Question 1: Which of the following best describes Tripwire?

A. It is used as a firewall to prevent attacks.

B. It is used as an IPS to defend against intruders.

C. It is used encrypt sensitive files.

D. It is used to verify integrity.

Answer 1: Tripwire is a file integrity program and, as such, makes answers A, B, and C incorrect.

Question 2: You are preparing to attack several critical servers and perform the following command:

net use \\windows_server\ipc$ “” /u:”"

What is its purpose?

A. Grabbing the etc/passwd file

B. Stealing the SAM

C. Probing a Linux-based Samba server

D. Establishing a null session

Answer 2: D. The net use statement shown in this question is used to establish a null session. This will enable more information to be extracted from the server. Answer A is incorrect because it is not used to attack the passwd file. Answer B is incorrect because it is not used to steal the SAM. Answer C is incorrect because it is not used to probe a Linux server.

Question 3: Several of your co-workers are having a discussion about the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords. Which of the following is the least likely to be used?

A. Linux passwords can be encrypted with MD5.

B. Linux passwords can be encrypted with DES.

C. Linux passwords can be encrypted with Blowfish.

D. Linux passwords are encrypted with asymmetric algorithms.

Answer 3: D. Linux passwords are encrypted with symmetric passwords; therefore, answer D is correct. Answers A, B, and C are incorrect DES, MD5, or Blowfish are valid password encryption types.

Question 4: You noticed the following entry:

http://server/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

What is the attacker attempting to do?

A. DoS the targeted web server

B. Exploit a vulnerability in a CGI script

C. Exploit a vulnerability in an Internet Information Server

D. Gain access on a SQL server

Answer 4: B. PHF is a cgi program that came with many web servers such as Apache. It had a parsing problem such that you could execute arbitrary commands on the web server host as the web server user. Answers A, C, and D are incorrect because a PHF attack does not DoS the server, is not a vulnerability in IIs, and does not target SQL.

Question 5: You discovered the following in the logs:

192.186.13.100/myserver.aspx..%255C..%255C..%255C..%255C..%255C.
.%255C..%255C..%255C..%255C..%255
..c:\winnt\system32\cmd.exe%/c:dir

What is the hacker attempting to do?

A. Directory traversal attack

B. Buffer overflow

C. .+htr attack

D. Execute MS Blaster

Answer 5: A. This is an example of a directory traversal attack. It is not a buffer overflow, .+htr, or MS Blaster; therefore answers B, C, and D are incorrect.Linux Q&A