QUESTION: 57

Which of the following systems would not respond correctly to an nmap XMAS scan?

Windows 2000 Server running IIS 5
Any Solaris version running SAMBA Server
Any version of IRIX
RedHat Linux 8.0 running Apache Web Server

Answer(s): A

Explanation:

When running a XMAS Scan, if a RST packet is received, the port is considered closed, while no response means it is open|filtered. The big downside is that not all systems follow RFC 793 to the letter. A number of systems send RST responses to the probes regardless of whether the port is open or not. This causes all of the ports to be labeled closed. Major operating systems that do this are Microsoft Windows, many Cisco devices, BSDI, and IBM OS/400.

Reveal Solution Next Question

QUESTION: 58

home/root # traceroute www.targetcorp.com <http://www.targetcorp.com> traceroute to www.targetcorp.com <http://www.targetcorp.com> (192.168.12.18), 64 hops may, 40 byte packets
1 router.anon.com (192.13.212.254) 1.373 ms 1.123 ms 1.280 ms
2 192.13.133.121 (192.13.133.121) 3.680 ms 3.506 ms 4.583 ms
3 firewall.anon.com (192.13.192.17) 127.189 ms 257.404 ms 208.484 ms
4 anon-gw.anon.com (192.93.144.89) 471.68 ms 376.875 ms 228.286 ms
5 fe5-0.lin.isp.com (192.162.231.225) 2.961 ms 3.852 ms 2.974 ms
6 fe0-0.lon0.isp.com (192.162.231.234) 3.979 ms 3.243 ms 4.370 ms
7 192.13.133.5 (192.13.133.5) 11.454 ms 4.221 ms 3.333 ms
6 * * *
7 * * *
8 www.targetcorp.com <http://www.targetcorp.com> (192.168.12.18) 5.392
ms 3.348 ms 3.199 ms

Use the traceroute results shown above to answer the following questions:
The perimeter security at targetcorp.com does not permit ICMP TTL-expired packets out.

True
False

Answer(s): A

Explanation:

As seen in the exhibit there is 2 registrations with timeout, this tells us that the firewall filters packets where the TTL has reached 0, when you continue with higher starting values for TTL you will get an answer from the target of the traceroute.

Reveal Solution Next Question

QUESTION: 59

While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:

Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/
<http://www.insecure.org/nmap/> ) Interesting ports on 172.121.12.222:
(The 1592 ports scanned but not shown below are in state: filtered) Port State Service
21/tcp open ftp 25/tcp open smtp 53/tcp closed domain 80/tcp open http 443/tcp open https
Remote operating system guess: Too many signatures match to reliably guess the OS.
Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds
What should be your next step to identify the OS?

Perform a firewalk with that system as the target IP
Perform a tcp traceroute to the system using port 53
Run an nmap scan with the -v-v option to give a better output
Connect to the active services and review the banner information

Answer(s): D

Explanation:

Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.

Reveal Solution Next Question

QUESTION: 60

When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device?

ICMP ECHO_REQUEST & TCP SYN
ICMP ECHO_REQUEST & TCP ACK
ICMP ECHO_REPLY & TFP RST
ICMP ECHO_REPLY & TCP FIN

Answer(s): B

Explanation:

The default behavior of NMAP is to do both an ICMP ping sweep (the usual kind of ping) and a TCP port 80 ACK ping sweep. If an admin is logging this will be fairly characteristic of NMAP.

Reveal Solution Next Question

Free 312-50 Exam Braindumps (page: 15)

QUESTION: 57

Explanation:

QUESTION: 58

Explanation:

QUESTION: 59

Explanation:

QUESTION: 60

Explanation: