1-25 Flashcards
- While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?
. Clickjacking
. Cross-Site Scripting
c. Cross-Site Request Forgery
. Web form input validation
- Which service in a PKI will vouch for the identity of an individual or company?
. KDC
. CR
. CBC
d. CA
- Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
. LDAP Injection attack
b. Cross-Site Scripting (XSS)
. SQL injection attack
. Cross-Site Request Forgery (CSRF)
- User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?
. Application
. Transport
. Session
d. Presentation
- A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
a. The WAP does not recognize the client’s MAC address
. The client cannot see the SSID of the wireless network
. Client is configured for the wrong channel
. The wireless client is not configured to use DHCP
- If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use?
. -r
b. -F
. -P
. -sP
- Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
. SOA
. Biometrics
. single sign on
d. PKI
- You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?
a. Social engineering
. Piggybacking
. Tailgating
. Eavesdropping
- If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
. Traceroute
b. Hping
. TCP ping
. Broadcast ping
- Which of the following programs is usually targeted at Microsoft Office products?
. Polymorphic virus
. Multipart virus
c. Macro virus
. Stealth virus
- In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account’s confidential files and information. How can he achieve this?
a. Privilege Escalation
. Shoulder-Surfing
. Hacking Active Directory
. Port Scanning
- A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?
. The computer is not using a private IP address.
b. The gateway is not routing to a public IP address.
. The gateway and the computer are not on the same network.
. The computer is using an invalid IP address.
- Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?
. 113
. 69
c. 123
. 161
- Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind of measure?
. All of the employees would stop normal work activities
. IT department would be telling employees who the boss is
c. Not informing the employees that they are going to be monitored could be an invasion of privacy.
. The network could still experience traffic slow down.
- Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
a. Nikto
. John the Ripper
. Dsniff
. Snort
- DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed. What command is used to determine if the entry is present in DNS cache?
. nslookup -fullrecursive update.antivirus.com
. dnsnooping -rt update.antivirus.com
c. nslookup -norecursive update.antivirus.com
. dns –snoop update.antivirus.com
- Which of the following is an extremely common IDS evasion technique in the web world?
. Spyware
. Subnetting
c. Unicode Characters
. Port Knocking
- John the Ripper is a technical assessment tool used to test the weakness of which of the following?
a. Passwords
. File permissions
. Firewall rulesets
. Usernames
- Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.
What should Bob recommend to deal with such a threat?
. The use of security agents in clients’ computers
b. The use of DNSSEC
. The use of double-factor authentication
. Client awareness
- During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?
. Circuit
b. Stateful
. Application
. Packet Filtering
- By using a smart card and pin, you are using a two-factor authentication that satisfies ____.
. Something you are and something you remember
b. Something you have and something you know
. Something you know and something you are
. Something you have and something you are
- “……. is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.” Fill in the blank with appropriate choice.
a. Evil Twin Attack
. Sinkhole Attack
. Collision Attack
. Signal Jamming Attack
- A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank?
a. Place a front-end web server in a demilitarized zone that only handles external web traffic
. Require all employees to change their anti-virus program with a new one
. Move the financial data to another server on the same IP subnet
. Issue new certificates to the web servers from the root certificate authority
- What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
a. Residual risk
. Impact risk
. Deferred risk
. Inherent risk
