1) The chanc chance e of a hard hard drive drive failu failure re is once once every every three three years. years. The cost to buy a new hard drive is $300. It will require require 10 hours to restore the OS and software to the new hard disk. It will require a further hours to restore the database fro! the last backu" to the new hard disk. The recovery "erson earns $10#hour. $10#hour. alculate the S%&' (O' and (%&. (ssu!e the &* + 1 ,100-). hat is the closest a""ro/i!ate cost of this re"lace!ent and recovery o"eration "er year $146: Annu Annual al rate rate of occu occurr rren ence ce (ARO (ARO)) is 0.33 0.33.. Sing Single le loss loss expectancy (S!) is $300 " (14 # $10) $440. %&e Annual loss expectancy (A!) ARO # S! $14'.
) 2ou have successfu successfully lly ained access to your client4s client4s interna internall network and successfully co!"ro!ised a %inu/ server which is "art "art of the the inte interrnal nal I5 netw networ ork. k. 2ou want want to know know whic which h 6icro 6icroso soft ft indo indows ws works workstat tation ions s have have 7le 7le sharin sharin enable enabled. d. hi hich "or "ort woul ould you see listen stenin in on these hese indow dows !achines in the network 44': in*o+s pri,arily uses tcp ports 13- an* 44' for file så 3) A common crypto graphical graphical tool tool is the use use of XOR. XOR. XOR the following binary values: 10110001 00111010 AS!R: 10001011 ) !hich of of the followin following g is a component component of of a ris" assessme assessment# nt#
AS!R: A*,inistrati/e safeguar*s $) %his tool is an &0'.11 &0'.11 !( an* an* !A+,!A+,- "eys crac"ing crac"ing program program that can recover "eys once enough *ata pac"ets have been capture*. t implements the stan*ar* /, attac" along with some optimiations li"e -ore- attac"s2 as well as the %! attac"2 thus ma"ing the attac" much faster compare* to other !( crac"ing tools. !hich of the following tools is being *escribe*#
AS!R: Aircracng
) !hich wireles wireless s hac"ing tool tool attac"s attac"s !( an* !A !A+,-#
AS!R: Aircracng
2) hat does a 7rewall check to "revent "articular "orts and a""lications fro! ettin "ackets into an orani8ation %ransport layer port nu,ers an* application layer &ea*ers &) 4ow can a root"it bypass !in*ows 5 operating system6s "ernel mo*e2 co*e signing policy#
Attac&ing itself to t&e ,aster oot recor* in a &ar* *ri/e an* c&anging t&e ,ac&ines oot seuence5options 7) An inci*ent investigator as"s to receive a copy of the event logs from all firewalls2 pro8y servers2 an* ntrusion 9etection ,ystems 9,) on the networ" of an organiation that has e8perience* a possible breach of security. !hen the investigator attempts to correlate the information in all of the logs the se;uence of many of the logge* events *o not match up. !hat is the most li"ely cause#
%&e attacer altere* or erase* e/ents fro, t&e logs. 10) A company6s security policy states that all !eb browsers must automatically *elete their 4%% browser coo"ies upon terminating. !hat sort of security breach is this policy attempting to mitigate#
Atte,pts y attacers to access e sites t&at trust t&e e ro+ser user y stealing t&e users aut&entication cre*entials. 11)%he security concept of
8luetoot&
1) A hac"er has successfully infecte* an internet facing server2 which he will then use to sen* >un" mail to ta"e part in the coor*inate*
attac"s or host >un" email content. !hich sort of tro>an infects this server#
8otnet %ro9an 1') !hen you are testing a web application2 it is very useful to employ a pro8y tool to save every re;uest an* response. ?ou can manually test every re;uest an* analye the response to fin* vulnerabilities. ?ou can test parameter an* hea*ers manually to get more precise results than if using web vulnerability scanners. !hat pro8y tool will help you fin* web vulnerabilities# 8urpsuite: =urpsuite is also a very powerful vulnerability scanner2 spi*er an* much more@ 1) !hich of the following *efines the role of a root ertificate Authority A) in a ublic -ey nfrastructure -)# %&e A is t&e truste* root t&at issues certificates: 15) ?ou are logge* in as a local a*min on a !in*ows 5 system an* you nee* to launch the omputer anagement onsole from comman* line. !hich comman* woul* you use#
c:;+in...;co,p,g,t.,sc 1&) ?ou6ve gaine* access to a !in*ows '00& ,erver which has an accessible *isc *rive. !hen you attempt to boot the server an* log in2 you are unable to guess the passwor*. n your tool "it you have an Bbuntu 7.10 Cinu8 Cive 9. !hich Cinu8 base* tool has the ability to change any user6s passwor* or activate *isable* !in*ows accounts# <%= 17)
!hat is a collision attac" in cryptography#
ollision attacs try to fin* t+o inputs t&at pro*uce t&e sa,e &as& !xplanation: %he birth*ay attac"2 also "nown as a collision attac" or reverse hash matching2 see"s to fin* flaws in the one+to+one nature of hashing functions. n this attac"2 the malicious in*ivi*ual see"s to substitute in a *igitally signe* communication a *ifferent message that pro*uces the same message *igest2 thereby maintaining the vali*ity of the original *igital signature. '0) !hich of the following countermeasure can specifically protect against both the A /loo* an* A ,poofing attac"s#
onfigure =ort Security on t&e s+itc& '1) !hich layere* approach to security hi*es *ata in traffic# %&e correct response is co/ert c&annels. o/ert c&annels are use* to trans,it /aluale *ata in a nor,al traffic pattern of t&e net+or. >t also is use* as a tool to &i*e *ata in > ?= traffic '') !hile performing online ban"ing using a web browser2 a user receives an email that contains a lin" to an interesting website. !hen the user clic"s on the lin"2 another web browser session starts an* *isplays a vi*eo of cats playing a piano. %he ne8t business *ay2 the user receives what loo"s li"e an email from his ban"2 in*icating that his ban" account ha* been accesse* from a foreign country. %he email as"s the user to call his ban" an* verify the authoriation of a fun* transfer that too" place. !hat web browser+base* security vulnerability was e8ploite* to compromise the user#
rosssite Reuest 7orgery !xplanation: ross ,ite Re;uest /orgery X,R/) was committe* against the poor in*ivi*ual. /ortunately the user6s ban" chec"e* with the user prior to sen*ing the fun*s. f it woul* be ross ,ite Re;uest /orgery than transaction shoul*n6t be shown from foreign country. =ecause ,R/ sen*s re;uest from current user session. t seems X,, attac" where attac"er stolen the coo"ie an* ma*e a transaction using that coo"ie from foreign country. '3) An attac"er changes the profile information of a particular user victim) on the target website. %he attac"er uses this string to up*ate the victim6s profile to a te8t file an* then submit the *ata to the attac"er6s *atabase. Diframe srcE
rosssite Reuest 7orgery
') A companyIs !eb *evelopment team has become aware of a certain type of security vulnerability in their !eb software. %o mitigate
the possibility of this vulnerability being e8ploite*2 the team wants to mo*ify the software re;uirements to *isallow users from entering 4%C as input into their !eb application. !hat "in* of web application vulnerability li"ely e8ists in their software#
rosssite Scripting /ulneraility '$) erspective clients want to see sample reports from previous penetration tests. !hat shoul* you *o ne8t
Decline, just provide the details of the components that will be there in the report. ') A me*ium+sie* healthcare % business *eci*es to implement a ris" management strategy.!hich of the following is JO% one of the five basic responses to ris"# Delegate '5) A networ" a*ministrator *iscovers several un"nown files in the root *irectory of his Cinu8 /% server. One of the files is a tarball2 two are shell script files2 an* one is a binary file name* nc netcat). %he logs show the user logge* in anonymously2 uploa*e* the files2 e8tracte* the contents2 an* ran the script using a function provi*e* by the ftp servers software. %he ps comman* shows that the nc file is running as process an* the netstat comman* shows the nc process is listening on a networ" port. !hat "in* of vulnerability ha* to have e8iste* to ma"e this remote attac" possible#
7ile syste, per,issions
9) hat is the !ost co!!on !ethod to e/"loit the :;ash ;u: or :ShellShock: vulnerability Through Web servers utilizing CGI Common Gatewa! Interface" to send a malformed environment variable to a vulnerable Web server
<) hat is this Shellshock bash vulnerability atte!"tin to do on this vulnerable %inu/ host env /+4,)=>?@?echo e/"loit4 bash Ac 4cat #etc#"asswd Displa! passwd contents to prompt#
30) hich of the followin is a desin "attern based on distinct "ieces of software "rovidin a""lication functionality as services to other a""lications $ervice %riented &rchitecture '(planation# ( serviceAoriented architecture ,SO() is an architectural "attern in co!"uter software desin in which a""lication co!"onents "rovide services to other co!"onents via a co!!unications "rotocol' ty"ically over a network. The "rinci"les of serviceA orientation are inde"endent of any vendor' "roduct or technoloy
31) hat is the !ost co!!on !ethod to e/"loit the :;ash ;u: or :ShellShock: vulnerability Through Web servers utilizing CGI Common Gatewa! Interface" to send a malformed environment variable to a vulnerable Web server 3) (fter tryin !ulti"le e/"loits' you4ve ained root access to a entos B server. To ensure you !aintain access' what would you do 7rst Download and Install )etcat **" Coel and her tea! have been oin throuh tons of arbae' recycled "a"er' and other rubbish in order to 7nd so!e infor!ation about the taret they are atte!"tin to "enetrate. Dow would you call this ty"e of activity Dumpster Diving# *+" 2ou have successfully ained access to a linu/ server and would like to ensure that the succeedin outoin traEc fro! this server will not be cauht by a Fetwork ;ased Intrusion Getection Syste!s ,FIGS). hat is the best way to evade the FIGS 'ncr!ption
3H) hich I5S& !ode should you use to assure security and con7dentiality of data within the sa!e %(F '$- transport mode
3B) hich of the followin state!ents reardin ethical hackin is incorrect 'thical hacers should never use tools or methods that have the potential of e(ploiting vulnerabilities in an organization/s s!stems 3) 2ou are doin a "entest aainst an orani8ation that has Just recovered fro! a !aJor cyberAattack. The ISO and IO want to co!"letely and totally eli!inate risk. hat is one of the 7rst thins you should e/"lain to these individuals '(plain that !ou cannot eliminate all ris but !ou will be able to reduce ris to acceptable levels
39) 2ou work as a Security (nalyst for a retail orani8ation. In securin the co!"any4s network' you set u" a 7rewall and an IGS. Dowever' hackers are able to attack the network. (fter investiatin' you discover that your IGS is not con7ured "ro"erly and therefore is unable to trier alar!s when needed. hat ty"e of alert is the IGS ivin 0alse )egative '(planation# *alse 5ositive is when IG5S raises an alert even thouh there is no attack where as false Feative is failure of IG5S to raise an alert when there is an attack. True Feative is when IG5S does not raise an alert and there is no attack whereas true "ositive is the successful detection of attack by IG5S.
3<) (n Intrusion Getection Syste!,IGS) has alerted the network ad!inistrator to a "ossibly!alicious sequence of "ackets went to a eb server in the networkKs e/ternal G6L. The"acket traEc was ca"tured by the IGS and saved to a 5(5 7le. hat ty"e of network tool can be used to deter!ine if these "ackets are enuinely!alicious or si!"ly a false "ositive Intrusion -revention $!stem I-$" 0) 5M5' SS%' and IN& are all e/a!"les of which ty"e of cry"tora"hy -ublic 1e!
1) It isan entity or event with the "otential to adversely i!"act a syste! throuh unauthori8edaccess destruction disclosures denial of service or !odi7cation of data. hich of the followin ter!s best !atches this de7nition Threat ) Gurin a blackbo/ "en test you atte!"t to "ass I traEc over "ost 90#T5 fro! aco!"ro!ised web enabled host. The traEc ets blocked? however outbound DTT5 traEc isuni!"eded. hat ty"e of 7rewall is ins"ectin outbound traEc &pplication 3) hich of the followin is not a ;luetooth attack 2luedriving ) 2ouKve ained "hysical access to a indows 009 server which has as accessible discdrive. hen you atte!"t to boot the server and lo in' you are unable to uess the "assword. In your tool kit you have an buntu <.10 %inu/ %iveG.hich %inu/ tool has theability to chane any userKs "assword or to activate disabled indows (ccounts 3ohn the 4ipper H) ( co!"anyKs eb develo"!ent tea! has beco!e aware ofa certain ty"e of securityvulnerability in their eb software. To !itiate the "ossibility of this vulnerability beine/"loited' the tea! wants to !odify the software require!ents to disallow users fro!enterin DT6% as in"ut into their eb a""lication. hat kind of web a""lication vulnerability likely e/ists in their software Cross5site $cripting vulnerabilit! B) The "ur"ose of a PPPPPPPPPPPP is to deny network access to local area networks andother infor!ation assets by unauthori8ed wireless devices Wireless Intrusion -revention $!stem )
