201 a 322 Flashcards

1
Q

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account. What should you do?

A

Report immediately to the administrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

A

Make sure that legitimate network routers are configured to run routing protocols with authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A

WHOIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A penetration test was done at a company. After the test, a report was written and given to the company’s IT authorities. A section from the report is shown below:
- Access List should be written between VLANs.
- Port security should be enabled for the intranet.
- A security solution which filters data packets should be set between intranet (LAN) and DMZ.
- A WAF should be used in front of the web applications.
According to the section from the report, which of the following choice is true?

A

A stateful firewall can be used between intranet (LAN) and DMZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

A

Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure. Which of the following regulations best matches the description?

A

HIPAA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file named
“Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating,
“This word document is corrupt”. In the background, the file copies itself to Jesse APPDATA\local directory and
begins to beacon to a C2 server to download additional malicious binaries. What type of malware has Jesse encountered?

A

Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of web application vulnerability likely exists in their software?

A

Cross-site scripting vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office wants to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

A

DNS spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which results will be returned with the following Google search query?
site:target.com site:Marketing.target.com accounting

A

Results for matches on target.com and Marketing.target.com that include the word “accounting”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

A

Malicious code is attempting to execute instruction a non-executable memory region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?

A

Rules of engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

A

False positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

A

Private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:
[eve@localhost*~]$ john secret.txt
Loaded 2 password hashes with no different salts (LM[DES 128/128 SSE2-16])
Press ‘q’ or Ctrol-C to abort, almost any other key for status
0g 0:00:00:03 3/3 0g/s 86168p/s 86168c/s 172336C/s MERO…SAMPLUI
0g 0:00:00:04 3/3 0g/s 3296Kp/s 3296Kc/s 6592KC/s GOS..KARIS4
0g 0:00:00:07 3/3 0g/s 8154Kp/s 8154Kc/s 16309KC/s NY180K..NY1837
0g 0:00:00:10 3/3 0g/s 7958Kp/s 7958Kc/s 15917KC/s SHAGRN..SHENY9

What is she trying to achieve?

A

She is using John the Ripper to crack the passwords in the secret.txt file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

A

Connection establishment: SYN, SYN-ACK, ACK Connection termination: FIN, ACK-FIN, ACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do a vulnerable Linux host?

A

Display passwd content to prompt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides ‘security through obscurity’.
What technique is Ricardo using?

A

Steganography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?

A

Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

A

nmap -p 445 -n -T4 -open 10.1.0.0/16

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection. Which of the following terms best matches the definition?

A

Bluetooth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

A

Perform a full restore

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A

Attempts by attackers to access web sites that trust the web browser user by stealing the user’s authentication credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such an audit?

A

Vulnerability scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

A

Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in security testing the client?

A

Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?

A

Delegate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

A

openssl s_client -connect www.website.com:443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which of the following describes the characteristics of a Boot Sector Virus?

A

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?

A

Create an incident checklist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

A

Height and weight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

While using your bank’s online servicing you notice the following string in the URL bar:
“http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21”
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.
Which type of vulnerability is present on this site?

A

Web parameter tampering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

A

Validate and escape all information sent to a server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

A

Nikto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

A

He must perform privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He is determined that the application is vulnerable to SQL injection and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

A

Blind SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

You have successfully logged on a Linux system. You want to now cover your track. Your login attempt may be logged on several files located in /var/log. Which file does NOT belong to the list:

A

user.log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. What should you do?

A

Forward the message to your company’s security response team and permanently delete the message from your computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

The “Gray-box testing” methodology enforces what kind of restriction?

A

The internal operation of a system is only partly accessible to the tester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occuring during non-business hours. After further examination of all login activities, it is notices that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realized the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux serves to synchronize the time has stopped working?

A

NTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

The “black box testing” methodology enforces what kind of restriction?

A

Only the external operation of a system is accessible to the tester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

> NMAP –sn 192.168.11.200-215 The NMAP command above performs which of the following?

A

A ping scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a ____ database structure instead of SQL’s ______ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

A

Hierarchical, Relational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is the purpose of DNS AAAA record?

A

IPv6 address resolution record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

A

Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain. If the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

A

ls -d abccorp.local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Which command can be used to show the current TCP/IP connections?

A

Netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it. What tool will help you with the task?

A

Metagoofil

50
Q

You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions. Which command-line utility are you most likely to use?

A

Grep

51
Q

This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering and it will tell you the “landscape” looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

A

Footprinting

52
Q

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation. What command will help you to search files using Google as a search engine?

A

site: target.com filetype: xls username password email

53
Q

You have successfully gained access to your client’s internal network and successfully comprised a Linux server which is part of the internal IP network. You want to know which Microsoft Windows workstations have file sharing enabled. Which port would you see listening on these Windows machines in the network?

A

445

54
Q

Which of the following is assured by the use of a hash?

A

Integrity

55
Q

Threats x Vulnerabilities is referred to as the:

A

Risk equation

56
Q

The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

A

Security Incident and Event Monitoring

57
Q

You have just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk. What is one of the first things you should do when given the job?

A

Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels

58
Q

The purpose of a _______is to deny network access to local area networks and other information assets by unauthorized wireless devices.

A

Wireless Access Control List

59
Q

What does the –oX flag do in an Nmap scan?

A

Output the results in XML format to a file

60
Q

During an Xmas scan, what indicates a port is closed?

A

RST

61
Q

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

A

Cross-Site Request Forgery

62
Q

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: -Verifies success or failure of an attack – Monitors system activities – Detects attacks that a network-based IDS fails to detect. – Near real-time detection and response – Does not require additional hardware – Lower entry cost. Which type of IDS is best suited for Tremp’s requirements?

A

Host-based IDS

63
Q

Which of the following parameters describe LM Hash:
I – The maximum password length is 14 characters
II – There are no distinctions between uppercase and lowercase
III – The password is split into two 7-byte halves

A

I, II, and III

64
Q

Which of the following is not a Bluetooth attack?

A

Bluedriving

65
Q

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP’s Top Ten Project Most Critical Web Application Security Risks?

A

Injection

66
Q

A pen-tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

A

Winpcap

67
Q

Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical java script. What is the name of this technique to hide the code and extend analysis time?

A

Obfuscation

68
Q

During the security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

A

Identify and evaluate existing practices

69
Q

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg:““FTP on the network!””;

A

An Intrusion Detection System

70
Q

While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap –Pn –p –sl kiosk.adobe.com www.riaa.com kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using “-sl” with Nmap?

A

Conduct IDLE scan

71
Q

What is the process of logging, recording, and resolving events that take place in an organization?

A

Incident Management Process

72
Q

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

A

Application

73
Q

The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

A

$146

74
Q

Which of the following is an extremely common IDS evasion technique in the web world?

A

Unicode characters

75
Q

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

A

TCP

76
Q

What is a “Collision attack” in cryptography?

A

Collision attacks try to find two inputs producing the same hash

77
Q

hich of the following is the successor of SSL?

A

TLS

78
Q

This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These
security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach. Which of the following
organization is being described?

A

Payment Card Industry (PCI)

79
Q

Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server? The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

A

R-U-Dead-Yet?(RUDY)

80
Q

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

A

128 bit and CCMP

81
Q

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23. Which of the following IP addresses could be leased as a result of the new configuration?

A

10.1.5.200

82
Q

Your company was hired by a small healthcare provider to perform a technician assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

A

Use a scan tool like Nessus

83
Q

You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs. –
192.168.8.0/24. What command you would use?

A

wireshark -capture -local -masked 192.168.8.0 -range 24

84
Q

Initiating an attack against targeted business and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits. What type of attack is outlined in the scenario?

A

Watering hole attack

85
Q

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of
analyzing files locally it’s made on the provider’s environment?

A

Cloud based

86
Q

Which of these options is the most secure procedure for storing backup tapes?

A

In a climate controlled facility offsite

87
Q

Which security strategy requires using several, varying methods to protect IT systems against attacks?

A

Defense in depth

88
Q

Which utility will tell you in real time which ports are listening or in another state?

A

TCPview

89
Q

Which of the following statements regarding ethical hacking is incorrect?

A

Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization’s systems

90
Q

A common cryptographical tool is the use of XOR. XOR the following binary values: 10110001 00111010

A

10001011

91
Q

Why containers are less secure than virtual machines?

A

A compromise container may cause a CPU starvation of the host

92
Q

Which of the following is a component of a risk assessment?

A

Administrative safeguards

93
Q

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

A

PKI

94
Q

You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

A

Block the blacklist IP’s @ firewall as well as clean the malware which are trying to Communicate with the External Blacklist IP’s

95
Q

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

A

Footprinting

96
Q

Jim’s company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

A

Encrypt the backup tapes and transport them in a lock box.

97
Q

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

A

tcp port == 21

98
Q

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

A

Meet-in-the-middle attack

99
Q

What is the minimum number of network connections in a multihomed firewall?

A

2

100
Q

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

A

Nikto

101
Q

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

A

Whisker

102
Q

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

A

Dynamic ARP Inspection (DAI)

103
Q

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

A

STARTTLS

104
Q

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

A

Reconnaissance

105
Q

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe?

A

Hire a security consultant to provide direction.

106
Q

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

A

http-methods

107
Q

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

A

Accept the risk

108
Q

Which of the following Linux commands will resolve a domain name into IP address?

A

> host-t a hackeddomain.com

109
Q

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

A

Tcpdump

110
Q

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

A

Presentation

111
Q

Which of the following steps for risk assessment methodology refers to vulnerability identification?

A

Determines if any flaws exist in systems, policies, or procedures

112
Q

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

A

Protocol analyzer

113
Q

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message
and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:
From: jim_miller@companyxyz.com
To: michelle_saunders@companyxyz.com
Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ’s email gateway doesn’t prevent what?

A

Email spoofing

114
Q

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

A

IPsec

115
Q

What is one of the advantages of using both symmetric and asymmetric cryptogrsphy in SSL/TLS?

A

Asymmetric cryptography is computationally expensive in comparison. However, it is wel-suited to securely negotiate keys for use with symmetric cryptography.

116
Q

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

A

Extraction of cryptographic secrets through coercion or torture.

117
Q

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

A

tcp.dstport= = 514 && ip.dst= = 192.168.0.150

118
Q

Which of the following tools can be used for passive OS fingerprinting?

A

tcpdump

119
Q

Why is a penetration test considered to be more thorough than vulnerability scan?

A

A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

120
Q

Which of the following tools is used to detect wireless LANs using the 802.11 a/b/g/n WLAN standards on a linux platform?

A

Kismet

121
Q

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

A

tcptrace

122
Q

Which of the following is a low-tech way of gaining unauthorized access to systems?

A

Eavesdropping