- (Topic 4)
Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?

1. A. Finger
2. B. FTP
3. C. Samba
4. D. SMB

Correct Answer: D
The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.

- (Topic 23)
Curt has successfully compromised a web server sitting behind a firewall using a vulnerability in the web server program. He would now like to install a backdoor program but knows that all ports are not open inbound on the firewall. Which port in the list below will most likely be open and allowed to reach the server that Curt has just compromised? (Select the Best Answer)

1. A. 53
2. B. 25
3. C. 110
4. D. 69

Correct Answer: A

- (Topic 15)
Bob reads an article about how insecure wireless networks can be. He gets approval from his management to implement a policy of not allowing any wireless devices on the network. What other steps does Bob have to take in order to successfully implement this? (Select 2 answer.)

1. A. Train users in the new policy.
2. B. Disable all wireless protocols at the firewall.
3. C. Disable SNMP on the network so that wireless devices cannot be configured.
4. D. Continuously survey the area for wireless devices.

Correct Answer: AD
If someone installs a access point and connect it to the network there is no way to find it unless you are constantly surveying the area for wireless devices. SNMP and firewalls can not prevent the installation of wireless devices on the corporate network.

- (Topic 23)
You have installed antivirus software and you want to be sure that your AV signatures are working correctly. You don't want to risk the deliberate introduction of a live virus to test the AV software. You would like to write a harmless test virus, which is based on the European Institute for Computer Antivirus Research format that can be detected by the AV software.
How should you proceed?

1. A. Type the following code in notepad and save the file as SAMPLEVIRUS.CO
2. B. Your antivirus program springs into action whenever you attempt to open, run or copy i
3. C. X5O!P%@AP[4\PZX54(P^)7CC)7}$SAMPLEVIRUS-STANDARD-ANTIVIRUS-TEST- FILE!$H+H*
4. D. Type the following code in notepad and save the file as AVFILE.CO
5. E. Your antivirus program springs into action whenever you attempt to open, run or copy it.X5O!P%@AP[4\PZX54(P^)7CC)7}$AVFILE-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
6. F. Type the following code in notepad and save the file as TESTAV.CO
7. G. Your antivirus program springs into action whenever you attempt to open, run or copy i
8. H. X5O!P%@AP[4\PZX54(P^)7CC)7}$TESTAV-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
9. I. Type the following code in notepad and save the file as EICAR.CO
10. J. Your antivirus program springs into action whenever you attempt to open, run or copy i
11. K. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Correct Answer: D
The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer
Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers
to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens
the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.

- (Topic 18)
You have just installed a new Linux file server at your office. This server is going to be used by several individuals in the organization, and unauthorized personnel must not be able to modify any data.
What kind of program can you use to track changes to files on the server?

1. A. Network Based IDS (NIDS)
2. B. Personal Firewall
3. C. System Integrity Verifier (SIV)
4. D. Linux IP Chains

Correct Answer: C
System Integrity Verifiers like Tripwire aids system administrators and users
in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.