In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?

A. TCP FIN

B. FTP bounce

C. XMAS

D. TCP SYN

Which of the following tools can be used to perform brute force attack on a remote database? Each correct answer represents a complete solution. (Choose all that apply.)

A. SQLBF

B. SQLDict

C. FindSA

D. nmap

Mark works as a Network Administrator for Perfect Inc. The company has both wired and wireless networks. An attacker attempts to keep legitimate users from accessing services that they require. Mark uses IDS/IPS sensors on the wired network to mitigate the attack. Which of the following attacks best describes the attacker's intentions?

A. Internal attack

B. Reconnaissance attack

C. Land attack

D. DoS attack

Which of the following statements about reconnaissance is true?

A. It describes an attempt to transfer DNS zone data.

B. It is a computer that is used to attract potential intruders or attackers.

C. It is any program that allows a hacker to connect to a computer without going through the normal authentication process.

D. It is also known as half-open scanning.

Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen.

Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections.

Which of the following steps of the incident handling process is being performed by Adam?

A. Recovery

B. Eradication

C. Identification

D. Containment

You are an incident handler from a Fortune 500 oil and gas company. While reviewing the Data Loss Prevention (DLP) email software alerts, you find an email with Personally Identifiable Information (PII) in an attachment. The email is listed

below.

"From: John Smith

To: Frank Esler

Sub: Stuff

Frank, enclosed is the data you asked for. I will be sending you my bank details shortly for you to deposit the money that we discussed.

Attachment: Stuff.doc"

When analyzing the attachment, you discovered that the document had detailed information on the budget, the companies that your corporation is going to acquire within the next quarter along with the personal information of the individuals

who are involved in the purchase. You had determined that the DLP alert was based on a signature that alerted on a phone number typo that was formatted like a social security number in the document. How would you proceed with your

analysis in this situation?

A. Do not report this, since it was a false alarm by the DLP software and there was no PII enclosed

B. Do not report this, since I know Frank and he would not use this information even if emailed to him

C. Report this as a probable malware incident, since the "stuff.doc" file looks suspicious

D. Report this as a possible insider threat incident, since John has sent out confidential information

Which of the following is a common method for hosts to be infected with bot software?

A. HTTP Proxies

B. Open Relays

C. Rootkits

D. Worms

Which tool can sniff probe requests from a wireless client, pretend to be the client's legitimate access point, and offer fake network services to the client?

A. InSSider

B. Aircrack-ng

C. Karmetasploit

D. Wellenreiter

Which line in the following Ducky script is sent to approve the Windows UAC warning?

A. 8

B. 10

C. 5

D. 6

E. 3

What built-in Windows tool can be used to collect Active Directory database data and the SYSTEM registry hive for off-line password cracking?

A. ntdsutil

B. procdump

C. sysmon

D. psinfo