An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt the information before transmitting onto the wire?


A. Machine A: netcat -l -p -s password 1234 < testfile
Machine B: netcat <machine A IP> 1234
B. Machine A: netcat -l -e magickey -p 1234 < testfile
Machine B: netcat <machine A IP> 1234
C. Machine A: netcat -l -p 1234 < testfile -pw password
Machine B: netcat <machine A IP> 1234 -pw password
D. Use cryptcat instead of netcat

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?


A. Online Attack
B. Dictionary Attack
C. Brute Force Attack
D. Hybrid Attack

Windows LAN Manager (LM) hashes are known to be weak.
Which of the following are known weaknesses of LM? (Choose three.)


A. Converts passwords to uppercase.
B. Hashes are sent in clear text over the network.
C. Makes use of only 32-bit encryption.
D. Effective length is 7 characters.

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?


A. Block port 25 at the firewall.
B. Shut off the SMTP service on the server.
C. Force all connections to use a username and password.
D. Switch from Windows Exchange to UNIX Sendmail.
E. None of the above.

Password cracking programs reverse the hashing process to recover passwords. (True/False.)


A. True
B. False

Which of the following are well known password-cracking programs?


A. L0phtcrack

B. NetCat
C. Jack the Ripper
D. Netbus
E. John the Ripper

When discussing passwords, what is considered a brute force attack?


A. You attempt every single possibility until you exhaust all possible combinations or discover the password
B. You threaten to use the rubber hose on someone unless they reveal their password
C. You load a dictionary of words into your cracking program
D. You create hashes of a large number of words and compare it with the encrypted passwords
E. You wait until the password expires

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

A. There is no way to tell because a hash cannot be reversed
B. The right most portion of the hash is always the same
C. The hash always starts with AB923D
D. The left most portion of the hash is always the same
E. A portion of the hash will be all 0's

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?


A. All are hacking tools developed by the legion of doom
B. All are tools that can be used not only by hackers, but also security personnel
C. All are DDOS tools
D. All are tools that are only effective against Windows
E. All are tools that are only effective against Linux

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?


A. Copy the system files from a known good system
B. Perform a trap and trace
C. Delete the files and try to determine the source
D. Reload from a previous backup
E. Reload from known good media