A Windows computer that has not been hardened properly might allow NULL connection from a remote host.

Which of the following commands would be used by a remote attacker to attempt connecting using NULL session?

A. net use \\servername\ipc$NULL/u

B. net use \\servername\ipc$u:

C. net share \\servername\ipc$/u:

D. net use \\servername\ipc$/u:NULL

What is one way an attacker can use to determine if a database front-end application is vulnerable to SQL injection?

A. By entering a single star (*)in the username field.

B. By entering all outgoing TCP connections after browsing the web application.

C. There is no way to check,they just have to attempt on attack.

D. By entering a single quota ( ) in the password field.

An attacker is sending packets with no flag set.This is also known as doing a NULL scan.Usually,operating system networking stacks will respond with a RST packe,however,some operating systems do not conform to this behavior and respond in appropriately. Such behavior could allow for the identification of the remote OS being used.Which of the following would be one of the Operating systems that responds differently?

A. Solaris

B. Linux

C. Windows

D. HP-UX

Bob is doing a penetration test.

He was able to get system level access on one of the servers exploiting one of the known weaknesses of

the web server.

Bob attempted to copy the SAM database but it was locked and his operation was not allowed.

How could Bob succeed in getting a copy of the SAM database if it locked while the system is up and

running?

A. By bringing the system to single user mode

B. By running samdumpt to create a backup of the SAM

C. By running rdisk /s to create an unlocked backup copy of the SAM

D. By changing the permissions on the file using his System privileges

Which are methods that attackers use to find buffer overflows?Choose all that apply.

A. Trial and error

B. Decompile the executable binary of the application

C. Decompile the executable binary of a software patch

D. Analyze source code,if available

When a network switch receives a very large quantity of random MAC addresses which would overfill the Content Addressable Memory (CAM) table,how will the switch react?

A. It will drop packets until the tables are cleard and then will resume normal processing.

B. It will drop the oldest entries in theCAM table to make room for the new packets and will continue working normally

C. It will revert to being a HUB and will broadcast all traffic on each of the ports

D. It is impossible to flood the MAC tables because of their very large size.

When a company wishes to have some asurance that a product is working as per the vendor claim they usually seek certification.One of the most commonly used certification schemes today is called Common Criteria (CC).Which of the following terms describe a product that is to be evaluated under the Common Criteria to see how well the product meets the claims made by the vendor?

A. Security Target

B. Target of evaluation

C. Protection Profile

D. EAL4

Under the SNMP protocol,what does a trap consist of?Choose the best answer.

A. It is an early implementation of an Honeypot

B. It is a backdoor left the developer for quick access

C. It is an alarm sent by the agent to the manager

D. Older mechanism that is no longer used by SNMP

BASIC authentication for HTTP authentication is universally understood but has the disadvantage of passing username and password in BASE64 encoding.What technology could be used to encrypt the BASE64 encoding and thus secure BASIC authentication for all web browsers and all Internet users? Choose the best answer.

A. SSH

B. IPsec

C. SSL

D. IKE

Which of the following are reasons why LAN Manager hashes stored in the SAM file are considered relatively easy to crack?Choose two.

A. All uppercase characters in the password are converted to all lowercase

B. All lowercase characters in the password are converted to all uppercase

C. The password is broken cannot contain special characters

D. Lan Manager password cannot contain special characters