201 a 322

Question 1

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account. What should you do?

Answer 1

Report immediately to the administrator.

Question 2

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

Answer 2

Make sure that legitimate network routers are configured to run routing protocols with authentication

Question 3

Which system consists of a publicly available set of databases that contain domain name registration contact information?

Answer 3

WHOIS

Question 4

A penetration test was done at a company. After the test, a report was written and given to the company’s IT authorities. A section from the report is shown below:
- Access List should be written between VLANs.
- Port security should be enabled for the intranet.
- A security solution which filters data packets should be set between intranet (LAN) and DMZ.
- A WAF should be used in front of the web applications.
According to the section from the report, which of the following choice is true?

Answer 4

A stateful firewall can be used between intranet (LAN) and DMZ

Question 5

In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

Answer 5

Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical

Question 6

It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure. Which of the following regulations best matches the description?

Answer 6

HIPAA

Question 7

Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file named
“Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating,
“This word document is corrupt”. In the background, the file copies itself to Jesse APPDATA\local directory and
begins to beacon to a C2 server to download additional malicious binaries. What type of malware has Jesse encountered?

Answer 7

Trojan

Question 8

A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of web application vulnerability likely exists in their software?

Answer 8

Cross-site scripting vulnerability

Question 9

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office wants to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

Answer 9

DNS spoofing

Question 10

Which results will be returned with the following Google search query?
site:target.com site:Marketing.target.com accounting

Answer 10

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Question 11

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

Answer 11

Malicious code is attempting to execute instruction a non-executable memory region

Question 12

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?

Answer 12

Rules of engagement

Question 13

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

Answer 13

False positive

Question 14

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Answer 14

Private

Question 15

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:
[eve@localhost*~]$ john secret.txt
Loaded 2 password hashes with no different salts (LM[DES 128/128 SSE2-16])
Press ‘q’ or Ctrol-C to abort, almost any other key for status
0g 0:00:00:03 3/3 0g/s 86168p/s 86168c/s 172336C/s MERO…SAMPLUI
0g 0:00:00:04 3/3 0g/s 3296Kp/s 3296Kc/s 6592KC/s GOS..KARIS4
0g 0:00:00:07 3/3 0g/s 8154Kp/s 8154Kc/s 16309KC/s NY180K..NY1837
0g 0:00:00:10 3/3 0g/s 7958Kp/s 7958Kc/s 15917KC/s SHAGRN..SHENY9

What is she trying to achieve?

Answer 15

She is using John the Ripper to crack the passwords in the secret.txt file

Question 16

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

Answer 16

Connection establishment: SYN, SYN-ACK, ACK Connection termination: FIN, ACK-FIN, ACK

Question 17

env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do a vulnerable Linux host?

Answer 17

Display passwd content to prompt

Question 18

Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides ‘security through obscurity’.
What technique is Ricardo using?

Answer 18

Steganography

Question 19

A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?

Answer 19

Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability

Question 20

Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

Answer 20

nmap -p 445 -n -T4 -open 10.1.0.0/16

Question 21

It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection. Which of the following terms best matches the definition?

Answer 21

Bluetooth

Question 22

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Answer 22

Perform a full restore

Question 23

A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Answer 23

Attempts by attackers to access web sites that trust the web browser user by stealing the user’s authentication credentials

Question 24

To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such an audit?

Answer 24

Vulnerability scanner

Question 25

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

Answer 25

Social engineering

Question 26

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in security testing the client?

Answer 26

Reconnaissance

Question 27

A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?

Answer 27

Delegate

Question 28

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

Answer 28

openssl s_client -connect www.website.com:443

Question 29

Which of the following describes the characteristics of a Boot Sector Virus?

Answer 29

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

Question 30

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?

Answer 30

Create an incident checklist

Question 31

Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

Answer 31

Height and weight

Question 32

While using your bank’s online servicing you notice the following string in the URL bar:
“http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21”
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.
Which type of vulnerability is present on this site?

Answer 32

Web parameter tampering

Question 33

It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?

Answer 33

Threat

Question 34

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

Answer 34

Validate and escape all information sent to a server

Question 35

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Answer 35

Nikto

Question 36

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

Answer 36

He must perform privilege escalation

Question 37

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He is determined that the application is vulnerable to SQL injection and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Answer 37

Blind SQL Injection

Question 38

You have successfully logged on a Linux system. You want to now cover your track. Your login attempt may be logged on several files located in /var/log. Which file does NOT belong to the list:

Answer 38

user.log

Question 39

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. What should you do?

Answer 39

Forward the message to your company’s security response team and permanently delete the message from your computer.

Question 40

The “Gray-box testing” methodology enforces what kind of restriction?

Answer 40

The internal operation of a system is only partly accessible to the tester

Question 41

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occuring during non-business hours. After further examination of all login activities, it is notices that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realized the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux serves to synchronize the time has stopped working?

Answer 41

NTP

Question 42

The “black box testing” methodology enforces what kind of restriction?

Answer 42

Only the external operation of a system is accessible to the tester

Question 43

> NMAP –sn 192.168.11.200-215 The NMAP command above performs which of the following?

Answer 43

A ping scan

Question 44

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a ____ database structure instead of SQL’s ______ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

Answer 44

Hierarchical, Relational

Question 45

What is the purpose of DNS AAAA record?

Answer 45

IPv6 address resolution record

Question 46

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Answer 46

Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

Question 47

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain. If the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Answer 47

ls -d abccorp.local

Question 48

Which command can be used to show the current TCP/IP connections?

Answer 48

Netstat

Question 49

You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it. What tool will help you with the task?

Answer 49

Metagoofil

Question 50

You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions. Which command-line utility are you most likely to use?

Answer 50

Grep

Question 51

This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering and it will tell you the “landscape” looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

Answer 51

Footprinting

Question 52

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation. What command will help you to search files using Google as a search engine?

Answer 52

site: target.com filetype: xls username password email

Question 53

You have successfully gained access to your client’s internal network and successfully comprised a Linux server which is part of the internal IP network. You want to know which Microsoft Windows workstations have file sharing enabled. Which port would you see listening on these Windows machines in the network?

Answer 53

445

Question 54

Which of the following is assured by the use of a hash?

Answer 54

Integrity

Question 55

Threats x Vulnerabilities is referred to as the:

Answer 55

Risk equation

Question 56

The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

Answer 56

Security Incident and Event Monitoring

Question 57

You have just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk. What is one of the first things you should do when given the job?

Answer 57

Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels

Question 58

The purpose of a _______is to deny network access to local area networks and other information assets by unauthorized wireless devices.

Answer 58

Wireless Access Control List

Question 59

What does the –oX flag do in an Nmap scan?

Answer 59

Output the results in XML format to a file

Question 60

During an Xmas scan, what indicates a port is closed?

Answer 60

RST

Question 61

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

Answer 61

Cross-Site Request Forgery

Question 62

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: -Verifies success or failure of an attack – Monitors system activities – Detects attacks that a network-based IDS fails to detect. – Near real-time detection and response – Does not require additional hardware – Lower entry cost. Which type of IDS is best suited for Tremp’s requirements?

Answer 62

Host-based IDS

Question 63

Which of the following parameters describe LM Hash:
I – The maximum password length is 14 characters
II – There are no distinctions between uppercase and lowercase
III – The password is split into two 7-byte halves

Answer 63

I, II, and III

Question 64

Which of the following is not a Bluetooth attack?

Answer 64

Bluedriving

Question 65

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP’s Top Ten Project Most Critical Web Application Security Risks?

Answer 65

Injection

Question 66

A pen-tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

Answer 66

Winpcap

Question 67

Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical java script. What is the name of this technique to hide the code and extend analysis time?

Answer 67

Obfuscation

Question 68

During the security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

Answer 68

Identify and evaluate existing practices

Question 69

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg:““FTP on the network!””;

Answer 69

An Intrusion Detection System

Question 70

While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap –Pn –p –sl kiosk.adobe.com www.riaa.com kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using “-sl” with Nmap?

Answer 70

Conduct IDLE scan

Question 71

What is the process of logging, recording, and resolving events that take place in an organization?

Answer 71

Incident Management Process

Question 72

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Answer 72

Application

Question 73

The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

Answer 73

$146

Question 74

Which of the following is an extremely common IDS evasion technique in the web world?

Answer 74

Unicode characters

Question 75

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

Answer 75

TCP

Question 76

What is a “Collision attack” in cryptography?

Answer 76

Collision attacks try to find two inputs producing the same hash

Question 77

hich of the following is the successor of SSL?

Answer 77

TLS

Question 78

This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These
security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach. Which of the following
organization is being described?

Answer 78

Payment Card Industry (PCI)

Question 79

Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server? The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

Answer 79

R-U-Dead-Yet?(RUDY)

Question 80

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Answer 80

128 bit and CCMP

Question 81

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23. Which of the following IP addresses could be leased as a result of the new configuration?

Answer 81

10.1.5.200

Question 82

Your company was hired by a small healthcare provider to perform a technician assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

Answer 82

Use a scan tool like Nessus

Question 83

You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs. –
192.168.8.0/24. What command you would use?

Answer 83

wireshark -capture -local -masked 192.168.8.0 -range 24

Question 84

Initiating an attack against targeted business and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits. What type of attack is outlined in the scenario?

Answer 84

Watering hole attack

Question 85

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of
analyzing files locally it’s made on the provider’s environment?

Answer 85

Cloud based

Question 86

Which of these options is the most secure procedure for storing backup tapes?

Answer 86

In a climate controlled facility offsite

Question 87

Which security strategy requires using several, varying methods to protect IT systems against attacks?

Answer 87

Defense in depth

Question 88

Which utility will tell you in real time which ports are listening or in another state?

Answer 88

TCPview

Question 89

Which of the following statements regarding ethical hacking is incorrect?

Answer 89

Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization’s systems

Question 90

A common cryptographical tool is the use of XOR. XOR the following binary values: 10110001 00111010

Answer 90

10001011

Question 91

Why containers are less secure than virtual machines?

Answer 91

A compromise container may cause a CPU starvation of the host

Question 92

Which of the following is a component of a risk assessment?

Answer 92

Administrative safeguards

Question 93

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

Answer 93

PKI

Question 94

You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

Answer 94

Block the blacklist IP’s @ firewall as well as clean the malware which are trying to Communicate with the External Blacklist IP’s

Question 95

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

Answer 95

Footprinting

Question 96

Jim’s company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

Answer 96

Encrypt the backup tapes and transport them in a lock box.

Question 97

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

Answer 97

tcp port == 21

Question 98

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

Answer 98

Meet-in-the-middle attack

Question 99

What is the minimum number of network connections in a multihomed firewall?

Answer 99

2

Question 100

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Answer 100

Nikto

Question 101

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

Answer 101

Whisker

Question 102

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Answer 102

Dynamic ARP Inspection (DAI)

Question 103

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

Answer 103

STARTTLS

Question 104

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

Answer 104

Reconnaissance

Question 105

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe?

Answer 105

Hire a security consultant to provide direction.

Question 106

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

Answer 106

http-methods

Question 107

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

Answer 107

Accept the risk

Question 108

Which of the following Linux commands will resolve a domain name into IP address?

Answer 108

> host-t a hackeddomain.com

Question 109

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

Answer 109

Tcpdump

Question 110

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

Answer 110

Presentation

Question 111

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Answer 111

Determines if any flaws exist in systems, policies, or procedures

Question 112

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Answer 112

Protocol analyzer

Question 113

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message
and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:
From: jim_miller@companyxyz.com
To: michelle_saunders@companyxyz.com
Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ’s email gateway doesn’t prevent what?

Answer 113

Email spoofing

Question 114

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

Answer 114

IPsec

Question 115

What is one of the advantages of using both symmetric and asymmetric cryptogrsphy in SSL/TLS?

Answer 115

Asymmetric cryptography is computationally expensive in comparison. However, it is wel-suited to securely negotiate keys for use with symmetric cryptography.

Question 116

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

Answer 116

Extraction of cryptographic secrets through coercion or torture.

Question 117

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

Answer 117

tcp.dstport= = 514 && ip.dst= = 192.168.0.150

Question 118

Which of the following tools can be used for passive OS fingerprinting?

Answer 118

tcpdump

Question 119

Why is a penetration test considered to be more thorough than vulnerability scan?

Answer 119

A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

Question 120

Which of the following tools is used to detect wireless LANs using the 802.11 a/b/g/n WLAN standards on a linux platform?

Answer 120

Kismet

Question 121

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Answer 121

tcptrace

Question 122

Which of the following is a low-tech way of gaining unauthorized access to systems?

Answer 122

Eavesdropping