Q351. In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network’s speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same. 

Why does this happen in the VPN over wireless implementation? 

A. The stronger encryption used by the VPN slows down the network. 

B. Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications. 

C. VPNs use larger packets then wireless networks normally do. 

D. Using a VPN on wireless automatically enables WEP, which causes additional overhead. 

Answer: B

Explanation: By applying VPN the access point will have to recalculate all headers destined for client and from clients twice. 


Q352. Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for? 

A. To determine who is the holder of the root account 

B. To perform a DoS 

C. To create needless SPAM 

D. To illicit a response back that will reveal information about email servers and how they treat undeliverable mail 

E. To test for virus protection 

Answer: D

Explanation: Sending a bogus email is one way to find out more about internal servers. Also, to gather additional IP addresses and learn how they treat mail. 


Q353. Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context? 

A. Trailing 

B. Tailgating 

C. Swipe Gating 

D. Smooth Talking 

Answer: B

Explanation: Tailgating, in which an unauthorized person follows someone with a pass into an office, is a very simple social engineering attack. The intruder opens the door, which the authorized user walks through, and then engages them in conversation about the weather or weekend sport while they walk past the reception area together. 


Q354. What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System? 

A. Encryption of agent communications will conceal the presence of the agents 

B. The monitor will know if counterfeit messages are being generated because they will not be encrypted 

C. Alerts are sent to the monitor when a potential intrusion is detected 

D. An intruder could intercept and delete data or alerts and the intrusion can go undetected 

Answer: B


Q355. Steven the hacker realizes the network administrator of Acme Corporation is using syskey in Windows 2008 Server to protect his resources in the organization. Syskey independently encrypts the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to use brute force dictionary attacks on the hashes. Steven runs a program called "SysCracker" targeting the Windows 2008 Server machine in attempting to crack the hash used by Syskey. He needs to configure the encryption level before he can launch the attack. How many bits does Syskey use for encryption? 

A. 40-bit encryption 

B. 128-bit encryption 

C. 256-bit encryption 

D. 64-bit encryption 

Answer: B


Q356. You are conducting an idlescan manually using HPING2. During the scanning process, you notice that almost every query increments the IPID- regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Which of he following options would be a possible reason? 

A. Hping2 can’t be used for idlescanning 

B. The Zombie you are using is not truly idle 

C. These ports are actually open on the target system 

D. A stateful inspection firewall is resetting your queries 

Answer: B

Explanation: If the IPID increments more than one value that means that there has been network traffic between the queries so the zombie is not idle. 


Q357. Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response? 

A. These ports are open because they do not illicit a response. 

B. He can tell that these ports are in stealth mode. 

C. If a port does not respond to an XMAS scan using NMAP, that port is closed. 

D. The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan. 

Answer: A


Q358. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don't respond to requests with invalid community strings and the underlying protocol does not reliably report closed ports. This means that 'no response' from the probed IP address can mean which of the following: 

(Select up to 3) 

A. Invalid community string 

B. S-AUTH protocol is running on the SNMP server 

C. Machine unreachable 

D. SNMP server not running 

Answer: ACD

Explanation: http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 


Q359. DRAG DROP 

Drag the application to match with its correct description. 

Exhibit: 

Answer: 


Q360. You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open. 

What is the next step you would do? 

A. Re-install the operating system. 

B. Re-run anti-virus software. 

C. Install and run Trojan removal software. 

D. Run utility fport and look for the application executable that listens on port 6666. 

Answer: D

Explanation: Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.