100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Sans 560 Exam with 100% Correct Answers $13.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. SANS
  4.  
  5. SANS

Exam (elaborations)

Sans 560 Exam with 100% Correct Answers
 0 view  0 purchase
  • Course
  • SANS
  • Institution
  • SANS

Sans 560 Exam with 100% Correct Answers

Preview 4 out of 92  pages

Document information

  • October 26, 2024
  • 92
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • sans 560 exam with 100 correct answers

Written for

  • SANS
  • SANS

Seller

avatar-seller
KenAli

Content preview

Sans 560 Exam with 100% Correct Answers

( Question 1 )
Analyze the command output below. What conclusion can be drawn?




user@desktop:~$ sudo nmap -sU 192.168.116.9


Starting Nmap 4.53 ( http://insecure.org ) at 2010-10-01 07:27 EDT
Interesting ports on 192.168.116.9:
Not shown: 1485 closed ports
PORT STATE SERVICE
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
5353/udp open zeroconf


Nmap done: 1 IP address (1 host up) scanned in 1.556 seconds


( Answer )

The source system did not get a response to the packet sent to 137/udp.


The target system sent a RST for port reported as closed.

,The source system did not respond to any probe packet.



The target system responded with an ICMP unreachable for port 138. - ✔Incorrect: The
source system did not respond to any probe packet.




( Correct Answer )
The source system did not get a response to the packet sent to 137/udp.


( Explanation )

During an nmap udp scan, a host may send an ICMP unreachable for closed UDP ports. If
that occurs, then the result will be that nmap reports the port as closed. If the target does
not respond to the probe packet, the port is reported as open|filtered.


(Question 2)


What is show in the image below


(image)


(Answer)
An unsuccessful attempt to create a remote command shell.


An unsuccessful attempt to compromise the \f"l\'C service.


A remote desktop session opened on a Windows XP host.

,A VNC session injected by a successful metasploit compromise. - ✔A VNC session injected by
a successful metasploit compromise.


( Question 3 )
5956890

During the reconnaissance phase of a penetration test, the tester finds the public
document metadata shown below from an employee of the corporation being tested.


ExifTool Version Number : 8.20
File Name : Job Application 10 for web.pdf
Directory : .
File Size : 25 kB
File Modification Date/Time : 2010:08:16 11:55:43-04:00
File Permissions : rw-rw-rw-
File Type : PDF
MIME Type : application/pdf
PDF Version : 1.4
XMP Toolkit : 3.1-701
Creator Tool : Acrobat PDFMaker 7.0.7 for Excel
Metadata Date : 2010:01:04 12:01:35-05:00
Format : application/pdf
Document ID : uuid:8567b7b8-63a3-4cef-9c1f-452a576a6620
Instance ID : uuid:bb6baf95-2e85-4caa-bcc8-6323f44a1ea5
Page Count : 2
Create Date : 2010:01:04 12:01:34-05:00
Author : cjohnson
Creator : Acrobat PDFMaker 7.0.7 for Excel
Producer : Acrobat Distiller 7.0.5 (Windows)

, Modify Date : 2010:01:04 12:01:35-05:00
Title : Job Application



Which of the f - ✔Incorrect: A vulnerable web application to exploit


( Correct Answer )
A username to use for social engineering


( Explanation )

The metadata provides a potential username in the Author: field which can be used for social
engineering, reconnaissance, phishing, and other methods. The document does not have any
reference to web applications, or password hashes.



A penetration tester obtains telnet access to a target machine using a captured credential. While
trying to transfer her exploit to the target machine, the network intrusion prevention systems
keeps detecting her exploit and terminating her connection. Which of the following actions will
help the penetration tester transfer an exploit and compile it in the target system?



( Answer )
Use the telnet service's ECHO option to pull the file onto the target machine.


Use the copy ability and paste the file directly on the target machine.


Use the scp service, protocol SSHv2 to pull the file onto the target machine.



Use the http service's PUT command to push the file onto the target machine.Use the ftp
service in passive mode to push the file onto the target machine. - ✔Incorrect: Use the
telnet service's ECHO option to pull the file onto the target machine.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller KenAli. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

77254 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.99
  • (0)
  Add to cart