 |
 |
|
|
Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.
nmap -sn -sF 10.1.0.0/16 445
nmap -p 445 -n -T4 -open 10.1.0.0/16
nmap -s 445 -sU -T5 10.1.0.0/16
map -p 445 -max -Pn 10.1.0.0/16
SHOW ANSWERIt is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again. Which of the following terms best matches the definition?
Ransomware
Adware
Spyware
Riskware
SHOW ANSWERWhat are the three types of authentication?
Something you: know, remember, prove
Something you: have, know, are
Something you: show, prove, are
Something you: show, have, prove
SHOW ANSWERWhat is the proper response for a NULL scan if the port is open?
SYN
ACK
FIN
PSH
RST
No response
SHOW ANSWERAn nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.
2
256
512
Over 10, 000
SHOW ANSWERWhen analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this?
False positive
False negative
True positve
True negative
SHOW ANSWERHow does an operating system protect the passwords used for account logins?
The operating system performs a one-way hash of the passwords.
The operating system stores the passwords in a secret file that users cannot find.
The operating system encrypts the passwords, and decrypts them when needed.
The operating system stores all passwords in a protected segment of non-volatile memory.
The operating system stores all passwords in a protected segment of non-volatile memory.
SHOW ANSWERWhat type of analysis is performed when an attacker has partial knowledge of innerworkings of the application?
Black-box
Announced
White-box
Grey-box
SHOW ANSWERWhich of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?
Netstat WMI Scan
Silent Dependencies
Consider unscanned ports as closed
Reduce parallel connections on congestion
SHOW ANSWERName two software tools used for OS guessing? (Choose two.)
Nmap
Snadboy
Queso
UserInfo
NetBus
SHOW ANSWERWhat is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?
Proper testing
Secure coding principles
Systems security and architecture review
Analysis of interrupts within the software
SHOW ANSWERBob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com"". Which statement below is true?
This is probably a legitimate message as it comes from a respectable organization.
Bob should write to scottsmelby@yahoo.com to verify the identity of Scott.
This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
This is a scam because Bob does not know Scott
SHOW ANSWERYou are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
nmap -A - Pn
nmap -sP -p-65535-T5
nmap -sT -O -T0
nmap -A --host-timeout 99-T1
SHOW ANSWERWhich of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?
Use digital certificates to authenticate a server prior to sending data.
Verify access right before allowing access to protected information and UI controls.
Validate and escape all information sent to a server.
SHOW ANSWER
