- Email support@dumps4free.com
Topic 3, Scanning
home/root # traceroute www.targetcorp.com <http://www.targetcorp.com>
traceroute to www.targetcorp.com <http://www.targetcorp.com>
(192.168.12.18), 64 hops may, 40 byte packets
1 router.anon.com (192.13.212.254) 1.373 ms 1.123 ms 1.280 ms
2 192.13.133.121 (192.13.133.121) 3.680 ms 3.506 ms 4.583 ms
3 firewall.anon.com (192.13.192.17) 127.189 ms 257.404 ms 208.484 ms
4 anon-gw.anon.com (192.93.144.89) 471.68 ms 376.875 ms 228.286 ms
5 fe5-0.lin.isp.com (192.162.231.225) 2.961 ms 3.852 ms 2.974 ms
6 fe0-0.lon0.isp.com (192.162.231.234) 3.979 ms 3.243 ms 4.370 ms
7 192.13.133.5 (192.13.133.5) 11.454 ms 4.221 ms 3.333 ms
6 * * *
7 * * *
8 www.targetcorp.com <http://www.targetcorp.com> (192.168.12.18) 5.392
ms 3.348 ms 3.199 ms
Use the traceroute results shown above to answer the following question:
The perimeter security at targetcorp.com does not permit ICMP TTL-expired packets
out.
A.
True
B.
False
True
Explanation: As seen in the exhibit there is 2 registrations with timeout, this tells us that
the firewall filters packets where the TTL has reached 0, when you continue with higher
starting values for TTL you will get an answer from the target of the traceroute.
Mark works as a contractor for the Department of Defense and is in charge of
network security. He has spent the last month securing access to his network from
all possible entry points. He has segmented his network into several subnets and
has installed firewalls all over the network. He has placed very stringent rules on all
the firewalls, blocking everything in and out except ports that must be used. He does
need to have port 80 open since his company hosts a website that must be accessed
from the Internet. Mark is fairly confident of his perimeter defense, but is still worried
about programs like Hping2 that can get into a network through convert channels.
How should mark protect his network from an attacker using Hping2 to scan his
internal network?
A.
Blocking ICMP type 13 messages
B.
Block All Incoming traffic on port 53
C.
Block All outgoing traffic on port 53
D.
Use stateful inspection on the firewalls
Blocking ICMP type 13 messages
Explanation: An ICMP type 13 message is an ICMP timestamp request and waits for an
ICMP timestamp reply. The remote node is right to do, still it would not be necessary as it is
optional and thus many ip stacks ignore such packets. Nevertheless, nmap again achived
to make its packets unique by setting the originating timestamp field in the packet to 0.
John has performed a scan of the web server with NMAP but did not gather enough
information to accurately identify which operating system is running on the remote
host. How could you use a web server to help in identifying the OS that is being
used?
A.
Telnet to an Open port and grab the banner
B.
Connect to the web server with an FTP client
C.
Connect to the web server with a browser and look at the web page
D.
Telnet to port 8080 on the web server and look at the default page code
Telnet to an Open port and grab the banner
Explanation: Most Web servers politely identify themselves and the OS to anyone who
asks.
What is the proper response for a FIN scan if the port is open?
A.
SYN
B.
ACK
C.
FIN
D.
PSH
E.
RST
F.
No response
No response
Explanation: Open ports respond to a FIN scan by ignoring the packet in question.
Sandra is the security administrator of ABC.com. One day she notices that the
ABC.com Oracle database server has been compromised and customer information
along with financial data has been stolen. The financial loss will be estimated in
millions of dollars if the database gets into the hands of competitors. Sandra wants
to report this crime to the law enforcement agencies immediately.
Which organization coordinates computer crime investigations throughout the
United States?
A.
NDCA
B.
NICP
C.
CIRP
D.
NPC
E.
CIA
NPC
| Page 18 out of 153 Pages |
| Previous |