Question 341
You are concerned about rootkits on your network communicating with attackers outside your network. Without
using an IDS how can you detect this sort of activity?
Question 342
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small-sized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?
Each correct answer represents a complete solution. Choose all that apply.
Question 343
Which of the following are based on malicious code?
Each correct answer represents a complete solution. Choose two.
Question 344
John works as a Professional Ethical Hacker for NetPerfect Inc. The company has a Linux-based network. All client
computers are running on Red Hat 7.0 Linux. The Sales Manager of the company complains to John that his system
contains an unknown package named as tar.gz and his documents are exploited. To resolve the problem, John uses a
Port scanner to enquire about the open ports and finds out that the HTTP server service port on 27374 is open. He
suspects that the other computers on the network are also facing the same problem. John discovers that a malicious
application is using the synscan tool to randomly generate IP addresses.
Which of the following worms has attacked the computer?
Question 345
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. The
company is aware of various types of security attacks and wants to impede them. Hence, management has assigned
John a project to port scan the company's Web Server. For this, he uses the nmap port scanner and issues the
following command to perform idle port scanning:
nmap -PN -p- -sI IP_Address_of_Company_Server
He analyzes that the server's TCP ports 21, 25, 80, and 111 are open.
Which of the following security policies is the company using during this entire process to mitigate the risk of hacking
attacks?
