Q371. Exhibit: 

What type of attack is shown in the above diagram? 

A. SSL Spoofing Attack 

B. Identity Stealing Attack 

C. Session Hijacking Attack 

D. Man-in-the-Middle (MiTM) Attack 

Answer: D

Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. 


Q372. An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. 

Which of the following strategies can be used to defeat detection by a network-based IDS application? (Choose the best answer) 

A. Create a network tunnel. 

B. Create a multiple false positives. 

C. Create a SYN flood. 

D. Create a ping flood. 

Answer: A

Explanation: Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted. 


Q373. What does the following command in "Ettercap" do? 

ettercap –NCLzs –quiet 

A. This command will provide you the entire list of hosts in the LAN 

B. This command will check if someone is poisoning you and will report its IP 

C. This command will detach ettercap from console and log all the sniffed passwords to a file 

D. This command broadcasts ping to scan the LAN instead of ARP request all the subset IPs 

Answer: C

Explanation: -L specifies that logging will be done to a binary file and –s tells us it is running in script mode. 


Q374. In the context of Trojans, what is the definition of a Wrapper? 

A. An encryption tool to protect the Trojan. 

B. A tool used to bind the Trojan with legitimate file. 

C. A tool used to encapsulated packets within a new header and footer. 

D. A tool used to calculate bandwidth and CPU cycles wasted by the Trojan. 

Answer: B

Explanation: These wrappers allow an attacker to take any executable back-door program and combine it with any legitimate executable, creating a Trojan horse without writing a single line of new code. 


Q375. Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result? 

A. The switches will drop into hub mode if the ARP cache is successfully flooded. 

B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks. 

C. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch. 

D. The switches will route all traffic to the broadcast address created collisions. 

Answer: A


Q376. This tool is widely used for ARP Poisoning attack. Name the tool. 

A. Cain and Able 

B. Beat Infector 

C. Poison Ivy 

D. Webarp Infector 

Answer: A


Q377. You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this? 

A. Block TCP at the firewall 

B. Block UDP at the firewall 

C. Block ICMP at the firewall 

D. There is no way to completely block tracerouting into this area 

Answer: D

Explanation: If you create rules that prevents attackers to perform traceroutes to your DMZ then you’ll also prevent anyone from accessing the DMZ from outside the company network and in that case it is not a DMZ you have. 


Q378. Web servers are often the most targeted and attacked hosts on organizations' networks. Attackers may exploit software bugs in the Web server, underlying operating system, or active content to gain unauthorized access. 

Identify the correct statement related to the above Web Server installation? 

A. Lack of proper security policy, procedures and maintenance 

B. Bugs in server software, OS and web applications 

C. Installing the server with default settings 

D. Unpatched security flaws in the server software, OS and applications 

Answer: C


Q379. A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service. 

Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus. 

Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments. 

Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail. 

How do you ensure if the e-mail is authentic and sent from fedex.com? 

A. Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all 

B. Check the Sender ID against the National Spam Database (NSD) 

C. Fake mail will have spelling/grammatical errors 

D. Fake mail uses extensive images, animation and flash content 

Answer: A


Q380. Ethernet switches can be adversely affected by rapidly bombarding them with spoofed ARP responses. He port to MAC Address table (CAM Table) overflows on the switch and rather than failing completely, moves into broadcast mode, then the hacker can sniff all of the packets on the network. 

Which of the following tool achieves this? 

A. ./macof 

B. ./sniffof 

C. ./dnsiff 

D. ./switchsnarf 

Answer: A

Explanation: macof floods the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing).