New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

SANS SEC504 - Hacker Tools, Techniques, Exploits and Incident Handling

SANS SEC504 Premium Access     Download Demo    
Page: 5 / 10
Total 328 questions

Which of the following steps of incident response is steady in nature?

A.

Containment

B.

Eradication

C.

Preparation

D.

Recovery

Which of the following ensures that a party to a dispute cannot deny the authenticity of their signature on a document or the sending of a message that they originated?

A.

OS fingerprinting

B.

Reconnaissance

C.

Non-repudiation

D.

Confidentiality

Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denialof-service, or unauthorized changes to system hardware, software, or data?

A.

Disaster Recovery Plan

B.

Cyber Incident Response Plan

C.

Crisis Communication Plan

D.

Occupant Emergency Plan

Which of the following is an Internet mapping technique that relies on various BGP collectors that collect information such as routing updates and tables and provide this information publicly?

A.

AS Route Inference

B.

Path MTU discovery (PMTUD)

C.

AS PATH Inference

D.

Firewalking

You discover that all available network bandwidth is being used by some unknown service. You discover that UDP packets are being used to connect the echo service on one machine to the chargen service on another machine. What kind of attack is this?

A.

Smurf

B.

Denial of Service

C.

Evil Twin

D.

Virus

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He installs a rootkit on the Linux server of the We-are-secure network. Which of the following statements are true about rootkits?

Each correct answer represents a complete solution. Choose all that apply.

A.

They allow an attacker to conduct a buffer overflow.

B.

They allow an attacker to set a Trojan in the operating system and thus open a backdoor for anytime access.

C.

They allow an attacker to replace utility programs that can be used to detect the attacker's activity.

D.

They allow an attacker to run packet sniffers secretly to capture passwords.

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

A.

The attacker must determine the right values for all the form inputs.

B.

The attacker must target a site that doesn't check the referrer header.

C.

The target site should have limited lifetime authentication cookies.

D.

The target site should authenticate in GET and POST parameters, not only cookies.

John works as a Professional Ethical Hacker for NetPerfect Inc. The company has a Linux-based network. All client computers are running on Red Hat 7.0 Linux. The Sales Manager of the company complains to John that his system contains an unknown package named as tar.gz and his documents are exploited. To resolve the problem, John uses a Port scanner to enquire about the open ports and finds out that the HTTP server service port on 27374 is open. He suspects that the other computers on the network are also facing the same problem. John discovers that a malicious application is using the synscan tool to randomly generate IP addresses.

Which of the following worms has attacked the computer?

A.

Code red

B.

Ramen

C.

LoveLetter

D.

Nimda

Which of the following virus is a script that attaches itself to a file or template?

A.

Boot sector

B.

Trojan horse

C.

Macro virus

D.

E-mail virus

Which of the following are used to identify who is responsible for responding to an incident?

A.

Disaster management policies

B.

Incident response manuals

C.

Disaster management manuals

D.

Incident response policies