SANS Hacker Tools, Techniques, Exploits and Incident Handling (SEC504) Free Practice Test
Question 1
You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and
placement. Which of the following steps are you using to perform hacking?
placement. Which of the following steps are you using to perform hacking?
Correct Answer: C
Question 2
Which of the following HTTP requests is the SQL injection attack?
Correct Answer: A
Question 3
Which of the following tools can be used for stress testing of a Web server?
Each correct answer represents a complete solution. Choose two.
Each correct answer represents a complete solution. Choose two.
Correct Answer: B,D
Question 4
Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1.Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.
2.Reducing noise by adjusting color and averaging pixel value.
3.Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?
1.Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.
2.Reducing noise by adjusting color and averaging pixel value.
3.Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?
Correct Answer: A
Question 5
Which of the following types of channels is used by Trojans for communication?
Correct Answer: C
Question 6
You work as a System Administrator for Happy World Inc. Your company has a server named uC1 that runs Windows Server 2008. The Windows Server virtualization role service is installed on the uC1 server which hosts one virtual machine that also runs Windows Server 2008. You are required to install a new application on the virtual machine. You need to ensure that in case of a failure of the application installation, you are able to quickly restore the virtual machine to its original state.
Which of the following actions will you perform to accomplish the task?
Which of the following actions will you perform to accomplish the task?
Correct Answer: A
Question 7
Which of the following types of attacks come under the category of hacker attacks? Each correct answer represents a complete solution. Choose all that apply.
Correct Answer: B,C
Question 8
Which of the following reads and writes data across network connections by using the TCP/IP protocol?
Correct Answer: B
Question 9
In which of the following attacks does an attacker create the IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system?
Correct Answer: B
Question 10
Victor wants to send an encrypted message to his friend. He is using certain steganography technique to accomplish this task. He takes a cover object and changes it accordingly to hide information. This secret information is recovered only when the algorithm compares the changed cover with the original cover.
Which of the following Steganography methods is Victor using to accomplish the task?
Which of the following Steganography methods is Victor using to accomplish the task?
Correct Answer: A
Question 11
Which of the following wireless network security solutions refers to an authentication process in which a user can connect wireless access points to a centralized server to ensure that all hosts are properly authenticated?
Correct Answer: D
Question 12
Which of the following are based on malicious code?
Each correct answer represents a complete solution. Choose two.
Each correct answer represents a complete solution. Choose two.
Correct Answer: B,C
Question 13
Which of the following tools is described in the statement given below?
"It has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI scripts. Moreover, the database detects DdoS zombies and Trojans as well."
"It has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI scripts. Moreover, the database detects DdoS zombies and Trojans as well."
Correct Answer: D
Question 14
Maria works as a professional Ethical Hacker. She is assigned a project to test the security of www.we-are-secure.com. She wants to test a DoS attack on the We-are-secure server. She finds that the firewall of the server is blocking the ICMP messages, but it is not checking the UDP packets. Therefore, she sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the We-are-secure server. Which of the following DoS attacks is Maria using to accomplish her task?
Correct Answer: C
Question 15
Maria works as a professional Ethical Hacker. She has been assigned the project of testing the security of www.gentech.com. She is using dumpster diving to gather information about Gentech Inc.
In which of the following steps of malicious hacking does dumpster diving come under?
In which of the following steps of malicious hacking does dumpster diving come under?
Correct Answer: C