- (Exam Topic 3)
Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

1. A. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.
2. B. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.
3. C. SSH communications are encrypted; it’s impossible to know who is the client or the server.
4. D. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Correct Answer: D
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip
Let's just disassemble this entry.
Mar 1, 2016, 7:33:28 AM - time of the request 10.240.250.23 - 54373 - client's IP and port 10.249.253.15 - server IP
- 22 - SSH port

- (Exam Topic 2)
Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.
What is this document called?

1. A. Information Audit Policy (IAP)
2. B. Information Security Policy (ISP)
3. C. Penetration Testing Policy (PTP)
4. D. Company Compliance Policy (CCP)

Correct Answer: B

- (Exam Topic 3)
Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

1. A. ACK flag probe scanning
2. B. ICMP Echo scanning
3. C. SYN/FIN scanning using IP fragments
4. D. IPID scanning

Correct Answer: C
SYN/FIN scanning using IP fragments is a process of scanning that was developed to avoid false positives generated by other scans because of a packet filtering device on the target system. The TCP header splits into several packets to evade the packet filter. For any transmission, every TCP header must have the source and destination port for the initial packet (8-octet, 64-bit). The initialized flags in the next packet allow the remote host to reassemble the packets upon receipt via an Internet protocol module that detects the fragmented data packets using field-equivalent values of the source, destination, protocol, and identification.

- (Exam Topic 1)
Under what conditions does a secondary name server request a zone transfer from a primary name server?

1. A. When a primary SOA is higher that a secondary SOA
2. B. When a secondary SOA is higher that a primary SOA
3. C. When a primary name server has had its service restarted
4. D. When a secondary name server has had its service restarted
5. E. When the TTL falls to zero

Correct Answer: A

- (Exam Topic 2)
in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?

1. A. Delete the wireless network
2. B. Remove all passwords
3. C. Lock all users
4. D. Disable SSID broadcasting

Correct Answer: D
The SSID (service set identifier) is the name of your wireless network. SSID broadcast is how your router transmits this name to surrounding devices. Its primary function is to make your network visible and easily accessible. Most routers broadcast their SSIDs automatically. To disable or enable SSID broadcast, you need to change your router’s settings.
Disabling SSID broadcast will make your Wi-FI network name invisible to other users. However, this only hides the name, not the network itself. You cannot disguise the router's activity, so hackers can still attack it.
With your network invisible to wireless devices, connecting becomes a bit more complicated. Just giving a Wi-FI password to your guests is no longer enough. They have to configure their settings manually by including the network name, security mode, and other relevant info.
Disabling SSID might be a small step towards online security, but by no means should it be your final one. Before considering it as a security measure, consider the following aspects:
- Disabling SSID broadcast will not hide your network completely
Disabling SSID broadcast only hides the network name, not the fact that it exists. Your router constantly transmits so-called beacon frames to announce the presence of a wireless network. They contain essential information about the network and help the device connect.
- Third-party software can easily trace a hidden network
Programs such as NetStumbler or Kismet can easily locate hidden networks. You can try using them yourself to see how easy it is to find available networks – hidden or not.
- You might attract unwanted attention.
Disabling your SSID broadcast could also raise suspicion. Most of us assume that when somebody hides something, they have a reason to do so. Thus, some hackers might be attracted to your network.