SANS Hacker Tools, Techniques, Exploits and Incident Handling - SEC504 FREE EXAM DUMPS QUESTIONS & ANSWERS

Which of the following is a reason to implement security logging on a DNS server?

Which of the following DoS attacks affects mostly Windows computers by sending corrupt UDP packets?

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small-sized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?
Each correct answer represents a complete solution. Choose all that apply.

In which of the following methods does an hacker use packet sniffing to read network traffic between two parties to steal the session cookies?

Jane works as a Consumer Support Technician for ABC Inc. The company provides troubleshooting support to users. Jane is troubleshooting the computer of a user who has installed software that automatically gains full permissions on his computer. Jane has never seen this software before. Which of the following types of malware is the user facing on his computer?

Firewalking is a technique that can be used to gather information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. Which of the following are pre-requisites for an attacker to conduct firewalking?
Each correct answer represents a complete solution. Choose all that apply.

In which of the following attacks does an attacker spoof the source address in IP packets that are sent to the victim?

Which of the following refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system?

Which of the following attacks saturates network resources and disrupts services to a specific computer?

Your company has been hired to provide consultancy, development, and integration services for a company named Brainbridge International. You have prepared a case study to plan the upgrade for the company. Based on the case study, which of the following steps will you suggest for configuring WebStore1?
Each correct answer represents a part of the solution. Choose two.

Which of the following attacks come under the category of layer 2 Denial-of-Service attacks?
Each correct answer represents a complete solution. Choose all that apply.

Which of the following penetration testing phases involves reconnaissance or data gathering?

You work as a Network Administrator in the SecureTech Inc. The SecureTech Inc. is using Linux-based server. Recently, you have updated the password policy of the company in which the server will disable passwords after four trials. What type of attack do you want to stop by enabling this policy?

Which of the following tools can be used for network sniffing as well as for intercepting conversations through session hijacking?