- Email support@dumps4free.com
Topic 1: Exam Pool A
You have the SOA presented below in your Zone.
Your secondary servers have not been able to contact your primary server to synchronize
information. How long will the secondary servers attempt to contact the primary server
before it considers that zone is dead and stops responding to queries?
collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)
A.
One day
B.
One hour
C.
One week
D.
One month
One week
Your company was hired by a small healthcare provider to perform a technical assessment
on the network.
What is the best approach for discovering vulnerabilities on a Windows-based computer?
A.
Use the built-in Windows Update tool
B.
Use a scan tool like Nessus
C.
Create a disk image of a clean Windows installation
D.
Check MITRE.org for the latest list of CVE findings
Use a scan tool like Nessus
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple,
small sized packets to the target computer, making it very difficult for an IDS to detect the
attack signatures. Which tool can be used to perform session splicing attacks?
A.
tcpsplice
B.
Burp
C.
Hydra
D.
Whisker
Whisker
Explanation:
«Many IDS reassemble communication streams; hence, if a packet is not received within a
reasonable period, many IDS stop reassembling and handling that stream. If the
application under attack keeps a session active for a longer time than that spent by the IDS
on reassembling it, the IDS will stop. As a result, any session after the IDS stops reassembling the sessions will be susceptible to malicious data theft by attackers. The IDS
will not log any attack attempt after a successful splicing attack. Attackers can use tools
such as Nessus for session splicing attacks.»
Did you know that the EC-Council exam shows how well you know their official book? So,
there is no "Whisker" in it. In the chapter "Evading IDS" -> "Session Splicing", the
recommended tool for performing a session-splicing attack is Nessus. Where Wisker came
from is not entirely clear, but I will assume the author of the question found it while copying
Wikipedia.
https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques
One basic technique is to split the attack payload into multiple small packets so that the
IDS must reassemble the packet stream to detect the attack. A simple way of splitting
packets is by fragmenting them, but an adversary can also simply craft packets with small
payloads. The 'whisker' evasion tool calls crafting packets with small payloads 'session
splicing'.
By itself, small packets will not evade any IDS that reassembles packet streams. However,
small packets can be further modified in order to complicate reassembly and detection.
One evasion technique is to pause between sending parts of the attack, hoping that the
IDS will time out before the target computer does. A second evasion technique is to send
the packets out of order, confusing simple packet re-assemblers but not the target
computer.
NOTE: Yes, I found scraps of information about the tool that existed in 2012, but I can not
give you unverified information. According to the official tutorials, the correct answer is
Nessus, but if you know anything about Wisker, please write in the QA section. Maybe this
question will be updated soon, but I'm not sure about that.
“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one
offered on the premises, but actually has been set up to eavesdrop on wireless
communications. It is the wireless version of the phishing scam. An attacker fools wireless
users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a
legitimate provider. This type of attack may be used to steal the passwords of
unsuspecting users by either snooping the communication link or by phishing, which
involves setting up a fraudulent web site and luring people there.”
Fill in the blank with appropriate choice.
Evil Twin Attack
Explanation:
https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)
An evil twin attack is a hack attack in which a hacker sets up a fake Wi-Fi network that
looks like a legitimate access point to steal victims’ sensitive details. Most often, the victims
of such attacks are ordinary people like you and me.
The attack can be performed as a man-in-the-middle (MITM) attack. The fake Wi-Fi access
point is used to eavesdrop on users and steal their login credentials or other sensitive
information. Because the hacker owns the equipment being used, the victim will have no
idea that the hacker might be intercepting things like bank transactions.
An evil twin access point can also be used in a phishing scam. In this type of attack, victims
will connect to the evil twin and will be lured to a phishing site. It will prompt them to enter
their sensitive data, such as their login details. These, of course, will be sent straight to the
hacker. Once the hacker gets them, they might simply disconnect the victim and show that
the server is temporarily unavailable.
ADDITION: It may not seem obvious what happened. The problem is in the question
statement. The attackers were not Alice and John, who were able to connect to the network
without a password, but on the contrary, they were attacked and forced to connect to a fake
network, and not to the real network belonging to Jane.
To determine if a software program properly handles a wide range of invalid input, a form of
automated testing can be used to randomly generate invalid input in an attempt to crash
the program.
What term is commonly used when referring to this type of testing?
A.
Randomizing
B.
Bounding
C.
Mutating
D.
Fuzzing
Fuzzing
| Page 5 out of 114 Pages |
| Previous |