Written by Pavs on August 22nd, 2007                                        

---

Question 1: Which of the following Trojans uses port 6666?

A. Subseven

B. NetBus

C. Amitis

D. Beast

Answer 1: D. Beast uses port 6666 and is considered unique because it uses injection technology. Answer A is incorrect, as Subseven uses port 6711. Answer B is incorrect because NetBus uses port 12345, and answer C is incorrect because Amitis uses port 27551.

Question 2: Which of the following best describes a wrapper?

A. Wrappers are used as tunneling programs.

B. Wrappers are used to cause a Trojan to self execute when previewed within email.

C. Wrappers are used as backdoors to allow unauthenticated access.

D. Wrappers are used to package covert programs with overt programs.

Answer 2: D. Wrappers are used to package covert programs with overt programs. They act as a type of file joiner program or installation packager program. Answer A is incorrect because wrappers do not tunnel programs. An example of a tunneling program would be Loki. Answer B is incorrect, as wrappers are not used to cause a Trojan to execute when previewed in email; the user must be tricked into running the program. Answer C is incorrect because wrappers are not used as back-doors. A backdoor program allows unauthorized users to access and control a computer or a network without normal authentication.

Question 3: Loki uses which of the following by default?

A. ICMP

B. UDP 69

C. TCP 80

D. IGRP

Answer 3: A. Loki is a Trojan that opens and can be used as a backdoor to a victim’s computer by using ICMP. Answer B is incorrect because Loki does not use UDP port 69 by default. Answer C is incorrect because Loki does not use TCP port 80 by default. Answer D is incorrect because Loki does not use IGRP.

Question 4: You have become concerned that one of your workstations might be infected with a malicious program. Which of the following netstat switches would be the best to use?

A. netstat -an

B. netstat -r

C. netstat -p

D. netstat -s

Answer 4: A. Netstat -an would be the proper syntax. The -a displays all connections and listening ports. The -n displays addresses and port numbers in numerical form. Answer B is incorrect, as -r displays the routing table. Answer C is incorrect because -p shows connections for a specific protocol, although none was specified in the answer. Answer D is incorrect, as -s displays per-protocol statistics. By default, statistics are shown for TCP, UDP, and IP.

Question 5: You have just completed a scan of your servers, and you found port 12345 open. Which of the following programs uses that port by default?

A. Donald Dick

B. Back Orifice

C. Subseven

D. NetBus

Answer 5: D. NetBus uses port 12345 by default. Answers A, B, and C are incorrect because Donald Dick uses 23476, BOK uses port 31337, and Subseven uses port 6711.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.