00:00

QUESTION 56

- (Topic 4)
Which of the following guidelines or standards is associated with the credit card industry?

Correct Answer: D

QUESTION 57

- (Topic 1)
In the context of password security: a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive - though slow. Usually, it tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary combined together to have variations of words, what would you call such an attack?

Correct Answer: C

QUESTION 58

- (Topic 8)
If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).

Correct Answer: A
When and ACK is sent to an open port, a RST is returned.

QUESTION 59

- (Topic 5)
Advanced encryption standard is an algorithm used for which of the following?

Correct Answer: C

QUESTION 60

- (Topic 8)
Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of XYZ, he went through a few scanners that are currently available. Here are the scanners that he uses:
1. Axent’s NetRecon (http://www.axent.com)
2. SARA, by Advanced Research Organization (http://www-arc.com/sara)
3. VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)
However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob.
What would be the best method to accurately identify the services running on a victim host?

Correct Answer: B
By running a telnet connection to the open ports you will receive banners that tells you what service is answering on that specific port.