Jim performed a vulnerability analysis on his network and found no potential problems. He runs
another utility that executes exploits against his system to verify the results of the vulnerability test.
The second utility executes five known exploits against his network in which the vulnerability analysis
said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?
A
What does ICMP Type 3/Code 13 mean?
A
Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these
laptops contained sensitive corporate information regarding patents and company strategies. A
month after the laptops were stolen, a competing company was found to have just developed
products that almost exactly duplicated products that Meyer produces. What could have prevented
this information from being stolen from the laptops?
B
George is a senior security analyst working for a state agency in Florid
a. His state's congress just passed a bill mandating every state agency to undergo a security audit
annually. After learning what will be required, George needs to implement an IDS as soon as possible
before the first audit occurs. The state bill requires that an IDS with a "time-based induction
machine" be used. What IDS feature must George implement to meet this requirement?
C
Harold wants to set up a firewall on his network but is not sure which one would be the most
appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he
wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold? needs?
C
What
will
the
following
URL
produce
in
an
unpatched
IIS
Web
Server?
http://www.thetargetsite.com/scripts/..%
co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\
A
You are assisting a Department of Defense contract company to become compliant with the stringent
security policies set by the DoD. One such strict rule is that firewalls must only allow incoming
connections that were first initiated by internal computers. What type of firewall must you
implement to abide by this policy?
C
After attending a CEH security seminar, you make a list of changes you would like to perform on your
network to increase its security. One of the first things you change is to switch the
RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent
anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the
seminar, you succeed in establishing a null session with one of the servers. Why is that?
A. RestrictAnonymous must be set to "2" for complete security
B. There is no way to always prevent an anonymous null session from establishing
C. RestrictAnonymous must be set to "10" for complete security
D. RestrictAnonymous must be set to "3" for complete security
A
Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following
command. What is he testing at this point? #include #include int main(int argc, char *argv[]) { char
buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer,
argv[1]); return 0; }
C
George is performing security analysis for Hammond and Sons LLC. He is testing security
vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the
scan. Why would a scanner like Nessus is not recommended in this situation?
B
Jonathan is a network administrator who is currently testing the internal security of his network. He
is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will
Jonathan not succeed?
C
What will the following command produce on a website login page?
SELECT email, passwd, login_id, full_name FROM members
WHERE email = '[email protected]';
DROP TABLE members; --'
C
Explanation: The third line deletes the table named members.
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
C
What is kept in the following directory? HKLM\SECURITY\Policy\Secrets
B
What operating system would respond to the following command? C:\> nmap -sW 10.10.145.65
C