Question 46
John is a malicious attacker. He illegally accesses the server of We-are-secure Inc. He then places a backdoor in the We-are-secure server and alters its log files. Which of the following steps of malicious hacking includes altering the server log files?
Question 47
John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit.
John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.
Question 48
Which of the following statements about reconnaissance is true?
Question 49
In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain
from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and
other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the
authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's
DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a
DNS zone transfer?
Each correct answer represents a complete solution. Choose all that apply.
Question 50
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?
