[chinonk]

QUESTION 170:

You wish to determine the operating system and type of web server being used. At
the same time you wish to arouse no suspicion within the target organization.
While some of the methods listed below work, which holds the least risk of
detection?
A. Make some phone calls and attempt to retrieve the information using social
engineering.
B. Use nmap in paranoid mode and scan the web server.
C. Telnet to the web server and issue commands to illicit a response.
D. Use the netcraft web site look for the target organization's web site.

Answer: D

[chinonk]

QUESTION 171:

Bart is looking for a Windows NT/2000/XP command-line tool that can be used to
assign, display, or modify ACL's (access control lists) to files or folders and also one
that can be used within batch files.
Which of the following tools can be used for that purpose? (Choose the best answer)
A. PERM.exe
B. CACLS.exe
C. CLACS.exe
D. NTPERM.exe

Answer: B

[chinonk]

QUESTION 172:

Which of the following buffer overflow exploits are related to Microsoft IIS web
server? (Choose three)
A. Internet Printing Protocol (IPP) buffer overflow
B. Code Red Worm
C. Indexing services ISAPI extension buffer overflow
D. NeXT buffer overflow

Answer: A, B, C

[chinonk]

QUESTION 173:

On a default installation of Microsoft IIS web server, under which privilege does the
web server software execute?
A. Everyone
B. Guest
C. System
D. Administrator

Answer: C

[chinonk]

QUESTION 174:

You are gathering competitive intelligence on an Certkiller .com. You notice that
they have jobs listed on a few Internet job-hunting sites. There are two job postings
for network and system administrators. How can this help you in footprint the
organization?
A. The IP range used by the target network
B. An understanding of the number of employees in the company
C. How strong the corporate security policy is
D. The types of operating systems and applications being used.

Answer: D

[chinonk]

QUESTION 175:

What are the three phases involved in security testing ?
A. Reconnaissance, Conduct, Report
B. Reconnaissance, Scanning, Conclusion
C. Preparation, Conduct, Conclusion
D. Preparation, Conduct, Billing

Answer: C

[chinonk]

QUESTION 176:

You visit a website to retrieve the listing of a company's staff members. But you can not
find it on the website. You know the listing was certainly present one year before. How
can you retrieve information from the outdated website?
A. Through Google searching cached files
B. Through Archive.org
C. Download the website and crawl it
D. Visit customers' and prtners' websites

Answer: B

[chinonk]

QUESTION 176:

You visit a website to retrieve the listing of a company's staff members. But you can not
find it on the website. You know the listing was certainly present one year before. How
can you retrieve information from the outdated website?
A. Through Google searching cached files
B. Through Archive.org
C. Download the website and crawl it
D. Visit customers' and prtners' websites

Answer: B

[chinonk]

QUESTION 177:

You work as security technician at Certkiller .com. While doing web application
testing, you might be required to look through multiple web pages online which can
take a long time. Which of the processes listed below would be a more efficient way
of doing this type of validation?
A. Use mget to download all pages locally for further inspection.
B. Use wget to download all pages locally for further inspection.
C. Use get* to download all pages locally for further inspection.
D. Use get() to download all pages locally for further inspection.

Answer: B

[chinonk]

QUESTION 179:

This kind of attack will let you assume a users identity at a dynamically generated
web page or site:
A. SQL Injection
B. Cross Site Scripting
C. Session Hijacking
D. Zone Transfer

Answer: B

[chinonk]

QUESTION 180:

____________ will let you assume a users identity at a dynamically generated web
page or site.
A. SQL attack
B. Injection attack
C. Cross site scripting
D. The shell attack
E. Winzapper

Answer: C

[chinonk]

QUESTION 183:

Bob is a very security conscious computer user. He plans to test a site that is known
to have malicious applets, code, and more. Bob always make use of a basic Web
Browser to perform such testing.
Which of the following web browser can adequately fill this purpose?
A. Internet Explorer
B. Mozila
C. Lynx
D. Tiger

Answer: C

[chinonk]

QUESTION 184:

Clive has been hired to perform a Black-Box test by one of his clients.
How much information will Clive obtain from the client before commencing his
test?
A. IP Range, OS, and patches installed.
B. Only the IP address range.
C. Nothing but corporate name.
D. All that is available from the client site.

Answer: C

[chinonk]

QUESTION 185:

Scanning for services is an easy job for Bob as there are so many tools available
from the Internet. In order for him to check the vulnerability of Certkiller , he went
through a few scanners that are currently available. Here are the scanners that he
uses:
1. Axent's NetRecon (http://www.axent.com)
2. SARA, by Advanced Research Organization (http://www-arc.com/sara)
3. VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)
However, there are many other alternative ways to make sure that the services that
have been scanned will be more accurate and detailed for Bob.
What would be the best method to accurately identify the services running on a
victim host?
A. Using Cheops-ng to identify the devices of Certkiller .
B. Using the manual method of telnet to each of the open ports of Certkiller .
C. Using a vulnerability scanner to try to probe each port to verify or figure out which
service is running for Certkiller .
D. Using the default port and OS to make a best guess of what services are running on
each port for Certkiller .

Answer: B

[chinonk]

QUESTION 186:

Jim is having no luck performing a penetration test in Certkiller 's network. He is
running the tests from home and has downloaded every security scanner that he
could lay his hands on. Despite knowing the IP range of all the systems, and the
exact network configuration, Jim is unable to get any useful results.
Why is Jim having these problems?
A. Security scanners are not designed to do testing through a firewall.
B. Security scanners cannot perform vulnerability linkage.
C. Security scanners are only as smart as their database and cannot find unpublished
vulnerabilities.
D. All of the above.

Answer: D

[chinonk]

QUESTION 187:

You have just received an assignment for an assessment at a company site. Company's
management is concerned about external threat and wants to take appropriate steps to
insure security is in place. Anyway the management is also worried about possible
threats coming from inside the site, specifically from employees belonging to different
Departments. What kind of assessment will you be performing ?
A. Black box testing
B. Black hat testing
C. Gray box testing
D. Gray hat testing
E. White box testing
F. White hat testing

Answer: C

[chinonk]

QUESTION 188:

What does black box testing mean?
A. You have full knowledge of the environment
B. You have no knowledge of the environment
C. You have partial knowledge of the environment

Answer: B

[chinonk]

QUESTION 189:

Which of the following is the best way an attacker can passively learn about
technologies used in an organization?
A. By sending web bugs to key personnel
B. By webcrawling the organization web site
C. By searching regional newspapers and job databases for skill sets technology hires
need to possess in the organization
D. By performing a port scan on the organization's web site

Answer: C

[chinonk]

QUESTION 193:

Bob has been hired to do a web application security test. Bob notices that the site is
dynamic and infers that they mist be making use of a database at the application
back end. Bob wants to validate whether SQL Injection would be possible.
What is the first character that Bob should use to attempt breaking valid SQL
requests?
A. Semi Column
B. Double Quote
C. Single Quote
D. Exclamation Mark

Answer: C

[endywh]

bos ane bukan orang it, bisa dipelajari ga bos ?