Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

1. A. Use the built-in Windows Update tool
2. B. Use a scan tool like Nessus
3. C. Check MITRE.org for the latest list of CVE findings
4. D. Create a disk image of a clean Windows installation

Correct Answer: B

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

1. A. VoIP footprinting
2. B. VPN footprinting
3. C. Whois footprinting
4. D. Email footprinting

Correct Answer: C
WHOIS (pronounced because the phrase who is) may be a query and response protocol and whois footprinting may be a method for glance information about ownership of a website name as following:• name details• Contact details contain phone no. and email address of the owner• Registration date for the name• Expire date for the name• name servers

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.
However, he is unable to capture any logons though he knows that other users are logging in. What do you think is the most likely reason behind this?

1. A. There is a NIDS present on that segment.
2. B. Kerberos is preventing it.
3. C. Windows logons cannot be sniffed.
4. D. L0phtcrack only sniffs logons to web servers.

Correct Answer: B

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

1. A. IDS log
2. B. Event logs on domain controller
3. C. Internet Firewall/Proxy log.
4. D. Event logs on the PC

Correct Answer: C

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

1. A. Heuristic Analysis
2. B. Code Emulation
3. C. Scanning
4. D. Integrity checking

Correct Answer: B