Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home SANS SEC504

SANS SEC504 Exam Practice Questions (P. 3)

  • Full Access (328 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Which of the following types of attacks is the result of vulnerabilities in a program due to poor programming techniques?
  1. A
    Evasion attack
  2. B
    Denial-of-Service (DoS) attack
  3. C
    Ping of death attack
  4. D
    Buffer overflow attack

Correct Answer:
D

Question #22
Adam works as an Incident Handler for Umbrella Inc. His recent actions towards the incident are not up to the standard norms of the company. He always forgets some steps and procedures while handling responses as they are very hectic to perform.
Which of the following steps should Adam take to overcome this problem with the least administrative effort?
  1. A
    Create incident manual read it every time incident occurs.
  2. B
    Appoint someone else to check the procedures.
  3. C
    Create incident checklists.
  4. D
    Create new sub-team to keep check.

Correct Answer:
C

Question #23
Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows-based network. Jason successfully enters the target system remotely by using the advantage of vulnerability. He places a Trojan to maintain future access and then disconnects the remote session. The employees of the company complain to Mark, who works as a Professional Ethical Hacker for DataSoft Inc., that some computers are very slow. Mark diagnoses the network and finds that some irrelevant log files and signs of Trojans are present on the computers. He suspects that a malicious hacker has accessed the network. Mark takes the help from Forensic Investigators and catches Jason.
Which of the following mistakes made by Jason helped the Forensic Investigators catch him?
  1. A
    Jason did not perform a vulnerability assessment.
  2. B
    Jason did not perform OS fingerprinting.
  3. C
    Jason did not perform foot printing.
  4. D
    Jason did not perform covering tracks.
  5. E
    Jason did not perform port scanning.

Correct Answer:
D

Question #24
Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?
  1. A
    Demon dialing
  2. B
    Warkitting
  3. C
    War driving
  4. D
    Wardialing

Correct Answer:
D

Question #25
SIMULATION -
Fill in the blank with the appropriate term.
_______is the practice of monitoring and potentially restricting the flow of information outbound from one network to another

Correct Answer:
Egress filtering

Question #26
You run the following command while using Nikto Web scanner:
perl nikto.pl -h 192.168.0.1 -p 443
What action do you want to perform?
  1. A
    Using it as a proxy server
  2. B
    Updating Nikto
  3. C
    Seting Nikto for network sniffing
  4. D
    Port scanning

Correct Answer:
D

Question #27
Which of the following are types of access control attacks?
Each correct answer represents a complete solution. Choose all that apply.
  1. A
    Spoofing
  2. B
    Brute force attack
  3. C
    Dictionary attack
  4. D
    Mail bombing

Correct Answer:
ABC

Question #28
Which of the following tools can be used for stress testing of a Web server?
Each correct answer represents a complete solution. Choose two.
  1. A
    Internet bots
  2. B
    Scripts
  3. C
    Anti-virus software
  4. D
    Spyware

Correct Answer:
AB

Question #29
Which of the following statements are true about tcp wrappers?
Each correct answer represents a complete solution. Choose all that apply.
  1. A
    tcp wrapper provides access control, host address spoofing, client username lookups, etc.
  2. B
    When a user uses a TCP wrapper, the inetd daemon runs the wrapper program tcpd instead of running the server program directly.
  3. C
    tcp wrapper allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens to filter for access control purposes.
  4. D
    tcp wrapper protects a Linux server from IP address spoofing.

Correct Answer:
ABC

Question #30
Which of the following DoS attacks affects mostly Windows computers by sending corrupt UDP packets?
  1. A
    Fraggle
  2. B
    Ping flood
  3. C
    Bonk
  4. D
    Smurf

Correct Answer:
C

Previous Questions Next Questions

All Pages