SEC504 Exam Dumps - SANS Certified Incident Handler Questions and Answers

Page: 1 / 12

Questions 4

Which of the following terms describes an attempt to transfer DNS zone data?

Options:

Reconnaissance

Encapsulation

Dumpster diving

Spam

Buy Now

Questions 5

Which of the following is the best method of accurately identifying the services running on a victim host?

Options:

Use of the manual method of telnet to each of the open ports.

Use of a port scanner to scan each port to confirm the services running.

Use of hit and trial method to guess the services and ports of the victim host.

Use of a vulnerability scanner to try to probe each port to verify which service is running.

Buy Now

Questions 6

You work as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company wants to fix potential vulnerabilities existing on the tested systems. You use Nessus as a vulnerability scanning program to fix the vulnerabilities. Which of the following vulnerabilities can be fixed using Nessus?

Each correct answer represents a complete solution. Choose all that apply.

Options:

Misconfiguration (e.g. open mail relay, missing patches, etc.)

Vulnerabilities that allow a remote cracker to control sensitive data on a system

Vulnerabilities that allow a remote cracker to access sensitive data on a system

Vulnerabilities that help in Code injection attacks

Buy Now

Questions 7

Adam works as a Network Administrator for PassGuide Inc. He wants to prevent the network from DOS attacks. Which of the following is most useful against DOS attacks?