Practice Test Questions Flashcards
A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees don’t like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers.
A. tcp.port = 23
B. tcp.port == 21
C. tcp.port != 21
D. tcp.port == 21 || tcp.port == 22
B. tcp.port == 21
Bob is working as a pen-tester in an organization in Dallas. He performs penetration testing on the IDS to find ways an attacker might evade the IDS. Bob sends large amounts of packets to the IDS which generates a large number of alerts. This enables Bob to hide the real traffic. What type of method is Bob using to evade the IDS?
A. Denial of service
B. Insertion Attack
C. False Positive Generation
D. Obfuscating
C. False Positive Generation
This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described?
A. Institute of Electrical Electronics Engineers (IEEE)
B. Center of Disease Control (CDC)
C. Payment Card Industry (PCI)
D. International Security Industry Organization (ISIO)
C. Payment Card Industry (PCI)
True or False; An anomaly-based IDS can identify unknown attacks (attacks without signatures) and signature-based IDS cannot.
True
False
True
Which of the following password protection techniques adds a random string of characters to the password before calculating their hashes?
A. Double Hashing
B. Key Stretching
C. Keyed Hashing
D. Salting
D. Salting
Which of the following commands will perform an Xmas scan using nmap?
A. nmap -sX 192.168.1.250
B. nmap -sA 192.168.1.250
C. nmap -sV 192.168.1.250
D. nmap -sP 192.168.1.250
A. nmap -sX 192.168.1.250
Which of the following is the BEST way to defend against network sniffing?
A. Using encryption protocols to secure network communications
B. Register all machines MAC address in a centralized Database
C. Use Static IP Address
D. Restrict Physical Access to Server Rooms hosting Critical Servers
A. Using encryption protocols to secure network communications
What is the process for allowing or blocking a specific port in the Windows firewall? (For example, TCP port 22 inbound)
A. This is not possible without installing third-party software, since Windows only allows changing firewall settings for individual applications.
B. A rule matching these requirements can be created in “Windows Firewall with Advanced Security”, located in the control panel.
C. The only way to implement a specific rule like this is to use the “netsh” program on the command-line.
D. The firewall rule must be added from within the application that is using that port.
B. A rule matching these requirements can be created in “Windows Firewall with Advanced Security”, located in the control panel.
You perform a scan of your company’s network and discover that TCP port 123 is open. What services by default run on TCP port 123?
A. DNS
B. Telnet
C. Network Time Protocol
D. POP3
C. Network Time Protocol
When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open”, but sets the SSID to a 32 character string of random letter and numbers. What is an accurate assessment of this scenario from a security perspective?
A. Javik’s router is still vulnerable to wireless hacking attempts, because the SSID broadcast setting can be enables using a specially crafted packet sent to the hardware address of the access point.
B. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.
C. Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point,
resulting in a valid setup leveraging “security through obscurity”.
D. Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.
B. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless
association.
In cryptanalysis and computer security, 'pass the hash' is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. Metasploit Framework has a module for the technique; psexec. The psexec module is often used by penetration testers to obtain access to a given system that you already know the credentials for. It was written by sysinternals and has been integrated within the framework. Often as penetration testers, successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump,pwdump, or cachedump and then utilize rainbow tables to crack those hash values.
Which of the following is true hash type and sort order that is used in the psexec module’s ‘smbpass’
A. NTLM:LM
B. LM:NT
C. LM:NTLM
D. NT:LM
C. LM:NTLM
Identify the UDP port that the Network Time Protocol (NTP) uses as it’s primary means of communication.
A. 113
B. 161
C. 69
D. 123
D. 123
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm’s public facing web servers. The engineer decides to start using netcat to port 80. The engineer receives this output:
HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type:text/html Accept Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: “b0aac0542e25c31:89d” Content-Length: 7369
Which of the following is an example of what the engineer performed?
A. Cross-site scripting
B. Whois database query
C. SQL injection
D. Banner grabbing
D. Banner grabbing
You type the following command at a Linux command prompt:
hping3-c 65535 -i u1 -S -p 80 –rand-source www.targetcorp.com
What action are you performing?
A. Ping of death
B. Port scan of all UDP ports
C. Idle scan of TCP port 80
D. SYN flood
D. SYN flood
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?
A. Error-based SQL injection
B. Blind SQL injection
C. Union-based SQL injection
D. NoSQL injection
B. Blind SQL injection
How can rainbow tables be defeated?
A. All uppercase character passwords
B. Passwords salting
C. Use of non-dictionary words
D. Lockout accounts under brute force password cracking attempts
B. Passwords salting
You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see the IP’s owned by XYZ (internal) and private IP’s are communicating to a Single Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?
A. Rootkit Attack
B. Botnet Attack
C. Spear Phishing Attack
D. Advanced Persistent Threats
B. Botnet Attack
The name for tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?
A. Network Sniffer
B. Intrusion Prevention Server
C. Vulnerability Scanner
D. Security Incident and Event Monitoring
D. Security Incident and Event Monitoring
In the field of cryptanalysis, what is meant by a “rubber-hose” attack?
A. A backdoor placed into a cryptographic algorithm by its creator.
B. Extraction of cryptographic secrets through coercion or torture.
C. Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
D. Attempting to decrypt cipher text by making logical assumptions about the contents of the original plaintext.
B. Extraction of cryptographic secrets through coercion or torture.
While scanning with Nmap, Patin found several hosts which have the IP ID sequence of incremental. He then decided to conduct: map - Pn -p- -sl kiosk.adobe.com www.riaa.com Whereas kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using “-sl” with Nmap?
A. Conduct silent scan
B. Conduct stealth scan
C. Conduct ICMP scan
D. Conduct IDLE scan
D. Conduct IDLE scan
What TCP scanning method is unlikely to set off network IDS?
A. TCP connect scan
B. TCP SYN scan
C. TCP FIN scan
D. TCP ACK scan
B. TCP SYN scan
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.
What is a possible source of this problem?
A. Client is configured for the wrong channel
B. The WAP does not recognize the client’s MAC address
C. The client cannot see the SSID of the wireless network
D. The wireless client is not configured to use DHCP
B. The WAP does not recognize the client’s MAC address
If an attacker uses the command SELECT*FROM user WHERE name =’x’ AND userid IS NULL;– which type of SQL injection attack is the attacker performing?
A. Illegal/Logically Incorrect Query
B. Tautology
C. End of Line Comment
D. UNION SQL Injection
C. End of Line Comment
In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?
A. Vulnerabilities in the application layer are greatly different from IPv4
B. Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.
C. Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addressed
D. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation
techniques are almost identical.
D. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation
techniques are almost identical.
Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?
A. UDP 415
B. UDP 123
C. UDP 514
D. UDP 541
C. UDP 514
Note: This is the SYSLOG Port
You are monitoring the network of your organization. You notice the following;
- There are huge outbound connections from your internal network to
external ip’s - On further investigation you see that the external ip’s are blacklisted
- Some of the connections are accepted and some are dropped.
- You find that it’s a CnC communication.
Which of the following would you suggest as a fix?
A. A. Update to the latest signatures on your IDS/IPS
B. C. Clean the likely malware that’s trying to communicate with the external blacklisted IP’s
C. Both B and C
D. B. Block the blacklist IP’s at the firewall
C. Both B and C
What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall.
A. Man-in-the-middle attack
B. Session hijacking
C. Firewalking
D. Network sniffing
C. Firewalking
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?
A. Application
B. Presentation
C. Transport
D. Session
A. Application
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
A. Broadcast ping
B. TCP ping
C. Traceroute
D. Hping
D. Hping
You are the network administrator at a big university. The
university provides only wifi internet access to students. Ethernet ports are reserved for faculty and some special guests. You discover that students are plugging into ethernet ports and surfing the web from their rooms, which is also causing malware to end up on the faculty network.
What should you do to remedy this problem?
A. Disable unused ports in the switch
B. Ask students to only use the wireless network
C. Use the 801.1x protocol.
D. Separate students into a different VLAN.
C. Use the 801.1x protocol.
How is the public key distributed in an orderly, controlled fashion in order that users can be sure of the sender’s identity?
A. Hash value
B. Digital certificate
C. Digital signature
D. Private keys
B. Digital certificate
Why should the security analyst disable/remove unnecessary ISAPI filters?
A. To defend against webserver attacks
B. To defend against social engineering attacks.
C. To defend against jailbreaking
D. To defend against wireless attacks
A. To defend against webserver attacks
DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switches leverages the DHCP snooping databases to help prevent man-in-the-middle attacks?
A. Dynamic ARP Inspection (DAI)
B. Spanning tree
C. Layer 2 Attack Prevention Protocol (LAPP)
D. Port Security
A. Dynamic ARP Inspection (DAI)
When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what is is meant by processing?
A. How long it takes to setup individual user accounts
B. The amount of time and resources that are necessary to maintain a biometric system
C. The amount of time it takes to be either accepted or rejected from when an individual provides
Identification and authentication information.
D. The amount of time it takes to convert biometric data into a template on a smart card
C. The amount of time it takes to be either accepted or rejected from when an individual provides
Identification and authentication information.
Which of the following program infect the system boot sector and executable files at the same time?
A. Macro Virus
B. Multipartite Virus
C. Polymorphic Virus
D. Stealth Virus
B. Multipartite Virus
An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?
A. Network sniffer
B. Intrusion Prevention System (IPS)
C. Protocol analyzer
D. Vulnerability scanner
C. Protocol analyzer
You are logged in as a local admin on a Windows 7 system, and you need to launch the Computer Management Console from the command line.
Which command would you use?
A. c:\gpedit
B. c:\ncpa.cpl
C. c:\compmgmt.msc
D. c:\services.msc
C. c:\compmgmt.msc
True or False: SYN/FIN scanning using IP fragments splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet.
True
False
True
A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware with the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?
A. Suicide Hacker
B. Gray Hat
C. Black Hat
D. White Hat
B. Gray Hat
Which of below hashing functions are not recommended for use:
A. SHA-1,ECC
B. SHA-2,SHA-3
C. MD5,SHA-5
D. MD5,SHA-1
D. MD5,SHA-1
Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?
A. Linux
B. Windows
C. Unix
D. OS X
B. Windows
PGP, SSL, and IKE are all examples of which type of cryptography?
A. Public Key
B. Hash Algorithm
C. Secret Key
D. Digest
A. Public Key
Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?
A. Oakley
B. IPsec Policy Agent
C. IPsec driver
D. Internet Key Exchange (IKE)
C. IPsec driver
An IT staff person gets a call from one of the company’s top customers. The caller wanted to know about the company’s network infrastructure, systems and team. New opportunities of integration are in sight for both company and customer. What should this employee do?
A. The employee should not provide any information without previous management authorization.
B. The employee should provide the name of the person in charge.
C. Tell them all they want to know. It’s great customer service.
D. Disregard the call.
A. The employee should not provide any information without previous management authorization.
What network security concept requires multiple layers of security controls to be placed through out the IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?
A. Defense in Depth
B. Network-Based Intrusion Detection System
C. Host-Based Instrusion Detection System
D. Security through obscurity
A. Defense in Depth
Which of these devices is capable of searching for and locating rogue access points?
A. WIPS
B. NIDS
C. WISS
D. HIDS
A. WIPS
What is the known plaintext attack used against DES which results in the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key
A. Replay attack
B. Man-in-the-middle attack
C. Meet-in-the-middle attack
D. Traffic analysis attack
C. Meet-in-the-middle attack
An LDAP directory can be used to store information similar to a sql database. LDAP uses a ____ database structure instead of SQL’s ____structure. Because of this, LDAP has difficulty representing many-to-one relationships.
A. Relational, Hierarchical
B. Strict, Abstract
C. Simple, Complex
D. Hierarchical, Relational
D. Hierarchical, Relational
Scenario: 1. Victim opens the attacker’s web site.
- Attacker sets up a web site which contains interesting and attractive content like ‘Do you want to make $1000 in a day?”
- Victim clicks to the interesting and attractive content url.
- Attacker creates a transparent ‘iframe’ in front of the url which victim attempts to click, so victim thinks that he/she clicks to the ‘Do you want to make $1000 in a day?’ url but actually he/she clicks to the content or url that exists in the transparent ‘iframe’ which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?
A. ClickJacking Attack
B. HTML Injection
C. Session Fixation
D. HTTP Parameter Pollution
A. ClickJacking Attack
Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?
A. He already has admin privileges, as shown by the “501” at the end of the SID.
B. He needs to disable antivirus protection.
C. He must perform privilege escalation.
Your answer
D. He needs to gain physical access.
C. He must perform privilege escalation.
Your answer
Which of the following bluetooth hacking techniques does and attacker use to send messages to users without the recipient’s consent, similar to email spamming?
A. BlueSniffing
B. Bluesnarfing
C. Bluejacking
D. Bluesmacking
C. Bluejacking
What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?
A. Black-box
B. Announced
C. Grey-box
D. White-box
C. Grey-box
Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP doesn’t encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to
use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?
A. OPPORTUNISTICTLS
B. FORCETLS
C. STARTTLS
D. UPGRADETLS
A. OPPORTUNISTICTLS
Which of the following attacks exploits web page vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?
A. File Injection Attack
B. Command Injection Attacks
C. Cross-Site Request Forgery
D. Hidden Field Manipulation Attack
C. Cross-Site Request Forgery
This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
A. Aircrack-ng
B. Airguard
C. WLAN-crack
D. wificracker
A. Aircrack-ng
By using a smart card and pin, you are using a two-factor authentication that satisfies
A. Something you have and something you know
B. Something you are and something you remember
C. Something you know and something you are
D. Something you have and something you are
A. Something you have and something you know
A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?
A. Exclamation mark
B. Single quote
C. Semicolon
D. Double quote
B. Single quote
You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration?
alert tcp any any -> 192.168.100.0/24 21 (msg: “‘FTP on the
network!””;)
A. A firewall IPTable
B. A Router IPTable
C. FTP Server rule
D. An Intrusion Detection System
D. An Intrusion Detection System
Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out of the network based on pre-defined sets of rules. Which of the following types of firewalls can protect against SQL injection attacks?
A. Stateful firewall
B. Data-driven firewall
C. Packet firewall
D. Web application firewall
D. Web application firewall
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
A. Time-to-check to time-to-use flaw
B. HTTP header injection vulnerability
C. Input validation flaw
D. 0-day vulnerability
D. 0-day vulnerability
This proprietary information security standard wireless guidelines classify CDEs (Cardholder Data Environments) into three scenarios depending on WLANs deployment. What standard is being mentioned?
A. ISO 27001
B. HIPPA
C. SOX
D. PCI
D. PCI
As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?
A. request smtp 25
B. smtp port
C. tcp.contains port 25
D. tcp.port eq 25
D. tcp.port eq 25
What is the most important for a pen tester before he can start any hacking activities:
A. Finding new exploits which can be used during the pentest
B. Ensuring that his activity will be authorized and he will have proper agreement with owners of targeted
system
C. Creating action plan
D. Preparing a list of targeted systems
B. Ensuring that his activity will be authorized and he will have proper agreement with owners of targeted
system
Cross-Site request forgery involves:
A. Modification of a request by a proxy between client and server
B. A request sent by a malicious user from a browser to a server
C. A server making a request to another server without the user’s knowledge
D. A browser making a request to a server without the user’s knowledge
D. A browser making a request to a server without the user’s knowledge
What attack is used to crack passwords by using a precomputed table of hashed passwords?
A. Hybrid Attack
B. Rainbow Table Attack
C. Brute Force Attack
D. Dictionary Attack
B. Rainbow Table Attack
Which of the following DoS tools is used to attack targets web applications by starvation of available sessions on the web server?
A. Stacheldraht
B. R-U-Dead-Yet? (RUDY)
C. MyDoom
D. LOIC
B. R-U-Dead-Yet? (RUDY)
Jesse receives an email with an attachment labeled
“Court_Notice_21206.zip”. Inside the zip file is a file name
“Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This word document is corrupt.” In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional
malicious binaries. What type of malware has Jesse encountered?
A. Macro Virus
B. Key-Logger
C. Worm
D. Trojan
D. Trojan
When conducting a penetration test it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by passive network sniffing?
A. Identifying operating systems, services, protocols and devices.
B. Capturing network trafifc for further analysis
C. Collecting unencrypted information about usernames and passwords.
D. Modifying and replaying captured network traffic.
D. Modifying and replaying captured network traffic.
This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
A. Aircrack-ng
B. Airguard
C. WLAN-crack
D. wificracker
A. Aircrack-ng
Identify the web application attack where attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
A. LDAP Injection attack
B. Cross Site Request Forgery (CSRF)
C. SQL Injection attack
D. Cross Site Scripting (XSS)
D. Cross Site Scripting (XSS)
You’re doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?
A. Scan servers with Nmap
B. Scan servers with MBSA
C. Telnet to every port on each server
D. Physically go to each server
A. Scan servers with Nmap
On performing a risk assessment, your need to determine the potential impacts when some of the critical business processes of the company interrupt its’ service. What is the name of the process by which you can determine those critical businesses?
A. Risk Mitigation
B. Disaster Recovery Planning (DRP)
C. Emergency Plan Response (EPR)
D. Business Impact Analysis (BIA)
D. Business Impact Analysis (BIA)
During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. What is this type of DNS configuration commonly called?
A. DNSSEC
B. DynDNS
C. Split DNS
D. DNS Scheme
C. Split DNS
Which command can be used to show current TCP/IP connections.
A. Net use
B. Net use connection
C. Netsh
D. Netstat
D. Netstat
A hacker named Bob is trying to compromise a bank’s computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?
A. Banner Grabbing
B. SSDP Scanning
C. IDLE Scanning
D. UDP Scanning
A. Banner Grabbing
Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?
A. A race condition is being exploited, and the operating system is containing the malicious process
B. A page fault is occurring, which forces the operating system to write data from the hard drive
C. Malicious code is attempting to execute instruction in a non executable memory region.
D. Malware is executing in either ROM or a cache memory area
C. Malicious code is attempting to execute instruction in a non executable memory region.
How does Address Resolution Protocol (ARP) work?
A. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP
B. It sends a request packet to all the network elements, asking for the domain name from specific IP.
C. It sends a request packet to all the network elements, asking for the MAC address from a specific IP.
D. It sends a reply packet for a specific IP, asking for the MAC address.
C. It sends a request packet to all the network elements, asking for the MAC address from a specific IP.
Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a scanned port is open, what happens
A. The port will send an ACK
B. The port will ignore the packets.
C. The port will send an RST
D. The port will send a SYN
B. The port will ignore the packets.
In Wireshark, the packet bytes panes show the data of the current packet in which format?
A. ASCII only
B. Hexadecimal
C. Binary
D. Decimal
B. Hexadecimal
Matthew executed a scan against a target and found several vulnerabilities. A few minutes later he scanned again and the target responded with no vulnerabilities and all ports appeared to be closed. What was the most probably the root cause of these changing results?
A. Administrator of the scanned system updated most of the vulnerabilities
B. The second the scan was blocked by an IPS
C. Mathew’s scan was blocked by Firewall
D. The second scan was blocked by an IDS
B. The second the scan was blocked by an IPS
Your company provides data analytics services to several large clients. A new client says that your company is required to sign a Business Associate Agreement (BAA) document before they will transfer any data to your company will handle the client’s data and specific security requirements.
What regulation, which requires a Business Associate Agreement for some vendors, is the client following?
A. ISO 27001
B. SOC
C. HIPAA
D. PCI
C. HIPAA
This type of virus tries to install itself inside of a file.
A. Polymorphic Virus
B. Stealth Virus
C. Cavity virus
D. Tunneling Virus
C. Cavity virus
Which method of password cracking takes the most time and effort?
A. Shoulder surfing
B. Dictionary attack
C. Rainbow tables
D. Brute force
D. Brute force
Log monitoring tools performing behavioral analysis have alerted to several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activity it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes that the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?
A. NTP
B. Timekeeper
C. OSPF
D. PPP
A. NTP
Darius just received a call:
Unknown caller: Hello, my name is Rashad and I’m a security engineer from Microsoft Corporation. We have observed suspicious activity originating from your system and we would like to stop this threat. To do so I would ask you to install some updated on your system. Would
you prefer to send me your link or an attachment within this email?
Darius: Hello, please send me an email with the attachment at darius@protonmail.com
Unknown caller: Thank you for your cooperation I’m sending instruction and all files.
What Darius just faced?
A. Piggybacking
B. Just normal call from Microsoft Cyberdivision
C. Social Engineering Attack
D. Tailgating
C. Social Engineering Attack
After trying multiple exploits, you’ve gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
A. Download and Install Netcat
B. Disable IPTables
C. Disable Key Services
D. Create User Account
A. Download and Install Netcat
env x=() { :;};echo exploit
bash -c ‘cat /etc/passwd’
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?
A. Add new user to the passwd file
B. Changes all passwords in passwd
C. Removes the passwd file
D. Display passwd content to prompt
D. Display passwd content to prompt
What is the most common method to exploit the “Bash Bug” or “ShellShock” vulnerability?
A. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment
variable to a vulnerable Web server
B. SSH
C. SYN Flood
D. Manipulate format strings in text fields
A. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment
variable to a vulnerable Web server
Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, Network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy. What is the main theme of the sub-policies for Information Technologies?
A. Authenticity, Integrity, Non-repudiation
B. Confidentiality, Integrity, Availability
C. Availability, Nonrepudiation, Confidentiality
D. Authenticity, Confidentiality, Integrity
B. Confidentiality, Integrity, Availability
The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance.
Which of the following requirements would best fit under the objective, “Implement strong access control measures”?
A. Regularly test security systems and processes.
B. Use and regularly update anti-virus software on all systems commonly affected by malware.
C. Assign a unique ID to each person with computer access
D. Encrypt transmission of cardholder data across open, public networks
C. Assign a unique ID to each person with computer access
Your computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When a technician examines the IP address and default gateway, they are both on the 192.168.1.0/24 network. Which of the following has occurred?
A. The gateway is not routing to the public IP address
Your answer
B. The gateway and the computer are not on the same network.
C. The computer is not using a private IP address
D. The computer is using an invalid IP address
A. The gateway is not routing to the public IP address
Your answer
Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics:
- Verifies success or failure of an attack
- Monitors System Activities
- Detects attacks that a network based IDS fail to detect
- Near real time detection and response
- Does not require additional hardware
- Lower entry cost
Which type of IDS is best suited for Tremp’s requirements?
A. Gateway based IDS
B. Host based IDS
C. Network based IDS
D. Open source based IDS
B. Host based IDS
During the process of encryption and decryption, what keys are shared?
A. Public keys
B. Private keys
C. Public and private keys
D. User passwords
A. Public keys
Your company has web servers, DNS servers, and mail servers in a DMZ that are accessible from the Internet. Hackers have been scanning your public IP addresses and you even suspect they have begun enumerating some targets. Your company performs daily Nessus scans to find live hosts, open ports, and vulnerabilities. The Nessus scanner is connected to your internal network.
A. Have the firewall rules modified so that the Nessus server on the internal network is able to scan the hosts in the DMZ.
B. Leave the Nessus server in the internal network but add a second network card so that it can be connected to a switch in the DMZ. This will allow the Nessus server to have access to the internal and DMZ networks.
C. Run Nessus from a server that resides in the DMZ so that no firewalls, IPS or other security products interfere
with the scan.
D. Run Nessus from a location on the Internet which is separate from the company’s network so that no
firewalls, IPS, or other security products interfere with the scan.
D. Run Nessus from a location on the Internet which is separate from the company’s network so that no
firewalls, IPS, or other security products interfere with the scan.
Which of the following is true regarding a PKI system?
A. The RA verifies an applicant to the system
B. The RA issues all certificates
C. The CA encrypts all messages
D. The CA is the recovery agent for lost certificates
A. The RA verifies an applicant to the system
You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account. What should you do?
A. Do not report it and continue the penetration test.
B. Transfer money from the administrator’s account to another account.
C. Report immediately to the administrator.
D. Do not transfer the money but steal the bitcoins.
C. Report immediately to the administrator.
Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?
A. msfencode
B. msfd
C. msfcli
D. msfpayload
A. msfencode
An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?
A. Redirection of the traffic cannot happen unless the admin allow it explicitly
B. Make sure that legitimate network routers are configured to run routing protocols with authentication.
C. Disable all routing protocols and only use static routes
D. Only using OSPFv3 will mitigate this risk.
B. Make sure that legitimate network routers are configured to run routing protocols with authentication.
Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?
A. Scanning
B. System Hacking
C. Enumeration
D. Footprinting
D. Footprinting
What is the correct process for the TCP three-way handshake connection establishment and connection termination?
A. Connection Establishment: FIN, ACK-FIN, ACK Connection Termination: SYN, SYN-ACK, ACK
B. Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: ACK, ACK-SYN, SYN
C. Connection Establishment: ACK, ACK-SYN, SYN Connection Termination: FIN, ACK-FIN, ACK
D. Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK
D. Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK
Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network’s SSID and password and you hear them both clearly. What do you do with this
information?
A. Only use his network when you have large downloads so you don’t tax your own network
B. Nothing, but suggest to him to change the network’s SSID and password
C. Log onto his network, after all its his fault that you can get it.
D. Sell his SSID and password to friends that come to your house, so it doesn’t slow down your network.
B. Nothing, but suggest to him to change the network’s SSID and password
What does a firewall check to prevent particular ports and applications from getting packets into an organization?
A. Application layer port numbers and the transport layer headers
B. Presentation layer headers and the session layer port numbers
C. Transport layer port numbers and application layer headers
D. Network layer headers and the session layer port numbers
C. Transport layer port numbers and application layer headers
An enterprise recently moved to a new office and the neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?
A. Use fences in the entrance doors
B. Install a CCTV with cameras pointing to the entrance doors and the street
C. Use lights in all the entrance doors and along the company’s perimeter
D. Use and IDS in the entrance doors and install some of them near the corners
B. Install a CCTV with cameras pointing to the entrance doors and the street
Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?
A. BIOS password
B. Password protected files
C. Hidden folders
D. Full disk encryption
D. Full disk encryption