John works as a C programmer. He develops the following C program:
#include
#include
#include
int buffer(char *str) {
char buffer1[10];
strcpy(buffer1, str);
return 1;
}
int main(int argc, char *argv[]) {
buffer (argv[1]);
printf("Executed\n");
return 1;
}
His program is vulnerable to a __________ attack.
A. SQL injection
B. Denial-of-Service
C. Buffer overflow
D. Cross site scripting
You want to connect to your friend's computer and run a Trojan on it. Which of the following tools will you use to accomplish the task?
A. PSExec
B. Remoxec
C. Hk.exe
D. GetAdmin.exe
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.wearesecure.com. He installs a rootkit on the Linux server of the We-are-secure network.
Which of the following statements are true about rootkits? Each correct answer represents a complete solution. Choose all that apply.
A. They allow an attacker to conduct a buffer overflow.
B. They allow an attacker to set a Trojan in the operating system and thus open a backdoor for anytime access.
C. They allow an attacker to replace utility programs that can be used to detect the attacker's activity.
D. They allow an attacker to run packet sniffers secretly to capture passwords.
Which of the following hacking tools provides shell access over ICMP?
A. John the Ripper
B. Nmap
C. Nessus
D. Loki
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts.
Which of the following attacks is being used by Eve?
A. Replay
B. Firewalking
C. Session fixation
D. Cross site scripting
Which of the following is used by attackers to obtain an authenticated connection on a network?
A. Denial-of-Service (DoS) attack
B. Replay attack
C. Man-in-the-middle attack
D. Back door
An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process.
Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?
A. Soften
B. Rotate
C. Sharpen
D. Blur
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint.
Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?
A. nmap -sS
B. nmap -sU -p
C. nmap -O -p
D. nmap -sT
Which of the following is the difference between SSL and S-HTTP?
A. SSL operates at the application layer and S-HTTP operates at the network layer.
B. SSL operates at the application layer and S-HTTP operates at the transport layer.
C. SSL operates at the network layer and S-HTTP operates at the application layer.
D. SSL operates at the transport layer and S-HTTP operates at the application layer.
Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen.
Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections.
Which of the following steps of the incident handling process is being performed by Adam?
A. Recovery
B. Eradication
C. Identification
D. Containment
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only SANS exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SEC504 exam preparations and SANS certification application, do not hesitate to visit our Vcedump.com to find your solutions here.