Ethical Hacking and Countermeasures
Question No: 11 – (Topic 1)
Which of the following act in the united states specifically criminalizes the transmission of unsolicited commercial e-mail(SPAM) without an existing business relationship.
2004 CANSPAM Act
2003 SPAM Preventing Act
2005 US-SPAM 1030 Act
1990 Computer Misuse Act
Explanation: The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them. The law, which became effective January 1, 2004, covers email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site. A quot;transactional or relationship messagequot; – email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship – may not contain false or misleading routing information, but otherwise is exempt from most provisions of the CAN-SPAM Act.
Topic 2, Footprinting
Question No: 12 – (Topic 2)
Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic?
Domain Name Server (DNS) poisoning
Reverse Address Resolution Protocol (ARP)
Answer: B Explanation:
This reference is close to the one listed DNS poisoning is the correct answer.
This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred
to as cache poisoning.
Question No: 13 – (Topic 2)
How does Traceroute map the route that a packet travels from point A to point B?
It uses a TCP Timestamp packet that will elicit a time exceed in transit message.
It uses a protocol that will be rejected at the gateways on its way to its destination.
It manipulates the value of time to live (TTL) parameter packet to elicit a time exceeded in transit message.
It manipulated flags within packets to force gateways into generating error messages.
Explanation: Traceroute works by increasing the quot;time-to-livequot; value of each successive batch of packets sent. The first three packets have a time-to-live (TTL) value of one (implying that they make a single hop). The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination.
Question No: 14 – (Topic 2)
You are footprinting the www.xsecurity.com domain using the Google Search Engine. You would like to determine what sites link to www.xsecurity .com at the first level of revelance.
Which of the following operator in Google search will you use to achieve this?
Explanation: The query [link:] will list webpages that have links to the specified webpage. For instance, [link:www.google.com] will list webpages that have links pointing to the Google homepage. Note there can be no space between the quot;link:quot; and the web page url.
Question No: 15 – (Topic 2)
A Company security System Administrator is reviewing the network system log files. He notes the following:
->Network log files are at 5 MB at 12:00 noon.
->At 14:00 hours, the log files at 3 MB.
What should he assume has happened and what should he do about the situation?
He should contact the attacker’s ISP as soon as possible and have the connection disconnected.
He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.
He should log the file size, and archive the information, because the router crashed.
He should run a file system check, because the Syslog server has a self correcting file system problem.
He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.
Explanation: You should never assume a host has been compromised without verification. Typically, disconnecting a server is an extreme measure and should only be done when it is confirmed there is a compromise or the server contains such sensitive data that the loss of service outweighs the risk. Never assume that any administrator or automatic process is making changes to a system. Always investigate the root cause of the change on the system and follow your organizations security policy.
Question No: 16 – (Topic 2)
While footprinting a network, what port/service should you look for to attempt a zone transfer?
Explanation: IF TCP port 53 is detected, the opportunity to attempt a zone transfer is there.
Question No: 17 – (Topic 2)
You receive an email with the following message:
We are having technical difficulty in restoring user database record after the recent blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com and change your password.
If you do not reset your password within 7 days, your account will be permanently disabled locking you out from our e-mail services.
Technical Support SuperEmailServices
From this e-mail you suspect that this message was sent by some hacker since you have been using their e-mail services for the last 2 years and they have never sent out an e-mail such as this. You also observe the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers. You immediately enter the following at Windows 2000 command prompt:
You get a response with a valid IP address.
What is the obstructed IP address in the e-mail URL?
Explanation: 0x stands for hexadecimal and DE=222, AD=173, BE=190 and EF=239
Question No: 18 – (Topic 2)
You are footprinting Acme.com to gather competitive intelligence. You visit the acme.com websire for contact information and telephone number numbers but do not find it listed there. You know that they had the entire staff directory listed on their website 12 months ago but now it is not there. How would it be possible for you to retrieve information from the website that is outdated?
Visit google search engine and view the cached copy.
Visit Archive.org site to retrieve the Internet archive of the acme website.
Crawl the entire website and store them into your computer.
Visit the company’s partners and customers website for this information.
Explanation: The Internet Archive (IA) is a non-profit organization dedicated to maintaining an archive of Web and multimedia resources. Located at the Presidio in San Francisco, California, this archive includes quot;snapshots of the World Wide Webquot; (archived copies of pages, taken at various points in time), software, movies, books, and audio recordings (including recordings of live concerts from bands that allow it). This site is found at www.archive.org.
Question No: 19 – (Topic 2)
The terrorist organizations are increasingly blocking all traffic from North America or from Internet Protocol addresses that point to users who rely on the English Language.
Hackers sometimes set a number of criteria for accessing their website. This information is shared among the co-hackers. For example if you are using a machine with the Linux Operating System and the Netscape browser then you will have access to their website in a convert way. When federal investigators using PCs running windows and using Internet Explorer visited the hacker’s shared site, the hacker’s system immediately mounted a distributed denial-of-service attack against the federal system.
Companies today are engaging in tracking competitor’s through reverse IP address lookup sites like whois.com, which provide an IP address’s domain. When the competitor visits the companies website they are directed to a products page without discount and prices are marked higher for their product. When normal users visit the website they are directed to a page with full-blown product details along with attractive discounts. This is based on IP-based blocking, where certain addresses are barred from accessing a site.
What is this masking technique called?
IP Access Blockade
Explanation: Website Cloaking travels under a variety of alias including Stealth, Stealth scripts, IP delivery, Food Script, and Phantom page technology. It’s hot- due to its ability to manipulate those elusive top-ranking results from spider search engines.
Question No: 20 – (Topic 2)
Which of the following tools are used for footprinting?(Choose four.
Explanation: All of the tools listed are used for footprinting except Cheops.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|