Question 1: Which of the following is the best example of a strong two factor authentication?

A. A passcard and a token

B. A token and a pin number

C. A username and a password

D. A hand scan and fingerprint scan

Answer 1: B. Two factor authentication requires that you use two of the three authentication types such as a token, something you have, and a pin, something you know. Answers A, C, and D are incorrect, as each only represents one form of authentication.

Question 2: While looking over data gathered by one of your co-workers, you come across the following data:

system.sysDescr.0 = OCTET STRING: “Sun SNMP Agent, ”
system.sysObjectID.0 = OBJECT IDENTIFIER: enterprises.42.2.1.1
system.sysUpTime.0 = Timeticks: (5660402) 15:43:24
system.sysContact.0 = OCTET STRING: “System administrator”
system.sysName.0 = OCTET STRING: “unixserver”
system.sysLocation.0 = OCTET STRING: “System admins office”
system.sysServices.0 = INTEGER: 72
interfaces.ifNumber.0 = INTEGER: 2
interfaces.ifTable.ifEntry.ifIndex.1 = INTEGER: 1
interfaces.ifTable.ifEntry.ifIndex.2 = INTEGER: 2

What was used to obtain this output?

A. An Nmap scan

B. A Nessus scan

C. An SNMP walk

D. SolarWinds

Answer 2: C. The output is from an SNMP walk. SNMP is used to remotely manage a network and hosts/devices on the network. It contains a lot of information about each host that probably shouldn’t be shared. Answers A, B, and D are incorrect because Nmap scan would not include this type of information, nor would Nessus Solar Winds is used for SNMP discovery but is a GUI tool.

Question 3: You found the following information that had been captured by a keystroke log:

Type nc.exe > sol.exe:nc.exe

What is the purpose of the command?

A. An attacker is using a wrapper.

B. An attacker is streaming a file.

C. An attacker is using a dropper.

D. An attacker has used a steganographic tool.

Answer 3: B. When using NTFS, a file consists of different data streams. Streams can hold security information, real data, or even a link to information instead of the real data stream. This link allows attackers to hide data that cannot easily be found on an NTFS drive. Answer A is incorrect because a wrapper is used to hide a Trojan; answer C is incorrect because a dropper is used to hide a virus; and answer D is incorrect because the example shown is not a steganographic tool.

Question 4: You’re planning on planting a sniffing program on a Linux system but are worried that it will be discovered when someone runs an ifconfig -a. Which of the following is your best option for hiding the tool?

A. Run the tool in stealth mode.

B. Replace the original version of ifconfig with a rootkit version.

C. Redirect screen output should someone type the ifconfig command.

D. Store the tool in a hidden directory with an ADS.

Answer 4: B. Your best option would be to replace the original version of ifconfig with a rootkit version. Answer A is incorrect, as a stealth setting will not keep the program from being discovered. Answer C is incorrect, as screen redirection will not help. Answer D is not possible, as ADS is only on Windows NTFS drives.

Question 5: Which of the following is a program used to wardial?

A. Toneloc

B. Kismet

C. SuperScan

D. NetStumbler

Answer 5: A. Toneloc is a wardialing program, whereas Kismet and Netstumbler are used for wardriving. Superscan is a port scanning program.Linux Q&A