- (Topic 23)
You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.
Dear valued customers,
We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:
Antivirus code: 5014 http://www.juggyboy/virus/virus.html
Thank you for choosing us, the worldwide leader Antivirus solutions. Mike Robertson
PDF Reader Support
Copyright Antivirus 2010 ?All rights reserved
If you want to stop receiving mail, please go to: http://www.juggyboy.com
or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama
How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

1. A. Look at the website design, if it looks professional then it is a Real Anti-Virus website
2. B. Connect to the site using SSL, if you are successful then the website is genuine
3. C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
4. D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
5. E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Correct Answer: C

- (Topic 19)
SSL has been seen as the solution to several common security problems. Administrators will often make use of SSL to encrypt communication from point A to point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between point A and B?

1. A. SSL is redundant if you already have IDS in place.
2. B. SSL will trigger rules at regular interval and force the administrator to turn them off.
3. C. SSL will slow down the IDS while it is breaking the encryption to see the packet content.
4. D. SSL will mask the content of the packet and Intrusion Detection System will be blinded.

Correct Answer: D
Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload.

- (Topic 5)
Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?

1. A. Snow
2. B. Gif-It-Up
3. C. NiceText
4. D. Image Hide

Correct Answer: A
The program snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.

- (Topic 4)
What does FIN in TCP flag define?

1. A. Used to close a TCP connection
2. B. Used to abort a TCP connection abruptly
3. C. Used to indicate the beginning of a TCP connection
4. D. Used to acknowledge receipt of a previous packet or transmission

Correct Answer: A
The FIN flag stands for the word FINished. This flag is used to tear down the virtual connections created using the previous flag (SYN), so because of this reason, the FIN flag always appears when the last packets are exchanged between a connection.

- (Topic 23)
You are gathering competitive intelligence on an organization. You notice that they have jobs listed on a few Internet job-hunting sites. There are two jobs for network and system administrators. How can this help you in foot printing the organization?

1. A. To learn about the IP range used by the target network
2. B. To identify the number of employees working for the company
3. C. To test the limits of the corporate security policy enforced in the company
4. D. To learn about the operating systems, services and applications used on the network

Correct Answer: D