Gcia Tools

Embed Size (px)

Citation preview

  • 8/2/2019 Gcia Tools

    1/17

    QUESTION NO: 12This is a Windows-based tool that is used for the detection of wireless LANs using theIEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools areas follows: It displays the signal strength of a wireless network, MAC address, SSID,channel details, etc. It is commonly used for the following purposes:

    A. War drivingB. Detecting unauthorized access pointsC. Detecting causes of interference on a WLAND. WEP ICV error trackingE. Making Graphs and Alarms on 802.11 Data, including Signal StrengthAnswer: D

    QUESTION NO: 14Adam works as a Security Analyst for Umbrella Inc. He is performing real-time trafficanalysis on IP networks using Snort. Adam is facing problems in analyzing intrusiondata. Which of the following software combined with Snort can Adam use to get a visualrepresentation of intrusion data?Each correct answer represents a complete solution. Choose all that apply.A. Basic Analysis and Security Engine (BASE)B. sguilC. KFSensorD. OSSIMAnswer: A,B,D

    QUESTION NO: 19Which of the following statements are true about snort?Each correct answer represents a complete solution. Choose all that apply.A. It develops a new signature to find vulnerabilities.

    B. It detects and alerts a computer user when it finds threats such as buffer overflows,stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and otherport scanners, well known backdoors and system vulnerabilities, and DDoS clients.C. It encrypts the log file using the 256 bit AES encryption scheme algorithm.D. It is used as a passive trap to record the presence of traffic that should not be foundon a network, such as NFS or Napster connections.Answer: A,B,D

    QUESTION NO: 20Allen works as a professional Computer Hacking Forensic Investigator. A project hasbeen assigned to him to investigate a computer, which is used by the suspect to

    sexually harass the victim using instant messenger program. Suspect's computer runson Windows operating system. Allen wants to recover password from instantmessenger program, which suspect is using, to collect the evidence of the crime. Allenis using Helix Live for this purpose. Which of the following utilities of Helix will he use toaccomplish the task?A. Asterisk LoggerB. Access PassViewC. Mail Pass View

  • 8/2/2019 Gcia Tools

    2/17

    D. MessenPassAnswer: D

    QUESTION NO: 21Which of the following tools are used to determine the hop counts of an IP packet?

    Each correct answer represents a complete solution. Choose two.A. TRACERTB. PingC. IPCONFIGD. NetstatAnswer: A,B

    QUESTION NO: 24Adam works as a professional Computer Hacking Forensic Investigator. A project hasbeen assigned to him to investigate a multimedia enabled mobile phone, which issuspected to be used in a cyber crime. Adam uses a tool, with the help of which he canrecover deleted text messages, photos, and call logs of the mobile phone. Which of thefollowing tools is Adam using?A. FAUB. FTK ImagerC. GalletaD. Device SeizureAnswer: D

    QUESTION NO: 26Which of the following tools performs comprehensive tests against web servers formultiple items, including over 6100 potentially dangerous files/CGIs?A. Dsniff

    B. SnortC. NiktoD. SnifferAnswer: C

    QUESTION NO: 30You work as a Network Administrator for Tech Perfect Inc. Your company has aWindows 2000-based network. You want to verify the connectivity of a host in thenetwork. Which of the following utilities will you use?A. PINGB. TELNET

    C. NETSTATD. TRACERTAnswer: A

    QUESTION NO: 35John works as a professional Ethical Hacker. He has been assigned a project to test thesecurity of www.we-are-secure.com. John wants to redirect all TCP port 80 traffic to

  • 8/2/2019 Gcia Tools

    3/17

    UDP port 40, so that he can bypass the firewall of the We-are-secure server. Which ofthe following tools will John use to accomplish his task?A. PsExecB. PsListC. Fpipe

    D. CainAnswer: C

    QUESTION NO: 41Which of the following commands will you use with the tcpdump command to displaythe contents of the packets?A. tcpdump -qB. tcpdump -vC. tcpdump -nD. tcpdump AAnswer: D

    QUESTION NO: 42You work as a technician for Net Perfect Inc. You are troubleshooting a connectivityissue on a network. You are using the pingcommand to verify the connectivity betweentwo hosts. You want ping to send larger sized packets than the usual 32-byte ones.Which of the following commands will you use?A. ping -aB. ping -4C. ping -tD. pinglAnswer: D

    QUESTION NO: 51Adam works as a professional Computer Hacking Forensic Investigator, a project hasbeen assigned to him to investigate and examine files present on suspect's computer.Adam uses a tool with the help of which he can examine recovered deleted files,fragmented files, and other corrupted data. He can also examine the data, which wascaptured from the network, and access the physical RAM, and any processes running invirtual memory with the help of this tool. Which of the following tools is Adam using?A. VeditB. WinHexC. HxDD. Evidor

    Answer: B

    QUESTION NO: 52A firewall is a combination of hardware and software, used to provide security to anetwork. It is used to protect an internal network or intranet against unauthorized accessfrom the Internet or other outside networks. It restricts inbound and outbound accessand can analyze all traffic between an internal network and the Internet. Users can

  • 8/2/2019 Gcia Tools

    4/17

    configure a firewall to pass or block packets from specific IP addresses and ports.Which of the following tools works as a firewall for the Linux 2.4 kernel?A. IPTablesB. OpenSSHC. IPChains

    D. StunnelAnswer: A

    QUESTION NO: 60Which of the following password cracking tools can work on the Unix and Linuxenvironment?A. BrutusB. John the RipperC. Cain and AbelD. OphcrackAnswer: B

    QUESTION NO: 65Mark works as the Network Administrator of a Windows 2000 based network. Thenetwork has a DNS server installed. He experiences host name resolution problems onthe network. In order to rectify the situation, he wants to troubleshoot DNSnameresolution problems on the network. Which of the following tools will he use to do this?A. NSLOOKUPB. IPCONFIGC. NBTSTATD. NETSTATAnswer: A

    QUESTION NO: 68Which of the following tools is used to detect spam email without checking the content?A. KismetB. EtherApeC. DCCD. SnifferAnswer: C

    QUESTION NO: 71Which of the following commands in MQC tool matches IPv4 and IPv6 packets when IPparameter is missing?

    A. Match access-groupB. Match fr-dlciC. Match IP precedenceD. Match cosAnswer: C

    QUESTION NO: 76

  • 8/2/2019 Gcia Tools

    5/17

    Nathan works as a professional Ethical Hacker. He wants to see all open TCP/IP andUDP ports of his computer. Nathan uses the netstatcommand for this purpose but he isstill unable to map open ports to the running process with PID, process name, and path.Which of the following commands will Nathan use to accomplish the task?A. ping

    B. PsloggedonC. PslistD. fportAnswer: D

    QUESTION NO: 77Which of the following tools is used to analyze the files produced by several popularpacketcapture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?A. FpipeB. tcptracerouteC. SnifferD. tcptraceAnswer: D

    QUESTION NO: 86Which of the following tools in Helix Windows Live is used to reveal the databasepassword of password protected MDB files created using Microsoft Access or with JetDatabase Engine?A. Asterisk loggerB. Access Pass ViewC. FAUD. GalletaAnswer: B

    QUESTION NO: 90Which of the following tools is used to detect wireless LANs using the 802.11b, 802.11a,and 802.11g WLAN standards on the Windows platform?A. CainB. AiroPeekC. NetStumblerD. SnortAnswer: C

    QUESTION NO: 92

    Host-based IDS (HIDS) is an Intrusion Detection System that runs on the system to bemonitored. HIDS monitors only the data that it is directed to, or originates from thesystem on which HIDS is installed. Besides monitoring network traffic for detectingattacks, it can also monitor other parameters of the system such as running processes,file system access and integrity, and user logins for identifying malicious activities.Which of the following tools are examples of HIDS?Each correct answer represents a complete solution. Choose all that apply.A. HPing

  • 8/2/2019 Gcia Tools

    6/17

    B. BlackIce DefenderC. TripwireD. LegionAnswer: B,C

    QUESTION NO: 95What is the function of TRACERT utility?A. Trace the path taken by TCP/IP packets to a remote computer.B. Provide the host name of the routing device.C. Trace the MAC address of the target host's network adapter.D. Provide DNS server address.Answer: A

    QUESTION NO: 109Which of the following commands will you use to display ARP packets in the snort-output?A. snort -v -i eth 0B. snort -d -v -i eth 0C. snort -dev -i eth 0D. snort -deva -i eth 0Answer: D

    QUESTION NO: 111Which of the following command-line utilities is used to show the state of current TCP/IPconnections?A. PINGB. TRACERTC. NETSTAT

    D. NSLOOKUPAnswer: C

    QUESTION NO: 113Which of the following tools is described below?It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some ofits tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highlyeffective for sniffing both switched and shared networks. It uses the arpredirect andmacof tools for switching across switched networks. It can also be used to captureauthentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.A. Dsniff

    B. LibnidsC. CainD. LIDSAnswer: A

    QUESTION NO: 114Adam works as a professional Computer Hacking Forensic Investigator. He has beencalled by the FBI to examine data of the hard disk, which is seized from the house of a

  • 8/2/2019 Gcia Tools

    7/17

    suspected terrorist. Adam decided to acquire an image of the suspected hard drive. Heuses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA,SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash whilecapturing the data. Which of the following tools is Adam using?A. ImageMASSter Solo-3

    B. ImageMASSter 4002iC. FireWire DriveDockD. Wipe MASSterAnswer: A

    QUESTION NO: 125The promiscuous mode is a configuration of a network card that makes the card pass alltraffic it receives to the central processing unit rather than just packets addressed to it.Which of the following tools works by placing the host system network card into thepromiscuous mode?A. NetStumblerB. SnortC. THC-ScanD. SnifferAnswer: D

    QUESTION NO: 131Which of the following tools allows an attacker to intentionally craft the packets to gainunauthorized access?Each correct answer represents a complete solution. Choose two.A. TcpdumpB. EttercapC. Mendax

    D. FragrouteAnswer: C,D

    QUESTION NO: 162You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network. You want to get the protocol statistics and the active TCP/IP networkconnections of your computer. Which of the following will you use?A. IPSTATB. SNMPC. ARPD. NBTSTAT

    E. NETSTATAnswer: E

    QUESTION NO: 167John works as a professional Ethical Hacker. He has been assigned the project oftesting the security of www.we-are-secure.com. He wants to send malicious datapackets in such a manner that one packet fragment overlaps data from a previous

  • 8/2/2019 Gcia Tools

    8/17

    fragment so that he can perform IDS evasion on the We-are-secure server and executemalicious data. Which of the following tools can he use to accomplish the task?A. HuntB. Alchemy Remote ExecutorC. Mendax

    D. EttercapAnswer: C

    QUESTION NO: 176Trinity wants to send an email to her friend. She uses the MD5 generator to calculatecryptographic hash of her email to ensure the security and integrity of the email. MD5generator,which Trinity is using operates in two steps: Creates check fileVerifies the check file Which of the following MD5 generators is Trinity using?A. Secure Hash Signature GeneratorB. Mat-MD5C. Chaos MD5D. MD5 Checksum VerifierAnswer: D

    QUESTION NO: 182You work as a professional Computer Hacking Forensic Investigator. A project hasbeen assigned to you to investigate Plagiarism occurred in the source code files of C#.Which of the following tools will you use to detect the software plagiarism?A. VASTB. JplagC. SCAMD. TurnitinAnswer: B

    QUESTION NO: 189Which of the following tools is an open source protocol analyzer that can capture trafficin real time?A. NetresidentB. SnortC. WiresharkD. NetWitnessAnswer: C

    QUESTION NO: 203

    An attacker changes the address of a sub-routine in such a manner that it begins topoint to the address of the malicious code. As a result, when the function has beenexited, the application can be forced to shift to the malicious code. The image givenbelow explains this phenomenon: Which of the following tools can be used as acountermeasure to such an attack?A. ObiwanB. SmashGuardC. Kismet

  • 8/2/2019 Gcia Tools

    9/17

    D. AbsintheAnswer: B

    QUESTION NO: 211Which of the following tools can be used for passive OS fingerprinting?

    A. digB. nmapC. pingD. tcpdumpAnswer: D

    QUESTION NO: 218Which of the following tools works by using standard set of MS-DOS commands andcan create an MD5 hash of an entire drive, partition, or selected files?A. DriveSpyB. OntrackC. Device SeizureD. Forensic SorterAnswer: A

    QUESTION NO: 221Which of the following programs is used to add words to spam e-mails so that the e-mailis not considered spam and therefore is delivered as if it were a normal message?A. Adler-32B. Hash filtrerC. Hash busterD. ChecksumAnswer: C

    QUESTION NO: 237Which of the following tools is used to detect round-robin-load-balancing?A. tracerouteB. tcptraceC. TCP SYN scanningD. tcptracerouteAnswer: D

    QUESTION NO: 246Which of the following commands will you use with the tcpdump command to capture

    the traffic from a filter stored in a file?A. tcpdump -A file_nameB. tcpdump -D file_nameC. tcpdump -X file_nameD. tcpdump -F file_nameAnswer: D

    QUESTION NO: 248

  • 8/2/2019 Gcia Tools

    10/17

    Which of the following are not functions of the SNORT application?Each correct answer represents a complete solution. Choose two.A. Packet loggingB. Virus detectionC. Hard disk drive scanning

    D. Packet sniffingE. Intrusion detectionAnswer: B,C

    QUESTION NO: 253Which of the following are open-source vulnerability scanners?A. NessusB. NetReconC. HackbotD. NiktoAnswer: A,C,D

    QUESTION NO: 254Which of the following limits the number of packets seen by tcpdump?A. Sender filteringB. IFiltersC. BPF-based filterD. Recipient filteringAnswer: C

    QUESTION NO: 256Which of the following utilities provides information as per the format given below?

    A.TRACERTB. NBTSTATC. NETSTATD. PING

    Answer: A

    QUESTION NO: 261Which of the following commands prints out the headers of packets regarding thebooleanexpression?A. tcpdumpB. vmstat

  • 8/2/2019 Gcia Tools

    11/17

    C. iftopD. iostatAnswer: A

    QUESTION NO: 276

    Which of the following tools is used to store the contents of a TDB (Trivial Database) fileto the standard output when debugging problems with TDB files?A. tcpdumpB. pdbeditC. WinbinddD. tdbdumpAnswer: D

    QUESTION NO: 301John works as a professional Ethical Hacker. He has been assigned a project for testingthe security of www.we-are-secure.com. He scans the We-are-secure server and getsthe following result:sysDescr.0 = STRING. "SunOS we-are-secure.com 4.1.3_U1 1 sun4m"sysObjectID.0 = OID. enterprises.hp.nm.hpsystem.10.1.1sysUpTime.0 = Timeticks: (156474552) 18 days, 12:00:09sysContact.0 = STRING. ""sysName.0 = STRING. "we-are-secure.com"sysLocation.0 = STRING. ""sysServices.0 = INTEGER: 6Which of the following tools is John using to perform the scan?A. snmpwalkB. KismetC. AirMagnet

    D. AiroPeekAnswer: A

    QUESTION NO: 310John works as a Network Security Professional. He is assigned a project to test thesecurity of www.we-are-secure.com. He is working on the Linux operating system andwants to install an Intrusion Detection System on the We-are-secure server so that hecan receive alerts about any hacking attempts. Which of the following tools can Johnuse to accomplish the task?Each correct answer represents a complete solution. Choose all that apply.A. SARA

    B. SnortC. SamhainD. TripwireAnswer: B,C

    QUESTION NO: 316Which of the following programs can be used to detect stealth port scans performed bya malicious hacker?

  • 8/2/2019 Gcia Tools

    12/17

    Each correct answer represents a complete solution. Choose all that apply.A. portsentryB. libnidsC. nmapD. scanlogd

    Answer: A,B,D

    QUESTION NO: 327You work as a Security Professional for PassGuide Inc. The company has a Linux-based network. You want to analyze the network traffic with Snort. You run the followingcommand:snort -v -i eth 0Which of the following information will you get using the above command?Each correct answer represents a complete solution. Choose all that apply.A. Protocol statisticsB. Date stamp on the packetsC. Number of packets received and droppedD. Application layer dataAnswer: A,B,C

    QUESTION NO: 335John works as a Network Administrator for Samtech Inc. He has configured CDP oneach interface of the router. Which of the following commands should he use to list thenumber of CDP advertisements?A. show interfaces [type number]B. show cdp trafficC. show interfaces statusD. show cdp

    Answer: B

    QUESTION NO: 336Which of the following tools can be used to check whether the network interface is inpromiscuous mode or not?A. IPTrafB. MRTGC. ChkrootkitD. NtopAnswer: C

    QUESTION NO: 350Which of the following tools is described below?It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some ofits tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highlyeffective for sniffing both switched and shared networks. It uses the arpredirect andmacof tools for switching across switched networks. It can also be used to captureauthentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.A. LIDS

  • 8/2/2019 Gcia Tools

    13/17

    B. DsniffC. CainD. LibnidsAnswer: B

    QUESTION NO: 373Which of the following software is used for Steganography?A. CryptoForgeB. Fort KnoxC. DsniffD. EthrealAnswer: B

    QUESTION NO: 377Which of the following is not a function of the Snort utility?A. Routing messagesB. Packet sniffingC. Packet loggingD. Intrusion detectionAnswer: A

    QUESTION NO: 380Which of the following snort keywords is used to match a defined payload value?A. contentB. ttlC. idD. msgAnswer: A

    QUESTION NO: 381Which of the following monitors program activities and modifies malicious activities on asystem?A. Back doorB. RADIUSC. HIDSD. NIDSAnswer: C

    QUESTION NO: 384

    Which of the following tools is used to locate lost files and partitions to restore data froma formatted, damaged, or lost partition in Windows and Apple Macintosh computers?A. Easy-UndeleteB. VirtualLabC. File ScavengerD. Recover4all ProfessionalAnswer: B

  • 8/2/2019 Gcia Tools

    14/17

    QUESTION NO: 386Which of the following commands is used to verify the hash value in Netcat?A. typeB. checkC. mount

    D. checksumAnswer: A

    QUESTION NO: 387Which of the following is used to hash the information in Netcat?A. MD5B. SHA-256C. MD5deepD. SHA-1Answer: C

    QUESTION NO: 402Which of the following tools is used to analyze a system and report any unsigneddrivers found?A. regedit.exeB. sigverify.exeC. sigverif.exeD. msconfigAnswer: C

    QUESTION NO: 405Which of the following is an open-source Web server scanner that tests Web servers for

    dangerous files/CGIs, outdated server software?A. NmapB. Internet botC. DsniffD. NiktoAnswer: D

    QUESTION NO: 410Which of the following tools can be used to view active telnet sessions?A. JuggernautB. Cgichk

    C. NiktoD. HackbotAnswer: A

    QUESTION NO: 412Which of the following tools is used to recover data and partitions, and can run onWindows, Linux, SunOS, and Macintosh OS X operating systems?A. GetDataBack

  • 8/2/2019 Gcia Tools

    15/17

    B. Acronis Recovery ExpertC. Active@ Disk ImageD. TestDiskAnswer: D

    QUESTION NO: 416________ is a command-line tool that can check the DNS registration of a domaincontroller.A. NBTSTATB. NETSHC. DNSCMDD. DCDIAGAnswer: D

    QUESTION NO: 420Which of the following tools is a wireless sniffer and analyzer that works on theWindows operating system?A. AeropeekB. Void11C. AirsnortD. KismetAnswer: A

    QUESTION NO: 428Which of the following utilities is used for decrypting WEP encryption on an 802.11bnetwork?A. WiresharkB. NetStumbler

    C. AirsnortD. KismetAnswer: C

    QUESTION NO: 434Which of the following tools is used to collect volatile data over a network?A. LiveviewB. NetcatC. PddD. FTimesAnswer: B

    QUESTION NO: 436Sniffer operates at which layer of the OSI reference model?A. Data LinkB. PhysicalC. TransportD. PresentationAnswer: A

  • 8/2/2019 Gcia Tools

    16/17

    QUESTION NO: 449Which of the following commands is a Packet sniffer?A. tcpdumpB. straceC. nmap

    D. tailAnswer: A

    QUESTION NO: 462Which of the following hacking tools provides shell access over ICMP?A. John the RipperB. LokiC. NessusD. NmapAnswer: B

    QUESTION NO: 463Which of the following is an automated vulnerability assessment tool?A. KismetB. NessusC. SnifferD. SnortAnswer: B

    QUESTION NO: 492Which of the following statements are true about snort?Each correct answer represents a complete solution. Choose all that apply.A. It develops a new signature to find vulnerabilities.

    B. It detects and alerts a computer user when it finds threats such as buffer overflows,stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and otherport scanners, well known backdoors and system vulnerabilities, and DDoS clients.C. It encrypts the log file using the 256 bit AES encryption scheme algorithm.D. It is used as a passive trap to record the presence of traffic that should not be foundon a network, such as NFS or Napster connections.Answer: A,B,D

    QUESTION NO: 494Which of the following tools are used to determine the hop counts of an IP packet?Each correct answer represents a complete solution. Choose two.

    A. TRACERTB. PingC. IPCONFIGD. NetstatAnswer: A,B

    QUESTION NO: 499

  • 8/2/2019 Gcia Tools

    17/17

    Which of the following tools performs comprehensive tests against web servers formultiple items, including over 6100 potentially dangerous files/CGIs?A. DsniffB. SnortC. Nikto

    D. SnifferAnswer: C

    QUESTION NO: 508John works as a professional Ethical Hacker. He has been assigned a project to test thesecurity of www.we-are-secure.com. John wants to redirect all TCP port 80 traffic toUDP port 40, so that he can bypass the firewall of the We-are-secure server. Which ofthe following tools will John use to accomplish his task?A. PsExecB. PsListC. FpipeD. CainAnswer: C