NVST TEST 2

1.

1 point

Which of the following is a class C address?

168.28.10.165

128.10.54.120

193.10.160.45

92.200.138.24

2.

1 point

*Which of the following SuperScan4's tool is used to uncover the users account list?

Scan Options

Users Discovery

Host and Service Discovery

Windows Enumeration

3.

1 point

Password cracking involves _______________.

Guessing password using an automated tool.

Mounting a keylogger software in a computer to capture typed password.

Password decrypting using an automated tool.

Stealing the encrypted password representations and trying to recover the original clear text password using an automated tool.

4.

1 point

IP addresses beginning with 127 decimal are reserved for ___________.

reserved for loopback

for external testing

for future use

Unknown class

5.

1 point

*Which of the following is NOT a defence against Physical Break-in Attack?

Use automatic password-protected screen savers

Educate employees about the dangers of letting people in the building without checking their credentials

A guard at front door or install a card reader for facility accessing

All computer users must be trained not to give sensitive information away to friendly callers

6.

1 point

Which of the following protocol does Ethereal indicate when pinging a computer?

Internet Control Message Protocol (ICMP)

Transmission Control Protocol(TCP)

Domain Name System (DNS)

Address Resolution Protocol (ARP)

7.

1 point

*Which of the following protocols transmit sensitive information in clear text?

FTP and Telnet

Telnet and TCP

FTP and TCP

TCP and ARP

8.

1 point

A(n) _______ is a manner of manipulating software to result in undesired behaviour.

exploit

external probing

heap overflow

buffer overflow

9.

1 point

*The exploitation of resources can be performed in many ways. Some of the more common ways are:
i. Technical Vulnerability Exploitation
ii. Denial of Service
iii. Information Gathering
iv. Social Engineering

ii, iii and iv;

i and ii;

i, ii and iii;

i, ii, iii and iv.

10.

1 point

*Which of the following are the basic types of hackers attack?
i. Denial of Service Attack
ii. Repudiation Attack
iii. Access Attack
iv. Modification Attack

i, ii and iii;

i, ii, iii and iv.

i, iii and iv;

i, ii and iv;

11.

1 point

Each of the following protocols can be used by TCP for transmissions over the Internet except _________.

HyperText Transfer Protocol (HTTP)

Internet Transfer Protocol (ITP)

Post Office Protocol (POP)

File Transfer Protocol (FTP)

12.

1 point

Which one of the following is not true about a web server?

The default port for a web server is port 80.

The browser client must specify the port if not using well-known port 80.

A web server must always run on port 80.

A commonly used alternate port for web servers is 8080.

13.

1 point

Which one of the following best describes the type of attack designed to bring a network to a halt by flooding the systems with useless traffic?

Social engineering

DoS

Ping of death

Teardrop

14.

1 point

Which of the following is Not the correct method to defense against bots, backdoors & spyware?

Knowing Your hardware

Knowing Your Software

Use Antivirus and Antispyware Tools

Looking for Unusual TCP and UDP ports

15.

1 point

*An attacker gathers the following types of reconnaissance data from company's own web site except _________.

existing technologies

recent mergers and acquisitions

hardware models

business partner

16.

1 point

*The most important elements of Google’s technology are:
i. The Google bots
ii. The Google index
iii. The Google cache
iv. The Google API

ii, iii and iv;

i, ii and iv;

i, ii and iii;

i, ii, iii and iv.

17.

1 point

Starting with Windows XP Service pack 2 and Windows Server 2003 Service Pack 1, Microsoft's OS provides a feature called _____________ to support non-executable stack or heap capabilities.

Memory Execution Prevention

Data Execution Prevention

Stack Overflow Prevention

Buffer Overflow Prevention

18.

1 point

A _____ is an error condition in a software program that allows malicious code to be injected and put into operation without user intervention.

Buffer overflow

Syntax overflow

Software overflow

Semantic overflow

19.

1 point

*Which of the following is the best method for preventing social engineering attacks?

Security tokens

User education

Encryption

Biometric devices

20.

1 point

Consider the situation in which an intervening entity such as a firewall blocks direct access to a target system. Resourceful attackers can find their way around these obstacles using __.

ftp

denial-of-Service

telnet

port redirection