- (Topic 6)
Use the traceroute results shown above to answer the following question:

The perimeter security at targetcorp.com does not permit ICMP TTL-expired packets out.

1. A. True
2. B. False

Correct Answer: A
As seen in the exhibit there is 2 registrations with timeout, this tells us that the firewall filters packets where the TTL has reached 0, when you continue with higher starting values for TTL you will get an answer from the target of the traceroute.

- (Topic 1)
You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123.
Here is the output of your scan results:

Which of the following nmap command did you run?

1. A. nmap -A -sV -p21, 110, 123 10.0.0.5
2. B. nmap -F -sV -p21, 110, 123 10.0.0.5
3. C. nmap -O -sV -p21, 110, 123 10.0.0.5
4. D. nmap -T -sV -p21, 110, 123 10.0.0.5

Correct Answer: C

- (Topic 2)
Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet:

How can you protect/fix the problem of your application as shown above?

1. A. Because the counter starts with 0, we would stop when the counter is less than 200
2. B. Because the counter starts with 0, we would stop when the counter is more than 200
3. C. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data
4. D. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data

Correct Answer: AD

- (Topic 7)
In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.
If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

1. A. Full Blown
2. B. Thorough
3. C. Hybrid
4. D. BruteDics

Correct Answer: C
A combination of Brute force and Dictionary attack is called a Hybrid attack or Hybrid dictionary attack.

- (Topic 8)
You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250.
Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server?

1. A. 200-250
2. B. 121-371
3. C. 120-321
4. D. 121-231
5. E. 120-370

Correct Answer: B
Package number 120 have already been received by the server and the window is 250 packets, so any package number from 121 (next in sequence) to 371 (121+250).