Question 1

The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the

host

10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he

applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access

the Internet. According to the next configuration, what is happening in the network?

access-list 102 deny tcp any any

access-list 104 permit udp host 10.0.0.3 any

access-list 110 permit tcp host 10.0.0.2 eq www any

access-list 108 permit tcp any eq ftp any

Options :

A : The ACL 104 needs to be first because is UDP

B : The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

C : The ACL for FTP must be before the ACL 110

D : The ACL 110 needs to be changed to port 80

Answer: B

Question 2

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

Options :

A : Produces less false positives

B : Can identify unknown attacks

C : Requires vendor updates for a new threat

D : Cannot deal with encrypted network traffic

Answer: B

Question 3

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

Options :

A : A biometric system that bases authentication decisions on behavioral attributes.

B : A biometric system that bases authentication decisions on physical attributes.

C : An authentication system that creates one-time passwords that are encrypted with secret keys.

D : An authentication system that uses passphrases that are converted into virtual passwords.

Answer: C

Question 4

Daniel Is a professional hacker who Is attempting to perform an SQL injection attack on a target website. www.movlescope.com. During this process, he encountered an IDS that detects SQL Injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘'or '1'='1" In any bask injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.

Options :

A : Null byte

B : IP fragmentation

C : Char encoding

D : Variation

Answer: D

Question 5

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's

access-list as below:

You are hired to conduct security testing on their network.

You successfully brute-force the SNMP community string using a SNMP crack tool.

The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router. How would you proceed?

Options :

A : Use the Cisco-s TFTP default password to connect and download the configuration file

B : Run a network sniffer and capture the returned traffic with the configuration file from the router

C : Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

D : Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Answer: B,D