SEC504 Actual Exam Questions

Last updated on Nov. 30, 2024.
Vendor:SANS
Exam Code:SEC504
Exam Name:Hacker Tools Techniques Exploits and Incident Handling
Exam Questions:328
 

Topic 1 - Single Topic

Question #1 Topic 1

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

  • A. Preparation phase
  • B. Eradication phase
  • C. Identification phase
  • D. Recovery phase
  • E. Containment phase
Reveal Solution Hide Solution   Discussion  

Correct Answer: A 🗳️

Question #2 Topic 1

Which of the following statements are true about netcat?
Each correct answer represents a complete solution. Choose all that apply.

  • A. It provides special tunneling, such as UDP to TCP, with the possibility of specifying all network parameters.
  • B. It can be used as a file transfer solution.
  • C. It provides outbound and inbound connections for TCP and UDP ports.
  • D. The nc -z command can be used to redirect stdin/stdout from a program.
Reveal Solution Hide Solution   Discussion  

Correct Answer: ABC 🗳️

Question #3 Topic 1

Which of the following is a reason to implement security logging on a DNS server?

  • A. For preventing malware attacks on a DNS server
  • B. For measuring a DNS server's performance
  • C. For monitoring unauthorized zone transfer
  • D. For recording the number of queries resolved
Reveal Solution Hide Solution   Discussion  

Correct Answer: C 🗳️

Question #4 Topic 1

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

  • A. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • C. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"
  • D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Reveal Solution Hide Solution   Discussion   4

Correct Answer: B 🗳️

Question #5 Topic 1

You work as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company wants to fix potential vulnerabilities existing on the tested systems. You use Nessus as a vulnerability scanning program to fix the vulnerabilities. Which of the following vulnerabilities can be fixed using
Nessus?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Misconfiguration (e.g. open mail relay, missing patches, etc.)
  • B. Vulnerabilities that allow a remote cracker to control sensitive data on a system
  • C. Vulnerabilities that allow a remote cracker to access sensitive data on a system
  • D. Vulnerabilities that help in Code injection attacks
Reveal Solution Hide Solution   Discussion   4

Correct Answer: ABC 🗳️

Question #6 Topic 1

Adam works as a Security Analyst for Umbrella Inc. Company has a Windows-based network. All computers run on Windows XP. Manager of the Sales department complains Adam about the unusual behavior of his computer. He told Adam that some pornographic contents are suddenly appeared on his computer overnight. Adam suspects that some malicious software or Trojans have been installed on the computer. He runs some diagnostics programs and Port scanners and found that the Port 12345, 12346, and 20034 are open. Adam also noticed some tampering with the Windows registry, which causes one application to run every time when Windows start. Which of the following is the most likely reason behind this issue?

  • A. Cheops-ng is installed on the computer.
  • B. Elsave is installed on the computer.
  • C. NetBus is installed on the computer.
  • D. NetStumbler is installed on the computer.
Reveal Solution Hide Solution   Discussion   2

Correct Answer: C 🗳️

Question #7 Topic 1

Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?

  • A. Whishker
  • B. Nessus
  • C. SARA
  • D. Nmap
Reveal Solution Hide Solution   Discussion  

Correct Answer: B 🗳️

Question #8 Topic 1

In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?

  • A. TCP FIN
  • B. FTP bounce
  • C. XMAS
  • D. TCP SYN
Reveal Solution Hide Solution   Discussion  

Correct Answer: A 🗳️

Question #9 Topic 1

Which of the following malicious software travels across computer networks without the assistance of a user?

  • A. Worm
  • B. Virus
  • C. Hoax
  • D. Trojan horses
Reveal Solution Hide Solution   Discussion  

Correct Answer: A 🗳️

Question #10 Topic 1

Which of the following types of attack can guess a hashed password?

  • A. Brute force attack
  • B. Evasion attack
  • C. Denial of Service attack
  • D. Teardrop attack
Reveal Solution Hide Solution   Discussion  

Correct Answer: A 🗳️

file Viewing page 1 out of 33 pages.
Viewing questions 1-10 out of 328 questions
Next Questions
Browse atleast 50% to increase passing rate cup
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago