00:00

QUESTION 6

- (Topic 2)
Your company has blocked all the ports via external firewall and only allows port 80/443 to connect to the Internet. You want to use FTP to connect to some remote server on the Internet. How would you accomplish this?

Correct Answer: A

QUESTION 7

- (Topic 8)
Which of the following is most effective against passwords? Select the Answer:

Correct Answer: B
The most effective means of password attack is brute force, in a brute force attack the program will attempt to use every possible combination of characters. While this takes longer then a dictionary attack, which uses a text file of real words, it is always capable of
breaking the password.

QUESTION 8

- (Topic 6)
Ann would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point.
Which of the following type of scans would be the most accurate and reliable option?

Correct Answer: C
A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three- way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned.
Example of a three-way handshake followed by a reset:
SourceDestinationSummary
[192.168.0.8][192.168.0.10]TCP: D=80 S=49389 SYN SEQ=3362197786 LEN=0 WIN=5840
[192.168.0.10] [192.168.0.8] TCP: D=49389 S=80 SYN ACK=3362197787 SEQ=58695210 LEN=0 WIN=65535
[192.168.0.8][192.168.0.10]TCP: D=80 S=49389 ACK=58695211 WIN<<2=5840 [192.168.0.8][192.168.0.10]TCP: D=80 S=49389 RST ACK=58695211 WIN<<2=5840

QUESTION 9

- (Topic 7)
Which of the following are well know password-cracking programs?(Choose all that apply.

Correct Answer: AE
L0phtcrack and John the Ripper are two well know password-cracking programs. Netcat is considered the Swiss-army knife of hacking tools, but is not used for password cracking

QUESTION 10

- (Topic 2)
Leesa is the senior security analyst for a publicly traded company. The IT department recently rolled out an intranet for company use only with information ranging from training, to holiday schedules, to human resources data. Leesa wants to make sure the site is not accessible from outside and she also wants to ensure the site is Sarbanes-Oxley (SOX) compliant. Leesa goes to a public library as she wants to do some Google searching to verify whether the company's intranet is accessible from outside and has been indexed by Google. Leesa wants to search for a website title of "intranet" with part of the URL containing the word "intranet" and the words "human resources" somewhere in the webpage.
What Google search will accomplish this?

Correct Answer: C