cattechie_lets prepare for ecsa exam

Lets prepare for ECSA exam...

05-Dec.-11

1) Simon is a former employee of Trinitron XML Inc. He feels he was wronglyterminated and wants to hack into his former compan y's network. Since Simonremembers some of the server names, he attempts to run the axfr and ixfrcommands using DIG. What is Simon trying to accompl ish?

A. Perform a zone transfer *B. Perform DNS poisoningC. Send DOS commands to crash the DNS serversD. Enumerate all the users in the domain

2) You are a security analyst who has compromised a lower-level administratoraccount on an Active Directory network of a small c ompany in Dallas, Texas. Afterenumerating the network you discover the Domain Con trollers of the company'snetwork. You connect to one of the Domain Controlle rs on port 389 using ldp.exe.What are you trying to accomplish?

A. Enumerate domain user accounts and built-in groups *B. Enumerate MX and A records from DNSC. Establish a remote connection to the Domain ControllerD. Poison the DNS records with false records

3) You are working on a thesis for your doctorate d egree in Computer Science.Your thesis is based in HTML, DHTML, and other web- based languages and howthey have evolved over the years. You navigate to a rchive.org and view the HTMLcode of news.com from three years ago. You then nav igate to the currentnews.com website and copy over the source code. Whi le searching through thecode, you come across something abnormal: What hav e you found?

A. Web bug *B. CGI codeC. Trojan.downloaderD. Blind bug

4) Harold is a web designer who completed a website for ghttech.net about amonth ago. As part of the maintenance agreement he signed with the client,Harold is performing research online and seeing how much exposure that site hasreceived so far. Harold navigates to google.com and types in the following searchWhat will this search produce?

A. All sites that link to ghttech.net *B. All sites that ghttech.net links toC. All search engines that link to .net domainsD. Sites that contain the code: link:www.ghttech.net

5) As part of the reconnaissance you are performing on a network, you usednstracer to find valuable information. You type in the following command: Whatinformation will this return?

A. The PTR record(s) for 164.58.245.134 *

Home Hacking Chronicle Column Interview E-book Q & A Contact Us

cattechie:Lets prepare for ECSA exam... http://cattechie.com/Q&A-Lets-prepare-for-ECSA-exam.html

1 of 14 2/19/2012 2:40 PM

B. The A record(s) for 164.58.245.134C. The in-addr.arpa record(s) for 164.58.245.134D. The host file record for 164.58.245.134

6) Larry is the network administrator of a Windows environment. Larry uses asniffing tool called WinDump to monitor traffic on his network. Larry's friend, whoworks as a network administrator for another compan y, saw Larry use WinDumpone day and really liked its functionality. The onl y problem is that Larry's friendadministrates a Linux network environment. What equ ivalent tool could Larry'sfriend use to monitor network traffic?

A. Tcpdump *B. PwdumpC. HttportD. Xdump

7) You are a security analyst performing reconnaiss ance on a company you will becarrying out a penetration test for. You do a searc h for IT jobs on Dice.com andfind the following information for an open position : What is this information postedon the job website considered?

A. Information vulnerability *B. Competitive exploitC. Social engineering exploitD. Trade secret

8) What is the following command trying to accompli sh?

A. Verify that UDP port 445 is open for the 192.168.0.0 network *B. Verify that TCP port 445 is open for the 192.168.0.0 networkC. Verify that Netbios is running for the 192.168.0.0 networkD. Verify that UDP port 445 is closed for the 192.168.0.0 network

9) You work as a penetration tester for Hammond Sec urity Consultants. You arecurrently working on a contract for the state gover nment of California. Your nextstep is to initiate a DoS attack on their network. Why would you want to initiate aDoS attack on a system you are testing?

A. List weak points in their network *B. Show outdated equipment so it can be replacedC. Use attack as a launching point to penetrate deeper into the networkD. Demonstrate that no system can be protected against DoS attacks

10) Harold is a security analyst who has just run t he rdisk /s command to grabthe backup SAM file on a computer. Where should Har old navigate on thecomputer to find the file?

A. %systemroot%\repair *B. %systemroot%\system32\drivers\etcC. %systemroot%\system32\LSAD. %systemroot%\LSA

11) Tom is a systems administrator for a Unix netwo rk. He needs to run somebrute force attacks on the passwords of his users t o ensure that they are abidingby the corporate password policy. Where can Tom fin d these passwords?

A. /etc/passwd *B. /drivers/etc/shadowC. /root/hiddenD. /etc/pwd

12) You are a security analyst performing a penetra tion test on a company in theMidwest. After some initial reconnaissance, you dis cover the IP of some Ciscorouters used by the company. You type in the follow ing URL that includes the IPaddress of one of the routers : http://172.168.4.13 1/level/99/exec/show/configAfter typing in this URL, you are presented with th e entire configuration file for thatrouter. What have you discovered?

A. HTTP Configuration Arbitrary Administrative Access Vulnerability *B. HTML Configuration Arbitrary Administrative Access VulnerabilityC. Cisco IOS Arbitrary Administrative Access Online VulnerabilityD. URL Obfuscation Arbitrary Administrative Access Vulnerability

13)What is kept in the following directory? HKLM\SE CURITY\Policy\Secrets


2 of 14 2/19/2012 2:40 PM

A. Service account passwords in plain text *B. Cached password hashes for the past 20 usersC. IAS account names and passwordsD. Local store PKI Kerberos certificates

14) A security analyst is setting up a false survey website that will require users tocreate a username and a strong password. He sends t he link to the site to all theemployees of a company. What information will he be able to gather?

A. The employees' network usernames and passwords *B. Bank account numbers and the corresponding routing numbersC. The IP address of the employees' computersD. The MAC address of the employees' computers

15) Why is it essential that security analysts know Cisco routers inside and out?

A. 75% of enterprise routers are Cisco *B. 90% of enterprise routers are CiscoC. 75% of Internet core routers are CiscoD. 90% of Internet core routers are Cisco

16) 30. Julia is a senior security analyst for Berb er Consulting group. She iscurrently working on a contract for a small account ing firm in Florida. They havegiven her permission to perform social engineering attacks on the company to seeif their in-house training did any good. Julia call s the main number for theaccounting firm and talks to the receptionist. Juli a says that she is an ITtechnician from the company's main office in Iowa. She states that she needs thereceptionist's network username and password to tro ubleshoot a problem they arehaving. Julia says that Bill Hammond, the CEO of th e company, requested thisinformation. After hearing the name of the CEO, the receptionist gave Julia all theinformation she asked for. What principal of social engineering did Julia use?

A. Reciprocation *B. ScarcityC. Friendship/LikingD. Social Validation

17) You are the network administrator for a small b ank in Dallas, Texas. To ensurenetwork security, you enact a security policy that requires all users to have 14character passwords. After giving your users 2 week s, you change the GroupPolicy to force 14 character passwords. The next we ek you dump the SAMdatabase from a domain controller and run a passwor d cracking tool against it.Over 99% of the passwords are broken within an hour . Why were these passwordscracked so quickly?

A. Passwords of 14 characters or less are broken up into two 7-character hashes *B. A password Group Policy change takes at least 3 weeks to completely replicatethroughout a networkC. Networks using Active Directory never use SAM databases so the SAM databasepulled was emptyD. The passwords that were cracked we local accounts on the Domain Controller

18) Why is it a good idea to perform a penetration test from the inside?

A. Because 70% of attacks are from the inside *B. It is never a good idea to perform a penetration test from the insideC. To attack a network from a hacker's perspectiveD. Because 90% of attacks are from the inside

19) What is the smallest possible Windows shellcode ?

A. 800 bytes *B. 1000 bytesC. 600 bytesD. 100 bytes

20) On Linux/Unix based web servers, what privilege should the daemon servicebe run under?

A. Something other than root *B. RootC. You cannot determine what privilege runs the daemon serviceD. Guest

21) Jim has performed a vulnerability analysis on h is network and found nopotential problems. He runs another utility that ex ecutes exploits against hissystem to verify that the vulnerability test was co rrect. The second utility actually


3 of 14 2/19/2012 2:40 PM

is able to execute five known exploits against his network that the vulnerabilityanalysis said were not exploitable. What kind of re sults did Jim receive from hisvulnerability analysis?

A. False negatives *B. False positivesC. True negativesD. True positives

22) You are running known exploits against your net work to test for possiblevulnerabilities. To test the strength of your virus software, you load a test networkto mimic your production network. Your software suc cessfully blocks some simplemacro and encrypted viruses. You decide to really t est the software by using viruscode where the code actually rewrites itself entire ly and the signatures changefrom child to child, but the functionality stays th e same. What type of virus is thisthat you are testing?

A. Metamorphic *B. PolymorphicC. OligomorhicD. Transmorphic

23) After attending a security seminar on the state of network security, you makea list of changes you would like to perform on your network to increase itssecurity. One of the first things you change is to switch the RestrictAnonymoussetting from 0 to 1 on your servers. This, as you w ere told, would preventanonymous users from establishing a null session on the server. Using a utilitymentioned at the seminar, Userinfo, you attempt to establish a null session withone of the servers, and are successful. Why is that ?

A. RestrictAnonymous must be set to "2" for complete security *B. RestrictAnonymous must be set to "3" for complete securityC. RestrictAnonymous must be set to "10" for complete securityD. There is no way to always prevent an anonymous null session from establishing

24) John is using Firewalk to test the security of his Cisco PIX firewall. He is alsoutilizing a sniffer located in a subnet that reside s deep inside his network. Afteranalyzing the sniffer's logs, he does not see any o f the traffic produced byFirewalk. Why is that?

A. Firewalk sets all packets with a TTL of one *B. Firewalk sets all packets with a TTL of zeroC. Firewalk cannot be detected by network sniffersD. Firewalk cannot pass through Cisco firewalls

25) Where would you find a list of well known ports on your Windows Server2003?

A. %systemroot%\system32\drivers\etc\services *B. %systemroot%\system32\servicesC. %systemroot%\system32\WBEM\servicesD. %systemroot%\drivers\etc\services

26) An "idle" system is also referred to as what?

A. Zombie *B. PC not connected to the InternetC. PC not being usedD. Bot

27) Why are Linux/Unix based computers better to us e than Windows computersfor idle scanning?

A. Windows computers are constantly talking *B. Linux/Unix computers are constantly talkingC. Linux/Unix computers are easier to compromiseD. Windows computers will not respond to idle scans

28) If an attacker's computer sends an IPID of 3140 0 to a zombie computer on anopen port, what will be the response?

A. 31401 *B. 31402C. 31399D. The zombie will not send a response

29) Jonathan is a network administrator who is curr ently testing the internal


4 of 14 2/19/2012 2:40 PM

security of his network. He is attempting to hijack a session, using NMAP, of auser connected to his web server. Why will Jonathan not be successful?

A. HTTP does not keep a constant session *B. Only an HTTPS session can be hijackedC. Only FTP traffic can be hijackedD. Only DNS traffic can be hijacked

30) How many possible sequence number combinations are there?

A. 4 billion *B. 320 billionC. 1 billionD. 32 million

31) You have SNMP set up in multiple offices of you r company. Your SNMPsoftware manager is not receiving data from the oth er offices like it is for yourmain office. You suspect that firewall changes are to blame. What ports should beopen for SNMP to talk properly? (Select 2)

A. 162 *B. 161 *C. 389D. 445

32) Harold is the senior security analyst for a law firm on the East coast. He wantsto test the security of his company's web pages, so he decides to use FormScalpel from an outside connection through a proxy server over HTTPS. What willbe the results from Harold's test?

A. He will be able to extract all the forms from the pages *B. Form Scalpel will not work over an HTTPS connectionC. Form Scalpel will not work through a proxy server connectionD. Form Scalpel will extract all javascript and perl code

33) In Linux, what is the smallest possible shellco de?


34) At what layer of the OSI model do routers funct ion on?

A. Three *B. FourC. TwoD. Five

35) A packet is sent to a router that does not have the packet's destinationaddress in its route table, how will the packet get to its proper destination?

A. Gateway of last resort *B. Border Gateway ProtocolC. Root Internet serversD. Reverse DNS

36) Kim is studying to be an IT security analyst at a vocational school in her town.The school offers many different programming as wel l as networking languages.What networking protocol language should she learn that routers utilize?

A. OSPF *B. UDPC. BPGD. ATM

37) James is testing the ability of his routers to withstand DoS attacks. Jamessends ICMP ECHO requests to the broadcast address o f his network. What type ofDoS attack is James testing against his network?

A. Smurf *B. TrinooC. FraggleD. SYN flood

38) You are monitoring your internal network while a security consulting firmattempts various means of network intrusion from th e outside. Using ethereal, you


5 of 14 2/19/2012 2:40 PM

notice a large amount of traffic on TCP ports 16660 and 65000. What tool is theconsulting firm attempting to use?

A. Stacheldraht *B. TrinooC. TFN 2KD. Beast

39) After undergoing an external IT audit, George f ound out that his network wasvulnerable to DDoS attacks. What countermeasure cou ld he take to prevent DDoSattacks?

A. Disable direct broadcasts *B. Enable direct broadcastsC. Disable BGPD. Enable BGP

40) You are testing to see if your network is susce ptible to ARP poisoning. Youset this up by redirecting packets between two host s to travel through yourcomputer. You set up the packets to use your MAC ad dress. After a short time,both hosts become unresponsive and freeze up comple tely. What do you need todo to prevent this?

A. You must retransmit the packets to their intended destinations *B. You must force the packets to transmit to the hosts MAC addressesC. You must force the packets to send to your IP address first, then to the hosts' IPaddressesD. You must retransmit the packets through the broadcast address of your computer first

41) Your company's network just finished going thro ugh a SAS 70 audit. This auditfound that overall, your network is secure, but the re are some areas that needimprovement. The major area was SNMP security. The audit companyrecommended turning off SNMP, but that is not an op tion since you have so manyremote nodes to keep track of. What step could you take to help secure SNMP onyour network?

A. Change the default community string names *B. Block access to UDP port 171C. Block access to TCP port 171D. Block all internal MAC address from using SNMP

42) Victor, who owns a large ISP in Texas, wants to make sure that his company'sinfrastructure is as secure as possible. He hires a n outside security consulting firmthat performs tests on his routers. The first test they perform is an attempted DoSattack against his routers' BGP implementation. For tunately, the DoS attack is notsuccessful. What attempted attack did the consultin g company perform?

A. Fuzzing *B. BlurringC. SmurfingD. Ruffing

43) In a virtual test environment, Michael is testi ng the strength and security ofBGP using multiple routers to mimic the backbone of the Internet. This project willhelp him write his doctoral thesis on "bringing dow n the Internet". Without sniffingthe traffic between the routers, Michael sends mill ions of RESET packets to therouters in an attempt to shut one or all of them do wn. After a few hours, one ofthe routers finally shuts itself down. What will th e other routers communicatebetween themselves?

A. The change in the routing fabric to bypass the affected router *B. More RESET packets to the affected router to get it to power back upC. RESTART packets to the affected router to get it to power back upD. STOP packets to all other routers warning of where the attack originated

44) Paulette works for an IT security consulting co mpany that is currentlyperforming an audit for the company ACE Unlimited. Paulette's duties includelogging in to all the company's network equipment t o ensure the IOS versions areup to date and all the other security settings are as stringent as possible. Paulettepresents the following screenshot to her boss so he can inform the client thatchanges need to be made. From the screenshot, what changes should the clientcompany make?

A. Remove any identifying numbers, names, or version numbers *B. The banner should have more detail on the version numbers for the networkequipmentC. The banner should not state that only authorized IT personnel may proceedD. The banner should include the CISCO contact information as well


6 of 14 2/19/2012 2:40 PM

45) What technology changes all source IP addresses of every packet with its ownaddress before sending out?

A. NAT *B. MAC filteringC. AMTD. Anonymizer

46) What will the following command accomplish?

A. Test ability of a router to handle over-sized packets *B. Test the ability of a router to handle under-sized packetsC. Test the ability of a WLAN to handle fragmented packetsD. Test the ability of a router to handle fragmented packets

47) Your company uses Cisco routers exclusively thr oughout the network. Aftersecuring the routers to the best of your knowledge, an outside security firm isbrought in to asses the network security. Although they found very few issues,they were able to enumerate the model, OS version, and capabilities for all yourCisco routers with very little effort. By turning o ff what feature would eliminate theability to easily enumerate this information on you r Cisco routers?

A. Cisco Discovery Protocol *B. Border Gateway ProtocolC. Broadcast System ProtocolD. Simple Network Management Protocol

48) Frank is working on a vulnerability assessment for a company on the Westcoast. The company hired Frank to assess its networ k security through scanning,pen tests, and vulnerability assessments. After dis covering numerous knownvulnerabilities detected by a temporary IDS he set up, he notices a number ofitems that show up as unknown but questionable in t he logs. He looks up thebehavior on the Internet, but cannot find anything related. What organizationshould Frank submit the log to find out if it is a new vulnerability or not?

A. CVE *B. IANAC. APIPAD. RIPE

49) Software firewalls work at which layer of the O SI model?

A. Data Link *B. NetworkC. TransportD. Application

50) Why is a static packet filter firewall not as s ecure as other types of firewalls?

A. They do not look into the packet past the header information *B. They cannot restrict IP packets based on their sourceC. They cannot restrict IP packets based on their destinationD. They cannot look into the packet at all

51) After attending a security class, William decid es to set up a dual-homed proxyfor the network of his small business. He installs an extra network card on hiscomputer, creates ACL rules, and enables packet for warding. William also turns ona sniffer to monitor traffic on his new proxy. He q uickly notices that source IPs headded to his ACL are still able to send to his netw ork and through his proxy. Whyis William seeing this result?

A. Packet forwarding should be disabled *B. ACL rules should not be used with a proxyC. Only one network card should be used for a dual-homed proxyD. Dual-homed proxies need at least three network cards, two for functionality and onefor monitoring

52) Harold wants to set up a firewall on his networ k but is not sure which onewould be the most appropriate. He knows he needs to allow FTP traffic to one ofthe servers in his network, but he wants to only al low FTP-PUT. Which firewallwould be most appropriate for Harold's needs?

A. Application-level proxy firewall *B. Packet filtering firewallC. Circuit-level proxy firewallD. Data link layer firewall


7 of 14 2/19/2012 2:40 PM

53) You are assisting a Department of Defense contr act company to becomecompliant with the stringent security policies set by the DoD. One such strict ruleis that firewalls must only allow in connections th at were first initiated by internalcomputers. What type of firewall must you implement to abide by this policy?

A. Statefull firewall *B. Circuit-level proxy firewallC. Application-level proxy firewallD. Packet filtering firewall

54) After undergoing a security audit, it was sugge sted that a hardened computerbe placed in the DMZ to run firewall software. What is this hardened computercalled?

A. Bastion host *B. Perimeter hostC. Bastion firewallD. Perimeter firewall

55) At what layer of the OSI model does a screened router function on?

A. Network layer *B. Session layerC. Data link layerD. Physical layer

56) For security reasons and to conserve the number of public IP addressesowned by his company, Jason uses NAT to translate t he private IPs on his internalnetwork to a private IP. Jason decides to use 192.1 69.0.0 through 192.169.255.255for his internal IPs. Jason's company decides to pa y for a security audit. Whywould the security audit company recommend that Jas on change his internal IPaddress scheme?

A. His IP scheme does not fall under RFC 1918 *B. His IP scheme does not fall under RFC 19872C. His IP scheme includes too many Class C networksD. His IP scheme includes too many class B networks

57) After passing her ECSA exam, Carol wants to ens ure that her network iscompletely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and apacket filtering firewall. Since all security measu res were taken, none of the hostson her network can reach the Internet. Why is that?

A. NAT does not work with IPSEC *B. NAT does not work with statefull firewalls

source- by Chan

26-Nov.-11

1) 30. Cat is a senior security analyst for Berber Consulting group. She is currentlyworking on a contract for a small accounting firm i n Florida. They have given herpermission to perform social engineering attacks on the company to see if theirin-house training did any good. Cat calls the main number for the accounting firmand talks to the receptionist. Cat says that she is an IT technician from thecompany's main office in Iowa. She states that she needs the receptionist'snetwork username and password to troubleshoot a pro blem they are having. Catsays that Bill Hammond, the CEO of the company, req uested this information. Afterhearing the name of the CEO, the receptionist gave Cat all the information sheasked for. What principal of social engineering did Cat use?

A. Reciprocation *B. ScarcityC. Friendship/LikingD. Social Validation

2) You are the network administrator for a small ba nk in Dallas, Texas. To ensurenetwork security, you enact a security policy that requires all users to have 14character passwords. After giving your users 2 week s, you change the GroupPolicy to force 14 character passwords. The next we ek you dump the SAMdatabase from a domain controller and run a passwor d cracking tool against it.Over 99% of the passwords are broken within an hour . Why were these passwords


8 of 14 2/19/2012 2:40 PM

cracked so quickly?

A. Passwords of 14 characters or less are broken up into two 7-character hashes *B. A password Group Policy change takes at least 3 weeks to completely replicatethroughout a networkC. Networks using Active Directory never use SAM databases so the SAM databasepulled was emptyD. The passwords that were cracked we local accounts on the Domain Controller

3) Why is it a good idea to perform a penetration t est from the inside?

A. Because 70% of attacks are from the inside *B. It is never a good idea to perform a penetration test from the insideC. To attack a network from a hacker's perspectiveD. Because 90% of attacks are from the inside

4) What is the smallest possible Windows shellcode?


5) On Linux/Unix based web servers, what privilege should the daemon service berun under?

A. Something other than root *B. RootC. You cannot determine what privilege runs the daemon serviceD. Guest

6) Micheal has performed a vulnerability analysis o n his network and found nopotential problems. He runs another utility that ex ecutes exploits against hissystem to verify that the vulnerability test was co rrect. The second utility actuallyis able to execute five known exploits against his network that the vulnerabilityanalysis said were not exploitable. What kind of re sults did Micheal receive fromhis vulnerability analysis? >

A. False negatives *B. False positivesC. True negativesD. True positives

7) You are running known exploits against your netw ork to test for possiblevulnerabilities. To test the strength of your virus software, you load a test networkto mimic your production network. Your software suc cessfully blocks some simplemacro and encrypted viruses. You decide to really t est the software by using viruscode where the code actually rewrites itself entire ly and the signatures changefrom child to child, but the functionality stays th e same. What type of virus is thisthat you are testing?

B. PolymorphicC. OligomorhicD. Transmorphic

source- by Chan

23-Nov.-11

1) Micheal is a systems administrator working for a large electronics company inthe Midwest. She wants to scan her network quickly to find all the hosts that arealive using ICMP ECHO Requests. What type of scan i s Micheal going to perform

A. ICMP ping sweep *B. Smurf scanC. Ping traceD. Tracert

2) John works in an office with about one hundred o ther employees. John worksin the Accounting department, but is very technical ly savvy. His ex-girlfriend, Cat,works in the Sales department. John wants to find o ut Cat's network password sohe can take a look at her documents on the file ser ver. While Cat is at lunch oneday, John logs onto her computer and installs Lopht Crack and sets the programto sniff all traffic. John sends Cat an email with a link to \\FileServer1\sales.xlstelling her that the file included the sales for la st quarter. What information willJohn be able to gather from this?


9 of 14 2/19/2012 2:40 PM

A. Cat's network username and password hash *B. The SID of Cat's network accountC. The SAM file from Cat's computerD. The network shares that Cat has permissions for

3) Micheal is a former employee of Trinitron XML In c. He feels he was wronglyterminated and wants to hack into his former compan y's network. Since Michealremembers some of the server names, he attempts to run the axfr and ixfrcommands using DIG. What is Micheal trying to accom plish?




5) You are working on a thesis for your doctorate d egree in Computer Science.Your thesis is based in HTML, DHTML, and other web- based languages and howthey have evolved over the years. You navigate to a rchive.org and view the HTMLcode of news.com from three years ago. You then nav igate to the currentnews.com website and copy over the source code. Whi le searching through thecode, you come across something abnormal: What hav e you found?


6) Micheal is a web designer who completed a websit e for ghttech.net about amonth ago. As part of the maintenance agreement he signed with the client,Micheal is performing research online and seeing ho w much exposure that site hasreceived so far. Micheal navigates to google.com an d types in the following searchWhat will this search produce?

A. All sites that link to ghttech.net *B. All sites that ghttech.net links toC. All search engines that link to .net domainsD. Sites that contain the code: link:www.ghttech.net

7) As part of the reconnaissance you are performing on a network, you usednstracer to find valuable information. You type in the following command: Whatinformation will this return?

A. The PTR record(s) for 164.58.245.134 *B. The A record(s) for 164.58.245.134C. The in-addr.arpa record(s) for 164.58.245.134D. The host file record for 164.58.245.134

8) Micheal is the network administrator of a Window s environment. Micheal uses asniffing tool called WinDump to monitor traffic on his network. Micheal's friend,who works as a network administrator for another co mpany, saw Micheal useWinDump one day and really liked its functionality. The only problem is thatMicheal's friend administrates a Linux network envi ronment. What equivalent toolcould Micheal's friend use to monitor network traff ic?

A. Tcpdump *B. PwdumpC. HttportD. Xdump

9) You are a security analyst performing reconnaiss ance on a company you will becarrying out a penetration test for. You do a searc h for IT jobs on Dice.com andfind the following information for an open position : What is this information postedon the job website considered?

A. Information vulnerability *


10 of 14 2/19/2012 2:40 PM

B. Competitive exploitC. Social engineering exploitD. Trade secret

10) What is the following command trying to accompl ish?

A. Verify that UDP port 445 is open for the 192.168.0.0 network *B. Verify that TCP port 445 is open for the 192.168.0.0 networkC. Verify that Netbios is running for the 192.168.0.0 networkD. Verify that UDP port 445 is closed for the 192.168.0.0 network

11) You work as a penetration tester for Hammond Se curity Consultants. You arecurrently working on a contract for the state gover nment of California. Your nextstep is to initiate a DoS attack on their network. Why would you want to initiate aDoS attack on a system you are testing?

A. List weak points in their network *B. Show outdated equipment so it can be replacedC. Use attack as a launching point to penetrate deeper into the networkD. Demonstrate that no system can be protected against DoS attacks

source- by Chan

22-Nov.-11

1) Michael is the accounting manager for Grummon an d Sons LLC. On a regularbasis, he has to send PDF documents containing sens itive information outside hiscompany through email. Michael protects the PDF doc uments with a password andsends them to their intended recipients. When the I T manager of Michael'scompany discovers that Michael is only using the pa ssword protect feature inAdobe Acrobat, he tells Michael that the password i s not enough protection. Whyis this?

A. PDF passwords can easily be cracked by software brute force tools*B. PDF passwords are converted to clear text when sent in emailC. PDF passwords are not considered safe by Sarbanes-OxleyD. When sent in email, PDF passwords are stripped from the document completely

2) You are an IT security consultant attempting to gain access to the state of NewHampshire's network. After trying numerous routes o f attack, you are stillunsuccessful. You decide to perform a Google search for ftp.nh.st.us to see if theNew Hampshire's network utilized an FTP site. You f ind information about their FTPsite and from there, you are able to perform a thor ough scan of the NewHampshire state network. What type of scan have you just performed?

A. FTP bounce scan *B. FTP backdoor scanC. SYN scanD. RPC scan

3) Cat works for a security consulting firm that is currently performing apenetration test on a financial institution. Cat's duties include bypassing thefirewalls and switches to gain access to the networ k. From an outside address,Cat sends an IP packet to one of the company's swit ches with the ACK bit andthe source address of her machine. What is Cat tryi ng to accomplish by sendingthis IP packet?

A. Trick the switch into thinking it already has a session with Cat's computer *B. Poison the switch's MAC address table by flooding it with ACK bitsC. Crash the switch with a DoS attack since ACK bits cannot be sent by computers, onlyswitchesD. Macof attack

4) Michael is the senior security analyst of Kimbal l Construction Company in Miami,Florida. As part of a yearly security audit, Michae l is scanning his entire network tocheck for vulnerabilities, unknown hosts, and open ports that do not need to beopen. Using Nmap, Michael performs an XMAS scan and most of the portsscanned do not give a response. In what state are t hese ports?

A. Open *B. ClosedC. StealthD. Filtered


11 of 14 2/19/2012 2:40 PM

5) You are a security analyst working for a private party out of Michaelce. Yourcurrent assignment is to obtain credit card informa tion from a Swiss bank ownedby that company. After initial reconnaissance, you discover that the bank's securitydefenses are very strong and would take too long to penetrate. You decide to getthe information by monitoring the traffic between t he bank and one of itssubsidiaries in London. After monitoring some of th e traffic, you see a lot of SSHpackets traveling back and forth. You want to sniff the traffic and extractusernames and passwords. What tool could you use to get this information?

A. Ettercap *B. SnortC. AirsnortD. Ethercap

6) Michael is a systems administrator working for a large electronics company inthe Midwest. She wants to scan her network quickly to find all the hosts that arealive using ICMP ECHO Requests. What type of scan i s Michael going to perform?

A. ICMP ping sweep *B. Smurf scanC. Ping traceD. Tracert

7) Michael works in an office with about one hundre d other employees. Michaelworks in the Accounting department, but is very tec hnically savvy. His ex-girlfriend,Cat, works in the Sales department. Michael wants t o find out Cat's networkpassword so he can take a look at her documents on the file server. While Cat isat lunch one day, Michael logs onto her computer an d installs LophtCrack andsets the program to sniff all traffic. Michael send s Cat an email with a link to\\FileServer1\sales.xls telling her that the file i ncluded the sales for last quarter.What information will Michael be able to gather fro m this?

A. Cat's network username and password hash *B. The SID of Cat's network accountC. The SAM file from Cat's computerD. The network shares that Cat has permissions for

8) Michael is a former employee of Trinitron XML In c. He feels he was wronglyterminated and wants to hack into his former compan y's network. Since Michaelremembers some of the server names, he attempts to run the axfr and ixfrcommands using DIG. What is Michael trying to accom plish?




10) You are working on a thesis for your doctorate degree in Computer Science.Your thesis is based in HTML, DHTML, and other web- based languages and howthey have evolved over the years. You navigate to a rchive.org and view the HTMLcode of news.com from three years ago. You then nav igate to the currentnews.com website and copy over the source code. Whi le searching through thecode, you come across something abnormal: What hav e you found?


11) Michael is a web designer who completed a websi te for ghttech.net about amonth ago. As part of the maintenance agreement he signed with the client,Michael is performing research online and seeing ho w much exposure that site hasreceived so far. Michael navigates to google.com an d types in the following searchWhat will this search produce?

A. All sites that link to ghttech.net *


12 of 14 2/19/2012 2:40 PM

B. All sites that ghttech.net links toC. All search engines that link to .net domainsD. Sites that contain the code: link:www.ghttech.net

source- by Chan

19-Nov.-11

1) Michael is the network administrator of a large Internet company on the westcoast. Per corporate policy, none of the employees in the company are allowed touse FTP or SFTP programs without the knowledge of t he IT department. Michaelnotices that a few managers are using an SFTP progr am on their computers as hewalks by their offices. Before talking to his boss, Michael wants to have someproof of their activity. Michael wants to use Ether eal to monitor network traffic, butonly SFTP traffic to zand from his network. What fi lter should Michael use inEthereal?

A. src port 22 and dst port 22 *B. udp port 22 and host 172.16.28.1/24C. net port 22D. src port 23 and dst port 23

2) Cat works at a small law firm in Chicago. Cat's work duties take up about threehours of her day, so the rest of the day she spends on the Internet. One of Cat'sfavorite sites is Myspace. One day, Cat comes into work and tries to access theMyspace page but is met with a "This site has been restricted" message. Cat isupset because she really wants to keep using Myspac e to stay in touch with herfriends. What service could Cat possibly use to get around the block on Myspaceat her company?

A. Anonymizer *B. FTP proxyC. Hping2D. HTTrack

3) After passively scanning the network of a Depart ment of Defense company, youdecide to move on to actively scanning the network to find which hosts are aliveand what operating systems they are running. You kn ow that the company is verylarge, so there should be a number of hosts that re spond to any scans. You startan ICMP ping sweep by sending one IP packet to the broadcast address of thenetwork, but only receive responses from about five hosts; definitely not thenumber of hosts you were expecting. Why did this pi ng sweep only produce a fewresponses?

A. Only Unix and Unix-like systems will reply to this scan *B. Only Windows systems will reply to this scanC. A switched network will not respond to packets sent to the broadcast addressD. Only servers will reply to this scan

source- by Chan

18-Nov.-11

You just passed your ECSA exam a couple of months ago and are about to start yourfirstconsulting job running security audits for a financial institution.

1) The IT manager of thecompany you will be working for tries to see if youremember your ECSA class. He asksyou what methodolo gy will you be using totest the company's network.

A. Microsoft MethodologyB. LPT Methodology*C. Cisco MethodologyD. Google Methodology

2) You are working as an IT security auditor hired by a law firm to test whetheryou can gain access to sensitive information about the company's clients. Youhave rummagedthrough their trash and found very lit tle information. You do notwant to set off anyalarms on their network, so you plan on performing somepassive scans against their system. What tool shoul d you use?

A. Netcraft *B. NmapC. Ping sweepD. Dig


13 of 14 2/19/2012 2:40 PM

Home Subscription Submit Cyber law InfoSec Jobs Online

Copyright © 2010 by cattechie.com. All right reserved:: Designed by: Newsmakers Broadcasting &Communication Pvt.Ltd.

3) Michael is the accounting manager for Grummon an d Sons LLC. On a regularbasis, he has to send PDF documents containing sens itive information outside hiscompany through email. Michael protects the PDF doc uments with a password andsends them to their intended recipients. When the I T manager of Michael'scompany discovers that Michael is only using the pa ssword protect feature inAdobe Acrobat, he tells Michael that the password i s not enough protection. Whyis this?

A. PDF passwords can easily be cracked by software brute force tools*B. PDF passwords are converted to clear text when sent in emailC. PDF passwords are not considered safe by Sarbanes-OxleyD. When sent in email, PDF passwords are stripped from the document completely

source- by Chan

17-Nov.-11

1) Michael is performing a security analysis for Ha mmond and Sons LLC. His nexttask will be to test the security of the wireless network. He plans on remaining as"stealthy" aspossible during the scan. Why would a scanner like Nessus not work for hisneeds?

A. Nessus is too loud *

B. Nessus cannot perform wireless testing

C. Nessus is not a network scanner

D. There are no ways of performing a "stealthy" wireless scan

2) Cat is an IT consultant who works for corporatio ns and governments. He iscurrently working for the city of Denver, Colorado. Cat plans on shutting down thecity's network using a number of BGP routers and zombies h e has taken controlof over the last few months. What type of attack is Cat planning to carry out?

A. DRDoS *

B. DDoS

C. DoS

D. Smurf

3) You just passed your ECSA exam a couple of month s ago and are about tostart your first consulting job running security audits for a financ ial institution. TheIT manager of the company you will be working for tries to see if you rememberyour ECSA class. He asks you what methodology will you be using to test thecompany's network.

A. Microsoft Methodology

B. LPT Methodology *

C. Cisco Methodology

D. Google Methodology

source- by Chan

Vaidehi Sachin , hackers, hackers5,

Top


14 of 14 2/19/2012 2:40 PM

cattechie_lets prepare for ecsa exam

Documents

downloader blind bug

icmp echo requests

berber consulting group

software successfully blocks

level administrator account

list weak points

security consulting firm

sam database pulled