NEW QUESTION 1
Which of the following rootkits adds additional code or replaces portions of an operating system, including both the kernel and associated device drivers?

• A. Hypervisor rootkit
• B. Boot loader rootkit
• C. Kernel level rootkit
• D. Library rootkit

Answer: C

NEW QUESTION 2
Which of the following is the method of hiding data within another media type such as graphic or document?

• A. Spoofing
• B. Steganography
• C. Packet sniffing
• D. Cryptanalysis

Answer: B

NEW QUESTION 3
You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and placement. Which of the following steps are you using to perform hacking?

• A. Scanning
• B. Covering tracks
• C. Reconnaissance
• D. Gaining access

Answer: C

NEW QUESTION 4
You are monitoring your network's behavior. You find a sudden increase in traffic on the network. It seems to come in bursts and emanate from one specific machine. You have been able to determine that a user of that machine is unaware of the activity and lacks the computer knowledge required to be responsible for a computer attack. What attack might this indicate?

• A. Spyware
• B. Ping Flood
• C. Denial of Service
• D. Session Hijacking

Answer: A

NEW QUESTION 5
Adam, a novice computer user, works primarily from home as a medical professional. He just bought a brand new Dual Core Pentium computer with over 3 GB of RAM. After about two months of working on his new computer, he notices that it is not running nearly as fast as it used to. Adam uses antivirus software, anti-spyware software, and keeps the computer up-to-date with Microsoft patches. After another month of working on the computer, Adam finds that his computer is even more noticeably slow. He also notices a window or two pop-up on his screen, but they quickly disappear. He has seen these windows show up, even when he has not been on the Internet. Adam notices that his computer only has about 10 GB of free space available. Since his hard drive is a 200 GB hard drive, Adam thinks this is very odd.
Which of the following is the mostly likely the cause of the problem?

• A. Computer is infected with the stealth kernel level rootkit.
• B. Computer is infected with stealth virus.
• C. Computer is infected with the Stealth Trojan Virus.
• D. Computer is infected with the Self-Replication Worm.

Answer: A

NEW QUESTION 6
Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen.
Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections.
Which of the following steps of the incident handling process is being performed by Adam?

• A. Recovery
• B. Eradication
• C. Identification
• D. Containment

Answer: D

NEW QUESTION 7
CORRECT TEXT
Fill in the blank with the appropriate term.
_______is the practice of monitoring and potentially restricting the flow of information outbound from one network to another

• A.

Answer: Egressfiltering

NEW QUESTION 8
Which of the following techniques is used when a system performs the penetration testing with the objective of accessing unauthorized information residing inside a computer?

• A. Van Eck Phreaking
• B. Phreaking
• C. Biometrician
• D. Port scanning

Answer: D

NEW QUESTION 9
Which of the following statements about buffer overflow is true?

• A. It manages security credentials and public keys for message encryption.
• B. It is a collection of files used by Microsoft for software updates released between major service pack releases.
• C. It is a condition in which an application receives more data than it is configured to accept.
• D. It is a false warning about a virus.

Answer: C

NEW QUESTION 10
You run the following PHP script:
<?php $name = mysql_real_escape_string($_POST["name"]);
$password = mysql_real_escape_string($_POST["password"]); ?>
What is the use of the mysql_real_escape_string() function in the above script.
Each correct answer represents a complete solution. Choose all that apply.

• A. It can be used to mitigate a cross site scripting attack.
• B. It can be used as a countermeasure against a SQL injection attack.
• C. It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".
• D. It escapes all special characters from strings $_POST["name"] and $_POST["password"].

Answer: BD

NEW QUESTION 11
5.2.92:4079 ---------FIN--------->192.5.2.110:23192.5.2.92:4079 <----NO RESPONSE---
---192.5.2.110:23
Scan directed at closed port:
ClientServer

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12
You work as a Network Administrator for Marioxnet Inc. You have the responsibility of handling two routers with BGP protocol for the enterprise's network. One of the two routers gets flooded with an unexpected number of data packets, while the other router starves with no packets reaching it. Which of the following attacks can be a potential cause of this?

• A. Packet manipulation
• B. Denial-of-Service
• C. Spoofing
• D. Eavesdropping

Answer: B

NEW QUESTION 13
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He enters a single quote in the input field of the login page of the We- are-secure Web site and receives the following error message:
Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14'
This error message shows that the We-are-secure Website is vulnerable to __________.

• A. A buffer overflow
• B. A Denial-of-Service attack
• C. A SQL injection attack
• D. An XSS attack

Answer: C

NEW QUESTION 14
Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.
What is the name of this library?

• A. PCAP
• B. SysPCap
• C. WinPCap
• D. libpcap

Answer: C

NEW QUESTION 15
Which of the following tools is used to download the Web pages of a Website on the local system?

• A. wget
• B. jplag
• C. Nessus
• D. Ettercap

Answer: A

NEW QUESTION 16
Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

• A. Use of a long random number or string as the session key reduces session hijacking.
• B. It is used to slow the working of victim's network resources.
• C. TCP session hijacking is when a hacker takes over a TCP session between two machines.
• D. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

Answer: ACD

NEW QUESTION 17
Which of the following attacks is specially used for cracking a password?

• A. PING attack
• B. Dictionary attack
• C. Vulnerability attack
• D. DoS attack

Answer: B

NEW QUESTION 18
......