MK0-201 Demo and Sample
Note: Answers are below each question.
Samples are taken from full version.
D. IP Poisoning
When a network switch receives a very large quantity of random MAC addresses which would overfill the Content Addressable Memory (CAM) table, how will the switch react?
It will drop packets until the tables are cleared and then will resume normal processing
It will drop the oldest entries in the CAM table to make room for the new packets and will continue working normally
It will revert to being a HUB and will broadcast all traffic on each of the ports
It is impossible to flood the MAC tables because of their very large size
Jhezza has just arrived at her office and she is checking her stock portfolio as she does every day.She connects to her broker web site and decides to buy some stocks that are highly recommended. She makes use of her special Portfolio Credit Card because she wishes to collect travel points.This is the only online site where Jhezza uses this specific card. Jhezza always ensures there is a secure connection established by looking at the lock icon at the bottom of her browser window.A few weeks later, Jhezza realized that someone has compromised her credit card number and has been doing fraudulent transactions online, the first of which is on the same day she used it to buy stocks from her office.How did the card number get compromised?
By a Man in the middle attack
By someone who read her emails
By someone who was able to perform a FTP server spoofing
By a Meet in the middle attack, which compromises encryption
You have just attempted to perform DNS poisoning on the local network DNS server and did not
succeed; you decide to launch an attack against routing tables instead.Which of the following
would NOT be an effective way of attempting to manipulate the routing table on the local
network or through its gateway?
By using a source route attack
By using ICMP redirect messages
By advertising bogus OSDF routes
By advertising bogus RIP routes
This technique consists of using social skills to trick someone into revealing information they should not usually release to unauthorized users. What do we call this technique or type of attack?
To uniquely identify an active session, TCPIP protocol will make use of the client IP address and port as well as the destination IP address and port.How are these four elements matched together called?
An attacker must create a spoofed/crafted packet in order to hijack a session.Which of the following would have to be present within the spoofed packet?
The client IP address
The client MAC address
The client port number
The sequence numbers
You have been reading a series of papers on connection hijacking. However, there were contradictions as to which Operating System would be more vulnerable and which one has predictable sequence number generation.Which of the following tools could be used to help you
in evaluating sequence number predictability? Choose two from the list below.
Answer: A, B
Traditional firewalls have serious limitations where the data payload is not being inspected. These firewalls usually tend to work within the lower layer of the OSI model.What layer does traditional firewall monitor?
Layers 2 to 4
Layers 2 to 5
Layers 2 to 6
Layers 1 to 4
Which of the following techniques would be effective to get around some of the blocking rules on certain firewalls?The same technique could be used to avoid detection by Intrusion Detection Systems (IDS) in some cases.
Intrusion Detection Systems have multiple ways to decode the information. Which of the following definitions would best describe Protocol Anomaly Detection within an Intrusion Detection System (IDS) engine?
Interprets the attack as the victim would for greater accuracy
Identifies attacks that are based on condition, not patterns
Compares traffic to RFC standards and reports deviations
Identifies traffic that breaks policy or is not normal for network
One of the challenges when doing large scale security tests is the time required.If you have to scan a class B network it might take you a very long time. Scanrand is a tool that has been optimized to scan a large number of hosts in very little time. It was reported that it was used to scan about 8300 web servers in less than 4 seconds. How does scanrand achieve such an impressive benchmark?
It does not maintain any state
It makes use of multiple Network Interface Cards (NIC)
It has a probabilistic algorithm that can predict if a port is open or not
It does not attempt to use UDP due to the overhead involved
On a Linux system, which of the following files would contain the list of user accounts, their shell, and their home directories?
Pen testing is another area of security where acronyms and expressions abound.What does the term rooting refers to?
Getting access to the root directory
Getting administrator access on a Linux system
Getting administrator access on a Windows system
Planting a worm that will develop and grow within the system
One of your clients has been the victim of a brute force attack against their SSH server.They ask
you what could be done to protect their Linux servers. You propose the use of IPTables (the built
in kernel firewall) to limit connection attempts to protect their servers. You agree with your client to limit connections to the SSH port to a maximum of only three trials per minutes considering there is only one administrator who has a valid need to connect remotely onto this port.If the threshold of three connections is exceeded, the attacker will have to wait for another 60 seconds before it will resume allowing connections again.Which of the following IPTables entry would meet your clients needs?
iptables -A INPUT -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 60 -- hitcount 4 --rttl --name SSH -j DROP
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 -- hitcount 3 --rttl --name SSH -j DROP
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 -- hitcount 4 --rttl --name SSH -j DROP
iptables -A OUTPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60
--hitcount 4 --rttl --name SSH -j DROP
Read more Details »