddressgt;
gt; set type =any
gt; ls -d lt;target.comgt;
Enables DNS spoofing
Loads bogus entries into the DNS table
Verifies zone security
Performs a zone transfer
Resets the DNS cache
Explanation: If DNS has not been properly secured, the command sequence displayed above will perform a zone transfer.
Question No: 528 – (Topic 6)
To what does “message repudiation” refer to what concept in the realm of email security?
Message repudiation means a user can validate which mail server or servers a message was passed through.
Message repudiation means a user can claim damages for a mail message that damaged their reputation.
Message repudiation means a recipient can be sure that a message was sent from a particular person.
Message repudiation means a recipient can be sure that a message was sent from a certain host.
Message repudiation means a sender can claim they did not actually send a particular message.
Explanation: A quality that prevents a third party from being able to prove that a communication between two other parties ever took place. This is a desirable quality if you do not want your communications to be traceable.
Non-repudiation is the opposite quality-a third party can prove that a communication between two other parties took place. Non-repudiation is desirable if you want to be able to trace your communications and prove that they occurred. Repudiation – Denial of message submission or delivery.
Question No: 529 – (Topic 6)
Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Paul notices that when he uses his wireless connection, the
speed is sometimes 54 Mbps and sometimes it is only 24Mbps or less. Paul connects to his wireless router#39;s management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router#39;s logs and notices that the unfamiliar machine has the same MAC address as his laptop. What is Paul seeing here?
Question No: 530 – (Topic 6)
Which of the following tools are used for footprinting? (Choose four)
Explanation: All of the tools listed are used for footprinting except Cheops.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|