Which of the following describes a suspicious event in the service data below? root@kali:~/volatility# ./vol.py -f ../mem/Desk005.vmem svcscan
A. GREEN: Executables should not be run from temporary folders
B. BLUE: Service names should be all capital letters
C. PURPLE: Services should not be in the STOPPED state
D. YELLOW: Option -k should be followed by -p for svchost
Which of the following Metasploit module types would contain privilege escalation capabilities?
A. Auxiliary
B. Exploit
C. Post
D. Payload
What information is commonly found in both the header and the possession log of a Chain of Custody?
A. Date and time the evidence was requested by the court
B. Date and time the evidence was checked into evidence locker
C. Date and time the evidence was initially collected
D. Date and time the evidence is classified as reliable
An administrator needs to protect his organization's IIS webservers from Cross-Site Scripting attacks. Which action should he take?
A. Use the Anti-XSS library from Microsoft
B. Configure two-factor authentication for clients
C. Use a random element when setting session cookies
D. Configure application whitelisting on the IIS server
When probing for command injection opportunities on a remote host, why would an attacker target her own address space from the remote host?
A. Collection of URL session tokens
B. Legal requirement
C. Verification of a blind attack
D. Detect target's operating system
Examine the image below. What share would a user typically connect to when they execute the NET USE command below? C:\> net use \\10.0.10.123
A. C$
B. tmp
C. IPC$
D. ADMIN$
What built-in Windows tool can be used to collect Active Directory database data and the SYSTEM registry hive for off-line password cracking?
A. ntdsutil
B. procdump
C. sysmon
D. psinfo
How can a system be configured to ignore gratuitous ARPs for specific IP addresses?
A. Use static routing to avoid ARP cache poisoning attacks
B. Hard code the ARP table for specific IP addresses
C. Use the "arp -deny" command
D. Use DNS, which operates at the application layer, instead of ARP, which operates at the data link layer
What is the Linux administrator doing with the commands below?
$ rpcclient -U fezzik florin rpcclient $> lsaenumsid
A. Resolving SIDs to usernames on the target server
B. Displaying the rights associated with a SID on the target server
C. Listing the privileges associated with a SID defined locally on the target server
D. Enumerating the SIDs of all users defined locally on the target server
In addition to special characters, certain keywords in log files may indicate a SQL injection attack. Which words could indicate a SQL injection attack?
A. "language=JavaScript", and "select"
B. "