Free SANS SEC504 Practice Exam with Questions & Answers | Set: 3

Victor wants to send an encrypted message to his friend. He is using certain steganography technique to accomplish this task. He takes a cover object and changes it accordingly to hide information. This secret information is recovered only when the algorithm compares the changed cover with the original cover.

Which of the following Steganography methods is Victor using to accomplish the task?

In which of the following methods does an hacker use packet sniffing to read network traffic between two parties to steal the session cookies?

Which of the following statements is true about the difference between worms and Trojan horses?

In which of the following attacks does the attacker gather information to perform an access attack?

Which of the following services CANNOT be performed by the nmap utility?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

Mark works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company uses Check Point SmartDefense to provide security to the network. Mark uses SmartDefense on the HTTP servers of the company to fix the limitation for the maximum response header length. Which of the following attacks can be blocked by defining this limitation?

Which of the following tools will you use to prevent from session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

Mark works as a Network Administrator for NetTech Inc. The network has 150 Windows 2000 Professional client computers and four Windows 2000 servers. All the client computers are able to connect to the Internet. Mark is concerned about malware infecting the client computers through the Internet. What will Mark do to protect the client computers from malware?

Each correct answer represents a complete solution. Choose two.

John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:

<script>alert('Hi, John')</script>

After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John." Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?