Practice Questions

Question 1

The CIA model of security consists of Confidentiality, Integrity and Availability. Which of the following is also a highly desirable security feature of a networked environment?

A Security Cleared Employees
B Connectivity
C Authenticity
D IPv6

Answer 1

C - Authenticity

Question 2

Which of the following tools would you not use for packet capturing on a IPv4 TCP/IP network?

A Tcpdump
B Wireshark
C Nikto
D SmartSniff

Answer 2

C - Nikto

Question 3

With the Domain Name System (DNS), the PTR record is used to?

A Refer to a Mail Server
B Map an name to an IP address
C Express a zone of control
D Map an IP address to a name

Answer 3

D - Map an IP address to a name

Question 4

Most ARP poisoning tools work by creating which of the following?

A A fake ARP request that is a unicast.
B A fake ARP request that is a multicast.
C A fake ARP reply that is a unicast.
D A fake ARP reply that is a broadcast.

Answer 4

B - A fake ARP request that is a multicast.

Question 5

With the Domain Name System (DNS), the MX record is used to?

A Refer to a Mail Server
B Express host information
C Express a zone of control
D To define an name server for a zone

Answer 5

A - Refer to a Mail Server

Question 6

Which of the following best describes freely available material on the internet, which may be useful to an attacker?

A Open source intelligence (OSINT)
B Available Access Data
C Human Intelligence (HUMINT)
D Signal Intelligence (SIGINT)

Answer 6

A - Open source intelligence (OSINT)

Question 7

Which of the following statements is not true for IPv4?

A The IPv4 protocol is primary concerned with routing.
B The IPv4 protocol operates at OSI level 5 of the OSI reference model.
C The IPv4 makes use of 32bit integers to for source and destination addressing.
D The IPv4 protocol contains a header checksum

Answer 7

B - The IPv4 protocol operates at OSI level 5 of the OSI reference model.

Question 8

Which of the following statements is not true for TCP?

A The TCP protocol is primary concerned reliability.
B The TCP protocol operates at OSI level 4/5 of the OSI reference model.
C The TCP protocol supports positive acknowledgement and retransmission
D The TCP protocol contains no error checking

Answer 8

D - The TCP protocol contains no error checking

Question 9

With regard to the TCP connection initialisation phase, which of the following is the TCP three way handshake that results in the TCP protocol establishing a bi-directional reliable data connection?

A Syn/Rst - Syn - Ack.
B Syn - Syn/Ack – Ack
C Ack - Ack/Syn – Syn
D Syn - Ack/Ack – Syn

Answer 9

B - Syn - Syn/Ack – Ack

Question 10

Using Domain Internet Groper command (Dig), we can achieve a zone transfer via use of the following option.

A zxtr
B xafr
C axfr
D zxta

Answer 10

C - axfr

Question 11

Which of the following statements is true for UDP?

A UDP is stateless and therefore not used where reliability is a requirement
B UDP is stateful
C UDP supports retransmission
D UDP supports security

Answer 11

A - UDP is stateless and therefore not used where reliability is a requirement

Question 12

Which of the following terms best describes a piece of malware, which travels between computer systems without human intervention?

A Virus
B Worm
C Trojan Horse
D Trapdoor

Answer 12

B - Worm

Question 13

Which of the following statements is true for the Telnet Protocol?

A It does not implement any form of data encryption inside the TCP packet.
B It was designed to support secure remote access to a computer system
C It typically runs on TCP port 22
D It supports the use of digital certificates

Answer 13

A - It does not implement any form of data encryption inside the TCP packet.

Question 14

Which of the following functions can the ICMP protocol not be used for?

A Routers sending error messages to other routers and hosts.
B Identification of the network address of a given host.
C Controlling the rate of flow of information between network interface cards.
D Identification of a hostname from an IP address.

Answer 14

C - Controlling the rate of flow of information between network interface cards.

Question 15

Best Practice for security reviews consist of 4 stages, which of the following is not one of these stages?

A Network enumeration to identify IP networks and hosts of interest
B Frequency analysis of network packet protocols
C Bulk network scanning and probing to identify potentially vulnerable hosts
D Exploitation of vulnerabilities and circumvention of security mechanisms

Answer 15

B - Frequency analysis of network packet protocols

Question 16

Which of the following statements best describes the principles underlying RIP protocol?

A It is an implementation of black hole routing for local networks
B It is an implementation of the shortest path routing for local networks
C It is an implementation of n-dimension vector matrix routing for local networks
D It is an implementation of distance vector routing for local networks

Answer 16

D - It is an implementation of distance vector routing for local networks

Question 17

Which of the following statements best describes the principles underlying security in the RIP Version 1 protocol?

A It was not designed with security
B It implements security via digital signatures
C It implements security via a shared symmetric key
D It implements security via digital signatures and IPSEC

Answer 17

A - It was not designed with security

Question 18

The OSPF supports which of the following authentication methods?

A It implements authentication via a shared asymmetric key
B It implements authentication via digital signatures
C It implements authentication via a simple password which is sent in the clear
D It implements authentication via a hash of the password

Answer 18

C - It implements authentication via a simple password which is sent in the clear

Question 19

OSPF send its authentication via which of the following message types?

A HELLO
B AUTHENT
C TOPOLOGY
D INTRO

Answer 19

A - HELLO

Question 20

Using RIPv1 how do routers communicate with each other?

A Via unicast
B Via broadcast
C Via multicast
D Via point to point secure messaging

Answer 20

B - Via broadcast

Question 21

CVE Stands for?

A Common Vulnerabilities and Exposures
B Computer Vulnerability Exposure
C Common Vulnerability Element
D Computer Vulnerability Element

Answer 21

A - Common Vulnerabilities and Exposures

Question 22

Which of the following is true for the following CIDR address: 10.0.0.0/25?

A There are 254 hosts in the address range
B There are 126 hosts in the address range
C There are 62 hosts in the address range
D There are 510 hosts in the address range

Answer 22

B - There are 126 hosts in the address range

Question 23

To use netstat to display routing tables, which of the following switches is required?

A -a
B -n
C -p
D -r

Answer 23

D - -r

Question 24

Which of the following is not a recognised security Standard?

A ISO9001
B Orange Book
C ITSEC
D Common Criteria

Answer 24

A - ISO9001

Question 25

The following command is used on a Windows NT machine: ipconfig /renew What does this do?

A Releases all IP addresses
B Renews the first active IP address
C Renews all IP addresses
D None of the above

Answer 25

B - Renews the first active IP address

Question 26

In an IP packet, the field “type of service” defines precedence, which of these is the highest priority?

A Flash
B Immediate
C Inter-network control
D Priority

Answer 26

A - Flash

Question 27

Which of the following TCP port numbers is normally associated with the netbios?

A 11
B 139
C 43
D 88

Answer 27

B - 139

Question 28

Which layer of the OSI network model provides an interface to protocols such as HTTP and POP3?

A Application
B Transport
C Network
D Physical

Answer 28

A - Application

Question 29

With regard to anonymous FTP servers on a UNIX system which of the following is not a common misconfiguration?

A Making the pub directory world writeable.
B Making the root ftp directory owned by root
C Using the real password file in etc directory
D Making the password file world writeable

Answer 29

B - Making the root ftp directory owned by root

Question 30

What does the following nmap command do? nmap -P0 -sS -p 80 192.168.204.1

A Determines if port 80 is open using a SYN scan
B Determines if any port is open using a SYN Scan
C Determines if any port is open using a TCP Scan
D Determines if port 80 is open using a full TCP Connect Scan

Answer 30

A - Determines if port 80 is open using a SYN scan

Question 31

On a Windows System what does the following netstat command achieve? netstat -p udp –a

A Displays all UDP activity on the same subnet as the host
B Displays all out-going UDP ports on the current machine
C Displays all listening and active UDP ports on the current machine
D Displays all Ethernet statistic for the current machine

Answer 31

C - Displays all listening and active UDP ports on the current machine

Question 32

Which of the following tools allows Ethernet/IP pairings to be monitored?

A Arptoxin
B Arpwatch
C Arpsniff
D Arpd

Answer 32

B - Arpwatch

Question 33

Which of the following TCP port numbers is normally associated with kerberos?

A 88
B 43
C 80
D 109

Answer 33

A - 88

Question 34

What is the p0f tool used for?

A Packet Capture
B SYN Flooding
C Operating System fingerprinting
D ARP Poisoning

Answer 34

C - Operating System fingerprinting

Question 35

Using the netstat command under UNIX which switch displays the program identifier / Program name?

A -v
B -p
C -l
D -n

Answer 35

B - -p

Question 36

A system on a Class B subnet has the IP address 172.16.48.196 and the subnet mask 255.255.0.0 What would be the broadcast address?

A 172.255.255.255
B 172.16.255.255
C 172.16.48.255
D 255.255.255.196

Answer 36

B - 172.16.255.255

Question 37

What does the following nmap scan achieve? nmap -P0 -sX -p 80 192.168.204.1

A Determines if a port is open using an XMAS Scan
B Determines if a port is open using a TCP handshake
C Determines if a port is open using an SYN Scan
D Determines if a port is open using a FIN Scan

Answer 37

A - Determines if a port is open using an XMAS Scan

Question 38

Which of the following list of protocols encrypts data over a network?

A TELNET
B HTTP
C SNMP
D TLS

Answer 38

D - TLS

Question 39

What does the following nmap command do? nmap -P0 -sU -p 80 192.168.204.1

A Determines if port 80 is open using a SYN scan
B Determines if any port is open using a FIN Scan
C Determines if a standard UDP port is open
D Determines if port 80 is open using a Universal Scan

Answer 39

C - Determines if a standard UDP port is open

Question 40

Which of the following TCP port numbers is normally associated with DNS?

A 53
B 109
C 80
D 23

Answer 40

A - 53

Question 41

Which of the following is not an Information function supported by ICMP?

A Flow control
B Detecting unreachable destinations
C Route Redirection
D System reliability checking

Answer 41

B - Detecting unreachable destinations

Question 42

The traceroute command is typically used to?

A Determine if a specific port is open or closed
B Identify if a computer is connected to a network
C Identify the route to a host on a network
D Identify all possible routes to a host on a network

Answer 42

C - Identify the route to a host on a network

Question 43

What does the following ping command sent from a Windows system achieve? ping -r 5 www.example.co.uk -n 2

A Pings the specified address with 2 echo requests while recording 5 count hops
B Pings the specified address with 5 echo requests while recording count hops
C Pings the specified address with 5 echo requests while timing count hops
D Pings the specified address while specifying a timeout

Answer 43

A - Pings the specified address with 2 echo requests while recording 5 count hops

Question 44

Which of the following is not a non-routable IP address?

A 10.16.48.56
B 172.16.48.10
C 192.168.254.212
D 212.58.254.252

Answer 44

D - 212.58.254.252

Question 45

The arptoxin tool is usually associated with which Operating System?

A Mac
B Unix
C Linux
D Windows

Answer 45

D - Windows

Question 46

A bitwise, prefix-based standard for the interpretation of IP addresses is known as?

A A.B.C.D/N
B N/A.B.C.D
C IPv4
D CIDR

Answer 46

D - CIDR

Question 47

Which of the following is the sending of a packet to multiple destinations using the most efficient system to produce a simultaneous delivery?

A Broadcast
B Multicast
C Unicast
D Fastcast

Answer 47

B - Multicast

Question 48

With regard to security issues associated with TFTP, which of the following assertions is true

A TFTP makes uses of biometrics for authentication
B TFTP makes use of digital signature for authentication
C TFTP does not require authentication
D TFTP uses simple passwords authentication

Answer 48

C - TFTP does not require authentication

Question 49

With reference to the Data Protection Act 1998 which of the following best describes a ‘Data Processor’:

A Any system which is used to process data
B Any person other than an employee of the data controller who processes the data on behalf of the data controller.
C Any mechanical, manual or electronic system used to process data
D Any person who processes the data on behalf of the data controller.

Answer 49

D - Any person who processes the data on behalf of the data controller.

Question 50

Which of the following sections of the Computer Misuse Act 1990 deals with facilitating further offences?

A Section 1
B Section 2
C Section 3
D Section 3A

Answer 50

B - Section 2

Question 51

Using RIP how do routers communicate with each other?

a. via Multicast.
b. via Unicast.
c. via Point-to-Point Secure Messaging.
d. via Broadcast.

Answer 51

D - via Broadcast.

Question 52

Which of these statements is true regarding RIP?

a. It is an implementation of black hole routing for local networks
b. It is an implementation of the shortest path routing for local networks.
c. It is an implementation of n-dimension vector matrix routing for local networks.
d. It is an implementation of distance vector routing for local networks

Answer 52

D - It is an implementation of distance vector routing for local networks

Question 53

At which layer of the OSI model do routers sit?

a. Layer 1
b. Layer 2
c. Layer 3
d. Layer 4

Answer 53

C - Layer 3

Question 54

You have just completed a port scan and found ports 80/tcp and 9100/tcp open on a host, what is this host likely to be?

a. A Switch
b. A Router
c. A Nintendo Wii
d. A Printer

Answer 54

D - A Printer

Question 55

What is the default SNMP read only community string?

a. public
b. private
c. read
d. limited

Answer 55

A - Public

Question 56

How does nmap perform operating system detection?

a. Nmap is unable to detect operating systems.
b. Using passive sniffing techniques.
c. Using odd and malformed TCP packets.
d. Using standard TCP packets.

Answer 56

C - Using odd and malformed TCP packets

Question 57

Which default SNMP community string is found in some older Cisco devices?

a. ilmi
b. Publix
c. C1sc0
d. snmp

Answer 57

A - ilmi

Question 58

Which of these tools passively fingerprints an OS?

a. SinFP
b. Nessus
c. Nmap
d. p0f

Answer 58

D - p0f

Question 59

Which of these tools uses standard TCP packets to fingerprint an OS?

a. SinFP
b. Nessus
c. Nmap
d. p0f

Answer 59

A - SinFP

Question 60

Which nmap switch enables banner grabbing?

a. -bg
b. -sB
c. -O
d. -sV

Answer 60

D - sV

Question 61

Which of the following tools allows you to view IP and MAC addressing pairings?

a. arpspoof
b. arptoxin
c. arpwatch
d. netstat

Answer 61

C - arpwatch

Question 62

Which command would display the ARP table on a windows machine?

a. arp
b. arp -a
c. arp -all
d. ipconfig /arp

Answer 62

B - arp -a

Question 63

How do you enable IP forwarding on a Linux machine?

a. /etc/init.d/networking forward
b. ifconfig eth0 –forward
c. cat /proc/sys/net/ipv4/ip_forward
d. echo 1 > /proc/sys/net/ipv4/ip_forward

Answer 63

D - echo 1 > /proc/sys/net/ipv4/ip_forward

Question 64

Which of the following is not a method of data transfer using FTP?

a. Stream
b. Block
c. Encrypted
d. Compressed

Answer 64

C - Encrypted

Question 65

Which is the most current version of SSH?

a. Version 1.0
b. Version 1.99
c. Version 2.2
d. Version 2.0

Answer 65

D - Version 2.0

Question 66

Which tool can be used to look for SSH servers?

a. sshstalker
b. sshscan
c. scanssh
d. sshd

Answer 66

C - Scanssh

Question 67

Which service is normally found on TCP port 23?

a. Telnet
b. SSH
c. FTP
d. SMTP

Answer 67

A - Telnet

Question 68

Which of these is an Asymmetric Cipher?

a. RSA
b. DES
c. 3DES
d. SAFER

Answer 68

A - RSA

Question 69

During which type of attack does a crypt-analyst have access to both the plaintext and ciphertext of a message?

a. Known Plaintext
b. Known Ciphertext
c. Purchase Key
d. Adaptive Chosen Plain Text Attack

Answer 69

A - Known Plaintext

Question 70

Which of the following properties is not a desirable feature for a digital signature?

a. Impossible to Forge
b. Reusable
c. Not Alterable
d. Authentic

Answer 70

b. Reusable

Question 71

Which tool can put a wireless card into promiscuous mode?

a. aircrack
b. airsnarf
c. airmon
d. airodump

Answer 71

C - airmon

Question 72

Which tool can capture wireless traffic?

a. aircrack
b. airsnarf
c. airmon
d. airodump

Answer 72

D - airodump

Question 73

Which wireless encryption technology uses 3-byte IV’s.

a. WEP
b. WPA
c. TKIP
d. CCMP

Answer 73

A - WEP

Question 74

Which tool can find WEP keys?

a. airodump
b. aireplay
c. airmon
d. aircrack

Answer 74

D - aircrack

Question 75

Which authentication technology is sometimes combined with WPA?

a. RADIUS
b. Kerberos
c. Smart Card
d. OpenID

Answer 75

A - RADIUS

Question 76

In an operating system environment, what program is always running?

a. The Control Program
b. The Resource Allocator
c. The Internet Daemon
d. The Kernel

Answer 76

D - The Kernel

Question 77

In Microsoft Windows what acts as a go intermediary between the hardware and the Kernel?

a. MS-DOS
b. The Hardware Abstraction Layer
c. Process Manager
d. Virtual Memory Manager

Answer 77

B - The Hardware Abstraction Layer

Question 78

When do Microsoft normally release patches?

a. Every Monday
b. The Second Tuesday of the Month.
c. The Second Thursday of the Month.
d. As and when.

Answer 78

B - The Second Tuesday of the Month.

Question 79

Which Windows Security Issue does Enum4Linux exploit?

a. A Buffer Overflow in the Server Service.
b. Weak password for the IPC User.
c. Null Sessions Permitted.
d. Old Version of Internet Daemon.

Answer 79

C - Null Sessions Permitted.

Question 80

Which folder in the UNIX file system contains user command binaries?

a. /bin/
b. /sbin/
c. /usr/
d. /etc/

Answer 80

A - /bin/

Question 81

Which of the following acts as a broker for TCP/IP connections on a UNIX system?

a. xinetd
b. named
c. httpd
d. tcpd

Answer 81

A - xinetd

Question 82

Which computer security model places object access beyond the control of an individual owner of an object?

a. DAC
b. Take/Grant
c. Bell La-Padula
d. MAC

Answer 82

D - MAC

Question 83

What type of Organisation would typically use DAC?

a. Commercial
b. Military
c. Intelligence Agency
d. Government

Answer 83

A - Commercial

Question 84

What type of Organisation would normally use MAC?

a. Commercial
b. Military
c. Educational
d. Government

Answer 84

B - Military

Question 85

Which of the following is not a primitive used in the Take-Grant security model?

a. Take
b. Destroy
c. Grant
d. Create

Answer 85

B - Destroy

Question 86

You are conducting a pen test on an organsations internal website. You receive the following error while testing the site: Microsoft OLE DB Provider for ODBC Drivers error “80040e14.” What does this mean?

a. The site is vulnerable to SQL injection.
b. The site has insufficient transport layer encryption.
c. The site suffers from an unvalidated forward vulnerability.
d. The site is vulnerable to XSS.

Answer 86

A - The site is vulnerable to SQL injection.

Question 87

Cross site scripting allows an attacker to?

a. View site source code.
b. Execute system commands on an application server.
c. Inject client-side scripting languages into a website application
d. Crash the website.

Answer 87

C - Inject client-side scripting languages into a website application

Question 88

What is this URL an example of – www.sillycompany.net/download.php?file=finance.xls

a. XSS
b. SQL Injection
c. A Direct Object Reference
d. CSRF

Answer 88

C - A Direct Object Reference

Question 89

Which of these tools is a Web Application Scanner?

a. Wikto
b. Flipto
c. Skipto
d. Nikto

Answer 89

D - Nikto

Question 90

How can SQL injection be prevented?

a. It cannot, it is a risk of using SQL.
b. Validating user input on the server side.
c. Using javascript to validate user input.
d. Using MySQL rather than Microsoft SQL.

Answer 90

B - Validating user input on the server side.

Question 91

With reference to the 1998 Data Protection act, which of the following best describes a “data processor”?

a. Any system used to process data.
b. Any person other than an employee of the data controller who processes the data on behalf of the data controller.
c. Any Mechanical, manual or electronic system used to process data
d. Any person who processes the data on behalf of the data controller.

Answer 91

B - Any person other than an employee of the data controller who processes the data on behalf of the data controller.

Question 92

Which section of the computer misuse act covers using a computer to facilitate further crime?

a. Section 1
b. Section 1A
c. Section 2
d. Section 3

Answer 92

C - Section 2

Question 93

RIPA is

a. An Act to make provision for and about the interception of communications.
b. The Regulation of Interception Powers Act 2000.
c. Not relevant in the context of a penetration test
d. All of the above

Answer 93

A - An Act to make provision for and about the interception of communications.

Question 94

Simply trying to guess a friends Facebook password is fine?

a. Yes, there is no harm done as long as its for fun.
b. As long as you don’t intend to change any data.
c. Provided you are a penetration tester.
d. No, without permission it violates CMA 1990 s1.

Answer 94

D - No, without permission it violates CMA 1990 s1.

Question 95

Aggressive port scanning which may lead to issues with availability is legal?

a. Yes, as long as you are conducting a penetration test and this is clearly specified in the scope of work.
b. No, port scanning is always illegal.
c. Yes, provided you are a penetration tester its fine.
d. Yes, port scanning in this manner is acceptable.

Answer 95

A - Yes, as long as you are conducting a penetration test and this is clearly specified in the scope of work.

Question 96

The acronym VOIP stands for:

a. Video Over Internet Protocol
b. Voice Over Internet Portals
c. Video Over Internet Portals
d. Voice Over Internet Protocol

Answer 96

D - Voice Over Internet Protocol

Question 97

The amap tool is best described as

a. an application protocol mapping tool and banner grabber
b. fast password cracking tool using precomputed rainbow tables
c. a banner grabbing tool
d. a powerful multi purpose tool, described as the TCP/IP swiss army knife

Answer 97

A - An application protocol mapping tool and banner grabber

Question 98

What is an MD5 hash of a file most useful for

a. Checking file integrity
b. Checking file size
c. Checking file confidentiality
d. Checking file availability

Answer 98

A - Checking file integrity

Question 99

The temporary memory area used by a processor to store information such as pointers to variables and return addresses is best described as

a. RAM
b. Pile
c. Stack
d. Heap

Answer 99

C - Stack

Question 100

char *strcpy(char * destination, const char * source); // if misused can give rise to which class of vulnerability

a. Buffer overflow
b. Double Free
c. Null Pointer
d. Race condition

Answer 100

A - Buffer overflow

Question 101

Which wireless standard operates at both 2.4 & 5GHz

a. 802.11a
b. 802.11b
c. 802.11g
d. 802.11n

Answer 101

A - 802.11n

Question 102

What command would capture a screenshot of an X11 session?

Answer 102

xwinifo - root -silent -display :0 > screen.wsd

Question 103

What command would configure X11 functionality on a Unix host?

Answer 103

xorg-configure

Question 104

What files store information for TCP Wrapper?

Answer 104

/etc/hosts.allow and /etc/host.deny

Question 105

What Dsquery command would list the domain controllers?

Answer 105

dsquery server

Question 106

What nltest command would list the domain controllers?

Answer 106

nltest /dclist:”

Question 107

What function of FSMO manages user to group mappings?

Answer 107

Infrastructure master

Question 108

Describe the following Linux file permissions: -rwxrw-r–

Answer 108

File
Owner: Read, write, execute
Group: Read, write
World: Read

Question 109

Describe the following Linux file permissions: lrwxrwxrwx

Answer 109

The file is a link

Question 110

Describe the following Linux file permissions: -rwSrw-r-x

Answer 110

File
Owner: read, write, execute
Group: read, write
World: read, write, EXECUTE AS OWNER

Question 111

Describe the following Linux file permissions: -rwSrwSr-x

Answer 111

File
Owner: read, write, execute
Group: read, write, SETGID
World: read, write, SETUID

Question 112

Legacy versions of Nmap had a flag/function which could be exploited if the SUID bit was set. What was the flag?

Answer 112

–interactive

Question 113

What version of Oracle mitigates TNS poisoning?

Answer 113

12C and above

Question 114

In Windows, on netstat, what does the -b do?

Answer 114

Display the executable associated with the port

Question 115

In Linux, using the mount command, what commands security related function can be set using the -o flag?

Answer 115

nosuid
noexec
nolock (not security related but can be useful when connecting to older NFS systems)

Question 116

In Windows, using ipconfig, how would you display the DNS cache?

Answer 116

ipconfig /displaydns

Question 117

Describe common IEEE 802.X protocols

Answer 117

802. 1 - Higher Lan Protocols (802.1X - PNAC)
803. 3 - Ethernet
804. 5 - Token Ring
805. 11 - Wireless LAN
806. 15.1 - Bluetooth

Question 118

What HTTP Security Headers are available and what do they do?

Answer 118

STS - Strict Transport Controls - Ensures the connection to the server is always over a secure channel and prevents users overriding any warning.
CSP - Content Security Policy - Defines where data can come from such as JavaScript, images, etc.
X-Frame options - Defines whether the site can be loaded within an iFrame.
X-XSS-Protection - Prevents against reflected XXS attacks.
X-Content Type options - Controls MIME sniffing. nosniff
CORS - Cross Origin Website Resources - This controls what data can be shared between different sites.

Question 119

You see a hash which begins 0x001, what is the hash likely from and what other characteristics does it have?

Answer 119

It is a MS SQL hash from pre 2012. It is hashed using SHA-1. The salt is 4 bytes, the hash is 16 bytes.

Question 120

What does $5$ indicate in a Linux password hash

Answer 120

The hash is SHA-256

Question 121

When using TKIP, how large is the key per packet?

Answer 121

128 bit.

Question 122

How would you identify the version of MS SQL?

Answer 122

SELECT @@version;

Question 123

How would you identify the version of MySQL?

Answer 123

SELECT version();

Question 124

How would you identify the version of PostgreSQL?

Answer 124

SELECT version();

Question 125

How would you identify the version of Oracle DBMS?

Answer 125

SELECT * FROM v$version

Question 126

How would you identify the version of MongoDB?

Answer 126

db.version()