412-79 Online Practice Questions and Answers

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

A. Windows computers will not respond to idle scans

B. Linux/Unix computers are constantly talking

C. Linux/Unix computers are easier to compromise

D. Windows computers are constantly talking

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity.

George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

A. net port 22

B. udp port 22 and host 172.16.28.1/24

C. src port 22 and dst port 22

D. src port 23 and dst port 23

Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test. The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?

A. True negatives

B. False negatives

C. False positives

D. True positives

George is a senior security analyst working for a state agency in Florida. His state's congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to implement an IDS as soon as possible before the first audit occurs. The state bill requires that an IDS with a "time-based induction machine" be used. What IDS feature must George implement to meet this requirement?

A. Pattern matching

B. Statistical-based anomaly detection

C. Real-time anomaly detection

D. Signature-based anomaly detection

As a security analyst you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?

A. The employees network usernames and passwords

B. The MAC address of the employees?computers

C. The IP address of the employees computers

D. Bank account numbers and the corresponding routing numbers

Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?

A. Fuzzing

B. Tailgating

C. Man trap attack

D. Backtrapping

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

A. 70 years

B. the life of the author

C. the life of the author plus 70 years

D. copyrights last forever

What TCP/UDP port does the toolkit program netstat use?

A. Port 7

B. Port 15

C. Port 23

D. Port 69

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

A. The system files have been copied by a remote attacker

B. The system administrator has created an incremental backup

C. The system has been compromised using a t0rnrootkit

D. Nothing in particular as these can be operational files

When investigating a Windows System, it is important to view the contents of the page or swap file because:

A. Windows stores all of the systems configuration information in this file

B. This is file that windows use to communicate directly with Registry

C. A Large volume of data can exist within the swap file of which the computer user has no knowledge

D. This is the file that windows use to store the history of the last 100 commands that were run from the command line