Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active
Directory database in domains. Passwords are never stored in clear text; passwords are hashed and
the results are stored in the SAM.
NTLM and LM authentication protocols are used to securely store a user's password in the SAM
database using different hashing methods.
The SAM file in Windows Server 2008 is located in which of the following locations?
D
Output modules allow Snort to be much more flexible in the formatting and presentation of output
to its users. Snort has 9 output plug-ins that push out data in different formats. Which one of the
following output plug-ins allows alert data to be written in a format easily importable to a database?
B
DMZ is a network designed to give the public access to the specific internal resources and you might
want to do the same thing for guests visiting organizations without compromising the integrity of the
internal resources. In general, attacks on the wireless networks fall into four basic categories.
Identify the attacks that fall under Passive attacks category.
A
Identify the attack represented in the diagram below:
B
Which among the following information is not furnished by the Rules of Engagement (ROE)
document?
A
In a virtual test environment, Michael is testing the strength and security of BGP using multiple
routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on
"bringing down the Internet".
Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the
routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally
shuts itself down.
What will the other routers communicate between themselves?
C
An external intrusion test and analysis identify security weaknesses and strengths of the client's
systems and networks as they appear from outside the client's security perimeter, usually from the
Internet.
The goal of an external intrusion test and analysis is to demonstrate the existence of known
vulnerabilities that could be exploited by an external attacker.
During external penetration testing, which of the following scanning techniques allow you to
determine a ports state without making a full connection to the host?
B
Today, most organizations would agree that their most valuable IT assets reside within applications
and databases. Most would probably also agree that these are areas that have the weakest levels of
security, thus making them the prime target for malicious activity from system administrators, DBAs,
contractors, consultants, partners, and customers.
Which of the following flaws refers to an application using poorly written encryption code to securely
encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly
protected data such as credit card numbers, SSNs, and other authentication credentials?
B
A firewall protects networked computers from intentional hostile intrusion that could compromise
confidentiality or result in data corruption or denial of service. It examines all traffic routed between
the two networks to see if it meets certain criteri
a. If it does, it is routed between the networks, otherwise it is stopped.
Why is an appliance-based firewall is more secure than those implemented on top of the commercial
operating system (Software based)?
A
Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?
C
Which one of the following is a useful formatting token that takes an int * as an argument, and writes
the number of bytes already written, to that location?
A
In Linux, what is the smallest possible shellcode?
D
Before performing the penetration testing, there will be a pre-contract discussion with different pen-
testers (the team of penetration testers) to gather a quotation to perform pen testing.
Which of the following factors is NOT considered while preparing a price quote to perform pen
testing?
A
Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following
command. What is he testing at this point?
include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[10];
if (argc < 2)
{
fprintf(stderr, "USAGE: %s string\n", argv[0]);
return 1;
}
strcpy(buffer, argv[1]);
return 0;
}
A
DNS information records provide important data about:
B