Many organizations create network maps of their network system to visualize the network and understand the relationship between the end devices and the transport layer that provide services.

Which of the following are the techniques used for network mapping by large organizations?

Each correct answer represents a complete solution. (Choose three.)

A. Packet crafting

B. Route analytics

C. SNMP-based approaches

D. Active Probing

Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?

A. Shoulder surfing

B. File integrity auditing

C. Reconnaissance

D. Spoofing

Which of the following tools is used to attack the Digital Watermarking?

A. Active Attacks

B. 2Mosaic

C. Steg-Only Attack

D. Gifshuffle

Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

A. Replay

B. Firewalking

C. Session fixation

D. Cross site scripting

Adam works as a Security Analyst for Umbrella Inc. CEO of the company ordered him to implement two-factor authentication for the employees to access their networks. He has told him that he would like to use some type of hardware device in tandem with a security or identifying pin number. Adam decides to implement smart cards but they are not cost effective.

Which of the following types of hardware devices will Adam use to implement two-factor authentication?

A. Biometric device

B. Security token

C. Proximity cards

D. One Time Password

The screenshot from Kismet below shows details of a WiFi network with SSID Cloaking enabled. How was Kismet able to collect the SSID information?

A. Kismet cracked the weak encryption and was able to decrypt the SSID

B. An attacker gained administrative access to the AP, and disabled SSID cloaking

C. A client successfully associated to the AP, transmitting the SSID in clear text

D. The AP provided the SSID in response to a beacon probe from the system running Kismet

Deleting an attacker's scheduled tasks on a victim host is something that would typically occur during which phase of incident handling?

A. Identification

B. Recovery

C. Preparation

D. Eradication

What will a host do when it receives a packet with an invalid TCP checksum?

A. Drop the packet

B. Hold the packet and wait for a rebroadcast

C. Send an ICMP redirect

D. Reply with a TCP reset

One typical way to help secure applications such as Virtual Network Computing (VNC) is to send the application traffic using which of the following?

A. Secure Copy (SCP)

B. Secure Shell (SSH)

C. rlogin

D. IKE

Which of the following is a protocol that, like TFTP, can be used to transfer Netcat to a victim machine in order to open a backdoor listener?

A. DHCP

B. WINS

C. HTTPS

D. SNMP