- (Topic 3)
You are the Network Admin for a company. You are concerned about users having access to items they should not. Your concern is that they may inadvertently have been granted access to those resources. When conducting a user access and rights review, which of the following is most likely to show you such unintentional granting of user rights?

Correct Answer:D

Most often user rights are determined by the groups the user belongs to. In some cases a user may mistakenly be added to a group they should not be. It is also common that a user moves within the organization, but is still retained in their previous group giving them those rights. Answer B is incorrect. Access Control Lists are usually setup up manually. This means that a person would not likely be inadvertently added. You might want to check the ACL's, and you might find some issues, but this is not the most likely way to find users with inappropriate rights. Answer C is incorrect. At best server logs can show you if a user accessed a resource. But a user could have access to a resource, and simply not have used that access yet. Answer A is incorrect. IDS logs will only help you identify potential attacks. Unless you suspect the user of intentionally trying to break into resources, an IDS log will not help in this scenario.

- (Topic 1)
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He notices that UDP port 137 of the We-are- secure server is open. Assuming that the Network Administrator of We-are-secure Inc. has not changed the default port values of the services, which of the following services is running on UDP port 137?

Correct Answer:C

NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15- character unique name and use Server Message Block, which allows Remote directory, file and printer sharing, etc. The default port value of NetBIOS Name Resolution Service is 137/UDP. Answer A is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer D is incorrect. The default port of HTTPS is TCP/443. Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL) then HTTPS, instead of HTTP protocol, should be used as a protocol type in the URL. Answer B is incorrect. TELNET is a command-line connectivity tool that starts terminal emulation with a remote host running the telnet server service. TELNET allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It uses TCP port 23 by default.

- (Topic 2)
Zorp is a proxy firewall suite developed by Balabit IT Security. Which of the following statements are true about Zorp?

Correct Answer:ABC

Zorp is a proxy firewall suite developed by Balabit IT Security. Its core framework allows the administrator to fine-tune proxy decisions (with its built-in script language), and fully analyze embedded protocols (such as SSL with an embedded POP3 or HTTP protocol). The FTP, HTTP, FINGER, WHOIS, TELNET, and SSL protocols are fully supported with an application-level gateway. Zorp aims for compliance with the Common Criteria/Application Level Firewall Protection Profile for Medium Robustness. Zorp is released under GNU/GPL and commercial license too. The GPL version is completely usable and functional; however, it lacks some of the more advanced functions available in the commercially available version only. Some of the Zorp supported protocols are Finger, Ftp, Http, Pop3, NNTP, IMAP4, RDP, RPC, SIP, SSL, SSH, Telnet, Whois, LDAP, RADIUS, TFtp, SQLNet NET8, Rsh, etc. Answer D is incorrect. The GPL version of Zorp is completely usable and functional; however, it lacks some of the more advanced functions available in the commercially available version only.

- (Topic 2)
Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH-2 protocol?

Correct Answer:ABC
The Rhosts (rsh-style), TIS, and Kerberos user authentication methods are supported by the SSH-1 protocol but not by SSH-2 protocol. Answer D is incorrect. Password-based authentication is supported by both the SSH-1 and SSH-2 protocols.

- (Topic 1)
Sam works as a Web Developer for McRobert Inc. He creates a Web site. He wants to include the following table in the Web site:
He writes the following HTML code to create the table:
* 1.

Correct Answer:D

The tag is used to specify each cell of the table. It can be used only within a row in a table. The ROWSPAN attribute of the tag specifies the number of rows that a cell spans over in a table. Since, the first cell of the table spans over three rows, Sam will use . specifies the number of columns that the head row contains. Answer C is incorrect. Placing the tags given in this option at lines 3 and 4 will create the following table: Answer A, B are incorrect. There are no attributes such as SPAN and SPANWIDTH for the tag.

- (Topic 3)
You want to monitor the network infrastructure of a software-based company. The network infrastructure of the company consists of the following: Windows TCP/IP services Web and mail servers URLs Applications (MS Exchange, SQL etc.) Which of the following network monitoring solutions can you use to accomplish the task?

Correct Answer:A

Axence nVision is an advanced solution for a comprehensive network management. It is used to monitor network infrastructure such as Windows, TCP/IP services, web and mail servers, URLs, and applications (MS Exchange, SQL, etc.). It is also used to monitor routers and switches such as network traffic, interface status, and connected computers. It collects the network inventory and audit license usage. It also gives alerts in case of a program installation or any configuration change on a remote node. With the agent, an administrator can easily monitor user activities and can access computers remotely. Answer B is incorrect. CommandCenter NOC is a simple and effective tool that performs network monitoring with a powerful polling engine. It provides polling, Windows and UNIX/Linux server management, intrusion detection, vulnerability scanning, and traffic analysis in an integrated appliance. Answer D is incorrect. Cymphonix Network Composer is a precise Web gateway appliance. It is used to monitor Internet traffic by user, application, and threat. It consists of controls to shape access to Internet resources by user, group, and/or time of day. It also supports anonymous proxy blocking, policy management, and real time monitoring. Answer C is incorrect. Network Monitor (Netmon) is a protocol analyzer. It is used to analyze the network traffic. It is installed by default during the installation of the operating system. It can be installed by using Windows Components Wizard in the Add or Remove Programs tool in Control Panel. Network Monitor is used to perform the following tasks:
* 1. Capture frames directly from the network.
* 2. Display and filter captured frames immediately after capture or a later time.
* 3. Edit captured frames and transmit them on the network.
* 4. Capture frames from a remote computer.