Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free SANS SEC504 Practice Exam with Questions & Answers | Set: 4

Questions 31

James works as a Database Administrator for Techsoft Inc. The company has a SQL Server 2005 computer. The computer has a database named Sales. Users complain that the performance of the database has deteriorated. James opens the System Monitor tool and finds that there is an increase in network traffic. What kind of attack might be the cause of the performance deterioration?

Options:
A.

Denial-of-Service

B.

Injection

C.

Internal attack

D.

Virus

SANS SEC504 Premium Access
Questions 32

Which of the following can be used to perform session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

Cross-site scripting

B.

Session fixation

C.

ARP spoofing

D.

Session sidejacking

Questions 33

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following steps of the pre-attack phase:

l Information gathering

l Determining network range

l Identifying active machines

l Finding open ports and applications

l OS fingerprinting

l Fingerprinting services

Now John wants to perform network mapping of the We-are-secure network. Which of the following tools can he use to accomplish his task?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

Ettercap

B.

Traceroute

C.

Cheops

D.

NeoTrace

Questions 34

Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?

Options:
A.

Whishker

B.

Nessus

C.

SARA

D.

Nmap

Questions 35

Which of the following is spy software that records activity on Macintosh systems via snapshots, keystrokes, and Web site logging?

Options:
A.

Spector

B.

Magic Lantern

C.

eblaster

D.

NetBus

Questions 36

Adam works as a Network Administrator for PassGuide Inc. He wants to prevent the network from DOS attacks. Which of the following is most useful against DOS attacks?

Options:
A.

SPI

B.

Distributive firewall

C.

Honey Pot

D.

Internet bot

Questions 37

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.

How was security compromised and how did the firewall respond?

Options:
A.

The attack was social engineering and the firewall did not detect it.

B.

Security was not compromised as the webpage was hosted internally.

C.

The attack was Cross Site Scripting and the firewall blocked it.

D.

Security was compromised as keylogger is invisible for firewall.

Questions 38

Which of the following statements are true about tcp wrappers?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

tcp wrapper provides access control, host address spoofing, client username lookups, etc.

B.

When a user uses a TCP wrapper, the inetd daemon runs the wrapper program tcpd instead of running the server program directly.

C.

tcp wrapper allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens to filter for access control purposes.

D.

tcp wrapper protects a Linux server from IP address spoofing.

Questions 39

Which of the following statements about Denial-of-Service (DoS) attack are true?

Each correct answer represents a complete solution. Choose three.

Options:
A.

It disrupts services to a specific computer.

B.

It changes the configuration of the TCP/IP protocol.

C.

It saturates network resources.

D.

It disrupts connections between two computers, preventing communications between services.

Questions 40

Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.

Which of the following attacks has been occurred on the wireless network of Adam?

Options:
A.

NAT spoofing

B.

DNS cache poisoning

C.

MAC spoofing

D.

ARP spoofing

Exam Code: SEC504
Certification Provider: SANS
Exam Name: Hacker Tools, Techniques, Exploits and Incident Handling
Last Update: Sep 12, 2025
Questions: 328
SANS Free Access
Get SANS Full Access

SANS Free Exams
SANS Free Exams
Elevate your SANS exam preparation with free access to high-quality resources at Examstrack.