- Email support@dumps4free.com
Topic 3, Scanning
Why would an attacker want to perform a scan on port 137?
A.
To discover proxy servers on a network
B.
To disrupt the NetBIOS SMB service on the target host
C.
To check for file and print sharing on Windows systems
D.
To discover information about a target host using NBTSTAT
To discover information about a target host using NBTSTAT
Explanation: Microsoft encapsulates netbios information within
TCP/Ip using ports 135-139. It is trivial for an attacker to issue the
following command:
nbtstat -A (your Ip address)
from their windows machine and collect information about your windows
machine (if you are not blocking traffic to port 137 at your borders).
Which of the following systems would not respond correctly to an nmap XMAS
scan?
A.
Windows 2000 Server running IIS 5
B.
Any Solaris version running SAMBA Server
C.
Any version of IRIX
D.
RedHat Linux 8.0 running Apache Web Server
Windows 2000 Server running IIS 5
Explanation: When running a XMAS Scan, if a RST packet is received, the port is
considered closed, while no response means it is open|filtered. The big downside is that
not all systems follow RFC 793 to the letter. A number of systems send RST responses to
the probes regardless of whether the port is open or not. This causes all of the ports to be
labeled closed. Major operating systems that do this are Microsoft Windows, many Cisco
devices, BSDI, and IBM OS/400.
A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different
sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the
ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this
information?
A.
The packets were sent by a worm spoofing the IP addresses of 47 infected sites
B.
ICMP ID and Seq numbers were most likely set by a tool and not by the operating
system
C.
All 77 packets came from the same LAN segment and hence had the same ICMP ID
and Seq number
D.
13 packets were from an external network and probably behind a NAT, as they had an
ICMP ID 0 and Seq 0
ICMP ID and Seq numbers were most likely set by a tool and not by the operating
system
Exhibit:
Please study the exhibit carefully.
Which Protocol maintains the communication on that way?
A.
UDP
B.
IP
C.
TCP
D.
ARP
E.
RARP
TCP
Explanation: A TCP connection is always initiated with the 3-way handshake, which
establishes and negotiates the actual connection over which data will be sent.
Bob has been hired to perform a penetration test on ABC.com. He begins by looking
at IP address ranges owned by the company and details of domain name
registration. He then goes to News Groups and financial web sites to see if they are
leaking any sensitive information of have any technical details online.
Within the context of penetration testing methodology, what phase is Bob involved
with?
A.
Passive information gathering
.
B.
Active information gathering
C.
Attack phase
D.
Vulnerability Mapping
Passive information gathering
.
Explanation: He is gathering information and as long as he doesn’t make contact with any
of the targets systems he is considered gathering this information in a passive mode.
| Page 8 out of 153 Pages |
| Previous |