Cyber Criminals have long employed the tactic of masking their true identity. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine, by "spoofing" the IP address of that machine.

How would you detect IP spoofing?

A. Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet

B. Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet

C. Turn on 'Enable Spoofed IP Detection' in Wireshark, you will see a flag tick if the packet is spoofed

D. Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet

An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem?

A. Install patches

B. Setup a backdoor

C. Install a zombie for DDOS

D. Cover your tracks

Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet: How can you protect/fix the problem of your application as shown above?

A. Because the counter starts with 0, we would stop when the counter is less than 200

B. Because the counter starts with 0, we would stop when the counter is more than 200

C. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data

D. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data

You generate MD5 128-bit hash on all files and folders on your computer to keep a baseline check for security reasons?

What is the length of the MD5 hash?

A. 32 character B. 64 byte

C. 48 char

D. 128 kb

Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

A. Dictionary attack

B. Brute forcing attack

C. Hybrid attack

D. Syllable attack

E. Rule-based attack

Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's

first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the

website. James types in the following statement in the username field:

SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'

What will the SQL statement accomplish?

A. If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin

B. This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com

C. This Select SQL statement will log James in if there are any users with NULL passwords

D. James will be able to see if there are any default user accounts in the SQL database

During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

A. The tester must capture the WPA2 authentication handshake and then crack it.

B. The tester must use the tool inSSIDer to crack it using the ESSID of the network.

C. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.

D. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

A. Recipient's private key

B. Recipient's public key

C. Master encryption key

D. Sender's public key

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

A. Harvesting

B. Windowing

C. Hardening

D. Stealthing

An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?

A. Classified

B. Overt

C. Encrypted

D. Covert