Hustle 4

Question 1

There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower
operations expenses. One solution Is for a customer to Join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?
A. Hybrid
B. Community
C. Public
D. Private

Answer 1

B. Community

Question 2

Bob was recently hired by a medical company after it experienced a major cyber security breach.
Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob’s boss is very worried because of regulations that
protect those dat a. Which of the following regulations is mostly violated?
A. HIPPA/PHl
B. Pll
C. PCIDSS
D. ISO 2002

Answer 2

A. HIPPA/PHl

Question 3

What is the common name for a vulnerability disclosure program opened by companies In platforms such as HackerOne?
A. Vulnerability hunting program
B. Bug bounty program
C. White-hat hacking program
D. Ethical hacking program

Answer 3

B. Bug bounty program

Question 4

Which file is a rich target to discover the structure of a website during web-server footprinting?
A. Document root
B. Robots.txt
C. domain.txt
D. index.html

Answer 4

B. Robots.txt

Question 5

John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate
correctly using this type of encryption?
A. Use his own public key to encrypt the message.
B. Use Marie’s public key to encrypt the message.
C. Use his own private key to encrypt the message.
D. Use Marie’s private key to encrypt the message.

Answer 5

B. Use Marie’s public key to encrypt the message.

Question 6

Attacker Steve targeted an organization’s network with the aim of redirecting the company’s web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the
vulnerabilities In the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?
A. Pretexting
B. Pharming
C. Wardriving
D. Skimming

Answer 6

B. Pharming

Question 7

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and
extracts information such as sender identities, mall servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API.
Which of the following tools is used by Wilson in the above scenario?
A. Factiva
B. Netcraft
C. infoga
D. Zoominfo

Answer 7

C. infoga

Question 8

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.
What kind of attack is possible in this scenario?
A. Cross-site scripting
B. Denial of service
C. SQL injection
D. Directory traversal

Answer 8

D. Directory traversal

Question 9

Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target
system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.
A. 64
B. 128
C. 255
D. 138

Answer 9

B. 128

Question 10

Ethical backer jane Doe is attempting to crack the password of the head of the it department of PLUS company. She Is utilizing a rainbow table and notices upon entering a password that extra characters are added to
the password after submitting. What countermeasure is the company using to protect against rainbow tables?
A. Password key hashing
B. Password salting
C. Password hashing
D. Account lockout

Answer 10

B. Password salting

Question 11

which of the following protocols can be used to secure an LDAP service against anonymous queries?
A. SSO
B. RADIUS
C. WPA
D. NTLM

Answer 11

D. NTLM

Question 12

Allen, a professional pen tester, was hired by xpertTech solutWns to perform an attack simulation on the organization’s network resources. To perform the attack, he took advantage of the NetBIOS API and targeted
the NetBIOS service. B/ enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during
enumeration. identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?
A. <1B>
B. <00>
C. <03>
D. <20>

Answer 12

C. <03>

Question 13

what firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?
A. Decoy scanning
B. Packet fragmentation scanning
C. Spoof source address scanning
D. Idle scanning

Answer 13

D. Idle scanning

Question 14

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?
A. The attacker queries a nameserver using the DNS resolver.
B. The attacker makes a request to the DNS resolver.
C. The attacker forges a reply from the DNS resolver.
D. The attacker uses TCP to poison the ONS resofver.

Answer 14

B. The attacker makes a request to the DNS resolver.

Question 15

in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?
A. Delete the wireless network
B. Remove all passwords
C. Lock all users
D. Disable SSID broadcasting

Answer 15

D. Disable SSID broadcasting

Question 16

what is the port to block first in case you are suspicious that an loT device has been compromised?
A. 22
B. 443
C. 48101
D. 80

Answer 16

C. 48101

Question 17

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate dat a. He is using the NSTX tool for bypassing the firewalls. On which of the
following ports should Robin run the NSTX tool?
A. Port 53
B. Port 23
C. Port 50
D. Port 80

Answer 17

A. Port 53

Question 18

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network lo identify the active systems, network services, applications, and vulnerabilities. He also
obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?
A. internal assessment
B. Passive assessment
C. External assessment
D. Credentialed assessment

Answer 18

B. Passive assessment

Question 19

Bob, an attacker, has managed to access a target loT device. He employed an online tool to gather information related to the model of the loT device and the certifications granted to it. Which of the following tools
did Bob employ to gather the above Information?
A. search.com
B. EarthExplorer
C. Google image search
D. FCC ID search

Answer 19

D. FCC ID search

Question 20

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a
countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?
A. Enable unused default user accounts created during the installation of an OS
B. Enable all non-interactive accounts that should exist but do not require interactive login
C. Limit the administrator or toot-level access to the minimum number of users
D. Retain all unused modules and application extensions

Answer 20

C. Limit the administrator or toot-level access to the minimum number of users

Question 21

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the
way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates.
Which of the following protocols Is used by Bella?
A. FTP
B. HTTPS
C. FTPS
D. IP

Answer 21

C. FTPS

Question 22

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from
other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images,
and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?
A. Tier-1: Developer machines
B. Tier-4: Orchestrators
C. Tier-3: Registries
D. Tier-2: Testing and accreditation systems

Answer 22

D. Tier-2: Testing and accreditation systems

Question 23

which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?
A. Bluesmacking
B. Bluebugging
C. Bluejacking
D. Bluesnarfing

Answer 23

D. Bluesnarfing

Question 24

if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST. what do you know about the firewall you are scanning?
A. There is no firewall in place.
B. This event does not tell you encrypting about the firewall.
C. It is a stateful firewall
D. It Is a non-stateful firewall.

Answer 24

C. It is a stateful firewall

Question 25

Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob’s ISN. Using this ISN, Samuel sent spoofed packets with Bob’s IP address to the
host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob’s connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What
is the type of attack performed by Samuel in the above scenario?
A. UDP hijacking
B. Blind hijacking
C. TCP/IP hacking
D. Forbidden attack

Answer 25

C. TCP/IP hacking

Question 26

Dorian Is sending a digitally signed email to Polly, with which key is Dorian signing this message and how is Poly validating It?
A. Dorian is signing the message with his public key. and Poly will verify that the message came from Dorian by using Dorian’s private key.
B. Dorian Is signing the message with Polys public key. and Poly will verify that the message came from Dorian by using Dorian’s public key.
C. Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian’s public key.
D. Dorian is signing the message with Polys private key. and Poly will verify mat the message came from Dorian by using Dorian’s public key.

Answer 26

C. Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian’s public key.

Question 27

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal
databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?
A. Dark web footprinting
B. VoIP footpnnting
C. VPN footprinting
D. website footprinting

Answer 27

A. Dark web footprinting

Question 28

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing
process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber
espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?
A. Robotium
B. BalenaCloud
C. Flowmon
D. IntentFuzzer

Answer 28

C. Flowmon

Question 29

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password
in plaintext.
Which file do you have to clean to clear the password?
A. .X session-log
B. .bashrc
C. .profile
D. .bash_history

Answer 29

D. .bash_history

Question 30

Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also
received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?
A. SMS phishing attack
B. SIM card attack
C. Agent Smith attack
D. Clickjacking

Answer 30

C. Agent Smith attack

Question 31

You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page. What Is the best Linux pipe to achieve your milestone?
A. dirb https://site.com | grep “site”
B. curl -s https://sile.com | grep ‘’< a href-'http” | grep “Site-com- | cut -d “V” -f 2
C. wget https://stte.com | grep “< a href=*http” | grep “site.com”
D. wgethttps://site.com | cut-d”http-

Answer 31

C. wget https://stte.com | grep “< a href=*http” | grep “site.com”

Question 32

in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?
A. IDEA
B. Triple Data Encryption standard
C. MDS encryption algorithm
D. AES

Answer 32

B. Triple Data Encryption standard

Question 33

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name,
contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization’s network and misleads domain owners with social engineering to obtain internal details of its
network. What type of footprinting technique is employed by Richard?
A. VoIP footprinting
B. VPN footprinting
C. Whois footprinting
D. Email footprinting

Answer 33

C. Whois footprinting

Question 34

John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and
obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?
A. Advanced persistent theft
B. threat Diversion theft
C. Spear-phishing sites
D. insider threat

Answer 34

A. Advanced persistent theft

Question 35

To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect
the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in
little time.
Which technique is discussed here?
A. Hit-list-scanning technique
B. Topological scanning technique
C. Subnet scanning technique
D. Permutation scanning technique

Answer 35

A. Hit-list-scanning technique

Question 36

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you
use?
A. filetype
B. ext
C. inurl
D. site

Answer 36

A. filetype

Question 37

Judy created a forum, one day. she discovers that a user is posting strange images without writing comments.
She immediately calls a security expert, who discovers that the following code is hidden behind those images:
What issue occurred for the users who clicked on the image?
A. The code inject a new cookie to the browser.
B. The code redirects the user to another site.
C. The code is a virus that is attempting to gather the users username and password.
D. This php file silently executes the code and grabs the users session cookie and session ID.

Answer 37

D. This php file silently executes the code and grabs the users session cookie and session ID.

Question 38

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated
parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?
A. Chop chop attack
B. KRACK
C. Evil twin
D. Wardriving

Answer 38

B. KRACK

Question 39

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using
this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?
A. DNS cache snooping
B. DNSSEC zone walking
C. DNS tunneling method
D. DNS enumeration

Answer 39

C. DNS tunneling method

Question 40

John is investigating web-application firewall logs and observers that someone is attempting to inject the following: char buff[10]; buff[>o] - ‘a’:
What type of attack is this?
A. CSRF
B. XSS
C. Buffer overflow
D. SQL injection

Answer 40

C. Buffer overflow

Question 41

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for
several months prior 10 the Intrusion. This Is likely a failure in which of the following security processes?
A. vendor risk management
B. Security awareness training
C. Secure deployment lifecycle
D. Patch management

Answer 41

D. Patch management

Question 42

After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 389. Which service Is this and how can
you tackle the problem?
A. The service is LDAP. and you must change it to 636. which is LDPAPS.
B. The service is NTP. and you have to change It from UDP to TCP in order to encrypt it
C. The findings do not require immediate actions and are only suggestions.
D. The service is SMTP, and you must change it to SMIME. which is an encrypted way to send emails.

Answer 42

A. The service is LDAP. and you must change it to 636. which is LDPAPS.

Question 43

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but
the target web server can decode them.
What is the technique used by Kevin to evade the IDS system?
A. Desynchronization
B. Obfuscating
C. Session splicing
D. Urgency flag

Answer 43

B. Obfuscating

Question 44

Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only
administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and
monitoring. Which of the following is this type of solution?
A. SaaS
B. IaaS
C. CaaS
D. PasS

Answer 44

A. SaaS

Question 45

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests aresent to the web infrastructure or applications. Upon receiving a partial request, the target serversopens multiple
connections and keeps waiting for the requests to complete.
Which attack is being described here?
A. Desynchronization
B. Slowloris attack
C. Session splicing
D. Phlashing

Answer 45

B. Slowloris attack

Question 46

Which iOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?
A. Tethered jailbreaking
B. Semi-tethered jailbreaking
C. Untethered jailbreaking
D. Semi-Untethered jailbreaking

Answer 46

C. Untethered jailbreaking

Question 47

The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with advertisements. What types of malware have the
system been infected with?
A. Virus
B. Spyware
C. Trojan
D. Adware

Answer 47

D. Adware

Question 48

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every
port on the server several times using a set of spoofed sources IP addresses. “ Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement?
A. The -A flag
B. The -g flag
C. The -f flag
D. The -D flag

Answer 48

D. The -D flag

Question 49

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.
Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?
A. [allinurl:]
B. [location:]
C. [site:]
D. [link:]

Answer 49

C. [site:]

Question 50

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities.
What will you call these issues?
A. False positives
B. True negatives
C. True positives
D. False negatives

Answer 50

A. False positives

Question 51

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and
determines that an RST packet is sent in response by the target host, indicating that the port is closed.
What is the port scanning technique used by Sam to discover open ports?
A. Xmas scan
B. IDLE/IPID header scan
C. TCP Maimon scan
D. ACK flag probe scan

Answer 51

C. TCP Maimon scan

Question 52

Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip
A. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.
B. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.
C. SSH communications are encrypted; it’s impossible to know who is the client or the server.
D. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Answer 52

D. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Question 53

You want to analyze packets on your wireless network. Which program would you use?
A. Wireshark with Airpcap
B. Airsnort with Airpcap
C. Wireshark with Winpcap
D. Ethereal with Winpcap

Answer 53

A. Wireshark with Airpcap

Question 54

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be
performed by the passive network sniffing?
A. Identifying operating systems, services, protocols and devices
B. Modifying and replaying captured network traffic
C. Collecting unencrypted information about usernames and passwords
D. Capturing a network traffic for further analysis

Answer 54

B. Modifying and replaying captured network traffic

Question 55

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?
A. Reverse Social Engineering
B. Tailgating
C. Piggybacking
D. Announced

Answer 55

B. Tailgating

Question 56

Which of these is capable of searching for and locating rogue access points?
A. HIDS
B. WISS
C. WIPS
D. NIDS

Answer 56

C. WIPS

Question 57

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to.
A. 4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?
B. 210.1.55.200
C. 10.1.4.254
D. 10.1.5.200
E. 10.1.4.156

Answer 57

D. 10.1.5.200

Question 58

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?
A. hping2 host.domain.com
B. hping2 –set-ICMP host.domain.com
C. hping2 -i host.domain.com
D. hping2 -1 host.domain.com

Answer 58

D. hping2 -1 host.domain.com

Question 59

An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay
network.
Which AAA protocol is the most likely able to handle this requirement?
A. TACACS+
B. DIAMETER
C. Kerberos
D. RADIUS

Answer 59

D. RADIUS

Question 60

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?
A. Produces less false positives
B. Can identify unknown attacks
C. Requires vendor updates for a new threat
D. Cannot deal with encrypted network traffic

Answer 60

B. Can identify unknown attacks

Question 61

Cross-site request forgery involves:
A. A request sent by a malicious user from a browser to a server
B. Modification of a request by a proxy between client and server
C. A browser making a request to a server without the user’s knowledge
D. A server making a request to another server without the user’s knowledge

Answer 61

C. A browser making a request to a server without the user’s knowledge

Question 62

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?
A. Wireshark
B. Maltego
C. Metasploit
D. Nessus

Answer 62

C. Metasploit

Question 63

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to
be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.
Which cryptography attack is the student attempting?
A. Man-in-the-middle attack
B. Brute-force attack
C. Dictionary attack
D. Session hijacking

Answer 63

C. Dictionary attack

Question 64

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?
A. c:\compmgmt.msc
B. c:\services.msc
C. c:\ncpa.cp
D. c:\gpedit

Answer 64

A. c:\compmgmt.msc

Question 65

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?
A. ACK flag probe scanning
B. ICMP Echo scanning
C. SYN/FIN scanning using IP fragments
D. IPID scanning

Answer 65

C. SYN/FIN scanning using IP fragments

Question 66

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?
A. Use Alternate Data Streams to hide the outgoing packets from this server.
B. Use HTTP so that all traffic can be routed vis a browser, thus evading the internal IntrusionDetection Systems.
C. Install Cryptcat and encrypt outgoing packets from this server.
D. Install and use Telnet to encrypt all outgoing traffic from this server.

Answer 66

C. Install Cryptcat and encrypt outgoing packets from this server.

Question 67

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?
A. Botnet Trojan
B. Banking Trojans
C. Turtle Trojans
D. Ransomware Trojans

Answer 67

A. Botnet Trojan

Question 68

How can rainbow tables be defeated?
A. Use of non-dictionary words
B. All uppercase character passwords
C. Password salting
D. Lockout accounts under brute force password cracking attempts

Answer 68

C. Password salting

Question 69

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a mail.
What do you want to ““know”” to prove yourself that it was Bob who had send a mail?
A. Non-Repudiation
B. Integrity
C. Authentication
D. Confidentiality

Answer 69

A. Non-Repudiation

Question 70

Attempting an injection attack on a web server based on responses to True/False
A. Compound SQLi
B. Blind SQLi
C. Classic SQLi
D. DMS-specific SQLi

Answer 70

B. Blind SQLi

Question 71

What would be the purpose of running “wget 192.168.0.15 -q -S” against a web server?
A. Performing content enumeration on the web server to discover hidden
B. Using wget to perform banner grabbing on the webserver
C. Flooding the web server with requests to perform a DoS attack
D. Downloading all the contents of the web page locally for further examination

Answer 71

B. Using wget to perform banner grabbing on the webserver

Question 72

The security administrator of PLUS needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic.
After he applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access the Internet. According to the next configuration, what is happening in the network? access-list
102 deny tcp any any access-list 104 permit udp host 10.0.0.3 any access-list 110 permit tcp host 10.0.0.2 eq www any access-list 108 permit tcp any eq ftp any
A. The ACL 104 needs to be first because is UDP
B. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router
C. The ACL for FTP must be before the ACL 110
D. The ACL 110 needs to be changed to port 80

Answer 72

B. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

Question 73

Which of the following provides a security professional with most information about the system’s security posture?
A. Phishing, spamming, sending trojans
B. Social engineering, company site browsing tailgating
C. Wardriving, warchalking, social engineering
D. Port scanning, banner grabbing service identification

Answer 73

D. Port scanning, banner grabbing service identification

Question 74

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can
protect against SQL injection attacks?
A. Data-driven firewall
B. Packet firewall
C. Web application firewall
D. Stateful firewall

Answer 74

C. Web application firewall

Question 75

nmap -sX host.domain.com

An attacker scans a host with the below command. Which three flags are set?
A. This is SYN scan. SYN flag is set.
B. This is Xmas scan. URG, PUSH and FIN are set.
C. This is ACK scan. ACK flag is set.
D. This is Xmas scan. SYN and ACK flags are set.

Answer 75

B. This is Xmas scan. URG, PUSH and FIN are set.

Question 76

If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?
A. Criminal
B. International
C. Common
D. Civil

Answer 76

D. Civil

Question 77

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?
A. Role Based Access Control (RBAC)
B. Discretionary Access Control (DAC)
C. Single sign-on
D. Windows authentication

Answer 77

C. Single sign-on

Question 78

What would you enter if you wanted to perform a stealth scan using Nmap?
A. nmap -sM
B. nmap -sU
C. nmap -sS
D. nmap -sT

Answer 78

C. nmap -sS

Question 79

Which protocol is used for setting up secure channels between two devices, typically in VPNs?
A. PEM
B. ppp
C. IPSEC
D. SET

Answer 79

C. IPSEC

Question 80

using the nmap syntax below, it is not going through.
invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!
What seems to be wrong?
A. The nmap syntax is wrong.
B. This is a common behavior for a corrupted nmap application.
C. The outgoing TCP/IP fingerprinting is blocked by the host firewall.
D. OS Scan requires root privileges.

Answer 80

D. OS Scan requires root privileges.

Question 81

What is the most common method to exploit the “Bash Bug” or “Shellshock” vulnerability?
A. SYN Flood
B. SSH
C. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server
D. Manipulate format strings in text fields

Answer 81

C. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

Question 82

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?
TCP port 21 no response
TCP port 22 no response
TCP port 23 Time-to-live exceeded
A. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server
B. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error
C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall
D. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host

Answer 82

C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall

Question 83

!/usr/bin/python import socket buffer=["”A””] counter=50 while len(buffer)<=100: buffer.append (““A”“*counter) counter=counter+50 commands= ["”HELP””,”“STATS .””,”“RTIME .””,”“LTIME. “”,”“SRUN .”’,”“TRUN

.””,”“GMON .””,”“GDOG .””,”“KSTET .”,”“GTER .””,”“HTER .””, ““LTER .”,”“KSTAN .””] for command in commands: for buffstring in buffer: print ““Exploiting”” +command +””:”“+str(len(buffstring))
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect
((‘127.0.0.1’, 9999)) s.recv(50) s.send(command+buffstring) s.close() What is the code written for?
A. Denial-of-service (DOS)
B. Buffer Overflow
C. Bruteforce
D. Encryption

Answer 83

B. Buffer Overflow

Question 84

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?
A. Presentation tier
B. Application Layer
C. Logic tier
D. Data tier

Answer 84

C. Logic tier

Question 85

In both pharming and phishing attacks, an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims.
What is the difference between pharming and phishing attacks?
A. In a pharming attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides the victim with a URL that is
either misspelled or looks similar to the actual websites domain name
B. In a phishing attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack, an attacker provides the victim with a URL that is
either misspelled or looks very similar to the actual websites domain name
C. Both pharming and phishing attacks are purely technical and are not considered forms of social engineering
D. Both pharming and phishing attacks are identical

Answer 85

A. In a pharming attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides the victim with a URL that is
either misspelled or looks similar to the actual websites domain name

Question 86

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open” but sets the SSID to a 32-character string of random letters and numbers.
What is an accurate assessment of this scenario from a security perspective?
A. Since the SSID is required in order to connect, the 32-character string is sufficient to prevent bruteforce attacks.
B. Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging “security through obscurity”.
C. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.
D. Javik’s router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.

Answer 86

C. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.

Question 87

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate
CPU and memory activities. Which type of virus detection method did Chandler use in this context?
A. Heuristic Analysis
B. Code Emulation
C. Scanning
D. Integrity checking

Answer 87

B. Code Emulation

Question 88

Which of the following statements is TRUE?
A. Packet Sniffers operate on the Layer 1 of the OSI model.
B. Packet Sniffers operate on Layer 2 of the OSI model.
C. Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
D. Packet Sniffers operate on Layer 3 of the OSI model.

Answer 88

B. Packet Sniffers operate on Layer 2 of the OSI model.

Question 89

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access
to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?
A. “GET /restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”
B. “GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”
C. “GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com”
D. “GET /restricted/ HTTP/1.1 Host: westbank.com

Answer 89

C. “GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com”

Question 90

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called
what?
A. False-negative
B. False-positive
C. Brute force attack
D. Backdoor

Answer 90

B. False-positive

Question 91

What is the least important information when you analyze a public IP address in a security alert?
A. DNS
B. Whois
C. Geolocation
D. ARP

Answer 91

D. ARP

Question 92

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just
before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?
A. IDS log
B. Event logs on domain controller
C. Internet Firewall/Proxy log.
D. Event logs on the PC

Answer 92

C. Internet Firewall/Proxy log.

Question 93

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?
A. Yagi antenna
B. Dipole antenna
C. Parabolic grid antenna
D. Omnidirectional antenna

Answer 93

A. Yagi antenna

Question 94

From the following table, identify the wrong answer in terms of Range (ft).
Standard Range (ft)
802.11a 150-150
802.11b 150-150
802.11g 150-150
802.16 (WiMax) 30 miles
A. 802.16 (WiMax)
B. 802.11g
C. 802.11b
D. 802.11a

Answer 94

A. 802.16 (WiMax)

Question 95

Which tool can be used to silently copy files from USB devices?
A. USB Grabber
B. USB Snoopy
C. USB Sniffer
D. Use Dumper

Answer 95

D. Use Dumper

Question 96

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem
installed.
Which security policy must the security analyst check to see if dial-out modems are allowed?
A. Firewall-management policy
B. Acceptable-use policy
C. Permissive policy
D. Remote-access policy

Answer 96

D. Remote-access policy

Question 97

ping-* 6 192.168.0.101 Output:
Pinging 192.168.0.101 with 32 bytes of data:
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101:
Ping statistics for 192.168.0101
Packets: Sent = 6, Received = 6, Lost = 0 (0% loss).
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
What does the option * indicate?
A. t
B. s
C. a
D. n

Answer 97

D. n

Question 98

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?
A. Burp Suite
B. OpenVAS
C. tshark
D. Kismet

Answer 98

C. tshark

Question 99

A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the
software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
A. Cross-site scripting vulnerability
B. SQL injection vulnerability
C. Web site defacement vulnerability
D. Gross-site Request Forgery vulnerability

Answer 99

A. Cross-site scripting vulnerability

Question 100

On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.
What is the name of the process by which you can determine those critical businesses?
A. Emergency Plan Response (EPR)
B. Business Impact Analysis (BIA)
C. Risk Mitigation
D. Disaster Recovery Planning (DRP)

Answer 100

B. Business Impact Analysis (BIA)