- (Topic 3)
You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don't get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next?

1. A. Use NetScan Tools Pro to conduct the scan
2. B. Run nmap XMAS scan against 192.168.1.10
3. C. Run NULL TCP hping2 against 192.168.1.10
4. D. The firewall is blocking all the scans to 192.168.1.10

Correct Answer: C

- (Topic 23)
Josh is the network administrator for Consultants Galore, an IT consulting firm based in Kansas City. Josh is responsible for the company's entire network which consists of one Windows Server 2003 Active Directory domain. Almost all employees have Remote Desktop access to the servers so they can perform their work duties. Josh has created a security group in Active Directory called "RDP Deny" which contains all the user accounts that should not have Remote Desktop permission to any of the servers. What Group Policy change can Jayson make to ensure that all users in the "RDP Deny" group cannot access
the company servers through Remote Desktop?

1. A. Josh should add the "RDP Deny" group into the list of Restricted Groups to prevent the users from accessing servers remotely.
2. B. By adding the "RDP Deny" group to the "Deny logon as a service" policy, the users in that security group will not be able to establish remote connections to any of the servers.
3. C. He should add the "RDP Deny" group to the "Deny RDP connections to member servers" policy.
4. D. Josh needs to add the "RDP Deny" group to the "Deny logon through Terminal Services" polic
5. E. *

Correct Answer: D
New questions

- (Topic 3)
You are scanning the target network for the first time. You are able to detect few convention open ports. While attempting to perform conventional service identification by connecting to the open ports, the scan yields either bad or no result. As you are unsure of the protocols in use, you want to discover as many different protocols as possible. Which of the following scan options can help you achieve this?

1. A. Nessus sacn with TCP based pings
2. B. Netcat scan with the switches
3. C. Nmap scan with the P (ping scan) switch
4. D. Nmap with the O (Raw IP Packets switch

Correct Answer: D
-sO IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine. If we receive an ICMP protocol unreachable message, then the protocol is not in use. Otherwise we assume it is open. Note that some hosts (AIX, HP-UX, Digital UNIX) and firewalls may not send protocol unreachable messages.

- (Topic 3)
What are twp types of ICMP code used when using the ping command?

1. A. It uses types 0 and 8.
2. B. It uses types 13 and 14.
3. C. It uses types 15 and 17.
4. D. The ping command does not use ICMP but uses UDP.

Correct Answer: A
ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo

- (Topic 19)
John runs a Web Server, IDS and firewall on his network. Recently his Web Server has been under constant hacking attacks. He looks up the IDS log files and sees no Intrusion attempts but the web server constantly locks up and needs rebooting due to various brute force and buffer overflow attacks but still the IDS alerts no intrusion whatsoever.
John become suspicious and views he firewall logs and he notices huge SSL connections constantly hitting web server.
Hackers have been using the encrypted HTTPS protocol to send exploits to the web server and that was the reason the IDS did not detect the intrusions.
How would Jon protect his network form these types of attacks?

1. A. Install a proxy server and terminate SSL at the proxy
2. B. Install a hardware SSL “accelerator” and terminate SSL at this layer
3. C. Enable the IDS to filter encrypted HTTPS traffic
4. D. Enable the firewall to filter encrypted HTTPS traffic

Correct Answer: AB
By terminating the SSL connection at a proxy or a SSL accelerator and then use clear text the distance between the proxy/accelerator and the server, you make it possible for the IDS to scan the traffic.