Duane is a clever attacker,he has penertrated a system and wishes to hide some files within other files on the file system.Which of the following could be used by Duane to attempt hiding files within the file system?

A. Attrib

B. HideNSeek

C. Chgrp

D. Alternate Data Stream

Mae i a keen system administration; she constantly monitors the mailing list for best practices that are being used out in the field.On the servers that she maintains,Mae has renamed the administrator account to another name to avoid abuse from crackers.However,she found out that it was possible using the sid2user tool to find the new name she used for the administrator account.Mae does not understand; she has NOT shared this name with anyone.How can this be?What is the most likely reason?

A. Her system have been compromised

B. Renaming the administrator account does not change the SID

C. She has not applied all of the patches

D. Someone social engineered her

Which of the following capabilities do rootkits have?Choose all that apply.

A. Hide any file

B. Hide any process

C. Hide any listening port

D. Cause a blue screen of death on Windows computers.

Which of the following password and encryption cracking methods is guaranteed to successfully crack any password or encryption algorithm?

A. Dictionary

B. Hybrid

C. Brute Force

D. RainbowCrack

A Windows computer that has not been hardened properly might allow NULL connection from a remote host.

Which of the following commands would be used by a remote attacker to attempt connecting using NULL session?

A. net use \\servername\ipc$NULL/u

B. net use \\servername\ipc$u:

C. net share \\servername\ipc$/u:

D. net use \\servername\ipc$/u:NULL

Which of the following is NOT a tool that could be used to perform a zone transfer?

A. DIG

B. Host

C. Nslookup

D. WHOIS

What technology has made trojans easy to distribute?Choose the best answer.

A. Digitally Signed Software

B. Assembly language

C. EXE wrappers

D. Personal firewall software

Julius has been hired to perform a test on TestKing.com networks.

Julius knows that TestKing.com has a large team of security administrators who are very proactive in their security approach. Most likely there are some Intrusion Detection Systems (IDS) in place that would quickly identify Julius IP

address and he would then be blocked from accessing the network he is supposed to test.

How can Julius avoid having his IP address identified and then blocked?

Which of the following would be the most practical solution and the easiest to implement?

A. By using public key encryption;it is well known that IDS cannot make any sense of encrypted traffic and they would not be able to determine the source of the probes

B. By using Secure Socket Layer (SSL) Which will shield the intruder from the IDS and they wont be able to determine the source of the probes

C. By using only computers within the local internet caf.All traffic will be traced to the internet caf instead of being traced to the security tester

D. By using an internet anonymizer instead of connecting directly to the target.The anonymizer will shield the real source of the probes.

Johny has been trying to defeat a crypto system for some time. He has in his possession a whole

collection of ciphertext documents that were captured from the network.

However,he does not know what algorithm or plain text was used to create this ciphertext.

Through statistical analysis he is attempting to decipher the encrypted text.

What would you call such an attack?

A. Known Plaintext attack

B. Ciphertext Only Attack

C. Chosen Ciphertext Attack

D. Chosen Plaintext Attack

Most search engine support Advanced Search Operators; as a Penetrtion Tester you must be familiar with some of the larger search engines such as Geogle.There is a wealth of information to be gathered from these public databases.Which of the following operators would you use if you attempt to find an older copy of a website that might have information which is no longer available on the target website?

A. Link:

B. InCache:

C. Cache:

D. Related: