Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH > Examen 3 > Flashcards

Examen 3 Flashcards

1
Q

Cross-site request forgery involves:
A. A request sent by a malicious user from a browser to a server
B. Modification of a request by a proxy between client and server
C. A browser making a request to a server without the user’s knowledge
D. A server making a request to another server without the user’s knowledge

A

C. A browser making a request to a server without the user’s knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
Which regulation defines security and privacy controls for Federal information systems and organizations?
A. NIST-800-53
B. PCI-DSS
C. EU Safe Harbor
D. HIPAA
A

A. NIST-800-53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker’s next step be before starting work on this job?
A. Start by foot printing the network and mapping out a plan of attack.
B. Ask the employer for authorization to perform the work outside the company.
C. Begin the reconnaissance phase with passive information gathering and then move into active information gathering.
D. Use social engineering techniques on the friend’s employees to help identify areas that may be susceptible to attack.

A

B. Ask the employer for authorization to perform the work outside the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?
A. Heuristic Analysis
B. Code Emulation
C. Integrity checking
D. Scanning

A

B. Code Emulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?
A. Authentication
B. Confidentiality
C. Integrity
D. Non-Repudiation
A

D. Non-Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
Which type of scan is used on the eye to measure the layer of blood vessels?
A. Facial recognition scan
B. Retinal scan
C. Iris scan
D. Signature kinetics scan
A

B. Retinal scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A new wireless client that is 802.11 compliant cannot connect to a wireless network given that the client can see the network and it has compatible hardware and software installed. Upon further tests and investigation, it was found out that the Wireless Access Point (WAP) was not responding to the association requests being sent by the wireless client. What MOST likely is the issue on this scenario?
A. The client cannot see the SSID of the wireless network
B. The WAP does not recognize the client’s MAC address.
C. The wireless client is not configured to use DHCP.
D. Client is configured for the wrong channel

A

B. The WAP does not recognize the client’s MAC address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Windows LAN Manager (LM) hashes are known to be weak.
Which of the following are known weaknesses of LM? (Choose three.)
A. Converts passwords to uppercase.
B. Hashes are sent in clear text over the network.
C. Makes use of only 32-bit encryption.
D. Effective length is 7 characters.

A

A. Converts passwords to uppercase.
B. Hashes are sent in clear text over the network.
D. Effective length is 7 characters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Which element of Public Key Infrastructure (PKI) verifies the applicant?
A. Certificate authority
B. Validation authority
C. Registration authority
D. Verification authority
A

C. Registration authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?
A. symmetric algorithms
B. asymmetric algorithms
C. hashing algorithms
D. integrity algorithms
A

C. hashing algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
It is a widely used standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. This protocol is specifically designed for transporting event messages. Which of the following is being described?
A. SNMP
B. ICMP
C. SYSLOG
D. SMS
A

C. SYSLOG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When tuning security alerts, what is the best approach?
A. Tune to avoid False positives and False Negatives
B. Rise False positives Rise False Negatives
C. Decrease the false positives
D. Decrease False negatives

A

A. Tune to avoid False positives and False Negatives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?
A. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
B. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.
C. Symmetric encryption allows the server to securely transmit the session keys out-of-band.
D. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

A

D. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q 
A newly discovered flaw in a software application would be considered which kind of
security vulnerability?
A. Input validation flaw
B. HTTP header injection vulnerability
C. 0-day vulnerability
D. Time-to-check to time-to-use flaw
A

C. 0-day vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine.
What nmap script will help you with this task?
A. http-methods
B. http enum
C. http-headers
D. http-git

A

A. http-methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?
A. Produces less false positives
B. Can identify unknown attacks
C. Requires vendor updates for a new threat
D. Cannot deal with encrypted network traffic

A

B. Can identify unknown attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q 
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?
A. nmap
B. ping
C. tracert
D. tcpdump
A

D. tcpdump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?
A. Use cryptographic storage to store all PII
B. Use encrypted communications protocols to transmit PII
C. Use full disk encryption on all hard drives to protect PII
D. Use a security token to log into all Web applications that use PII

A

B. Use encrypted communications protocols to transmit PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?
What kind of Web application vulnerability likely exists in their software?
A. Host-Based Intrusion Detection System
B. Security through obscurity
C. Defense in depth
D. Network-Based Intrusion Detection System

A

C. Defense in depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q 
Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?
A. RSA 1024 bit strength
B. AES 1024 bit strength
C. RSA 512 bit strength
D. AES 512 bit strength
A

A. RSA 1024 bit strength

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q 
A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?
A. Suicide Hacker
B. Black Hat
C. White Hat
D. Gray Hat
A

D. Gray Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q 
Fingerprinting VPN firewalls is possible with which of the following tools?
A. Angry IP
B. Nikto
C. Ike-scan
D. Arp-scan
A

C. Ike-scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a “Collision attack” in cryptography?
A. Collision attacks try to find two inputs producing the same hash.
B. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.
C. Collision attacks try to get the public key.
D. Collision attacks try to break the hash into three parts to get the plaintext value.

A

A. Collision attacks try to find two inputs producing the same hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless
connection. Which of the following terms best matches the definition?
A. Bluetooth
B. Radio-Frequency Identification
C. WLAN
D. InfraRed

A

A. Bluetooth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a NULL scan?
A. A scan in which all flags are turned off
B. A scan in which certain flags are off
C. A scan in which all flags are on
D. A scan in which the packet size is set to zero
E. A scan with an illegal packet size

A

A. A scan in which all flags are turned off

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

An attacker runs netcat tool to transfer a secret file between two hosts.
He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt the information before transmitting onto the wire?
A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234
B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234
C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password
D. Use cryptcat instead of netcat

A

D. Use cryptcat instead of netcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q 
This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?
A. footprinting
B. network mapping
C. gaining access
D. escalating privileges
A

A. footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?
A. Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.
B. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.
C. Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addresses.
D. Vulnerabilities in the application layer are greatly different from IPv4.

A

B. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q 
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?
A. Cain
B. John the Ripper
C. Nikto
D. Hping
A

A. Cain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which initial procedure should an ethical hacker perform after being brought into an
organization?
A. Begin security testing.
B. Turn over deliverables.
C. Sign a formal contract with non-disclosure.
D. Assess what the organization is trying to protect.

A

C. Sign a formal contract with non-disclosure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is the main security service a cryptographic hash provides?
A. Integrity and ease of computation
B. Message authentication and collision resistance
C. Integrity and collision resistance
D. Integrity and computational in-feasibility

A

D. Integrity and computational in-feasibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q 
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
A. Paros Proxy
B. BBProxy
C. BBCrack
D. Blooover
A

B. BBProxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q 
Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?
A. Shellshock
B. Rootshell
C. Rootshock
D. Shellbash
A

A. Shellshock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q 
You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the  Internal IP's are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict?
A. Botnet Attack
B. Spear Phishing Attack
C. Advanced Persistent Threats
D. Rootkit Attack
A

A. Botnet Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q 
What is the least important information when you analyze a public IP address in a security alert?
A. ARP
B. Whois
C. DNS
D. Geolocation
A

A. ARP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

How can telnet be used to fingerprint a web server?
A. telnet webserverAddress 80HEAD / HTTP/1.0
B. telnet webserverAddress 80PUT / HTTP/1.0
C. telnet webserverAddress 80HEAD / HTTP/2.0
D. telnet webserverAddress 80PUT / HTTP/2.0

A

A. telnet webserverAddress 80HEAD / HTTP/1.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q 
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
A. Hping
B. Traceroute
C. TCP ping
D. Broadcast ping
A

A. Hping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q 
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
A. Truecrypt
B. Sub7
C. Nessus
D. Clamwin
A

C. Nessus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q 
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?
A. ARP Poisoning
B. Smurf Attack
C. DNS spoofing
D. MAC Flooding
A

C. DNS spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q 
After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
A. Create User Account
B. Disable Key Services
C. Disable IPTables
D. Download and Install Netcat
A

A. Create User Account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q 
If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?
A. SDLC process
B. Honey pot
C. SQL injection
D. Trap door
A

D. Trap door

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice “/bin/sh” in the ASCII part of the output. As an analyst what would you conclude about the attack?
A. The buffer overflow attack has been neutralized by the IDS
B. The attacker is creating a directory on the compromised machine
C. The attacker is attempting a buffer overflow attack and has succeeded
D. The attacker is attempting an exploit that launches a command-line shell

A

D. The attacker is attempting an exploit that launches a command-line shell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Security and privacy of/on information systems are two entities that requires lawful
regulations. Which of the following regulations defines security and privacy controls for Federal
information systems and organizations?
A. NIST SP 800-53
B. PCI-DSS
C. EU Safe Harbor
D. HIPAA

A

A. NIST SP 800-53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q 
A circuit level gateway works at which of the following layers of the OSI Model?
A. Layer 5 - Application
B. Layer 4 - TCP
C. Layer 3 - Internet protocol
D. Layer 2 - Data link
A

B. Layer 4 - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?
A. All three servers need to be placed internally
B. A web server facing the Internet, an application server on the internal network, a database server on the internal network
C. A web server and the database server facing the Internet, an application server on the internal network
D. All three servers need to face the Internet so that they can communicate between themselves

A

B. A web server facing the Internet, an application server on the internal network, a database server on the internal network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is the purpose of a demilitarized zone on a network?
A. To scan all traffic coming through the DMZ to the internal network
B. To only provide direct access to the nodes within the DMZ and protect the network behind it
C. To provide a place to put the honeypot
D. To contain the network devices you wish to protect

A

B. To only provide direct access to the nodes within the DMZ and protect the network behind it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q 
Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?
A. Scalability
B. Speed
C. Key distribution
D. Security
A

B. Speed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?
A. Threaten to publish the penetration test results if not paid.
B. Follow proper legal procedures against the company to request payment.
C. Tell other customers of the financial problems with payments from this company.
D. Exploit some of the vulnerabilities found on the company webserver to deface it.

A

B. Follow proper legal procedures against the company to request payment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?
A. Sarbanes-Oxley Act (SOX)
B. Gramm-Leach-Bliley Act (GLBA)
C. Fair and Accurate Credit Transactions Act (FACTA)
D. Federal Information Security Management Act (FISMA)

A

A. Sarbanes-Oxley Act (SOX)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which of the following Nmap commands will produce the following output?
Output:
(saca algunos puertos UDP y TCP pero no todos)
A. nmap -sN -Ps -T4 192.168.1.1
B. nmap -sT -sX -Pn -p 1-65535 192.168.1.1
C. nmap -sS -Pn 192.168.1.1
D. nmap -sS -sU -Pn -p 1-65535 192.168.1.1

A

D. nmap -sS -sU -Pn -p 1-65535 192.168.1.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q 
Developers at your company are creating a web application which will be available for use by anyone on the Internet, The developers have taken the approach of implementing a Three-Tier Architecture for the web application. The developers are now asking you which network should the Presentation Tier (front- end web server) be placed in?
A. isolated vlan network
B. Mesh network
C. DMZ network
D. Internal network
A

A. isolated vlan network

52
Q 
A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?
A. Delegate
B. Avoid
C. Mitigate
D. Accept
A

A. Delegate

53
Q

Which of the following provides a security professional with most information about the system’s security posture?
A. Wardriving, warchalking, social engineering
B. Social engineering, company site browsing, tailgating
C. Phishing, spamming, sending trojans
D. Port scanning, banner grabbing, service identification

A

D. Port scanning, banner grabbing, service identification

54
Q

Which of the following steps for risk assessment methodology refers to vulnerability
identification?
A. Determines if any flaws exist in systems, policies, or procedures
B. Assigns values to risk probabilities; Impact values.
C. Determines risk probability that vulnerability will be exploited (High. Medium, Low)
D. Identifies sources of harm to an IT system. (Natural, Human. Environmental)

A

C. Determines risk probability that vulnerability will be exploited (High. Medium, Low)

55
Q 
The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and
A. non-repudiation.
B. operability.
C. security.
D. usability.
A

A. non-repudiation.

56
Q 
A zone file consists of which of the following Resource Records (RRs)?
A. DNS, NS, AXFR, and MX records
B. DNS, NS, PTR, and MX records
C. SOA, NS, AXFR, and MX records
D. SOA, NS, A, and MX records
A

D. SOA, NS, A, and MX records

57
Q

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
A. Fast processor to help with network traffic analysis
B. They must be dual-homed
C. Similar RAM requirements
D. Fast network interface cards

A

B. They must be dual-homed

58
Q 
Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close. What just happened?
A. Phishing
B. Whaling
C. Tailgating
D. Masquerading
A

C. Tailgating

59
Q 
Which of the following Nmap commands would be used to perform a stack fingerprinting?
A. Nmap -O -p80 
B. Nmap -hU -Q
C. Nmap -sT -p 
D. Nmap -u -o -w2 
E. Nmap -sS -0p target
A

B. Nmap -hU -Q

60
Q

An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?
A. Unplug the network connection on the company’s web server.
B. Determine the origin of the attack and launch a counterattack.
C. Record as much information as possible from the attack.
D. Perform a system restart on the company’s web server.

A

C. Record as much information as possible from the attack.

61
Q 
Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?
A. Interceptor
B. Man-in-the-middle
C. ARP Proxy
D. Poisoning Attack
A

B. Man-in-the-middle

62
Q 
Which security control role does encryption meet?
A. Preventative
B. Detective
C. Offensive
D. Defensive
A

A. Preventative

63
Q 
Perspective clients want to see sample reports from previous penetration tests.
What should you do next?
A. Decline but provide references.
B. Share full reports not redacted.
C. Share full reports with redactions.
D. Share reports, after NDA is signed.
A

A. Decline but provide references.

64
Q 
How is sniffing broadly categorized?
A. Active and passive
B. Broadcast and unicast
C. Unmanaged and managed
D. Filtered and unfiltered
A

A. Active and passive

65
Q 
To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?
A. Recipient's private key
B. Recipient's public key
C. Master encryption key
D. Sender's public key
A

B. Recipient’s public key

66
Q 
ViruXine.W32 virus hides their presence by changing the underlying executable code. This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all. Here is a section of the Virus code: What is this technique called?
A. Polymorphic Virus
B. Metamorphic Virus
C. Dravidic Virus
D. Stealth Virus
A

A. Polymorphic Virus

67
Q 
Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?
A. Windows
B. Unix
C. Linux
D. OS X
A

A. Windows

68
Q

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
A. An extensible security framework named COBIT
B. A list of flaws and how to fix them
C. Web application patches
D. A security certification for hardened web applications

A

B. A list of flaws and how to fix them

69
Q 
Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?
A. OPPORTUNISTICTLS 
B. STARTTLS
C. FORCETLS
D. UPGRADETLS
A

B. STARTTLS

70
Q 
Which of the below hashing functions are not recommended for use?
A. SHA-1.ECC
B. MD5, SHA-1
C. SHA-2. SHA-3
D. MD5. SHA-5
A

A. SHA-1.ECC

71
Q 
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?
A. Firewall
B. Honeypot
C. Core server
D. Layer 4 switch
A

B. Honeypot

72
Q

An IT employee got a call from one of our best customers. The caller wanted to know about the company’s network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?
A. Since the company’s policy is all about Customer Service, he/she will provide information.
B. Disregarding the call, the employee should hang up.
C. The employee should not provide any information without previous management authorization.
D. The employees can not provide any information; but, anyway, he/she will provide the name of the person in charge.

A

C. The employee should not provide any information without previous management authorization.

73
Q

Which of the following items is unique to the N-tier architecture method of designing software applications?
A. Application layers can be separated, allowing each layer to be upgraded independently from other layers.
B. It is compatible with various databases including Access, Oracle, and SQL.
C. Data security is tied into each layer and must be updated for all layers when any upgrade is
performed.
D. Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

A

A. Application layers can be separated, allowing each layer to be upgraded independently from other layers.

74
Q 
This TCP flag instructs the sending system to transmit all buffered data immediately.
A. SYN
B. RST
C. PSH
D. URG
E. FIN
A

C. PSH

75
Q 
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?
A. 123
B. 161
C. 69
D. 113
A

A. 123

76
Q

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?
A. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.
B. As long as the physical access to the network elements is restricted, there is no need for additional measures.
C. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
D. The operator knows that attacks and down time are inevitable and should have a backup site.

A

A. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.

77
Q 
Which of the following attacks exploits web page vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend?
A. Command Injection Attacks
B. File Injection Attack
C. Cross-Site Request Forgery (CSRF)
D. Hidden Field Manipulation Attack
A

C. Cross-Site Request Forgery (CSRF)

78
Q

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?
A. The document can be sent to the accountant using an exclusive USB for that document.
B. The CFO can use a hash algorithm in the document once he approved the financial statements.
C. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.
D. The CFO can use an excel file with a password.

A

B. The CFO can use a hash algorithm in the document once he approved the financial statements.

79
Q

The “black box testing” methodology enforces which kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. Only the internal operation of a system is known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. The internal operation of a system is completely known to the tester.

A

A. Only the external operation of a system is accessible to the tester.

80
Q

Which of the following statements is TRUE?
A. Sniffers operate on Layer 2 of the OSI model
B. Sniffers operate on Layer 3 of the OSI model
C. Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
D. Sniffers operate on the Layer 1 of the OSI model.

A

A. Sniffers operate on Layer 2 of the OSI model

81
Q

While performing data validation of web content, a security technician is required to restrict malicious input.
Which of the following processes is an efficient way of restricting malicious input?
A. Validate web content input for query strings.
B. Validate web content input with scanning tools.
C. Validate web content input for type, length, and range.
D. Validate web content input for extraneous queries.

A

C. Validate web content input for type, length, and range.

82
Q

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?
A. Perform a vulnerability scan of the system.
B. Determine the impact of enabling the audit feature.
C. Perform a cost/benefit analysis of the audit feature.
D. Allocate funds for staffing of audit log review.

A

B. Determine the impact of enabling the audit feature.

83
Q

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules.
Which of the following types of firewalls can protect against SQL injection attacks?
A. Data-driven firewall
B. Stateful firewall
C. Packet firewall
D. Web application firewall

A

D. Web application firewall

84
Q

Which of these options is the most secure procedure for storing backup tapes?
A. In a climate controlled facility offsite
B. On a different floor in the same building
C. Inside the data center for faster retrieval in a fireproof safe
D. In a cool dry environment

A

A. In a climate controlled facility offsite

85
Q 
Which of the following items of a computer system will an anti-virus program scan for viruses?
A. Boot Sector
B. Deleted Files
C. Windows Process List
D. Password Protected Files
A

A. Boot Sector

86
Q

When conducting a penetration test, it is crucial to use all means to get all available
information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?
A. Identifying operating systems, services, protocols and devices
B. Modifying and replaying captured network traffic
C. Collecting unencrypted information about usernames and passwords
D. Capturing a network traffic for further analysis

A

B. Modifying and replaying captured network traffic

87
Q 
Passive reconnaissance involves collecting information through which of the following?
A. Social engineering
B. Network traffic sniffing
C. Man in the middle attacks
D. Publicly accessible sources
A

D. Publicly accessible sources

88
Q

In cryptanalysis and computer security, ‘pass the hash’ is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user’s password, instead of requiring the associated plaintext password as is normally the case.
Metasploit Framework has a module for this technique: psexec. The psexec module is often used by penetration testers to obtain access to a given system that you already know the credentials for. It was written by sysinternals and has been integrated within the framework. Often as penetration testers, successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values.
Which of the following is true hash type and sort order that is using in the psexec module’s
‘smbpass’?
A. NT:LM
B. LM:NT
C. LM:NTLM
D. NTLM:LM

A

B. LM:NT

89
Q

Which of the following descriptions is true about a static NAT?
A. A static NAT uses a many-to-many mapping.
B. A static NAT uses a one-to-many mapping.
C. A static NAT uses a many-to-one mapping.
D. A static NAT uses a one-to-one mapping.

A

D. A static NAT uses a one-to-one mapping.

90
Q

Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy.
What is the main theme of the sub-policies for Information Technologies?
A. Availability, Non-repudiation, Confidentiality
B. Authenticity, Integrity, Non-repudiation
C. Confidentiality, Integrity, Availability
D. Authenticity, Confidentiality, Integrity

A

C. Confidentiality, Integrity, Availability

91
Q

What are two things that are possible when scanning UDP ports? (Choose two.)
A. A reset will be returned
B. An ICMP message will be returned
C. The four-way handshake will not be completed
D. An RFC 1294 message will be returned
E. Nothing

A

B. An ICMP message will be returned

E. Nothing

92
Q 
Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?
A. har.txt
B. SAM file
C. wwwroot
D. Repair file
A

B. SAM file

93
Q 
The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?
A. Physical
B. Procedural
C. Technical
D. Compliance
A

B. Procedural

94
Q

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve’s approach. After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:
A. Although the approach has two phases, it actually implements just one authentication factor
B. The solution implements the two authentication factors: physical object and physical characteristic
C. The solution will have a high level of false positives
D. Biological motion cannot be used to identify people

A

B. The solution implements the two authentication factors: physical object and physical characteristic

95
Q 
A pentester gains access to a Windows application server and needs to determine thebsettings of the built-in Windows firewall. Which command would be used?
A. Netsh firewall show config
B. WMIC firewall show config
C. Net firewall show config
D. Ipconfig firewall show config
A

A. Netsh firewall show config

96
Q 
You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?
A. Nmap
B. Cain & Abel
C. Nessus
D. Snort
A

D. Snort

97
Q

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?
A. An attacker, working slowly enough, can evade detection by the IDS.
B. Network packets are dropped if the volume exceeds the threshold.
C. Thresholding interferes with the IDS’ ability to reassemble fragmented packets.
D. The IDS will not distinguish among packets originating from different sources.

A

A. An attacker, working slowly enough, can evade detection by the IDS.

98
Q

Look at the following output. What did the hacker accomplish?
A. The hacker used whois to gather publicly available records for the domain.
B. The hacker used the “fierce” tool to brute force the list of available domains.
C. The hacker listed DNS records on his own domain.
D. The hacker successfully transferred the zone and enumerated the hosts.

A

D. The hacker successfully transferred the zone and enumerated the hosts.

99
Q

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?
A. tcp.src == 25 and ip.host == 192.168.0.125
B. host 192.168.0.125:25
C. port 25 and host 192.168.0.125
D. tcp.port == 25 and ip.host == 192.168.0.125

A

D. tcp.port == 25 and ip.host == 192.168.0.125

100
Q

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named “nc.” The FTP server’s access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server’s software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?
A. File system permissions
B. Privilege escalation
C. Directory traversal
D. Brute force login

A

A. File system permissions

101
Q

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.
What seems to be wrong?
nomad -T4 -O
A. OS Scan requires root privileges.
B. The nmap syntax is wrong.
C. This is a common behavior for a corrupted nmap application.
D. The outgoing TCP/IP fingerprinting is blocked by the host firewall

A

A. OS Scan requires root privileges.

102
Q 
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?
A. Locate type=ns
B. Request type=ns
C. Set type=ns
D. Transfer type=ns
A

C. Set type=ns

103
Q 
Which of the following processes evaluates the adherence of an organization to its stated security policy?
A. Vulnerability assessment
B. Penetration testing
C. Risk assessment
D. Security auditing
A

D. Security auditing

104
Q

What is the main reason the use of a stored biometric is vulnerable to an attack?
A. The digital representation of the biometric might not be unique, even if the physical characteristic is unique.
B. Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.
C. A stored biometric is no longer “something you are” and instead becomes “something you have”.
D. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

A

D. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

105
Q

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.
Which cryptography attack is the student attempting?
A. Man-in-the-middle attack
B. Brute-force attack
C. Dictionary attack
D. Session hijacking

A

C. Dictionary attack

106
Q

Which of the following is the best countermeasure to encrypting ransomwares?
A. Use multiple antivirus softwares
B. Keep some generation of off-line backup
C. Analyze the ransomware to get decryption key of encrypted data
D. Pay a ransom

A

B. Keep some generation of off-line backup

107
Q

You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn’t get any response back.
What is happening?
A. ICMP could be disabled on the target server.
B. The ARP is disabled on the target server.
C. TCP/IP doesn’t support ICMP.
D. You need to run the ping command with root privileges.

A

A. ICMP could be disabled on the target server.

108
Q 
Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?
A. DataThief
B. NetCat
C. Cain and Abel
D. SQLInjector
A

A. DataThief

109
Q 
A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command:
NMAP -n -sS -P0 -p 80 ***.***.**.**
What type of scan is this?
A. Quick scan
B. Intense scan
C. Stealth scan
D. Comprehensive scan
A

C. Stealth scan

110
Q 
Which of the following is an example of an asymmetric encryption implementation?
A. SHA1
B. PGP
C. 3DES
D. MD5
A

B. PGP

111
Q

Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications?
A. Use cryptographic storage to store all PII
B. Use full disk encryption on all hard drives to protect PII
C. Use encrypted communications protocols to transmit PII
D. Use a security token to log into all Web applications that use PII

A

C. Use encrypted communications protocols to transmit PII

112
Q 
rinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.
A. nmap -sn -sF 10.1.0.0/16 445
B. nmap -p 445 -n -T4 -open 10.1.0.0/16
C. nmap -s 445 -sU -T5 10.1.0.0/16
D. nmap -p 445 -max -Pn 10.1.0.0/16
A

B. nmap -p 445 -n -T4 -open 10.1.0.0/16

113
Q

It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again.
Which of the following terms best matches the definition?
A. Ransomware
B. Adware
C. Spyware
D. Riskware

A

A. Ransomware

114
Q 
What are the three types of authentication?
A. Something you: know, remember, prove
B. Something you: have, know, are
C. Something you: show, prove, are
D. Something you: show, have, prove
A

B. Something you: have, know, are

115
Q 
What is the proper response for a NULL scan if the port is open?
A. SYN
B. ACK
C. FIN
D. PSH
E. RST
F. No response
A

F. No response

116
Q 
An nmap command that includes the host specification of 202.176.56-57.* will scan \_\_\_\_\_\_\_ number of hosts.
A. 2
B. 256
C. 512
D. Over 10, 000
A

C. 512

117
Q 
What is the code written for?
A. Buffer Overflow
B. Encryption
C. Bruteforce
D. Denial-of-service (Dos)
A

A. Buffer Overflow

118
Q 
When analysing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this?
A. False positive
B. False negative
C. True positve
D. True negative
A

A. False positive

119
Q

How does an operating system protect the passwords used for account logins?
A. The operating system performs a one-way hash of the passwords.
B. The operating system stores the passwords in a secret file that users cannot find.
C. The operating system encrypts the passwords, and decrypts them when needed.
D. The operating system stores all passwords in a protected segment of non-volatile memory.

A

A. The operating system performs a one-way hash of the passwords.

120
Q 
What type of analysis is performed when an attacker has partial knowledge of innerworkings of the application?
A. Black-box
B. Announced
C. White-box
D. Grey-box
A

D. Grey-box

121
Q

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?
A. Netstat WMI Scan
B. Silent Dependencies
C. Consider unscanned ports as closed
D. Reduce parallel connections on congestion

A

D. Reduce parallel connections on congestion

122
Q 
Name two software tools used for OS guessing? (Choose two.)
A. Nmap
B. Snadboy
C. Queso
D. UserInfo
E. NetBus
A

A. Nmap

C. Queso

123
Q

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?
A. Proper testing
B. Secure coding principles
C. Systems security and architecture review
D. Analysis of interrupts within the software

A

D. Analysis of interrupts within the software

124
Q

Bob received this text message on his mobile phone: ““Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com””. Which statement below is true?
A. This is probably a legitimate message as it comes from a respectable organization.
B. Bob should write to scottsmelby@yahoo.com to verify the identity of Scott.
C. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service
employees.
D. This is a scam because Bob does not know Scott.

A

C. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service
employees.

125
Q

You are attempting to run an Nmap port scan on a web server. Which of the following
commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
A. nmap -A - Pn
B. nmap -sP -p-65535-T5
C. nmap -sT -O -T0
D. nmap -A –host-timeout 99-T1

A

C. nmap -sT -O -T0

CEH (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions