This is an authentication method in which is used to prove that a party knows a password without transmitting the password in any recoverable form over a network. This authentication is secure because the password is never transmitted over the network, even in hashed form; only a random number and an encrypted random number are sent.

A. Realm Authentication

B. SSL Authentication

C. Basic Form Authentication

D. Cryptographic Authentication

E. Challenge/Response Authentication

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

A. Block TCP at the firewall

B. Block UDP at the firewall

C. Block ICMP at the firewall

D. There is no way to completely block tracerouting into this area

On wireless networks, SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless networks?

A. The SSID is only 32 bits in length.

B. The SSID is transmitted in clear text.

C. The SSID is the same as the MAC address for all vendors.

D. The SSID is to identify a station, not a network.

How would you prevent session hijacking attacks?

A. Using biometrics access tokens secures sessions against hijacking

B. Using non-Internet protocols like http secures sessions against hijacking

C. Using hardware-based authentication secures sessions against hijacking

D. Using unpredictable sequence numbers secures sessions against hijacking

Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

A. RSA, LSA, POP

B. SSID, WEP, Kerberos

C. SMB, SMTP, Smart card

D. Kerberos, Smart card, Stanford SRP

Which definition below best describes a covert channel?

A. Making use of a Protocol in a way it was not intended to be used

B. It is the multiplexing taking place on communication link

C. It is one of the weak channels used by WEP that makes it insecure

D. A Server Program using a port that is not well known

Which of the following are well know password-cracking programs?(Choose all that apply.

A. L0phtcrack

B. NetCat

C. Jack the Ripper

D. Netbus

E. John the Ripper

John Beetlesman, the hacker has successfully compromised the Linux System of Agent Telecommunications, Inc's WebServer running Apache. He has downloaded sensitive documents and database files off the machine.

Upon performing various tasks, Beetlesman finally runs the following command on the Linux box before disconnecting.

for ((i=0;i<1;i++));do

?dd if=/dev/random of=/dev/hda andand dd if=/dev/zero of=/dev/hda done

What exactly is John trying to do?

A. He is making a bit stream copy of the entire hard disk for later download

B. He is deleting log files to remove his trace

C. He is wiping the contents of the hard disk with zeros

D. He is infecting the hard disk with random virus strings

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

For /f "tokens=1 %%a in (hackfile.txt) do net use * \\10.1.2.3\c$ /user:"Administrator" %%a What is Eve trying to do?

A. Eve is trying to connect as an user with Administrator privileges

B. Eve is trying to enumerate all users with Administrative privileges

C. Eve is trying to carry out a password crack for user Administrator

D. Eve is trying to escalate privilege of the null user to that of Administrator

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

A. Use port security on his switches.

B. Use a tool like ARPwatch to monitor for strange ARP activity.

C. Use a firewall between all LAN segments.

D. If you have a small network, use static ARP entries.

E. Use only static IP addresses on all PC's.