- (Topic 2)
An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt the information before transmitting onto the wire?

1. A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234
2. B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234
3. C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password
4. D. Use cryptcat instead of netcat

Correct Answer: D

- (Topic 1)
Which of the following is the BEST way to defend against network sniffing?

1. A. Using encryption protocols to secure network communications
2. B. Register all machines MAC Address in a Centralized Database
3. C. Use Static IP Address
4. D. Restrict Physical Access to Server Rooms hosting Critical Servers

Correct Answer: A
https://en.wikipedia.org/wiki/Sniffing_attack
To prevent networks from sniffing attacks, organizations and individual users should keep away from applications using insecure protocols, like basic HTTP authentication, File Transfer Protocol (FTP), and Telnet. Instead, secure protocols such as HTTPS, Secure File Transfer Protocol (SFTP), and Secure Shell (SSH) should be preferred. In case there is a necessity for using any insecure protocol in any application, all the data transmission should be encrypted. If required, VPN (Virtual Private Networks) can be used to provide secure access to users.
NOTE: I want to note that the wording "best option" is valid only for the EC-Council's exam since the other options will not help against sniffing or will only help from some specific attack vectors.
The sniffing attack surface is huge. To protect against it, you will need to implement a complex of measures at all levels of abstraction and apply controls at the physical, administrative, and technical levels. However, encryption is indeed the best option of all, even if your data is intercepted - an attacker cannot understand it.

- (Topic 3)
Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.
What is the type of vulnerability assessment that Jude performed on the organization?

1. A. External assessment
2. B. Passive assessment
3. C. Host-based assessment
4. D. Application assessment

Correct Answer: A
Types of Vulnerability Assessment - External Assessment External assessment examines the network from a hacker??s point of view to identify exploits and vulnerabilities accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks from outside the organization. It determines the level of security of the external network and firewall. (P.527/511)
External assessment examines the network from a hacker??s point of view to identify exploits and vulnerabilities accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks from outside the organization. It determines the level of security of the external network and firewall.
The following are some of the possible steps in performing an external assessment:
o Determine a set of rules for firewall and router configurations for the external network o Check whether the external server devices and network devices are mapped o Identify open ports and related services on the external network o Examine the patch levels on the server and external network devices o Review detection systems such as IDS, firewalls, and application-layer protection systems
o Get information on DNS zones
o Scan the external network through a variety of proprietary tools available on the Internet o Examine Web applications such as e-commerce and shopping cart software for vulnerabilities

- (Topic 3)
Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

1. A. User-mode rootkit
2. B. Library-level rootkit
3. C. Kernel-level rootkit
4. D. Hypervisor-level rootkit

Correct Answer: C

- (Topic 1)
Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.
Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?

1. A. Bob can be right since DMZ does not make sense when combined with stateless firewalls
2. B. Bob is partially righ
3. C. He does not need to separate networks if he can create rules bydestination IPs, one by one
4. D. Bob is totally wron
5. E. DMZ is always relevant when the company has internet servers and workstations
6. F. Bob is partially righ
7. G. DMZ does not make sense when a stateless firewall is available

Correct Answer: C