Final

Question 1

Penetration testing can create ethical, technical, and privacy concerns for a company’s management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?

Answer 1

create a contractual agreement

Question 2

What professional level security certification did the “International Information Systems Security Certification Consortium” (ISC2) develop?

Answer 2

Certified Information Systems Security Professional (CISSP)

Question 3

What name is given to people who break into computer systems with the sole purpose to steal or destroy data?

Answer 3

Crackers

Question 4

What organization disseminates research documents on computer and network security worldwide at no cost?

Answer 4

SANS

Question 5

What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?

Answer 5

OPST

Question 6

What port does the Simple Mail Transfer Protocol, or SMTP service use?

Answer 6

25

Question 7

What layer, in the TCP/IP protocol stack, is responsible for encapsulating data into segments?

Answer 7

Transport Layer

Question 8

To retrieve e-mail from a mail server, you most likely access port 119.
TRUE OR FALSE

Answer 8

False

Question 9

In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?

Answer 9

Transport

Question 10

An octal digit can be represented with only three bits because the largest digit in octal is seven.
TRUE OR FALSE

Answer 10

True

Question 11

A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?

Answer 11

worm

Question 12

In a buffer overflow attack, an attacker finds a vulnerability in poorly written code that doesn’t check for a defined amount of memory space use.
TRUE OR FALSE

Answer 12

TRUE

Question 13

What type of attack is occurring when an attacker places themselves between two parties and manipulates messages being passed back and forth?

Answer 13

Man-in-the-Middle

Question 14

Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?

Answer 14

signatures

Question 15

What type of malicious program cannot stand on its own and can replicate itself through an executable program attached to an e-mail?

Answer 15

Virus

Question 16

What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?

Answer 16

Dumpster driving

Question 17

To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?

Answer 17

nc -h

Question 18

What is the passive process of finding information on a company’s network called?

Answer 18

Footprinting

Question 19

What HTTP method is the same as the GET method, but retrieves only the header information of an HTML document, not the document body?

Answer 19

HEAD

Question 20

When an individual attempts to discover as much information legally possible about their competition, what information gathering technique are they performing?

Answer 20

Competitive intelligence

Question 21

When a TCP three-way handshake ends, both parties send what type of packet to end the connection?

Answer 21

FIN

Question 22

In a NULL scan, all packet flags are turned on.

TRUE OR FALSE

Answer 22

FALSE

Question 23

Attackers typically use ACK scans to get past a firewall or other filtering devices.

TRUE OR FALSE

Answer 23

TRUE

Question 24

In any *NIX system, after saving a script named “script_name,” you need to make it executable so that you can run it. Which command will accomplish this task from the command line?

Answer 24

chmod +x script_name

Question 25

Which vi command deletes the current line?

Answer 25

Dd

Question 26

Windows Server 2012 introduced what protection feature to prevent pass-the-hash attacks?

Answer 26

Authentication Silos

Question 27

What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?

Answer 27

null session

Question 28

What enumeration tool is extremely useful when working with Windows NT, 2000, and Windows XP systems?

Answer 28

DumpSec

Question 29

SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?

Answer 29

default

Question 30

SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?

Answer 30

default

Question 31

What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?

Answer 31

enumeration

Question 32

Which of the following is a markup language rather than a programming language?

Answer 32

HTML

Question 33

Which of the following logical operators in the C programming language is evaluated as true if both sides of the operator are true?

Answer 33

&&

Question 34

Security professionals often need to examine Web pages and recognize when something looks suspicious.
TRUE OR FALSE

Answer 34

True

Question 35

In the C programming language, which of the following show where a block of code begins and ends?

Answer 35

braces

Question 36

Which of the following is the act of performing a task over and over?

Answer 36

Looping

Question 37

Which standardized remote file system protocol replaced SMB in Windows 2000 Server and later?

Answer 37

Common Internet File System

Question 38

Which of the following is considered to be the most critical SQL vulnerability?

Answer 38

null SA password

Question 39

Red Hat and Fedora Linux use what command to update and manage their RPM packages?

Answer 39

yum

Question 40

Which of the following is an interprocess communication mechanism that allows a program running on one host to run code on a remote host?

Answer 40

RPC

Question 41

Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?

Answer 41

HFNetChk

Question 42

SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?

Answer 42

air gap

Question 43

Rootkits containing Trojan binary programs that are ready to install are more dangerous than typical Trojan programs.

Answer 43

true

Question 44

Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?

Answer 44

firmware

Question 45

Which of the following systems should be used when equipment monitoring and automation is critical?

Answer 45

SCADA

Question 46

Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?

Answer 46

Windows CE

Question 47

Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using which of the following providers?

Answer 47

SQLOLEDB

Question 48

Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?

Answer 48

Microsoft Security Bulletin

Question 49

What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?

Answer 49

developer tools

Question 50

Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?

Answer 50

stored

Question 51

Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
TRUE or FALSE

Answer 51

True

Question 52

What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?

Answer 52

OPST

Question 53

When a security professional is presented with a contract drawn up by a company’s legal department, which allows them to “hack” the company’s network, they should proceed by performing what precautionary step?

Answer 53

consult their lawyer

Question 54

What common term is used by security testing professionals to describe vulnerabilities in a network?

Answer 54

holes

Question 55

Port scanning is a noninvasive, nondestructive, and legal testing procedure that is protected by federal law.

Answer 55

False

Question 56

An ethical hacker is a person who performs most of the same activities a hacker does, but with the owner or company’s permission.

Answer 56

True

Question 57

What IPv4 address class has the IP address 221.1.2.3?

Answer 57

Class C

Question 58

What TCP flag is responsible for synchronizing the beginning of a session?

Answer 58

SYN flag

Question 59

What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?

Answer 59

443

Question 60

What port does the Trivial File Transfer Protocol, or TFTP service use?

Answer 60

69

Question 61

What port does the Hypertext Transfer Protocol, or HTTP service use?

Answer 61

80

Question 62

What type of attack causes the victim’s computer to crash or freeze when the attacker delivers an ICMP packet that is larger than the maximum allowed 65,535 bytes?

Answer 62

Ping of Death

Question 63

Whitelisting allows only approved programs to run on a computer.

Answer 63

True

Question 64

What type of virus is used to lock a user’s system, or cloud accounts until the system’s owner complies by paying the attacker a monetary fee?

Answer 64

ransomware

Question 65

Malware is malicious software, such as a virus, worm, or Trojan program, introduced into a network.

Answer 65

True

Question 66

Which type of attack cripples the network and prevents legitimate users from accessing network resources?

Answer 66

denial-of-service

Question 67

Which utility can extract meta-data and documents on a Website to reveal the document creator’s network login, e-mail
address, IP address, and other important information?

Answer 67

FOCA

Question 68

When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?

Answer 68

spear phishing

Question 69

Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?

Answer 69

social engineering

Question 70

Which HTTP method starts a remote Application-layer loopback of the request message?

Answer 70

TRACE

Question 71

What is the passive process of finding information on a company’s network called?

Answer 71

footprinting

Question 72

Closed ports respond to a NULL scan with what type of packet?

Answer 72

RST

Question 73

Which vi command deletes the current line?

Answer 73

Dd

Question 74

In a Linux script, which of the lines is important because it identifies the file as a script?

Answer 74

!/bin/sc

Question 75

To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?

Answer 75

ping

Question 76

Attackers typically use ACK scans to get past a firewall or other filtering devices. TRUE or FALSE

Answer 76

True

Question 77

Which of the following is an excellent GUI tool for managing Windows OSs and is capable of displaying graphical representations of several areas?

Answer 77

Hyena

Question 78

Which of the following commands is a powerful enumeration tool included with Windows?

Answer 78

Nbtstat

Question 79

A NetBIOS name does not need to be unique on a network.

Answer 79

False

Question 80

What does the “NBT” part of “NBTscan” stand for?

Answer 80

NetBIOS over TCP/IP

Question 81

What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?

Answer 81

Windows Containers

Question 82

In a Perl program, to go from one function to another, you simply call the function by entering which of the following in your source code?

Answer 82

name

Question 83

Which of the following mathematical operators in the C programming language increments the unary value by 1?

Answer 83

++

Question 84

In HTML, each tag has a matching closing tag that is written with which of the following characters?

Answer 84

forward slash (/)

Question 85

Which of the following special characters is used with the printf() function in the C programming language to indicate a new line?

Answer 85

\n

Question 86

Which of the following logical operators in the C programming language is used to compare the equality of two variables?

Answer 86

==

Question 87

Which of the following is a Window’s client/server technology designed to manage patching and updating systems software from the network?

Answer 87

WSUS

Question 88

What is the most serious shortcoming of Microsoft’s original File Allocation Table (FAT) file system?

Answer 88

no ACL support

Question 89

Rootkits containing Trojan binary programs that are ready to install are more dangerous than typical Trojan programs.

Answer 89

True

Question 90

Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?

Answer 90

HFNetChk

Question 91

What critical component of any OS, that can be can be vulnerable to attacks, is used to store and manage information?

Answer 91

file system

Question 92

When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?

Answer 92

User-level security

Question 93

What is the current file system that Windows utilizes that has strong security features?

Answer 93

NTFS

Question 94

When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?

Answer 94

Share-level security

Question 95

A device that performs more than one function, such as printing and faxing is called which of the following?

Answer 95

MFD

Question 96

Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?

Answer 96

Windows CE

Question 97

Which JavaScript function is a “method” or sequence of statements that perform a routine or task?

Answer 97

getElementById()

Question 98

Adobe System’s ColdFusion uses its proprietary tags, which are written in which of the following languages?

Answer 98

CFML

Question 99

Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using which of the following providers?

Answer 99

SQLOLEDB

Question 100

Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?

Answer 100

OLE DB

Question 101

To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?

Answer 101

cgi-bin

Question 102

What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?

Answer 102

vulnerability

Question 103

What professional level security certification did the “International Information Systems Security Certification Consortium” (ISC2) develop?

Answer 103

Certified Information Systems Security Professional (CISSP)

Question 104

What subject area is not one of the 22 domains tested during the CEH exam?

Answer 104

Trojan hijacking

Question 105

What term best describes a person who hacks computer systems for political or social reasons?

Answer 105

hacktivist

Question 106

What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?

Answer 106

OPST

Question 107

What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?

Answer 107

443

Question 108

What TCP flag is responsible for delivering data directly and immediately to an application?

Answer 108

PSH flag

Question 109

What connection-oriented protocol is utilized by the Transport layer?

Answer 109

TCP

Question 110

What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?

Answer 110

Application

Question 111

What port does the Simple Mail Transfer Protocol, or SMTP service use?

Answer 111

25

Question 112

When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?

Answer 112

zombies

Question 113

Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?

Answer 113

Network security

Question 114

Which term best describes malicious programmatic behaviors that antivirus software companies use to compare known viruses to every file on a computer?

Answer 114

heuristics

Question 115

Malware programs cannot be detected by antivirus programs. TRUE or FALSE

Answer 115

False

Question 116

Which of the following is created after an attack and usually hides within the OS tools, so it is almost impossible to detect?

Answer 116

rootkit

Question 117

Which HTTP method requests that the entity is stored under the Request-URI?

Answer 117

PUT

Question 118

What type of general commands allow a security tester to pull information from a Web server using a web browser?

Answer 118

HTTP

Question 119

Which process enables you to see all the host computers on a network and basically give you a diagram of an organization’s network?

Answer 119

zone transfers

Question 120

Network attacks can often begin by gathering information from a company’s Web site.

Answer 120

True

Question 121

Namedroppers is a tool that can be used to capture Web server information and vulnerabilities in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows. TRUE or FALSE

Answer 121

False

Question 122

Attackers typically use ACK scans to get past a firewall or other filtering devices. TRUE or FALSE

Answer 122

True

Question 123

In an ACK scan, if the attacked port returns an RST packet the attacked port is considered to be operating in what state?

Answer 123

unfiltered

Question 124

One of the limitations when using “ping sweeps” is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?

Answer 124

reply

Question 125

An open port allows access to specific applications and cannot be vulnerable to attack.

Answer 125

False

Question 126

In a NULL scan, all packet flags are turned on.

Answer 126

False

Question 127

All of the enumeration techniques that work with older Windows OSs still work with Windows Server 2012.

Answer 127

False

Question 128

The open-source descendant of Nessus is called which of the following?

Answer 128

OpenVAS

Question 129

What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?

Answer 129

enumeration

Question 130

What security feature was extended to the OS to alert the user when an application is launched on a Windows 8.1 computer?

Answer 130

SmartScreen

Question 131

What enumeration tool is extremely useful when working with Windows NT, 2000, and Windows XP systems?

Answer 131

DumpSec

Question 132

Carelessly reviewing your program’s code might result in having which of the following in your program code?

Answer 132

bug

Question 133

In the Perl programming language, comment lines begin with the which of the following character(s)?

Answer 133

#

Question 134

If you want to know what the Perl print command does, you can use which of the following commands?

Answer 134

perldoc -f print

Question 135

When a compiler finds errors, it usually indicates what they are so you can correct the code and compile the program again. TRUE or FALSE

Answer 135

True

Question 136

In the C programming language, which statement tells the compiler to keep doing what is in the brackets over and over and over?

Answer 136

for(;;)

Question 137

Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?

Answer 137

HFNetChk

Question 138

What is the current file system that Windows utilizes that has strong security features?

Answer 138

NTFS

Question 139

The MSBA tool can quickly identify missing patches and misconfigurations TRUE or FALSE

Answer 139

True

Question 140

Which of the following Window’s utilities includes a suite of tools to help administrators deploy and manage servers and even allows for administrators to control mobile devices running Android, iOS, and Windows Mobile OS?

Answer 140

SCCM

Question 141

Which of the following is an open-source implementation of CIFS?

Answer 141

Samba

Question 142

Which of the following if often found within an embedded OS that can cause a potential vulnerability to an attack?

Answer 142

Web server

Question 143

What programming languages are vulnerable to buffer overflow attacks?

Answer 143

C and C++

Question 144

Which of the following systems should be used when equipment monitoring and automation is critical?

Answer 144

SCADA

Question 145

Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?

Answer 145

Windows CE

Question 146

Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?

Answer 146

Mandatory Access Control

Question 147

JavaScript is a server-side scripting language that is embedded in an HTML Web page.
TRUE or FALSE

Answer 147

False

Question 148

Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?

Answer 148

ODBC

Question 149

What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it?

Answer 149

input validation

Question 150

What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?

Answer 150

Developer tools

Question 151

Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?

Answer 151

ADO

Question 152

What organization disseminate research documents on computer and network security worldwide at no cost?

Answer 152

SANS

Question 153

What layer protocols operate as the front end to the lower layer protocols in the TCP/IP stack? 

Answer 153

Application

Question 154

What IP address is used as a loop back address and is not a valid IP address that can be assigned to a network?

Answer 154

127 address

Question 155

What layer, and the TCP/IP Protocol stack, is responsible for encapsulating data and two segments?

Answer 155

Transport layer

Question 156

Whixh HTTP Method is used with a proxy that can dynamically switch to a tunnel connection, such as secure socket layer SSL?

Answer 156

CONNECT

Question 157

which HTTP method starts a remote application layer loop back of the request message?

Answer 157

TRACE