• Saat ini Anda mengakses IndoForum sebagai tamu, sehingga Anda tidak memiliki akses penuh untuk melihat artikel dan diskusi yang hanya tersedia bagi anggota. Dengan bergabung, Anda akan mendapatkan akses penuh untuk bertanya, mengirim pesan pribadi, mengikuti polling, dan menggunakan fitur-fitur lainnya. Proses pendaftaran sangat cepat, mudah, dan gratis.
    Silakan daftar dan validasi email Anda untuk mendapatkan akses penuh sebagai anggota. Harap masukkan alamat email yang valid dan periksa kotak masuk Anda setelah mendaftar untuk proses validasi.

| LOUNGE | TANYA JAWAB | KESEHATAN | MUSIC | MOVIES | OLAHRAGA | KULINER | ANIME | JOKES
GAMES | COMPUTER | OTOMOTIF | PETS | PONSEL | DEBATE | GALLERY | YOUTH | BERITA & POLITIK
CURHAT | RELIGI | MISTERI | GAYA HIDUP | EDUKASI | SARAN | TEST |

DVD PAKET TUTORIAL HACKING - + TOOLS & OS - Career Academy & Certified Ethical Hacker

  • Pembuat thread awal. Pembuat thread awal. chinonk
  • Tanggal Mulai Tanggal Mulai
QUESTION 157:

Jack Hacker wants to break into Certkiller 's computers and obtain their secret
double fudge cookie recipe. Jacks calls Jane, an accountant at Certkiller pretending
to be an administrator from Certkiller . Jack tells Jane that there has been a problem
with some accounts and asks her to verify her password with him "just to double
check our records". Jane does not suspect anything amiss, and parts with her
password. Jack can now access Certkiller 's computers with a valid user name and
password, to steal the cookie recipe.
What kind of attack is being illustrated here? (Choose the best answer)
A. Reverse Psychology
B. Reverse Engineering
C. Social Engineering
D. Spoofing Identity
E. Faking Identity

Answer: C
 
QUESTION 159:

Usernames, passwords, e-mail addresses, and the location of CGI scripts may be
obtained from which of the following information sources?
A. Company web site
B. Search engines
C. EDGAR Database query
D. Whois query

Answer: A
 
QUESTION 161:

What does the following command achieve?
Telnet <IP Address> <Port 80>
HEAD /HTTP/1.0
<Return>
<Return>
A. This command returns the home page for the IP address specified
B. This command opens a backdoor Telnet session to the IP address specified
C. This command returns the banner of the website specified by IP address
D. This command allows a hacker to determine the sites security
E. This command is bogus and will accomplish nothing

Answer: C
 
QUESTION 162:

Bob is going to perform an active session hijack against Certkiller . He has acquired
the target that allows session oriented connections (Telnet) and performs sequence
prediction on the target operating system. He manages to find an active session due
to the high level of traffic on the network.
So, what is Bob most likely to do next?
A. Take over the session.
B. Reverse sequence prediction.
C. Guess the sequence numbers.
D. Take one of the parties' offline.

Answer: C
 
QUESTION 164:

What is the key advantage of Session Hijacking?
A. It can be easily done and does not require sophisticated skills.
B. You can take advantage of an authenticated connection.
C. You can successfully predict the sequence number generation.
D. You cannot be traced in case the hijack is detected.

Answer: B
 
QUESTION 165:

What type of cookies can be generated while visiting different web sites on the
Internet?
A. Permanent and long term cookies.
B. Session and permanent cookies.
C. Session and external cookies.
D. Cookies are all the same, there is no such thing as different type of cookies.

Answer: B
 
QUESTION 166:

Which is the right sequence of packets sent during the initial TCP three way
handshake?
A. FIN, FIN-ACK, ACK
B. SYN, URG, ACK
C. SYN, ACK, SYN-ACK
D. SYN, SYN-ACK, ACK

Answer: D
 
QUESTION 167:

What is Hunt used for?
A. Hunt is used to footprint networks
B. Hunt is used to sniff traffic
C. Hunt is used to hack web servers
D. Hunt is used to intercept traffic i.e. man-in-the-middle traffic
E. Hunt is used for password cracking

Answer: D
 
QUESTION 169:

You have successfully run a buffer overflow attack against a default IIS installation
running on a Windows 2000 Server. The server allows you to spawn a shell. In order
to perform the actions you intend to do, you need elevated permission. You need to
know what your current privileges are within the shell. Which of the following
options would be your current privileges?
A. Administrator
B. IUSR_COMPUTERNAME
C. LOCAL_SYSTEM
D. Whatever account IIS was installed with

Answer: C
 
QUESTION 171:

Bart is looking for a Windows NT/2000/XP command-line tool that can be used to
assign, display, or modify ACL's (access control lists) to files or folders and also one
that can be used within batch files.
Which of the following tools can be used for that purpose? (Choose the best answer)
A. PERM.exe
B. CACLS.exe
C. CLACS.exe
D. NTPERM.exe

Answer: B
 
QUESTION 172:

Which of the following buffer overflow exploits are related to Microsoft IIS web
server? (Choose three)
A. Internet Printing Protocol (IPP) buffer overflow
B. Code Red Worm
C. Indexing services ISAPI extension buffer overflow
D. NeXT buffer overflow

Answer: A, B, C
 
QUESTION 173:

On a default installation of Microsoft IIS web server, under which privilege does the
web server software execute?
A. Everyone
B. Guest
C. System
D. Administrator

Answer: C
 
QUESTION 174:

You are gathering competitive intelligence on an Certkiller .com. You notice that
they have jobs listed on a few Internet job-hunting sites. There are two job postings
for network and system administrators. How can this help you in footprint the
organization?
A. The IP range used by the target network
B. An understanding of the number of employees in the company
C. How strong the corporate security policy is
D. The types of operating systems and applications being used.

Answer: D
 
QUESTION 175:

What are the three phases involved in security testing ?
A. Reconnaissance, Conduct, Report
B. Reconnaissance, Scanning, Conclusion
C. Preparation, Conduct, Conclusion
D. Preparation, Conduct, Billing

Answer: C
 
QUESTION 176:

You visit a website to retrieve the listing of a company's staff members. But you can not
find it on the website. You know the listing was certainly present one year before. How
can you retrieve information from the outdated website?
A. Through Google searching cached files
B. Through Archive.org
C. Download the website and crawl it
D. Visit customers' and prtners' websites

Answer: B
 
QUESTION 177:

You work as security technician at Certkiller .com. While doing web application
testing, you might be required to look through multiple web pages online which can
take a long time. Which of the processes listed below would be a more efficient way
of doing this type of validation?
A. Use mget to download all pages locally for further inspection.
B. Use wget to download all pages locally for further inspection.
C. Use get* to download all pages locally for further inspection.
D. Use get() to download all pages locally for further inspection.

Answer: B
 
QUESTION 179:

This kind of attack will let you assume a users identity at a dynamically generated
web page or site:
A. SQL Injection
B. Cross Site Scripting
C. Session Hijacking
D. Zone Transfer

Answer: B
 
QUESTION 180:

____________ will let you assume a users identity at a dynamically generated web
page or site.
A. SQL attack
B. Injection attack
C. Cross site scripting
D. The shell attack
E. Winzapper

Answer: C
 
QUESTION 181:

What is Form Scalpel used for?
A. Dissecting HTML Forms
B. Dissecting SQL Forms
C. Analysis of Access Database Forms
D. Troubleshooting Netscape Navigator
E. Quatro Pro Analysis Tool

Answer: A
 
QUESTION 182:

Which of the following statements best describes the term Vulnerability?
A. A weakness or error that can lead to compromise
B. An agent that has the potential to take advantage of a weakness
C. An action or event that might prejudice security
D. The loss potential of a threat.

Answer: A
 
 URL Pendek:

| JAKARTA | BANDUNG | PEKANBARU | SURABAYA | SEMARANG |

Back
Atas.