100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Sans 560 Questions & answers $10.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. SANS
  4.  
  5. SANS
  6.  
  7. SANS

Exam (elaborations)

Sans 560 Questions & answers
 4 views  0 purchase
  • Course
  • SANS
  • Institution
  • SANS

Sans 560 Questions & answers

Preview 4 out of 78  pages

Document information

  • July 2, 2024
  • 78
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers

Subjects

  • sans 560 questions answers

Written for

  • SANS
All documents for this subject (46)

Seller

avatar-seller
EXAMQA

Reviews received

Content preview

Sans 560
(Question 1)

Analyze the screenshot below, of information gathered during a penetration test.
What is the source of information being displayed.

(image) of robots.txt

An HTTP error from IIS
An Apache httpd.conf file
A robots.txt file from a webserver
A file ACL from IIS version 6 - CORRECT ANSWER-A robots.txt file from a
webserver

(Question 2)
Analyze the screenshot below. What type of vulnerability is being attacked?

(image)

Windows PowerShell
Windows Server service
Internet Explorer
Local Security Authority - CORRECT ANSWER-Windows Server service

(Question 3)
Examine the following Nmap command and results, if the SSH port was changed
to port 23 instead of the default port, why would the output not show the results
of the NSE script.

(image)

-sV is needed to do a Version Scan
-p 23 is needed to designate the port to scan
Port 23 is reserved for Telnet only. - CORRECT ANSWER--sV is needed to do a
Version Scan

,(Explanation )

The Nmap scan in the above command only does a TCP Connect scan and does
not detect what is running on the port. It simply checks whether the port is open
or not. A version scan (-sV) is needed in this case for the Nmap scan to realize
SSH is running on port 23 instead of the default Telnet service. Once the script
sees that SSH is running on Port 23, it can detect which protocol is supported. It
is possible in the configuration of services for system administrators to change
the default ports of services to a different port as long as it is free. By not
specifying a port range the Nmap default port list is used in the scan which
contains port 23. -sC is used to run all N SE scripts in the default category.

(Question 5)

You are penetration testing a client's DMZ servers. You run out of time at the
client site and decide to continue from your home network. You have talked with
your ISP and ensured that all ports are allowed out and they are aware of your
penetration testing activities. You start a remote vulnerability scan that includes
some application layer exploits that do not conform to protocol specifications. For
some reason the vulnerability scanner will not run all the scans on the target
system. The connection appears to be fine as you are able to access the client
site from your system. You test the vulnerability scanner on a system located on
your local test network segment and the scan completes successfully. You
investigate the connection issue and realize that the same vulnerability scan
tests fail every time when connecting out of your network. What is the most likely
reason for the failure?

(Answer)
You - CORRECT ANSWER-An application layer firewall is dropping packets that
do not conform to specifications

Question 6

,During the course of a penetration test, the tester wants to determine the routing
relationship between the target company, ISP, and external networks. Which of
the following methods will provide this information?

Answer

Performing a DNS zone transfer from the company's main resolver and from a
secondary resolver.

Gathering the whois information for the target and the ISP by querying different
servers.

Sniffing session data both to and from the Internet to the company mailserver.

Comparing the results of successive traceroute commands run from multiple
locations - CORRECT ANSWER-Comparing the results of successive traceroute
commands run from multiple locations

Question 7

Why is Cross Site Request Forgery (XSRF) so dangerous?


( Answer )
It launches legitimate requests to authenticate on behalf of a victim system.

It performs legitimate, authenticated requests without the victim's knowledge.

It performs legitimate, unauthenticated requests without the need for a victim
system.

It launches devastating DoS attacks that appear to be legitimate, authenticated
requests. - CORRECT ANSWER-It performs legitimate, authenticated requests
without the victim's knowledge.

( Question 8 )
Analyze the command output below. What conclusion can be drawn?

, user@desktop:~$ sudo nmap -sU 192.168.116.9

Starting Nmap 4.53 ( http://insecure.org ) at 2010-10-01 07:27 EDT
Interesting ports on 192.168.116.9:
Not shown: 1485 closed ports
PORT STATE SERVICE
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
5353/udp open zeroconf

Nmap done: 1 IP address (1 host up) scanned in 1.556 seconds

( Answer )
The source system did not get a response to the packet sent to 137/udp.

The target system sent a RST for port reported as closed.

The source system did not respond to any probe packet.

The target system responded with an ICMP unreachable for port 138. -
CORRECT ANSWER-Incorrect: The source system did not respond to any probe
packet.


( Correct Answer )
The source system did not get a response to the packet sent to 137/udp.

( Explanation )
During an nmap udp scan, a host may send an ICMP unreachable for closed
UDP ports. If that occurs, then the result will be that nmap reports the port as
closed. If the target does not respond to the probe packet, the port is reported as
open|filtered.

(Question 9)

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller EXAMQA. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

72841 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.49
  • (0)
  Add to cart