SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling http://killexams.com/exam-detail/sec504
QUESTION: 315 Which of the following techniques can be used to map 'open' or 'pass through' ports on a gateway? A. Traceport B. Tracefire C. Tracegate D. Traceroute QUESTION: 316 Which of the following is a method of gaining access to a system that bypasses normal authentication? A. Teardrop B. Trojan horse C. Back door D. Smurf QUESTION: 317 Which of the following statements are true regarding SYN flood attack? A. The attacker sends a succession of SYN requests to a target system. B. SYN flood is a form of Denial-of-Service (DoS) attack. C. The attacker sends thousands and thousands of ACK packets to the victim. D. SYN cookies provide protection against the SYN flood by eliminating the resources allocated on the target host. Answer: A, B, D QUESTION: 318 Which of the following wireless network security solutions refers to an authentication process in which a user can connect wireless access points to a centralized server to ensure that all hosts are properly authenticated?
A. Remote Authentication Dial-In User Service (RADIUS) B. IEEE 802.1x C. Wired Equivalent Privacy (WEP) D. Wi-Fi Protected Access 2 (WPA2) Answer: B QUESTION: 319 Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether? A. Port scanning B. ARP spoofing C. Man-in-the-middle D. Session hijacking Answer: B QUESTION: 320 Which of the following applications is NOT used for passive OS fingerprinting? A. Networkminer B. Satori C. p0f D. Nmap QUESTION: 321 Which of the following would allow you to automatically close connections or restart a server or service when a DoS attack is detected? A. Signature-based IDS B. Network-based IDS C. Passive IDS D. Active IDS
QUESTION: 322 Which of the following statements about smurf is true? A. It is a UDP attack that involves spoofing and flooding. B. It is an ICMP attack that involves spoofing and flooding. C. It is an attack with IP fragments that cannot be reassembled. D. It is a denial of service (DoS) attack that leaves TCP ports open. Answer: B QUESTION: 323 You work as a System Administrator for Happy World Inc. Your company has a server named uc1 that runs Windows Server 2008. The Windows Server virtualization role service is installed on the uc1 server which hosts one virtual machine that also runs Windows Server 2008. You are required to install a new application on the virtual machine. You need to ensure that in case of a failure of the application installation, you are able to quickly restore the virtual machine to its original state. Which of the following actions will you perform to accomplish the task? A. Use the Virtualization Management Console to save the state of the virtual machine. B. Log on to the virtual host and create a new dynamically expanding virtual hard disk. C. Use the Virtualization Management Console to create a snapshot of the virtual machine. D. Use the Edit Virtual Hard Disk Wizard to copy the virtual hard disk of the virtual machine. QUESTION: 324 Which of the following rootkits adds additional code or replaces portions of an operating system, including both the kernel and associated device drivers? A. Hypervisor rootkit B. Boot loader rootkit C. Kernel level rootkit D. Library rootkit
QUESTION: 325 Which of the following threats is a combination of worm, virus, and Trojan horse characteristics? A. Spyware B. Heuristic C. Blended D. Rootkits QUESTION: 326 John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He enters a single quote in the input field of the login page of the We-are-secure Web site and receives the following error message: Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14' This error message shows that the We-aresecure Website is vulnerable to. A. A buffer overflow B. A Denial-of-Service attack C. A SQL injection attack D. An XSS attack QUESTION: 327 Which of the following penetration testing phases involves gathering data from whois, DNS, and network scanning, which helps in mapping a target network and provides valuable information regarding the operating system and applications running on the systems? A. Post-attack phase B. On-attack phase C. Attack phase D. Pre-attack phase QUESTION: 328
Which of the following are used to identify who is responsible for responding to an incident? A. Disaster management policies B. Incident response manuals C. Disaster management manuals D. Incident response policies
For More exams visit https://killexams.com/vendors-exam-list Kill your exam at First Attempt...Guaranteed!