- (Exam Topic 1)
DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

1. A. Spanning tree
2. B. Dynamic ARP Inspection (DAI)
3. C. Port security
4. D. Layer 2 Attack Prevention Protocol (LAPP)

Correct Answer: B
Dynamic ARP inspection (DAI) protects switching devices against Address Resolution Protocol (ARP) packet spoofing (also known as ARP poisoning or ARP cache poisoning).
DAI inspects ARPs on the LAN and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP spoofing. ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made based on the results of those comparisons. When an attacker tries to use a forged ARP packet to spoof an address, the switch compares the address with entries in the database. If the media access control (MAC) address or IP address in the ARP packet does not match a valid entry in the DHCP snooping database, the packet is dropped.

- (Exam Topic 3)
An attacker scans a host with the below command. Which three flags are set?
# nmap -sX host.domain.com

1. A. This is SYN sca
2. B. SYN flag is set.
3. C. This is Xmas sca
4. D. URG, PUSH and FIN are set.
5. E. This is ACK sca
6. F. ACK flag is set.
7. G. This is Xmas sca
8. H. SYN and ACK flags are set.

Correct Answer: B

- (Exam Topic 2)
What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

1. A. All are hacking tools developed by the legion of doom
2. B. All are tools that can be used not only by hackers, but also security personnel
3. C. All are DDOS tools
4. D. All are tools that are only effective against Windows
5. E. All are tools that are only effective against Linux

Correct Answer: C

- (Exam Topic 1)
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

1. A. 113
2. B. 69
3. C. 123
4. D. 161

Correct Answer: C
https://en.wikipedia.org/wiki/Network_Time_Protocol
The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.
NTP is intended to synchronize all participating computers within a few milliseconds of Coordinated Universal Time (UTC). It uses the intersection algorithm, a modified version of Marzullo's algorithm, to select accurate time servers and is designed to mitigate variable network latency effects. NTP can usually maintain time to within tens of milliseconds over the public Internet and achieve better than one millisecond accuracy in local area networks. Asymmetric routes and network congestion can cause errors of 100 ms or more.
The protocol is usually described in terms of a client-server model but can easily be used in peer-to-peer relationships where both peers consider the other to be a potential time source. Implementations send and receive timestamps using the User Datagram Protocol (UDP) on port number 123.

- (Exam Topic 3)
Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?

1. A. LLMNR/NBT-NS poisoning
2. B. Internal monologue attack
3. C. Pass the ticket
4. D. Pass the hash

Correct Answer: D