- (Topic 19)
The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line the source code that might lead to buffer overflow.

1. A. Line number 31.
2. B. Line number 15
3. C. Line number 8
4. D. Line number 14

Correct Answer: B

- (Topic 12)
Annie has just succeeded is stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible?

1. A. Any Cookie can be replayed irrespective of the session status
2. B. The scenario is invalid as a secure cookie can’t be replayed
3. C. It works because encryption is performed at the network layer (layer 1 encryption)
4. D. It works because encryption is performed at the application layer (Single Encryption Key)

Correct Answer: D
Single key encryption (conventional cryptography) uses a single word or phrase as the key. The same key is used by the sender to encrypt and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from one to the other. With TLS or SSL this would not be possible.

- (Topic 23)
What techniques would you use to evade IDS during a Port Scan? (Select 4 answers)

1. A. Use fragmented IP packets
2. B. Spoof your IP address when launching attacks and sniff responses from the server
3. C. Overload the IDS with Junk traffic to mask your scan
4. D. Use source routing (if possible)
5. E. Connect to proxy servers or compromised Trojaned machines to launch attacks

Correct Answer: ABDE

- (Topic 4)
Jonathan being a keen administrator has followed all of the best practices he could find on securing his Windows Server. He renamed the Administrator account to a new name that can’t be easily guessed but there remain people who attempt to
compromise his newly renamed administrator account. How can a remote attacker decipher the name of the administrator account if it has been renamed?

1. A. The attacker guessed the new name
2. B. The attacker used the user2sid program
3. C. The attacker used to sid2user program
4. D. The attacker used NMAP with the V option

Correct Answer: C
User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions LookupAccountName and LookupAccountSid respectively. What is more these can be called against a remote machine without providing logon credentials save those needed for a null session connection.

- (Topic 22)
Jim was having no luck performing a penetration test on his company’s network. He was running the test from home and had downloaded every security scanner he could lay his hands on. Despite knowing the IP range of all of the systems and the exact network configuration, Jim was unable to get any useful results. Why is Jim having these problems?

1. A. Security scanners can’t perform vulnerability linkage
2. B. Security Scanners are not designed to do testing through a firewall
3. C. Security Scanners are only as smart as their database and can’t find unpublished vulnerabilities
4. D. All of the above

Correct Answer: D
Security scanners are designed to find vulnerabilities but not to use them, also they will only find well known vulnerabilities that and no zero day exploits. Therefore you can’t use a security scanner for penetration testing but need a more powerful program.