CertMagic.com is a place where you can find various types of 640-802 exam certifications preparation material. CertMagic’s full range of study material for the 640-802 exam helps you to be prepared for the 640-802 exam full (more)
CertMagic.com is a place where you can find various types of 640-802 exam certifications preparation material. CertMagic’s full range of study material for the 640-802 exam helps you to be prepared for the 640-802 exam fully and enter the exam centre with full confidence.We provide you easy, simple and updated study material. After preparing from the 640-802 exam material prepared by us we guarantee you that you will be a certified professional. We guarantee that with CertMagic 640-802 study material, you will pass the Certification exam.
(less)
Slide 1: MK0-201
CPTS - Certified Pen Testing Specialist Exam: MK0-201
Demo Edition
CERT MAGIC
1 http://www.certmagic.com
Slide 2: MK0-201
QUESTION: 1 By spoofing an IP address and inserting the attackers MAC address into an unsolicited ARP Reply packet, an attacker is performing what kind of attack? Choose the best answer. A. B. C. D. Denial of Service Sniffing in a switched network via ARP Poisoning ARP Flood Birthday
Answer: B QUESTION: 2 Why wouldn't it be surprising to find netcat on a trojaned-computer? Choose three. A. B. C. D. Netcat can listen on any port and send data to any port Netcat can be used to send or receive files over any port Netcat can be used to perform port scanning Netcat encrypts all communications
Answer: A, B, C QUESTION: 3 Why would an administrator block ICMP TTL Exceeded error messages at the external gateways of the network? Choose the best answer. A. B. C. D. To reduce the workload on the routers To prevent Smurf attacks To prevent trace-route software from revealing the IP addresses of these external gateways To prevent fragment-based Denial of Service attacks
Answer: C QUESTION: 4 Which tools and or techniques can be used to remove an Alternative Data Stream on an NTFS file? Choose two. A. Ads_cat B. ADSChecker C. ADS_Del D. Copy the NTFS file containing the stream to a FAT partition, delete the original NTFS file, copy the FAT file back to NTFS
2
http://www.certmagic.com
Slide 3: MK0-201
Answer: D QUESTION: 5 If an attacker gets Administrative-level access, why cant the entries in the Event log be trusted with certainty? Choose two. A. Entries in the event log are not digitally signed B. The attacker may have been able to simply clear the event log, thus erasing evidence of the method of break-in C. Tools like Winzapper allow the attacker to selectively delete log entries associated with the initial break-in and subsequent malicious activity D. Event logs have NTFS permissions of Everyone Full Control and thus can be easily edited Answer: B, C QUESTION: 6 Most search engine support Advanced Search Operators; as a Penetration Tester you must be familiar with some of the larger search engines such as Google. There is a wealth of information to be gathered from these public databases. Which of the following operators would you use if you attempt to find an older copy of a website that might have information which is no longer available on the target website? A. B. C. D. Link: InCache: Cache: Related:
Answer: C QUESTION: 7 Which of the following items is the least likely to be found while doing Scanning? Choose the best answer. A. B. C. D. IP addresses Operating System System Owner Services
Answer: C QUESTION: 8 You are concerned about other people sniffing your data while it is traveling over your local network and the internet. Which of the following would be the most effective countermeasure to
3
http://www.certmagic.com
Slide 4: MK0-201
protect your data against sniffing while it is in transit? Choose the best answer. A. B. C. D. Encryption AntiSniff PromiScan Usage of a switch
Answer: A QUESTION: 9 When you create a hash value of the message you wish to send, then you encrypt the hash value using your private key before sending it to the receiver in order to prove the authenticity of the message. What would this be called within the cryptography world? A. B. C. D. Hashing Digital Signature Encryption Diffie-Hillman
Answer: B QUESTION: 10 Looking at the window presented below, what type of mail server is running on the remote host?
A. B. C. D.
Exchange 8.13.4 Hotmail 8.13.4 Sendmail 8.13.4 Exim Mail 8.13.4
4
http://www.certmagic.com
Slide 5: MK0-201
Answer: C QUESTION: 11 Bob has just produced a very detailed penetration testing report for his client. Bob wishes to ensure that the report will not be changed in storage or in transit. What would be the best tool that Bob can use to assure the integrity of the information and detect any changes that could have happened to the report while being transmitted or stored? A. B. C. D. A Symmetric Encryption Algorithm An Asymmetric Encryption Algorithm An Hashing Algorithm The ModDetect Algorithm
Answer: C QUESTION: 12 A malicious hacker has been trying to penetrate company XYZ from an external network location. He has tried every trick in his bag but still did not succeed. From the choice presented below, what type of logical attempt is he most likely to attempt next? A. B. C. D. Elevation of privileges Pilfering of data Denial of service Installation of a back door
Answer: C QUESTION: 13 When a piece of malware executes on a computer, what privilege level or account will it execute under? Choose the best answer. A. B. C. D. System Administrator Same privilege as the user who installed it Always runs as System or above
Answer: C QUESTION: 14 Software Restriction Policies, if implemented correctly, can help protect against what kinds of threats? Choose two.
5
http://www.certmagic.com
Slide 6: MK0-201
A. B. C. D.
Trojans Malware Spam Smurf Attacks
Answer: A, B QUESTION: 15 What software can alert an administrator to modified files (system or otherwise) by comparing new the hash to the hash on the original trusted file? Choose all that apply. NOTE: The term Choose all that apply in this and additional questions does not necessarily mean that there is more than one answer. A. B. C. D. Process Viewer Paketto Keiretsu VOMIT Tripwire
Answer: D QUESTION: 16 Why is it so challenging to block packets from Remote Access Trojans that use port 80 for network communications? Choose three. A. To a firewall, the traffic appears simply to be from an internal user making an innocuous HTTP GET request B. Port 80 outbound is normally open on corporate firewalls C. Stateful inspection firewalls will block unsolicited inbound HTTP GET requests D. Not all firewalls are capable of inspecting data in the HTTP data fields for evidence of tunneling Answer: A, B, D QUESTION: 17 To block tunneling remote access trojans like 007Shell, what should you do on your firewall? Choose the best answer. A. B. C. D. Block all IGMP Block UDP port 1900 Block all ICMP Block TCP port 27374
6
http://www.certmagic.com
Slide 7: MK0-201
Answer: C QUESTION: 18 What sniffer program is capable of reconstructing associated TCP packets into a session showing application layer data from the client to the server and vice-versa? Choose the best 2 answers. A. B. C. D. Packetyzer Etherape Ethereal ARPwatch
Answer: C QUESTION: 19 What program can locate computers running sniffers by sending out special ARP packets that only network cards in promiscuous mode will reply to? Choose the best answer. A. B. C. D. ARPwatch Cain and Abel Macof Microsoft Network Monitor
Answer: D QUESTION: 20 The process of flooding a local segment with thousands of random MAC addresses can result in some switches behaving like a hub. The goal of the hacker is to accomplish what? Choose the best answer. A. B. C. D. Denial of service ARP cache poisoning Sniffing in a switched network SYN flood
Answer: C
7
http://www.certmagic.com
