401 SEC+ Exam Guaranteed Pass: Expert-Verified
Questions & In-Depth Analysis to Boost Academic
Performance
The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud.
No one else received the voice mail. Which of the following BEST describes this attack?
A. Whaling
B. Vishing
C. Spear phishing
D. Impersonation - -correct ans- -Answer: A
Explanation:
Whaling is a specific kind of malicious hacking within the more general category of phishing,
which involves hunting for data that can be used by the hacker. In general, phishing efforts
are focused on collecting personal data about users. In whaling, the targets are high-ranking
bankers, executives or others in powerful positions or job titles.
Hackers who engage in whaling often describe these efforts as "reeling in a big fish," applying a
familiar metaphor to the process of scouring technologies for loopholes and opportunities for
data theft. Those who are engaged in whaling may, for example, hack into specific networks
where these powerful individuals work or store sensitive data. They may also set up keylogging
or other malware on a work station associated with one of these executives. There are many
ways that hackers can pursue whaling, leading C-level or toplevel executives in business and
government to stay vigilant about the possibility of cyber threats.
An administrator was asked to review user accounts. Which of the following has the potential to
cause the MOST amount of damage if the account was compromised?
A. A password that has not changed in 180 days
B. A single account shared by multiple users
C. A user account with administrative rights
,D. An account that has not been logged into since creation - -correct ans- -Answer: C
Explanation:
A user account with administrative rights has the same rights as an administrator account on a
computer.
An administrator account is a user account that lets you make changes that will affect other
users. Administrators can change security settings, install software and hardware, and access all
files on the computer. Administrators can also make changes to other user accounts.
This compares to a standard user (non-administrative) account which has limited rights on a
computer. For example, a standard user account cannot install software, cannot make system
changes that would affect other users and cannot access other users' files.
Therefore, a compromised user account with administrative rights has the potential for the
most damage.
Which of the following devices is used for the transparent security inspection of network traffic
by redirecting user packets prior to sending the packets to the intended destination? A. Proxies
B. Load balancers
C. Protocol analyzer
D. VPN concentrator - -correct ans- -Answer: A
Explanation:
A proxy is a device that acts on behalf of other(s). A commonly used proxy in computer
networks is a web proxy. Web proxy functionality is often combined into a proxy firewall.
A proxy firewall can be thought of as an intermediary between your network and any other
network. Proxy firewalls are used to process requests from an outside network; the proxy
firewall examines the data and makes rule-based decisions about whether the request should
be forwarded or refused. The proxy intercepts all of the packets and reprocesses them for use
internally. This process includes hiding IP addresses.
The proxy firewall provides better security than packet filtering because of the increased
intelligence that a proxy firewall offers. Requests from internal network users are routed
, through the proxy. The proxy, in turn, repackages the request and sends it along, thereby
isolating the user from the external network. The proxy can also offer caching, should the same
request be made again, and it can increase the efficiency of data delivery.
An administrator is investigating a system that may potentially be compromised, and sees the
following log entries on the router.
*Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -
> 10.10.1.5 (6667), 3 packets.
*Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -
> 10.10.1.5 (6667), 6 packets.
*Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -
> 10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?
A. It is running a rogue web server
B. It is being used in a man-in-the-middle attack
C. It is participating in a botnet
D. It is an ARP poisoning attack - -correct ans- -Answer:
C Explanation:
In this question, we have a source computer (192.10.3.204) sending data to a single destination
IP address 10.10.1.5. No data is being received back by source computer which suggests the
data being sent is some kind of Denial-of-service attack. This is common practice for computers
participating in a botnet. The port used is TCP 6667 which is IRC (Internet Relay Chat). This port
is used by many Trojans and is commonly used for DoS attacks.
Software running on infected computers called zombies is often known as a botnet. Bots, by
themselves, are but a form of software that runs automatically and autonomously. (For
example, Google uses the Googlebot to find web pages and bring back values for the index.)
Botnet, however, has come to be the word used to describe malicious software running on a
zombie and under the control of a bot-herder.
Denial-of-service attacks—DoS and DDoS—can be launched by botnets, as can many forms of
adware, spyware, and spam (via spambots). Most bots are written to run in the background
Questions & In-Depth Analysis to Boost Academic
Performance
The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud.
No one else received the voice mail. Which of the following BEST describes this attack?
A. Whaling
B. Vishing
C. Spear phishing
D. Impersonation - -correct ans- -Answer: A
Explanation:
Whaling is a specific kind of malicious hacking within the more general category of phishing,
which involves hunting for data that can be used by the hacker. In general, phishing efforts
are focused on collecting personal data about users. In whaling, the targets are high-ranking
bankers, executives or others in powerful positions or job titles.
Hackers who engage in whaling often describe these efforts as "reeling in a big fish," applying a
familiar metaphor to the process of scouring technologies for loopholes and opportunities for
data theft. Those who are engaged in whaling may, for example, hack into specific networks
where these powerful individuals work or store sensitive data. They may also set up keylogging
or other malware on a work station associated with one of these executives. There are many
ways that hackers can pursue whaling, leading C-level or toplevel executives in business and
government to stay vigilant about the possibility of cyber threats.
An administrator was asked to review user accounts. Which of the following has the potential to
cause the MOST amount of damage if the account was compromised?
A. A password that has not changed in 180 days
B. A single account shared by multiple users
C. A user account with administrative rights
,D. An account that has not been logged into since creation - -correct ans- -Answer: C
Explanation:
A user account with administrative rights has the same rights as an administrator account on a
computer.
An administrator account is a user account that lets you make changes that will affect other
users. Administrators can change security settings, install software and hardware, and access all
files on the computer. Administrators can also make changes to other user accounts.
This compares to a standard user (non-administrative) account which has limited rights on a
computer. For example, a standard user account cannot install software, cannot make system
changes that would affect other users and cannot access other users' files.
Therefore, a compromised user account with administrative rights has the potential for the
most damage.
Which of the following devices is used for the transparent security inspection of network traffic
by redirecting user packets prior to sending the packets to the intended destination? A. Proxies
B. Load balancers
C. Protocol analyzer
D. VPN concentrator - -correct ans- -Answer: A
Explanation:
A proxy is a device that acts on behalf of other(s). A commonly used proxy in computer
networks is a web proxy. Web proxy functionality is often combined into a proxy firewall.
A proxy firewall can be thought of as an intermediary between your network and any other
network. Proxy firewalls are used to process requests from an outside network; the proxy
firewall examines the data and makes rule-based decisions about whether the request should
be forwarded or refused. The proxy intercepts all of the packets and reprocesses them for use
internally. This process includes hiding IP addresses.
The proxy firewall provides better security than packet filtering because of the increased
intelligence that a proxy firewall offers. Requests from internal network users are routed
, through the proxy. The proxy, in turn, repackages the request and sends it along, thereby
isolating the user from the external network. The proxy can also offer caching, should the same
request be made again, and it can increase the efficiency of data delivery.
An administrator is investigating a system that may potentially be compromised, and sees the
following log entries on the router.
*Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -
> 10.10.1.5 (6667), 3 packets.
*Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -
> 10.10.1.5 (6667), 6 packets.
*Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -
> 10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?
A. It is running a rogue web server
B. It is being used in a man-in-the-middle attack
C. It is participating in a botnet
D. It is an ARP poisoning attack - -correct ans- -Answer:
C Explanation:
In this question, we have a source computer (192.10.3.204) sending data to a single destination
IP address 10.10.1.5. No data is being received back by source computer which suggests the
data being sent is some kind of Denial-of-service attack. This is common practice for computers
participating in a botnet. The port used is TCP 6667 which is IRC (Internet Relay Chat). This port
is used by many Trojans and is commonly used for DoS attacks.
Software running on infected computers called zombies is often known as a botnet. Bots, by
themselves, are but a form of software that runs automatically and autonomously. (For
example, Google uses the Googlebot to find web pages and bring back values for the index.)
Botnet, however, has come to be the word used to describe malicious software running on a
zombie and under the control of a bot-herder.
Denial-of-service attacks—DoS and DDoS—can be launched by botnets, as can many forms of
adware, spyware, and spam (via spambots). Most bots are written to run in the background
