Customers Passed SANS SEC504 Exam
Average Score In Real SEC504 Exam
Questions came from our SEC504 dumps.
Welcome to PassExamHub's comprehensive study guide for the Hacker Tools, Techniques, Exploits and Incident Handling exam. Our SEC504 dumps is designed to equip you with the knowledge and resources you need to confidently prepare for and succeed in the SEC504 certification exam.
PassExamHub's SEC504 dumps PDF is carefully crafted to provide you with a comprehensive and effective learning experience. Our study material includes:
In-depth Content: Our study guide covers all the key concepts, topics, and skills you need to master for the SEC504 exam. Each topic is explained in a clear and concise manner, making it easy to understand even the most complex concepts.
Online Test Engine: Test your knowledge and build your confidence with a wide range of practice questions that simulate the actual exam format. Our test engine cover every exam objective and provide detailed explanations for both correct and incorrect answers.
Exam Strategies: Get valuable insights into exam-taking strategies, time management, and how to approach different types of questions.
Real-world Scenarios: Gain practical insights into applying your knowledge in real-world scenarios, ensuring you're well-prepared to tackle challenges in your professional career.
Expertise: Our SEC504 exam questions answers are developed by experienced SANS certified professionals who have a deep understanding of the exam objectives and industry best practices.
Comprehensive Coverage: We leave no stone unturned in covering every topic and skill that could appear on the SEC504 exam, ensuring you're fully prepared.
Engaging Learning: Our content is presented in a user-friendly and engaging format, making your study sessions enjoyable and effective.
Proven Success: Countless students have used our study materials to achieve their SEC504 certifications and advance their careers.
Start Your Journey Today!
Embark on your journey to Hacker Tools, Techniques, Exploits and Incident Handling success with PassExamHub. Our study material is your trusted companion in preparing for the SEC504 exam and unlocking exciting career opportunities.
Which of the following are used to identify who is responsible for responding to an incident?
A. Disaster management policies
B. Incident response manuals
C. Disaster management manuals
D. Incident response policies
Which of the following penetration testing phases involves gathering data from whois, DNS, and network scanning,which helps in mapping a target network and provides valuable information regarding the operating system andapplications running on the systems?
A. Post-attack phase
B. On-attack phase
C. Attack phase
D. Pre-attack phase
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. Heenters a single quote in the input field of the login page of the We-are-secure Web site and receives the following errormessage:Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14'This error message shows that the We-are-secure Website is vulnerable to __________
A. A buffer overflow
B. A Denial-of-Service attack
C. A SQL injection attack
D. An XSS attack
Which of the following threats is a combination of worm, virus, and Trojan horse characteristics?
A. Spyware
B. Heuristic
C. Blended
D. Rootkits
Which of the following rootkits adds additional code or replaces portions of an operating system, including both the kernel and associated device drivers?
A. Hypervisor rootkit
B. Boot loader rootkit
C. Kernel level rootkit
D. Library rootkit
You work as a System Administrator for Happy World Inc. Your company has a server named uC1 that runs WindowsServer 2008. The Windows Server virtualization role service is installed on the uC1 server which hosts one virtualmachine that also runs Windows Server 2008. You are required to install a new application on the virtual machine. Youneed to ensure that in case of a failure of the application installation, you are able to quickly restore the virtual machineto its original state.Which of the following actions will you perform to accomplish the task?
A. Use the Virtualization Management Console to save the state of the virtual machine.
B. Log on to the virtual host and create a new dynamically expanding virtual hard disk.
C. Use the Virtualization Management Console to create a snapshot of the virtual machine.
D. Use the Edit Virtual Hard Disk Wizard to copy the virtual hard disk of the virtual machine.
Which of the following statements about smurf is true?
A. It is a UDP attack that involves spoofing and flooding.
B. It is an ICMP attack that involves spoofing and flooding.
C. It is an attack with IP fragments that cannot be reassembled.
D. It is a denial of service (DoS) attack that leaves TCP ports open.
Which of the following would allow you to automatically close connections or restart a server or service when a DoS attack is detected?
A. Signature-based IDS
B. Network-based IDS
C. Passive IDS
D. Active IDS
Which of the following applications is NOT used for passive OS fingerprinting?
A. Networkminer
B. Satori
C. p0f
D. Nmap
Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether?
A. Port scanning
B. ARP spoofing
C. Man-in-the-middle
D. Session hijacking
Which of the following wireless network security solutions refers to an authentication process in which a user canconnect wireless access points to a centralized server to ensure that all hosts are properly authenticated?
A. Remote Authentication Dial-In User Service (RADIUS)
B. IEEE 802.1x
C. Wired Equivalent Privacy (WEP)
D. Wi-Fi Protected Access 2 (WPA2)
Which of the following statements are true regarding SYN flood attack?
A. The attacker sends a succession of SYN requests to a target system.
B. SYN flood is a form of Denial-of-Service (DoS) attack.
C. The attacker sends thousands and thousands of ACK packets to the victim.
D. SYN cookies provide protection against the SYN flood by eliminating the resources allocated on the target host.
Which of the following is a method of gaining access to a system that bypasses normal authentication?
A. Teardrop
B. Trojan horse
C. Back door
D. Smurf
Which of the following techniques can be used to map 'open' or 'pass through' ports on a gateway?
A. Traceport
B. Tracefire
C. Tracegate
D. Traceroute
You are the Administrator for a corporate network. You are concerned about denial of service attacks.Which of the following would be the most help against Denial of Service (DOS) attacks?
A. Packet filtering firewall
B. Network surveys.
C. Honey pot
D. Stateful Packet Inspection (SPI) firewall
Which of the following tools is used for port scanning?
A. NSLOOKUP
B. NETSH
C. Nmap
D. L0phtcrack
Which of the following virus is a script that attaches itself to a file or template?
A. Boot sector
B. Trojan horse
C. Macro virus
D. E-mail virus
Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc. Web serverof the company runs on Apache. He has downloaded sensitive documents and database files from the computer.After performing these malicious tasks, Adam finally runs the following command on the Linux command box beforedisconnecting.for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda doneWhich of the following actions does Adam want to perform by the above command?
A. Infecting the hard disk with polymorphic virus strings.
B. Deleting all log files present on the system.
C. Wiping the contents of the hard disk with zeros.
D. Making a bit stream copy of the entire hard disk for later download.
You want to measure the number of heaps used and overflows occurred at a point in time. Which of the followingcommands will you run to activate the appropriate monitor?
A. UPDATE DBM CONFIGURATION USING DFT_MON_TABLE
B. UPDATE DBM CONFIGURATION DFT_MON_TIMESTAMP
C. UPDATE DBM CONFIGURATION USING DFT_MON_BUFPOOL
D. UPDATE DBM CONFIGURATION USING DFT_MON_SORT
Which of the following types of attacks is targeting a Web server with multiple compromised computers that aresimultaneously sending hundreds of FIN packets with spoofed IP source IP addresses?
A. Evasion attack
B. Insertion attack
C. DDoS attack
D. Dictionary attack
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-aresecure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secureserver. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the followingscanning techniques will John use to accomplish his task?
A. RPC
B. IDLE
C. UDP
D. TCP SYN/ACK
Which of the following types of attacks slows down or stops a server by overloading it with requests?
A. DoS attack
B. Impersonation attack
C. Network attack
D. Vulnerability attack
You work as a Senior Marketing Manager for Umbrella Inc. You find out that some of the software applications on thesystems were malfunctioning and also you were not able to access your remote desktop session. You suspected that somemalicious attack was performed on the network of the company. You immediately called the incident response team tohandle the situation who enquired the Network Administrator to acquire all relevant information regarding themalfunctioning. The Network Administrator informed the incident response team that he was reviewing the security ofthe network which caused all these problems. Incident response team announced that this was a controlled event not anincident.Which of the following steps of an incident handling process was performed by the incident response team?
A. Containment
B. Eradication
C. Preparation
D. Identification
Which of the following attacks allows an attacker to retrieve crucial information from a Web server's database?
A. Database retrieval attack
B. PHP injection attack
C. SQL injection attack
D. Server data attack
In which of the following attacks does an attacker use packet sniffing to read network traffic between two parties to stealthe session cookie?
A. Session fixation
B. Cross-site scripting
C. Session sidejacking
D. ARP spoofing
Which of the following statements about buffer overflow are true?Each correct answer represents a complete solution. Choose two.
A. It is a situation that occurs when a storage device runs out of space.
B. It is a situation that occurs when an application receives more data than it is configured to accept.
C. It can improve application performance.
D. It can terminate an application.
Peter works as a Network Administrator for the Certkingdom Inc. The company has a Windows-based network. Allclient computers run the Windows XP operating system. The employees of the company complain that suddenly all ofthe client computers have started working slowly. Peter finds that a malicious hacker is attempting to slow down thecomputers by flooding the network with a large number of requests. Which of the following attacks is beingimplemented by the malicious hacker?
A. SQL injection attack
B. Denial-of-Service (DoS) attack
C. Man-in-the-middle attack
D. Buffer overflow attack
Which of the following is used to determine the range of IP addresses that are mapped to a live hosts?
A. Port sweep
B. Ping sweep
C. IP sweep
D. Telnet sweep
Which of the following types of channels is used by Trojans for communication?
A. Loop channel
B. Open channel
C. Covert channel
D. Overt channel
Which of the following tools is described in the statement given below?"It has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, andcommonly used web CGI scripts. Moreover, the database detects DdoS zombies and Trojans as well."
A. SARA
B. Nessus
C. Anti-x
D. Nmap
John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks? Each correct answer represents a complete solution. Choose all that apply.
A. Hybrid attack
B. Rule based attack
C. Dictionary attack
D. Brute Force attack
Which of the following tasks can be performed by using netcat utility?Each correct answer represents a complete solution. Choose all that apply.
A. Checking file integrity
B. Creating a Backdoor
C. Firewall testing
D. Port scanning and service identification
John works as a Network Administrator for We-are-secure Inc. He finds that TCP port 7597 of the Weare- secure serveris open. He suspects that it may be open due to a Trojan installed on the server. He presents a report to the companydescribing the symptoms of the Trojan. A summary of the report is given below:Once this Trojan has been installed on the computer, it searches Notpad.exe, renames it Note.com, and then copies itselfto the computer as Notepad.exe. Each time Notepad.exe is executed, the Trojan executes and calls the original Notepadto avoid being noticed.Which of the following Trojans has the symptoms as the one described above?
A. NetBus
B. Qaz
C. eBlaster
D. SubSeven