CH 0 - Intro Assessment

Question 1

Which header field is used to reassemble fragmented IP packets?

A. Destination address
B. IP identification
C. Don’t fragment bit
D. ToS field

Answer 1

B.
IP identification

Question 2

If you were to see the following in a packet capture, what would you expect was happening?

’ or 1=1;

A. cross-site scripting
B. command injection
C. SQL injection
D. XML external entity injectiion

Answer 2

C.
SQL injection

Question 3

What method might you use to successfully get malware onto a mobile device?

A. Through the Apple Store or Google Play Store
B. external storage on an Android
C. Third-party app store
D. Jailbreaking

Answer 3

C.
Third-party app store

Question 4

What protocol is used to take a destination IP address and get a packet to a destination on the local network?

A. DHCP
B. ARP
C. DNS
D. RARP

Answer 4

B.
ARP

Question 5

What would be the result of sending the string AAAAAAAAAAAAAAAAA into a variable that has been allocated space for 8 bytes?

A. Heap spraying
B. SQL injection
C. Buffer overflow
D. Slowloris attack

Answer 5

C.
Buffer overflow

Question 6

If you were to see the subnet mask 255.255.248.0, what CIDR notation (prefix) would you use to indicate the same thing?

A. /23
B. /22
C. /21
D. /20

Answer 6

B.
/22

Question 7

What is the primary difference between a worm and a virus?

A. a worm uses polymorphic code
B. a virus uses polymorphic code
C. a worm can self-propagate
D. a virus can self-propagate

Answer 7

C.
A worm can self-propagate

Question 8

How does an evil twin attack work?

A. phishing users for credentials
B. spoofing an SSID
C. changing an SSID
D. injecting 4-way handshakes

Answer 8

B.
Spoofing an SSID

Question 9

What has been done to the following string?

%3Cscript%3Ealert(‘wubble’);%3C/script%3E

A. Base64 encoding
B. URL encoding
C. Encryption
D. Cryptographic hashing

Answer 9

B.
URL encoding

Question 10

What would you get from running the command
dig ns domain.com ?

A. mail exchanger records for domain.com
B. name server records for domain.com
C. caching name server for domain.com
D. IP address for the hostname ns

Answer 10

B.
Name server records for domain.com

Question 11

What technique would you ideally use to get all of the hostnames associated with a domain?

A. DNS query
B. Zone copy
C. Zone transfer
D. Recursive request

Answer 11

C.
Zone Transfer

Question 12

If you were to notice operating system commands inside a DNS request while looking at a packet capture, what might you be looking at?

A. Tunneling attack
B. DNS amplification
C. DNS recursion
D. XML entity injection

Answer 12

A.
Tunneling Attack

Question 13

What would be the purpose of running a ping sweep?

A. You want to identify responsive hosts without a port scan
B. You want to use something that is light on network traffic
C. You want to use a protocol that may be allowed through the firewall
D. All of the above

Answer 13

D.
All of the above

Question 14

How many functions are specified by NIST’s cybersecurity framework?

A. 0
B. 3
C. 5
D. 4

Answer 14

C.
5

Question 15

What would be one reason not to write malware in Python?

A. The Python interpreter is slow
B. The Python interpreter may not be available
C. There is inadequate library support
D. Python is a hard language to learn

Answer 15

B.
The Python interpreter may not be available

Question 16

If you saw the following command line, what would you be capturing?

tcpdump -i eth2 host 192.168.10.5

A. traffic just from 192.168.10.5
B. traffic to and from 192.168.10.5
C. traffic just to 192.168.10.5
D. all traffic other than from 192.168.10.5

Answer 16

B.
Traffic to and from
192.168.10.5

Question 17

What is Diffie-Hellman used for?

A. Key management
B. Key isolation
C. Key exchange
D. Key revocation

Answer 17

C.
Key Exchange

Question 18

Which social engineering principle may allow a phony call from the help desk to be effective?

A. Social proof
B. Imitation
C. Scarcity
D. Authority

Answer 18

D.
Authority

Question 19

How do you authenticate with SNMPv1?

A. username / password
B. hash
C. public string
D. community string

Answer 19

D.
Community String

Question 20

What do we call an ARP response without a corresponding ARP request?

A. Is-at response
B. Who-has ARP
C. Gratuitous ARP
D. IP response

Answer 20

C.
Gratuitous ARP

Question 21

What is the process Java programs identify themselves to if they are sharing procedures over the network?

A. RMI registry
B. RMI mapper
C. RMI database
D. RMI process

Answer 21

A.
RMI Registry

Question 22

What are the 3 times that are typically stored as part of file metadata?

A. moves, adds, changes
B. modified, accessed, deleted
C. moved, accessed, changed
D. modified, accessed, created

Answer 22

D.
Modified,
Accessed,
Created

Question 23

Which of these is a reason to use an exploit against a local vulnerability?

A. Pivoting
B. Log manipulation
C. Privilege escalation
D. Password collection

Answer 23

C.
Privilege Escalation

Question 24

What principle is used to demonstrate that a signed message came from the owner of the key that signed it?

A. Nonrepudiation
B. Nonverifiability
C. Integrity
D. Authority

Answer 24

A.
Nonrepudiation

Question 25

What is a viable approach to protecting against tailgating?

A. Biometrics
B. Badge access
C. Phone verification
D. Man traps

Answer 25

D.
Man traps

Question 26

Why is bluesnarfing potentially more dangerous than bluejacking?

A. Bluejacking sends, while bluesnarfing receives
B. Bluejacking receives, while bluesnarfing sends
C. Bluejacking installs keyloggers
D. Bluesnarfing installs keyloggers

Answer 26

B.
Bluejacking receives, while bluesnarfing sends

Question 27

Which of the security triad properties does the Biba Security Model relate to?

A. Confidentiality
B. Integrity
C. Availability
D. All of them

Answer 27

B.
Integrity