Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

SEC504 SANS Hacker Tools, Techniques, Exploits and Incident Handling Free Practice Exam Questions (2025 Updated)

Prepare effectively for your SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

SANS SEC504 Premium Access     Download Demo    
Page: 2 / 5
Total 328 questions

Jane works as a Consumer Support Technician for ABC Inc. The company provides troubleshooting support to users. Jane is troubleshooting the computer of a user who has installed software that automatically gains full permissions on his computer. Jane has never seen this software before. Which of the following types of malware is the user facing on his computer?

A.

Rootkits

B.

Viruses

C.

Spyware

D.

Adware

You are monitoring your network's behavior. You find a sudden increase in traffic on the network. It seems to come in bursts and emanate from one specific machine. You have been able to determine that a user of that machine is unaware of the activity and lacks the computer knowledge required to be responsible for a computer attack. What attack might this indicate?

A.

Spyware

B.

Ping Flood

C.

Denial of Service

D.

Session Hijacking

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

A.

The attacker must determine the right values for all the form inputs.

B.

The attacker must target a site that doesn't check the referrer header.

C.

The target site should have limited lifetime authentication cookies.

D.

The target site should authenticate in GET and POST parameters, not only cookies.

Which of the following protocols uses only User Datagram Protocol (UDP)?

A.

POP3

B.

FTP

C.

ICMP

D.

TFTP

Which of the following protocol loggers is used to detect ping sweep?

A.

lppi

B.

pitl

C.

dpsl

D.

ippl

Adam works as a Security Administrator for Umbrella Technology Inc. He reported a breach in security to his senior members, stating that "security defenses has been breached and exploited for 2 weeks by hackers." The hackers had accessed and downloaded 50,000 addresses containing customer credit cards and passwords. Umbrella Technology was looking to law enforcement officials to protect their intellectual property.

The intruder entered through an employee's home machine, which was connected to Umbrella Technology's corporate VPN network. The application called BEAST Trojan was used in the attack to open a "back door" allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge.

The hackers were traced back to Shanghai, China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Umbrella Technology's network from a remote location, posing as employees.

Which of the following actions can Adam perform to prevent such attacks from occurring in future?

A.

Allow VPN access but replace the standard authentication with biometric authentication

B.

Replace the VPN access with dial-up modem access to the company's network

C.

Disable VPN access to all employees of the company from home machines

D.

Apply different security policy to make passwords of employees more complex

Which of the following rootkits adds additional code or replaces portions of an operating system, including both the kernel and associated device drivers?

A.

Hypervisor rootkit

B.

Boot loader rootkit

C.

Kernel level rootkit

D.

Library rootkit

Peter works as a Network Administrator for the PassGuide Inc. The company has a Windows-based network. All client computers run the Windows XP operating system. The employees of the company complain that suddenly all of the client computers have started working slowly. Peter finds that a malicious hacker is attempting to slow down the computers by flooding the network with a large number of requests. Which of the following attacks is being implemented by the malicious hacker?

A.

SQL injection attack

B.

Denial-of-Service (DoS) attack

C.

Man-in-the-middle attack

D.

Buffer overflow attack

You work as a Senior Marketing Manager for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident.

Which of the following steps of an incident handling process was performed by the incident response team?

A.

Containment

B.

Eradication

C.

Preparation

D.

Identification

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small-sized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?

Each correct answer represents a complete solution. Choose all that apply.

A.

Whisker

B.

Fragroute

C.

Nessus

D.

Y.A.T.

You run the following PHP script:

<</b>?php $name = mysql_real_escape_string($_POST["name"]);

$password = mysql_real_escape_string($_POST["password"]); ?>

What is the use of the mysql_real_escape_string() function in the above script.

Each correct answer represents a complete solution. Choose all that apply.

A.

It can be used to mitigate a cross site scripting attack.

B.

It can be used as a countermeasure against a SQL injection attack.

C.

It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".

D.

It escapes all special characters from strings $_POST["name"] and $_POST["password"].

Which of the following is used by attackers to obtain an authenticated connection on a network?

A.

Denial-of-Service (DoS) attack

B.

Replay attack

C.

Man-in-the-middle attack

D.

Back door

Which of the following hacking tools provides shell access over ICMP?

A.

John the Ripper

B.

Nmap

C.

Nessus

D.

Loki

Which of the following statements about buffer overflow is true?

A.

It manages security credentials and public keys for message encryption.

B.

It is a collection of files used by Microsoft for software updates released between major service pack releases.

C.

It is a condition in which an application receives more data than it is configured to accept.

D.

It is a false warning about a virus.

An attacker sends a large number of packets to a target computer that causes denial of service.

Which of the following type of attacks is this?

A.

Spoofing

B.

Snooping

C.

Phishing

D.

Flooding

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. An attacker uses software that keeps trying password combinations until the correct password is found. Which type of attack is this?

A.

Denial-of-Service

B.

Man-in-the-middle

C.

Brute Force

D.

Vulnerability

You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task?

A.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup

B.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto

C.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

D.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start

Which of the following attacks is specially used for cracking a password?

A.

PING attack

B.

Dictionary attack

C.

Vulnerability attack

D.

DoS attack

Which of the following types of attack can guess a hashed password?

A.

Brute force attack

B.

Evasion attack

C.

Denial of Service attack

D.

Teardrop attack

You work as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company wants to fix potential vulnerabilities existing on the tested systems. You use Nessus as a vulnerability scanning program to fix the vulnerabilities. Which of the following vulnerabilities can be fixed using Nessus?

Each correct answer represents a complete solution. Choose all that apply.

A.

Misconfiguration (e.g. open mail relay, missing patches, etc.)

B.

Vulnerabilities that allow a remote cracker to control sensitive data on a system

C.

Vulnerabilities that allow a remote cracker to access sensitive data on a system

D.

Vulnerabilities that help in Code injection attacks

SANS SEC504 Premium Access     Download Demo    
Page: 2 / 5
Total 328 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved