- (Topic 23)
What is the IV key size used in WPA2?

1. A. 32
2. B. 24
3. C. 16
4. D. 48
5. E. 128

Correct Answer: D

- (Topic 9)
What does the following command achieve?
Telnet HEAD /HTTP/1.0

1. A. This command returns the home page for the IP address specified
2. B. This command opens a backdoor Telnet session to the IP address specified
3. C. This command returns the banner of the website specified by IP address
4. D. This command allows a hacker to determine the sites security
5. E. This command is bogus and will accomplish nothing

Correct Answer: C
This command is used for banner grabbing. Banner grabbing helps identify the service and version of web server running.

- (Topic 23)
Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment. Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access the resources of the company. This process involves human interaction to fix it. What kind of Denial of Service attack was best illustrated in the scenario above?

1. A. DOS attacks which involves flooding a network or system
2. B. DOS attacks which involves crashing a network or system
3. C. DOS attacks which is done accidentally or deliberately
4. D. Simple DDOS attack

Correct Answer: B
This is not a DDOS, there is only one person involved as attacker

- (Topic 2)
System Administrators sometimes post questions to newsgroups when they run into technical challenges. As an ethical hacker, you could use the information in newsgroup posting to glean insight into the makeup of a target network. How would you search for these posting using Google search?

1. A. Search in Google using the key strings “the target company” and “newsgroups”
2. B. Search for the target company name at http://groups.google.com
3. C. Use NNTP websites to search for these postings
4. D. Search in Google using the key search strings “the target company” and “forums”

Correct Answer: B
Using http://groups.google.com is the easiest way to access various newsgroups today. Before http://groups.google.com you had to use special NNTP clients or subscribe to some nntp to web services.

- (Topic 4)
Which definition among those given below best describes a covert channel?

1. A. A server program using a port that is not well known.
2. B. Making use of a protocol in a way it is not intended to be used.
3. C. It is the multiplexing taking place on a communication link.
4. D. It is one of the weak channels used by WEP which makes it insecure.

Correct Answer: B
A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information.