- (Topic 3)
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-aresecure server. Which of the following are countermeasures against a brute force attack?
Each correct answer represents a complete solution. Choose all that apply.

1. A. The site should increase the encryption key length of the passwor
2. B. The site should restrict the number of login attempts to only three time
3. C. The site should force its users to change their passwords from time to tim
4. D. The site should use CAPTCHA after a specific number of failed login attempt

Correct Answer: BD

- (Topic 2)
You want to find out what ports a system is listening on. What Is the correct command on a Linux system?

1. A. netstat nap
2. B. f port/p
3. C. tasklist/v
4. D. Isof -nao

Correct Answer: A
Reference:
http://cbl.abuseat.org/advanced.html

- (Topic 3)
Which of the following are the drawbacks of the NTLM Web authentication scheme?
Each correct answer represents a complete solution. Choose all that apply.

1. A. It can be brute forced easil
2. B. It works only with Microsoft Internet Explore
3. C. The password is sent in clear text format to the Web serve
4. D. The password is sent in hashed format to the Web serve

Correct Answer: AB

- (Topic 4)
Which of the following is NOT a Back orifice plug-in?

1. A. BOSOCK32
2. B. STCPIO
3. C. BOPeep
4. D. Beast

Correct Answer: D

- (Topic 2)
You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?

1. A. Idle scan
2. B. TCP SYN scan
3. C. Ping sweep scan
4. D. XMAS scan

Correct Answer: C