Practice Test Questions Flashcards

1
Q

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees don’t like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers.

A. tcp.port = 23
B. tcp.port == 21
C. tcp.port != 21
D. tcp.port == 21 || tcp.port == 22

A

B. tcp.port == 21

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Bob is working as a pen-tester in an organization in Dallas. He performs penetration testing on the IDS to find ways an attacker might evade the IDS. Bob sends large amounts of packets to the IDS which generates a large number of alerts. This enables Bob to hide the real traffic. What type of method is Bob using to evade the IDS?

A. Denial of service
B. Insertion Attack
C. False Positive Generation
D. Obfuscating

A

C. False Positive Generation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.

Which of the following organizations is being described?

A. Institute of Electrical Electronics Engineers (IEEE)
B. Center of Disease Control (CDC)
C. Payment Card Industry (PCI)
D. International Security Industry Organization (ISIO)

A

C. Payment Card Industry (PCI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or False; An anomaly-based IDS can identify unknown attacks (attacks without signatures) and signature-based IDS cannot.

True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following password protection techniques adds a random string of characters to the password before calculating their hashes?

A. Double Hashing
B. Key Stretching
C. Keyed Hashing
D. Salting

A

D. Salting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following commands will perform an Xmas scan using nmap?

A. nmap -sX 192.168.1.250
B. nmap -sA 192.168.1.250
C. nmap -sV 192.168.1.250
D. nmap -sP 192.168.1.250

A

A. nmap -sX 192.168.1.250

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is the BEST way to defend against network sniffing?

A. Using encryption protocols to secure network communications
B. Register all machines MAC address in a centralized Database
C. Use Static IP Address
D. Restrict Physical Access to Server Rooms hosting Critical Servers

A

A. Using encryption protocols to secure network communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the process for allowing or blocking a specific port in the Windows firewall? (For example, TCP port 22 inbound)

A. This is not possible without installing third-party software, since Windows only allows changing firewall settings for individual applications.
B. A rule matching these requirements can be created in “Windows Firewall with Advanced Security”, located in the control panel.
C. The only way to implement a specific rule like this is to use the “netsh” program on the command-line.
D. The firewall rule must be added from within the application that is using that port.

A

B. A rule matching these requirements can be created in “Windows Firewall with Advanced Security”, located in the control panel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You perform a scan of your company’s network and discover that TCP port 123 is open. What services by default run on TCP port 123?

A. DNS
B. Telnet
C. Network Time Protocol
D. POP3

A

C. Network Time Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open”, but sets the SSID to a 32 character string of random letter and numbers. What is an accurate assessment of this scenario from a security perspective?

A. Javik’s router is still vulnerable to wireless hacking attempts, because the SSID broadcast setting can be enables using a specially crafted packet sent to the hardware address of the access point.
B. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.
C. Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point,
resulting in a valid setup leveraging “security through obscurity”.
D. Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.

A

B. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless
association.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
In cryptanalysis and computer security, 'pass the hash' is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. Metasploit Framework has a module for the technique; psexec. The psexec module is often used by penetration testers to obtain access to a given system that you already know the credentials for. It was written by sysinternals and has been integrated within the framework. Often as
penetration testers, successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump,pwdump, or cachedump and then utilize rainbow tables to crack
those hash values. 

Which of the following is true hash type and sort order that is used in the psexec module’s ‘smbpass’

A. NTLM:LM
B. LM:NT
C. LM:NTLM
D. NT:LM

A

C. LM:NTLM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Identify the UDP port that the Network Time Protocol (NTP) uses as it’s primary means of communication.

A. 113
B. 161
C. 69
D. 123

A

D. 123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm’s public facing web servers. The engineer decides to start using netcat to port 80. The engineer receives this output:

HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type:text/html Accept Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: “b0aac0542e25c31:89d” Content-Length: 7369

Which of the following is an example of what the engineer performed?

A. Cross-site scripting
B. Whois database query
C. SQL injection
D. Banner grabbing

A

D. Banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You type the following command at a Linux command prompt:

hping3-c 65535 -i u1 -S -p 80 –rand-source www.targetcorp.com

What action are you performing?

A. Ping of death
B. Port scan of all UDP ports
C. Idle scan of TCP port 80
D. SYN flood

A

D. SYN flood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

A. Error-based SQL injection
B. Blind SQL injection
C. Union-based SQL injection
D. NoSQL injection

A

B. Blind SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can rainbow tables be defeated?

A. All uppercase character passwords
B. Passwords salting
C. Use of non-dictionary words
D. Lockout accounts under brute force password cracking attempts

A

B. Passwords salting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see the IP’s owned by XYZ (internal) and private IP’s are communicating to a Single Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

A. Rootkit Attack
B. Botnet Attack
C. Spear Phishing Attack
D. Advanced Persistent Threats

A

B. Botnet Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The name for tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

A. Network Sniffer
B. Intrusion Prevention Server
C. Vulnerability Scanner
D. Security Incident and Event Monitoring

A

D. Security Incident and Event Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

A. A backdoor placed into a cryptographic algorithm by its creator.
B. Extraction of cryptographic secrets through coercion or torture.
C. Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
D. Attempting to decrypt cipher text by making logical assumptions about the contents of the original plaintext.

A

B. Extraction of cryptographic secrets through coercion or torture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

While scanning with Nmap, Patin found several hosts which have the IP ID sequence of incremental. He then decided to conduct: map - Pn -p- -sl kiosk.adobe.com www.riaa.com Whereas kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using “-sl” with Nmap?

A. Conduct silent scan
B. Conduct stealth scan
C. Conduct ICMP scan
D. Conduct IDLE scan

A

D. Conduct IDLE scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What TCP scanning method is unlikely to set off network IDS?

A. TCP connect scan
B. TCP SYN scan
C. TCP FIN scan
D. TCP ACK scan

A

B. TCP SYN scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.

What is a possible source of this problem?

A. Client is configured for the wrong channel
B. The WAP does not recognize the client’s MAC address
C. The client cannot see the SSID of the wireless network
D. The wireless client is not configured to use DHCP

A

B. The WAP does not recognize the client’s MAC address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

If an attacker uses the command SELECT*FROM user WHERE name =’x’ AND userid IS NULL;– which type of SQL injection attack is the attacker performing?

A. Illegal/Logically Incorrect Query
B. Tautology
C. End of Line Comment
D. UNION SQL Injection

A

C. End of Line Comment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

A. Vulnerabilities in the application layer are greatly different from IPv4
B. Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.
C. Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addressed
D. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation
techniques are almost identical.

A

D. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation
techniques are almost identical.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

A. UDP 415
B. UDP 123
C. UDP 514
D. UDP 541

A

C. UDP 514

Note: This is the SYSLOG Port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

You are monitoring the network of your organization. You notice the following;

  1. There are huge outbound connections from your internal network to
    external ip’s
  2. On further investigation you see that the external ip’s are blacklisted
  3. Some of the connections are accepted and some are dropped.
  4. You find that it’s a CnC communication.

Which of the following would you suggest as a fix?

A. A. Update to the latest signatures on your IDS/IPS
B. C. Clean the likely malware that’s trying to communicate with the external blacklisted IP’s
C. Both B and C
D. B. Block the blacklist IP’s at the firewall

A

C. Both B and C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall.

A. Man-in-the-middle attack
B. Session hijacking
C. Firewalking
D. Network sniffing

A

C. Firewalking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

A. Application
B. Presentation
C. Transport
D. Session

A

A. Application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

A. Broadcast ping
B. TCP ping
C. Traceroute
D. Hping

A

D. Hping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

You are the network administrator at a big university. The
university provides only wifi internet access to students. Ethernet ports are reserved for faculty and some special guests. You discover that students are plugging into ethernet ports and surfing the web from their rooms, which is also causing malware to end up on the faculty network.

What should you do to remedy this problem?

A. Disable unused ports in the switch
B. Ask students to only use the wireless network
C. Use the 801.1x protocol.
D. Separate students into a different VLAN.

A

C. Use the 801.1x protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

How is the public key distributed in an orderly, controlled fashion in order that users can be sure of the sender’s identity?

A. Hash value
B. Digital certificate
C. Digital signature
D. Private keys

A

B. Digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Why should the security analyst disable/remove unnecessary ISAPI filters?

A. To defend against webserver attacks
B. To defend against social engineering attacks.
C. To defend against jailbreaking
D. To defend against wireless attacks

A

A. To defend against webserver attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switches leverages the DHCP snooping databases to help prevent man-in-the-middle attacks?

A. Dynamic ARP Inspection (DAI)
B. Spanning tree
C. Layer 2 Attack Prevention Protocol (LAPP)
D. Port Security

A

A. Dynamic ARP Inspection (DAI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what is is meant by processing?

A. How long it takes to setup individual user accounts
B. The amount of time and resources that are necessary to maintain a biometric system
C. The amount of time it takes to be either accepted or rejected from when an individual provides
Identification and authentication information.
D. The amount of time it takes to convert biometric data into a template on a smart card

A

C. The amount of time it takes to be either accepted or rejected from when an individual provides
Identification and authentication information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following program infect the system boot sector and executable files at the same time?

A. Macro Virus
B. Multipartite Virus
C. Polymorphic Virus
D. Stealth Virus

A

B. Multipartite Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

A. Network sniffer
B. Intrusion Prevention System (IPS)
C. Protocol analyzer
D. Vulnerability scanner

A

C. Protocol analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

You are logged in as a local admin on a Windows 7 system, and you need to launch the Computer Management Console from the command line.

Which command would you use?

A. c:\gpedit
B. c:\ncpa.cpl
C. c:\compmgmt.msc
D. c:\services.msc

A

C. c:\compmgmt.msc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

True or False: SYN/FIN scanning using IP fragments splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet.

True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware with the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

A. Suicide Hacker
B. Gray Hat
C. Black Hat
D. White Hat

A

B. Gray Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which of below hashing functions are not recommended for use:

A. SHA-1,ECC
B. SHA-2,SHA-3
C. MD5,SHA-5
D. MD5,SHA-1

A

D. MD5,SHA-1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?

A. Linux
B. Windows
C. Unix
D. OS X

A

B. Windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

PGP, SSL, and IKE are all examples of which type of cryptography?

A. Public Key
B. Hash Algorithm
C. Secret Key
D. Digest

A

A. Public Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

A. Oakley
B. IPsec Policy Agent
C. IPsec driver
D. Internet Key Exchange (IKE)

A

C. IPsec driver

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

An IT staff person gets a call from one of the company’s top customers. The caller wanted to know about the company’s network infrastructure, systems and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

A. The employee should not provide any information without previous management authorization.
B. The employee should provide the name of the person in charge.
C. Tell them all they want to know. It’s great customer service.
D. Disregard the call.

A

A. The employee should not provide any information without previous management authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What network security concept requires multiple layers of security controls to be placed through out the IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?

A. Defense in Depth
B. Network-Based Intrusion Detection System
C. Host-Based Instrusion Detection System
D. Security through obscurity

A

A. Defense in Depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which of these devices is capable of searching for and locating rogue access points?

A. WIPS
B. NIDS
C. WISS
D. HIDS

A

A. WIPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is the known plaintext attack used against DES which results in the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key

A. Replay attack
B. Man-in-the-middle attack
C. Meet-in-the-middle attack
D. Traffic analysis attack

A

C. Meet-in-the-middle attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

An LDAP directory can be used to store information similar to a sql database. LDAP uses a ____ database structure instead of SQL’s ____structure. Because of this, LDAP has difficulty representing many-to-one relationships.

A. Relational, Hierarchical
B. Strict, Abstract
C. Simple, Complex
D. Hierarchical, Relational

A

D. Hierarchical, Relational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Scenario: 1. Victim opens the attacker’s web site.

  1. Attacker sets up a web site which contains interesting and attractive content like ‘Do you want to make $1000 in a day?”
  2. Victim clicks to the interesting and attractive content url.
  3. Attacker creates a transparent ‘iframe’ in front of the url which victim attempts to click, so victim thinks that he/she clicks to the ‘Do you want to make $1000 in a day?’ url but actually he/she clicks to the content or url that exists in the transparent ‘iframe’ which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

A. ClickJacking Attack
B. HTML Injection
C. Session Fixation
D. HTTP Parameter Pollution

A

A. ClickJacking Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

A. He already has admin privileges, as shown by the “501” at the end of the SID.
B. He needs to disable antivirus protection.
C. He must perform privilege escalation.
Your answer
D. He needs to gain physical access.

A

C. He must perform privilege escalation.

Your answer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which of the following bluetooth hacking techniques does and attacker use to send messages to users without the recipient’s consent, similar to email spamming?

A. BlueSniffing
B. Bluesnarfing
C. Bluejacking
D. Bluesmacking

A

C. Bluejacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

A. Black-box
B. Announced
C. Grey-box
D. White-box

A

C. Grey-box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP doesn’t encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to
use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

A. OPPORTUNISTICTLS
B. FORCETLS
C. STARTTLS
D. UPGRADETLS

A

A. OPPORTUNISTICTLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which of the following attacks exploits web page vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

A. File Injection Attack
B. Command Injection Attacks
C. Cross-Site Request Forgery
D. Hidden Field Manipulation Attack

A

C. Cross-Site Request Forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

A. Aircrack-ng
B. Airguard
C. WLAN-crack
D. wificracker

A

A. Aircrack-ng

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

By using a smart card and pin, you are using a two-factor authentication that satisfies

A. Something you have and something you know
B. Something you are and something you remember
C. Something you know and something you are
D. Something you have and something you are

A

A. Something you have and something you know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

A. Exclamation mark
B. Single quote
C. Semicolon
D. Double quote

A

B. Single quote

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration?

alert tcp any any -> 192.168.100.0/24 21 (msg: “‘FTP on the
network!””;)

A. A firewall IPTable
B. A Router IPTable
C. FTP Server rule
D. An Intrusion Detection System

A

D. An Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out of the network based on pre-defined sets of rules. Which of the following types of firewalls can protect against SQL injection attacks?

A. Stateful firewall
B. Data-driven firewall
C. Packet firewall
D. Web application firewall

A

D. Web application firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

A. Time-to-check to time-to-use flaw
B. HTTP header injection vulnerability
C. Input validation flaw
D. 0-day vulnerability

A

D. 0-day vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

This proprietary information security standard wireless guidelines classify CDEs (Cardholder Data Environments) into three scenarios depending on WLANs deployment. What standard is being mentioned?

A. ISO 27001
B. HIPPA
C. SOX
D. PCI

A

D. PCI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?

A. request smtp 25
B. smtp port
C. tcp.contains port 25
D. tcp.port eq 25

A

D. tcp.port eq 25

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is the most important for a pen tester before he can start any hacking activities:

A. Finding new exploits which can be used during the pentest
B. Ensuring that his activity will be authorized and he will have proper agreement with owners of targeted
system
C. Creating action plan
D. Preparing a list of targeted systems

A

B. Ensuring that his activity will be authorized and he will have proper agreement with owners of targeted
system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Cross-Site request forgery involves:

A. Modification of a request by a proxy between client and server
B. A request sent by a malicious user from a browser to a server
C. A server making a request to another server without the user’s knowledge
D. A browser making a request to a server without the user’s knowledge

A

D. A browser making a request to a server without the user’s knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What attack is used to crack passwords by using a precomputed table of hashed passwords?

A. Hybrid Attack
B. Rainbow Table Attack
C. Brute Force Attack
D. Dictionary Attack

A

B. Rainbow Table Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Which of the following DoS tools is used to attack targets web applications by starvation of available sessions on the web server?

A. Stacheldraht
B. R-U-Dead-Yet? (RUDY)
C. MyDoom
D. LOIC

A

B. R-U-Dead-Yet? (RUDY)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Jesse receives an email with an attachment labeled
“Court_Notice_21206.zip”. Inside the zip file is a file name
“Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This word document is corrupt.” In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional
malicious binaries. What type of malware has Jesse encountered?

A. Macro Virus
B. Key-Logger
C. Worm
D. Trojan

A

D. Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

When conducting a penetration test it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by passive network sniffing?

A. Identifying operating systems, services, protocols and devices.
B. Capturing network trafifc for further analysis
C. Collecting unencrypted information about usernames and passwords.
D. Modifying and replaying captured network traffic.

A

D. Modifying and replaying captured network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

A. Aircrack-ng
B. Airguard
C. WLAN-crack
D. wificracker

A

A. Aircrack-ng

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Identify the web application attack where attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

A. LDAP Injection attack
B. Cross Site Request Forgery (CSRF)
C. SQL Injection attack
D. Cross Site Scripting (XSS)

A

D. Cross Site Scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

You’re doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?

A. Scan servers with Nmap
B. Scan servers with MBSA
C. Telnet to every port on each server
D. Physically go to each server

A

A. Scan servers with Nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

On performing a risk assessment, your need to determine the potential impacts when some of the critical business processes of the company interrupt its’ service. What is the name of the process by which you can determine those critical businesses?

A. Risk Mitigation
B. Disaster Recovery Planning (DRP)
C. Emergency Plan Response (EPR)
D. Business Impact Analysis (BIA)

A

D. Business Impact Analysis (BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. What is this type of DNS configuration commonly called?

A. DNSSEC
B. DynDNS
C. Split DNS
D. DNS Scheme

A

C. Split DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Which command can be used to show current TCP/IP connections.

A. Net use
B. Net use connection
C. Netsh
D. Netstat

A

D. Netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

A hacker named Bob is trying to compromise a bank’s computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?

A. Banner Grabbing
B. SSDP Scanning
C. IDLE Scanning
D. UDP Scanning

A

A. Banner Grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

A. A race condition is being exploited, and the operating system is containing the malicious process
B. A page fault is occurring, which forces the operating system to write data from the hard drive
C. Malicious code is attempting to execute instruction in a non executable memory region.
D. Malware is executing in either ROM or a cache memory area

A

C. Malicious code is attempting to execute instruction in a non executable memory region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

How does Address Resolution Protocol (ARP) work?

A. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP
B. It sends a request packet to all the network elements, asking for the domain name from specific IP.
C. It sends a request packet to all the network elements, asking for the MAC address from a specific IP.
D. It sends a reply packet for a specific IP, asking for the MAC address.

A

C. It sends a request packet to all the network elements, asking for the MAC address from a specific IP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a scanned port is open, what happens

A. The port will send an ACK
B. The port will ignore the packets.
C. The port will send an RST
D. The port will send a SYN

A

B. The port will ignore the packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

In Wireshark, the packet bytes panes show the data of the current packet in which format?

A. ASCII only
B. Hexadecimal
C. Binary
D. Decimal

A

B. Hexadecimal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Matthew executed a scan against a target and found several vulnerabilities. A few minutes later he scanned again and the target responded with no vulnerabilities and all ports appeared to be closed. What was the most probably the root cause of these changing results?

A. Administrator of the scanned system updated most of the vulnerabilities
B. The second the scan was blocked by an IPS
C. Mathew’s scan was blocked by Firewall
D. The second scan was blocked by an IDS

A

B. The second the scan was blocked by an IPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Your company provides data analytics services to several large clients. A new client says that your company is required to sign a Business Associate Agreement (BAA) document before they will transfer any data to your company will handle the client’s data and specific security requirements.

What regulation, which requires a Business Associate Agreement for some vendors, is the client following?

A. ISO 27001
B. SOC
C. HIPAA
D. PCI

A

C. HIPAA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

This type of virus tries to install itself inside of a file.

A. Polymorphic Virus
B. Stealth Virus
C. Cavity virus
D. Tunneling Virus

A

C. Cavity virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Which method of password cracking takes the most time and effort?

A. Shoulder surfing
B. Dictionary attack
C. Rainbow tables
D. Brute force

A

D. Brute force

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Log monitoring tools performing behavioral analysis have alerted to several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activity it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes that the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

A. NTP
B. Timekeeper
C. OSPF
D. PPP

A

A. NTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Darius just received a call:

Unknown caller: Hello, my name is Rashad and I’m a security engineer from Microsoft Corporation. We have observed suspicious activity originating from your system and we would like to stop this threat. To do so I would ask you to install some updated on your system. Would
you prefer to send me your link or an attachment within this email?

Darius: Hello, please send me an email with the attachment at darius@protonmail.com

Unknown caller: Thank you for your cooperation I’m sending instruction and all files.

What Darius just faced?

A. Piggybacking
B. Just normal call from Microsoft Cyberdivision
C. Social Engineering Attack
D. Tailgating

A

C. Social Engineering Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

After trying multiple exploits, you’ve gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

A. Download and Install Netcat
B. Disable IPTables
C. Disable Key Services
D. Create User Account

A

A. Download and Install Netcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

env x=() { :;};echo exploit bash -c ‘cat /etc/passwd’
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?

A. Add new user to the passwd file
B. Changes all passwords in passwd
C. Removes the passwd file
D. Display passwd content to prompt

A

D. Display passwd content to prompt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

What is the most common method to exploit the “Bash Bug” or “ShellShock” vulnerability?

A. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment
variable to a vulnerable Web server
B. SSH
C. SYN Flood
D. Manipulate format strings in text fields

A

A. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment
variable to a vulnerable Web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, Network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy. What is the main theme of the sub-policies for Information Technologies?

A. Authenticity, Integrity, Non-repudiation
B. Confidentiality, Integrity, Availability
C. Availability, Nonrepudiation, Confidentiality
D. Authenticity, Confidentiality, Integrity

A

B. Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance.

Which of the following requirements would best fit under the objective, “Implement strong access control measures”?

A. Regularly test security systems and processes.
B. Use and regularly update anti-virus software on all systems commonly affected by malware.
C. Assign a unique ID to each person with computer access
D. Encrypt transmission of cardholder data across open, public networks

A

C. Assign a unique ID to each person with computer access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Your computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When a technician examines the IP address and default gateway, they are both on the 192.168.1.0/24 network. Which of the following has occurred?

A. The gateway is not routing to the public IP address
Your answer
B. The gateway and the computer are not on the same network.
C. The computer is not using a private IP address
D. The computer is using an invalid IP address

A

A. The gateway is not routing to the public IP address

Your answer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics:

  • Verifies success or failure of an attack
  • Monitors System Activities
  • Detects attacks that a network based IDS fail to detect
  • Near real time detection and response
  • Does not require additional hardware
  • Lower entry cost

Which type of IDS is best suited for Tremp’s requirements?

A. Gateway based IDS
B. Host based IDS
C. Network based IDS
D. Open source based IDS

A

B. Host based IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

During the process of encryption and decryption, what keys are shared?

A. Public keys
B. Private keys
C. Public and private keys
D. User passwords

A

A. Public keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Your company has web servers, DNS servers, and mail servers in a DMZ that are accessible from the Internet. Hackers have been scanning your public IP addresses and you even suspect they have begun enumerating some targets. Your company performs daily Nessus scans to find live hosts, open ports, and vulnerabilities. The Nessus scanner is connected to your internal network.

A. Have the firewall rules modified so that the Nessus server on the internal network is able to scan the hosts in the DMZ.
B. Leave the Nessus server in the internal network but add a second network card so that it can be connected to a switch in the DMZ. This will allow the Nessus server to have access to the internal and DMZ networks.
C. Run Nessus from a server that resides in the DMZ so that no firewalls, IPS or other security products interfere
with the scan.
D. Run Nessus from a location on the Internet which is separate from the company’s network so that no
firewalls, IPS, or other security products interfere with the scan.

A

D. Run Nessus from a location on the Internet which is separate from the company’s network so that no
firewalls, IPS, or other security products interfere with the scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Which of the following is true regarding a PKI system?

A. The RA verifies an applicant to the system
B. The RA issues all certificates
C. The CA encrypts all messages
D. The CA is the recovery agent for lost certificates

A

A. The RA verifies an applicant to the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account. What should you do?

A. Do not report it and continue the penetration test.
B. Transfer money from the administrator’s account to another account.
C. Report immediately to the administrator.
D. Do not transfer the money but steal the bitcoins.

A

C. Report immediately to the administrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

A. msfencode
B. msfd
C. msfcli
D. msfpayload

A

A. msfencode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

A. Redirection of the traffic cannot happen unless the admin allow it explicitly
B. Make sure that legitimate network routers are configured to run routing protocols with authentication.
C. Disable all routing protocols and only use static routes
D. Only using OSPFv3 will mitigate this risk.

A

B. Make sure that legitimate network routers are configured to run routing protocols with authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

A. Scanning
B. System Hacking
C. Enumeration
D. Footprinting

A

D. Footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

A. Connection Establishment: FIN, ACK-FIN, ACK Connection Termination: SYN, SYN-ACK, ACK
B. Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: ACK, ACK-SYN, SYN
C. Connection Establishment: ACK, ACK-SYN, SYN Connection Termination: FIN, ACK-FIN, ACK
D. Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK

A

D. Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network’s SSID and password and you hear them both clearly. What do you do with this
information?

A. Only use his network when you have large downloads so you don’t tax your own network
B. Nothing, but suggest to him to change the network’s SSID and password
C. Log onto his network, after all its his fault that you can get it.
D. Sell his SSID and password to friends that come to your house, so it doesn’t slow down your network.

A

B. Nothing, but suggest to him to change the network’s SSID and password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

A. Application layer port numbers and the transport layer headers
B. Presentation layer headers and the session layer port numbers
C. Transport layer port numbers and application layer headers
D. Network layer headers and the session layer port numbers

A

C. Transport layer port numbers and application layer headers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

An enterprise recently moved to a new office and the neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

A. Use fences in the entrance doors
B. Install a CCTV with cameras pointing to the entrance doors and the street
C. Use lights in all the entrance doors and along the company’s perimeter
D. Use and IDS in the entrance doors and install some of them near the corners

A

B. Install a CCTV with cameras pointing to the entrance doors and the street

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?

A. BIOS password
B. Password protected files
C. Hidden folders
D. Full disk encryption

A

D. Full disk encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

A. Wireshark
B. Metasploit
C. Nessus
D. Maltego

A

B. Metasploit

106
Q

The purpose of a _______ is to deny network access to local area networks and other information assets by unauthorized wireless devices.

A. Wireless Access Point
B. Wireless Analyzer
C. Wireless Access Control List
D. Wireless Intrusion Prevention System

A

D. Wireless Intrusion Prevention System

107
Q

The company ABC recently contract a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the account was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

A. The document can be sent to the accountant using an exclusive USB for that document
B. he CFO can use an excel file with a password
C. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can
compare both to be sure is the same document
D. The CFO can use a hash algorithm in the document once he approved the financial statements

A

D. The CFO can use a hash algorithm in the document once he approved the financial statements

108
Q

You are performing a web application penetration test for one of your clients. The app uses HTTPS exclusively. You configure your browser to use Burp Suite as a proxy, but immediately receive a certificate error when attempting to visit the website. Which steps would you follow to remove this warning for all websites, and what
would be the associated security risk?

A. Add the Burp Suite certificate as a trusted root CA for your browser/OS. This would expose you to man-
in-the-middle attacks from anyone possessing the same certificate.
B. Configure your browser to ignore all SSL/TLS certificate warning. This would make your HTTPS sessions
C. Start sslstrip and redirect port 443 to its listening port. This ensures that plaintext sessions are not upgraded to
SSL/TLS.
D. Force your browser to connect over port 80. Data would be transmitted in cleartext, removing the need for
certificated. vulnerable to ARP spoofing on the local LAN.

A

A. Add the Burp Suite certificate as a trusted root CA for your browser/OS. This would expose you to man-
in-the-middle attacks from anyone possessing the same certificate.

109
Q

You want to analyze packets on your wireless network. Which program would you use?

A. Wireshark with Airpcap
B. Ethereal with Winpcap
C. Wireshark with Winpcap
D. Airsnort with Airpcap

A

A. Wireshark with Airpcap

110
Q

Some clients of Cake Bosses were redirected to a malicious site when they tried to access the Cake Bosses website. Jon, the system administrator at Cake Bosses, found that they were a victim of DNS Cache Poisoning. What should Jon recommend to deal with such a threat?

A. The use of security agents in clients computers
B. The use of double-factor authentication
C. Client awareness
D. The use of DNSSEC

A

D. The use of DNSSEC

111
Q

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

A. SFTP
B. Ipsec
C. SSL
D. FTPS

A

B. Ipsec

112
Q

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is the middle step called

A. String validating the code
B. Fuzzy-testing the code
C. Third party running the code
D. Sandboxing the code

A

D. Sandboxing the code

113
Q

Bob, your senior colleague, has sent you an email regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bob denies that he had ever sent an email. What do you want to “know” to prove yourself that it was Bob who had sent the email.

A. Integrity
B. Non- Repudiation
C. Confidentiality
D. Authentication

A

B. Non- Repudiation

114
Q

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

A. Burp
B. Whisker
C. tcpslice
D. Hydra

A

C. tcpslice

115
Q

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

A. A web server and the database server facing the Internet, an application server on the internal network.
B. A Web server facing the internet, an application server on the internal network, a database server on the
internal network.
C. All three servers need to be place internally
D. All three servers need to face the Internet, so they can communicate between themselves.

A

B. A Web server facing the internet, an application server on the internal network, a database server on the
internal network.

116
Q

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

A. ESP confidential
B. AH Tunnel mode
C. AH promiscuous
D. ESP transport

A

D. ESP transport

117
Q

Which of the following programming languages is not susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?
Code:

#include
int main () {
char buffer[8];
strcpy(buffer,""11111111111111111111111111111"");
}

Output:
Segmentation fault

A. C++
B. Java
C. C#
D. Python

A

B. Java

118
Q

A pen tester is configuring a windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

A. Libpcap
B. Winprom
C. Winpcap
D. Winpsw

A

C. Winpcap

119
Q

If you want to scan even fewer ports than the default 1000 Nmap scans, which option would you use?

A. -r
B. -sP
C. -F
D. -P

A

C. -F

120
Q

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

A. Cavity virus
B. Stealth virus
C. Tunneling virus
D. Polymorphic virus

A

C. Tunneling virus

121
Q

The network team has well established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration you notice a recently implemented rule but can’t locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

A. Immediately roll back the firewall rule until a manager can approve it.
B. Don’t roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon
as possible.
C. Have the network team document the reason why the rule was implemented without prior manager
approval.
D. Monitor all traffic using the firewall rule until a manager can approve it.

A

C. Have the network team document the reason why the rule was implemented without prior manager
approval.

122
Q

Which is faster: passive reconnaissance or active reconnaissance?

A. passive reconnaissance
B. active reconnaissance
C. They are the same

A

B. active reconnaissance

123
Q

During an investigation you discover that a blacklisted IP is being communicated from within your network from specific internal devices, meaning these devices are compromised. What is likely the kind of attack depicted?

A. Rootkit Attack
B. Advanced Persistent Threats
C. Spear Phishing Attack
D. Botnet Attack

A

B. Advanced Persistent Threats

124
Q

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

A. Intrusion Detection Systems require constant update of the signature library
B. Intrusion Detection Systems can examine the contents of the data in context of the network protocol
C. Intrusion Detection Systems can be configured to distinguish specific content in network packets
D. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

A

D. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

125
Q

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible
threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing - Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str…corporate network. What tool should the analyst use to perform a Blackjacking attack?

A. BBCrack
B. Blooover
C. Paros Proxy
D. BBProxy

A

D. BBProxy

126
Q

Which of the following is incorrect concerning the associated
ranges?

A. 802.16(WiMax) = 30 miles
B. 802.11g = 150ft
C. 802.11a = 150ft
D. 802.11b = 150ft

A

C. 802.11a = 150ft

127
Q

Which of the following is NOT correct about the usefulness of vulnerability scanning:

A. Provide information on how to mitigate discovered vulnerabilities
B. Provide the environment to be able to safely penetrate vulnerable systems
C. Provide information on targets for penetration testing
D. Check compliance with host application usage and security policies

A

B. Provide the environment to be able to safely penetrate vulnerable systems

128
Q

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account’s confidential files and information; How can he achieve this?

A. Hacking Active Directory
B. Port Scanning
C. Privilege Escalation
D. Shoulder-Surfing

A

C. Privilege Escalation

129
Q

Which of the following is considered to be one of the most reliable forms of TCP scanning?

A. NULL Scan
B. TCP Connect/Full Open Scan
C. Half-open Scan
D. Xmas Scan

A

B. TCP Connect/Full Open Scan

130
Q

The systems administrator for one of your clients has just called you, explaining that one of their critical servers has been breached. You let her know that your incident response team is on the way, and instruct her not to power off the compromised system at this time.

A. Actually, the correct procedure in this case is to power of the server. This helps prevent the attacker from
spreading deeper into the network.
B. The incident response team needs to retrieve information stored in volatile memory such as RAM.
C. The attacker may have placed a logic bomb, which will trigger when the shutdown command is issued.
D. This will alert the attacker that they’ve been discovered, promoting them to delete data or install ransomware
before their foothold in the network is served.

A

B. The incident response team needs to retrieve information stored in volatile memory such as RAM.

131
Q

A hacker gained access to database with logins and hashed passwords. To speed up cracking these passwords the best method would be:

A. Rainbow tables
B. Collision
C. Decryption
D. Brute force

A

A. Rainbow tables

132
Q

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

A. Netstumbler
B. Abel
C. Nessus
D. Kismet

A

D. Kismet

133
Q

Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms ?

A. Key districution
B. Security
C. Scalability
D. Speed

A

D. Speed

134
Q

The I.T. Helpdesk at XYZ Company has begun receiving several phone calls from concerned staff regarding a suspicious email they have received. One employee has forwarded a copy of the suspicious email to you for further investigation. Your manager is asking for immediate information to determine if this is a phishing attack. The email message looks like this:

From: news@xyzcompany.com
To: jdoe@xyzcompany.com
Date: 4/10/17 2:35 pm
Subject: New corporate HR sign up today!
Priority: High

You want to quickly determine who sent this email message so you look at the envelope headers and see this information:

Received from known (209.85.213.50)
by mail.xyzcompany.com
id 2BqvU15YHBK: 10 Apr 2017 14:33:50

You perform a DNS query to determine more information about 209.85.213.50 but no record is found.

What website will allow you to quickly find out more information about 209.85.213.50 including the owner of the IP address?

A. https://www.tucowsdomains.com/whois
B. https://whois.arin.net
C. https://www.networksolutions.com/whois
D. https://www.godaddy.com/whois

A

B. https://whois.arin.net

135
Q

To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such an audit?

A. Protocol analyzer
B. Port scanner
C. Vulnerability scanner
D. Intrusion Detection System

A

C. Vulnerability scanner

136
Q

Which of the following statements is TRUE?

A. Sniffers operate at layer 3
B. Sniffers operate at layer 1
C. Sniffers operate at layer 4
D. Sniffers operate at Layer 2 of the OSI model.

A

D. Sniffers operate at Layer 2 of the OSI model.

Data-Link Layer

137
Q

What would you enter if you wanted to perform a stealth scan using Nmap?

A. nmap -sM
B. nmap -sU
C. nmap -sS
D. nmap -sT

A

C. nmap -sS

138
Q

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the
information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

A. Proper chain of custody was not observed while collecting the logs.
B. The network devices are not all synchronized.
C. The security breach was a false positive.
D. The attacker altered or erased events from the logs.

A

D. The attacker altered or erased events from the logs.

139
Q

Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message, The technique provides ‘security through obscurity’.

What technique is Ricardo using?

A. Steganography
B. RSA algorithm
C. Public-key cryptography
D. Encryption

A

A. Steganography

140
Q

Code injection is a form of attack in which a malicious user:

A. Inserts text into a data field that gets interpreted as code
B. Gains access to the codebase on the server and inserts new code
C. Gets the server to execute arbitrary code using a buffer overflow.
D. Inserts additional code into the JavaScript running in the browser.

A

A. Inserts text into a data field that gets interpreted as code

141
Q

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?

A. Both pharming and phishing attacks are purely technical and are not considered forms of social engineering
B. Both pharming and phishing attacks are identical
C. In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or
by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that
is either misspelled or looks similar to the actual websites domain name
D. In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by
exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either
misspelled or looks very similar to the actual websites domain name

A

C. In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or
by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that
is either misspelled or looks similar to the actual websites domain name

142
Q

An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order should he perform these steps?

A. The port scan alone is adequate, This way he saves time.
B. The sequence does not matter. Both steps have to be performed against all hosts.
C. First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.
D. First the ping sweep to identify live hosts and then the port scan on the live hosts. The way he saves time.

A

D. First the ping sweep to identify live hosts and then the port scan on the live hosts. The way he saves time.

143
Q

What is not a PCI compliance recommendation?

A. Use a firewall between the public network and the payment card data
B. Use encryption to protect all transmission of card holder data over any public network.
C. Rotate employees handling credit card transactions on a yearly basis to different departments.
D. Limit access to card holder data to as few individuals as possible.

A

C. Rotate employees handling credit card transactions on a yearly basis to different departments.

144
Q

When a security analyst prepares for the formal security assessment - what of the following should be done to determine inconsistencies in the secure assets database and verify that the system is compliant to the minimum security baseline?

A. Source code review
B. Interviewing employees and network engineers
C. Reviewing the firewalls configuration
D. Data items and vulnerability scanning

A

D. Data items and vulnerability scanning

145
Q

Which of the following steps for risk assessment methodology refers to vulnerability identification?

A. Determines risk probability that vulnerability will be exploited (High, Medium, Low)
B. Determine if any flaws exist in systems, policies or procedures
C. Identify sources of harm to an IT system. (Natural, Human, Environmental)
D. Assigns values to risk probabilities, Impact values.

A

B. Determine if any flaws exist in systems, policies or procedures

146
Q

Which is the first step followed by vulnerability scanners for scanning a network?

A. Checking to see if the remote host is alive
B. Firewall detection
C. OS Detection
D. TCP / UDP Port scanning

A

A. Checking to see if the remote host is alive

147
Q

What is the role of test automation in security testing?

A. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup
inconsistencies
B. It is an option but it tends to be very expensive
C. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace
manual testing completely.
D. Test automation is not usable in security due to the complexity of the tests

A

C. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

148
Q

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

A. Maltego
B. Metasploit
C. Wireshark
D. Cain and Abel

A

A. Maltego

149
Q

Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT security. Several information security issues Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc. After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons. Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand the importance of keeping confidential information a secret?

A. Developing a strict information security policy
B. Conducting a one to one discussion with the other employees about the importance of information security
C. Information security awareness training
D. Warning to those who write password on a post it note and put it on his/her desk

A

C. Information security awareness training

150
Q

These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hacker are we talking about?

A. Black-Hat Hackers
B. Script Kiddies
C. Gray-Hat Hacker
D. White-Hat Hackers

A

B. Script Kiddies

151
Q

_________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types.

A. Resource records
B. Zone transfer
C. Resource transfer
D. DNSSEC

A

D. DNSSEC

152
Q

Which Intrusion Detection System is most applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

A. Host-based intrusion detection system (HIDS)
B. Firewalls
C. Honeypots
D. Network-based intrusion detection system (NIDS)

A

D. Network-based intrusion detection system (NIDS)

153
Q

During a Xmas scan what indicates a port is closed?

A. ACK
B. SYN
C. No return response
D. RST

A

D. RST

154
Q

What is the difference between the AES and RSA algorithms?

A. AES is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
B. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
C. Both are symmetric algorithms, but AES uses 256-bit keys.
D. Both are asymmetric algorithms, but RSA uses 1024-bit keys.

A

B. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.

155
Q

Which of the following Nmap commands will produce the following output?

Output:
Starting Nmap 6.47 (http://nmap.org) at 2015-05-26 12:50 EDT
Nmap scan report for 192.168.1.1
Host is up (0.00042s latency).
Not shown: 65530 open|filtered ports, 65529 filtered ports
PORT STATE SERVICE
111/tcp open rpcbind
999/tcp open garcon
1017/tcp open unknown
1021/tcp open exp1
1023/tcp open netvenuechat
2049/tcp open nfs
17501/tcp open unknown
111/udp open rpcbind
123/udp open ntp
137/udp open netbios-ns
2049/udp open nfs
5353/udp open zeroconf
17501/udp open|filtered unknown
51857/udp open|filtered unknown
54358/udp open|filtered unknown
56228/udp open|filtered unknown
57598/udp open|filtered unknown
59488/udp open|filtered unknown
60027/udp open|filtered unknown

A. nmap -sT -sX -Pn -p 1-65535 192.168.1.1
B. nmap -sN -Ps -T4 192.168.1.1
C. nmap -sS -Pn 192.168.1.1
D. nmap -sS -sU -Pn -p 1-65535 192.168.1.1

A

D. nmap -sS -sU -Pn -p 1-65535 192.168.1.1

156
Q

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?

A. There is no need for specific security measures on the network elements as long as firewalls and IPS systems
exist
B. The operator knows that attacks and down time are inevitable and should have a backup site
C. Network elements must be hardened with user ids and strong passwords. Regular security tests and
audits should be performed.
D. As long as the physical access to the network elements is restricted, there is no need for additional measures

A

C. Network elements must be hardened with user ids and strong passwords. Regular security tests and
audits should be performed.

157
Q

You want to do an ICMP scan on a remote computer using hping2.

What is the proper syntax?

A. hping2 -i host.domain.com
B. hping2 host.domain.com
C. hping2 –set-ICMP host.domain.com
D. hping2 -1 host.domain.com

A

D. hping2 -1 host.domain.com

158
Q

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

What is the closest approximate cost of this replacement and recovery operation per year?

A. $440
B. $100
C. $146
D. $1320

A

C. $146

159
Q
#!/usr/bin/python
import socket
buffer=[""A""]
counter=50
while len(buffer) <=100:
buffer.append(""A""*counter)
counter=counter+50
commands=[""HELP"",""STATS ."",""RTIME ."",""LTIME ."",""SRUN
."",""TRUN ."",""GMON ."",""GDOG ."",""KSTET ."",""GTER
."",""HTER ."",""LTER ."",""KSTAN .""]
for command in commands:
for buffstring in buffer:
print ""Exploiting "" +command +"":""+str(len(buffstring))
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(('127.00.1',9999))
s.recv(50)
s.send(command + buffstring)
s.close ()

A. Bruteforce
B. Encryption
C. Denial-of-service (DoS)
D. Buffer Overflow

A

D. Buffer Overflow

160
Q

In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of emails?

A. Tools that will reconfigure a mail server’s relay component to send the e-mail back to the spammers occasionally.
B. A blacklist of companies that have their mail server relays configured to be wide open.
C. A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name.
D. Mail relaying, which is a technique of bouncing e-mail from internal to external mail servers continuously.

A

B. A blacklist of companies that have their mail server relays configured to be wide open.

161
Q

Which utility will tell you in real time which ports are listening or in another state?

A. Loki
B. Netstat
C. Nmap
D. TCPView

A

B. Netstat

162
Q

Module Search results are sorted by Disclosure date descending by default.

True
False

A

True

163
Q

Which of the following programs is usually targeted at Microsoft Office products?

A. Macro virus
B. Polymorphic virus
C. Multipart virus
D. Stealth virus

A

A. Macro virus

164
Q

Using spoofed IP address to generate port responses during a scan while using a SYN flag is a technique related to:

A. FIN
B. XMAS
C. IDLE (side-channel)
D. SYN

A

C. IDLE (side-channel)

165
Q

Which of the following is an incorrect definition or characteristic concerning SOAP?

A. Based on XML
B. Only compatible with the application protocol HTTP
C. Exchanges data between web services.
D. Provides a structured model for messaging

A

B. Only compatible with the application protocol HTTP

166
Q

Which of the following is an adaptive SQL injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

A. Static Testing
B. Fuzzing Test
C. Static Testing
D. Dynamic Testing

A

B. Fuzzing Test

167
Q

In order to have an anonymous Internet surf, which of the following is best choice?

A. Use SSL sites when entering personal information
B. Use public VPN
C. Use Tor network with multi-node
D. Use shared wifi

A

C. Use Tor network with multi-node

168
Q

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

A. Session hijacking
B. Brute-force attack
C. Man-in-the-middle attack
D. Dictionary attack

A

D. Dictionary attack

169
Q

Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious java scripts. After opening one of them he noticed that it’s very hard to understand the code and all code differs from typical java script. What is the name of this technique to hide the code and extend analysis time?

A. Steganography
B. Encryption
C. Obfuscation
D. Code encoding

A

C. Obfuscation

170
Q

Which service in a PKI will vouch for the identity of an individual or company?

A. CA
B. CR
C. KDC
D. CBC

A

A. CA

171
Q

What is used to prove that someone did something without a doubt. For example, can’t deny sending an email?

A. Authentication
B. Confidentiality
C. Non-repudiation
D. Integrity

A

C. Non-repudiation

172
Q

You were hired by a small health provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

A. Use a scan tool like Nessus
B. Use the built in Windows Update utility.
C. Create a disk image of a clean Windows installation
D. Check MITRE.org for the latest list of CVE findings

A

A. Use a scan tool like Nessus

173
Q

nmap -sX host.site.com

An attacker scans a host with the below command. Which three flags are set?

A. This is a XMAS scan. SYN and ACK flags are set.
B. This is a Xmas scan. URG, PUSH, FIN are set.
C. This is a ACK scan. ACK flag is set.
D. This is a SYN scan. Syn flag is set.

A

B. This is a Xmas scan. URG, PUSH, FIN are set.

174
Q

When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can
test parameter and headers manually to get more precise results than if using web vulnerability scanners.

What proxy tool will help you find web vulnerabilities?

A. Proxychains
B. Maskgen
C. Burpsuite
D. Dimitry

A

C. Burpsuite

175
Q

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

A. Snort
B. Nessus
C. Nmap
D. Cain & Abel

A

A. Snort

176
Q

An attacker tries to do banner grabbing on a remote web server and executes the following command. $nmap -sV host.domain.com -p 80 He gets the following output.

Starting Nmap 6.47 (http://nmap.org) at 2014-12-08 19:10 EST Nmap scan report for host.domain.com (108.61.158.211) Host is up (0.032s latency). PORT STATE SERVICE VERSION 80/tcp open http Apache httpd
Service detection performed. Please report any incorrect results at http://nmap.org/submit/. Nmap done: 1 IP address (1 host up) scanned in 6.42 seconds

What did the hacker accomplish?

A. nmap can’t retrieve the version number of any running remote service.
B. The hacker failed to do banner grabbing as he didn’t get the version of the Apache web server
C. The hacker successfully completed the banner grabbing.
D. The hacker should’ve used nmap -O host.domain.com

A

B. The hacker failed to do banner grabbing as he didn’t get the version of the Apache web server

177
Q

You’re the security administrator of a company. You got an alert from your IDS that indicates one of the PC’s on your intranet connected to a blacklisted IP address (C2 Server) on the Internet. The ip address was blacklisted just before the alert. You are starting an investigation to
find out the severity of the situation. Which of the following would you analyze first?

A. IDS log
B. Event logs on the PC
C. Internet Firewall/Proxy log
D. Event logs on your Domain Controller.

A

C. Internet Firewall/Proxy log

178
Q

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28

Why he cannot see the servers?

A. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that
range
B. He needs to change the address to 192.168.1.0 with the same mask
C. He needs to add the command ““ip address”” just before the IP address
D. The network must be down and the nmap command and IP address are ok

A

A. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that
range

179
Q

Gavin owns a white-hat firm, and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfiguration and outdated software versions. Which of the following tools is he most likely using?

A. Nmap
B. Armitage
C. Nikto
D. Metasploit

A

C. Nikto

180
Q

Due to a slow down of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

A. All of the employees would stop normal work activities
B. Not informing the employees that they are going to be monitored could be an invasion of privacy.
C. The network could still experience traffic slow down.
D. IT department would be telling employees who the boss is

A

B. Not informing the employees that they are going to be monitored could be an invasion of privacy.

181
Q

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

A. An authentication system that creates one-time passwords that are encrypted with secret keys
B. A biometric system that bases authentication decisions on behavioral attributes
C. An authentication system that uses passphrases that are converted into virtual passwords
D. A biometric system that bases authentication decisions on physical attributes.

A

A. An authentication system that creates one-time passwords that are encrypted with secret keys

182
Q

Jason, a system administrator at Infosec Institute, concluded one day that a DMZ is not needed in the environment if firewalls are configured properly to allow access to servers and ports which should have direct access to the internet. Jason also says that DMZ’s only make sense when a stateful firewall is available. What would you assess about Jason’s assumptions?

A. He doesn’t need seperate networks. So there’s no point for DMZ’s.
B. Jason is exactly right. DMZ’s are no longer used.
C. Jason is completely wrong. DMZ’s are always relevant when a organization has internet servers and workstations and other devices not intended to have direct access from the internet.
D. Jason could be right. DMZ’s are only useful when combined with stateful firewalls.

A

C. Jason is completely wrong. DMZ’s are always relevant when a organization has internet servers and workstations and other devices not intended to have direct access from the internet.

183
Q

The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:

Time:Mar 12 17:30:15
Port: 20 
Source: 192.168.1.103 
Destination: 192.168.1.106 
Protocol: TCP
Time: Mar 13 17:30:17 
Port: 21 
Source: 192.168.1.103
Destination: 192.168.1.106 
Protocol: TCP 
Time: Mar 13 17:30:19 
Port: 22
Source: 192.168.1.103 
Destination 192.168.1.106 
Protocol: TCP 
Time: Mar 13 17:30:21 
Port: 23 
Source: 192.168.1.103 
Destination: 192.168.1.106
Protocol: TCP 
Time: Mar 13 17:30:22 
Port: 25 
Source: 192.168.1.103
Destination: 192.168.1.106
Protocol: TCP 
Time: Mar 12 17:30:23 
Port: 80 
Source: 192.168.1.103
Destination: 192.168.1.106 
Protocol: TCP 
Time: Mar 13 17:30:30 
Port: 443
Source: 192.168.1.103 
Destination: 192.168.1.106 
Protocol: TCP 

What type of activity has been logged?

A. Teardrop attack targeting 192.168.1.106
B. Port scan targeting 192.168.1.103
C. Port scan targeting 192.168.1.106
D. Denial of service attack targeting 192.168.1.103

A

C. Port scan targeting 192.168.1.106

184
Q

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files and one is a binary file named nc (netcat). The logs show the user logged in anonymously, uploaded the files, extracted the
contents and ran the script using a function provided by the ftp servers software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability had to have existed to make this remote attack possible?

A. Brute Force Login
B. File system permissions
C. Directory Traversal (might be spelled wrong on the real test)
D. Privilege Escalation

A

B. File system permissions

185
Q

Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

A. Compound SQLi
B. Blind SQLi
C. DMS-specific SQLi
D. Classic SQLi

A

B. Blind SQLi

186
Q

Which of the following provides a security professional with the most information about the system’s security posture?

A. port scanning, banner grabbing, service identification
B. phishing, spamming, sending trojans
C. wardriving, warchalking, social engineering
D. social engineering, company site browsing, tailgating

A

A. port scanning, banner grabbing, service identification

187
Q

Darius is analyzing logs from IDS. He wants to understand what have triggered one alert and verify if it’s true positive or false positive. Looking at the logs he copy and paste basic details like below:

source IP: 192.168.21.100
source port: 80
destination IP: 192.168.10.23
destination port: 63221
What is the most proper answer:

A. This is most probably true negative.
B. This is most probably false - positive, because an alert triggered on reversed traffic.
C. This is probably true positive which triggered on secure communication between client and server.
D. This is probably false - positive because IDS is monitoring one direction traffic.

A

D. This is probably false - positive because IDS is monitoring one direction traffic.

188
Q

Which of the following techniques are NOT relevant in preventing arp spoof attack?

A. Kernel based patches
B. Static MAC Entries
C. Arpwatch
D. Secure ARP Protocol

A

A. Kernel based patches

189
Q

Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

A. Information protection policy
B. Network security policy
C. Remote access policy
D. Access control policy

A

C. Remote access policy

190
Q

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities Example:allintitle:root passwd

A. Gaining access
B. Scanning and Enumeration
C. Reconnaissance
D. Maintaining Access

A

C. Reconnaissance

191
Q

Which of the below encryption algorithms are the fastest?

A. SHA-2
B. SHA-1
C. ECC
D. AES

A

D. AES

192
Q

……. is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a
laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting user by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.

Fill in the blank with appropriate choice.

A. Evil Twin Attack
B. Sinkhole Attack
C. Signal Jamming Attack
D. Collision Attack

A

A. Evil Twin Attack

193
Q

You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection System (NIDS).

What is the best say to evade the NIDS?

A. Alternate Data Streams
B. Encryption
C. Protocol Isolation
D. Out of band signalling

A

B. Encryption

194
Q

What is the purpose of DNS AAAA record?

A. Address database record
B. Authorization, Authentication and Auditing record
C. IPv6 address resolution record
D. Address prefix record

A

C. IPv6 address resolution record

195
Q

command = ping -* 6 192.168.0.101

output =
pinging 192.168.0.101 with 32 bytes of data:
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.101:
Packets: Sent=6, Received=6, Lost=0(0% loss)

What actually goes where the -* is to complete this command and make it work as illustrated? (the * is used to subsititute for what would go there if the command were real, which is what you are supposed to answer).

A. ‘t
B. ‘n
C. ‘a
D. ‘s

A

B. ‘n

196
Q

Nedved is an IT Security Manager of a Bank is his country. One day,he found out that there is a security breach to his company’s email server based on analysis of a suspicious connection from the email server to an unknown IP address.

A. Migrate the connection to the backup email server
B. Leave it be and contact the incident response team right away
C. Blocks the connection to the suspicious IP address from the firewall
D. Disconnects the email server from the network

A

B. Leave it be and contact the incident response team right away

197
Q

Darius is analyzing IDS logs. During the investigation he noticed that there were nothing suspicious found and an alert triggered on normal web application traffic. He can mark this alert as:

A. False-Negative
B. False-Positive
C. False-Signature
D. True-Positive

A

B. False-Positive

198
Q

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd How can he use it?

A. He can open it and read the user ids and corresponding passwords.
B. The password file does not contain the passwords themselves.
C. He cannot read it because it is encrypted
D. The file reveals the passwords to the root user only.

A

B. The password file does not contain the passwords themselves.

199
Q

Max saw a guy (Mario) who looked like a janitor who was holding a lot of boxes. Max held the door open for Mario. Mario was able to access the company without identification. What kind of attack is this?

A. Phishing
B. Tailgating
C. None of them
D. Session Hijacking

A

B. Tailgating

200
Q

Which of the following is the successor of SSL?

A. IPSec
B. TLS
C. GRE
D. RSA

A

B. TLS

201
Q

The “white box testing” methodology enforces what kind of restriction?

A. The internal operation of a system is only partly accessible to the tester.
B. The internal operation of a system is completely known to the tester.
C. Only the internal operation of a system is known to the tester.
D. Only the external operation of a system is accessible to the tester.

A

B. The internal operation of a system is completely known to the tester.

202
Q

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

A. openssl_client-site www.website.com:443
B. openssl s_client-connect www.website.com:443
C. openssl s_client-site www.website.com:443
D. openssl s_client www.website.com:443

A

B. openssl s_client-connect www.website.com:443

203
Q

Which of the following act requires employers standard national numbers to identify them on standard transactions?

A. DCMA
B. HIPAA
C. PCI-DSS
D. SOX

A

B. HIPAA

204
Q

If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

A. TCP SYN
B. Idle Scan
C. TCP Connect scan
D. Spoof Scan

A

C. TCP Connect scan

205
Q

This asymmetry cipher is based on factoring the product of two large prime number. What cipher is described above ?

A. MD5
B. RSA
C. SHA
D. RC5

A

B. RSA

206
Q

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?

A. Botnet Trojan
B. Turtle Trojans
C. Ransomware Trojans
D. Banking Trojans

A

A. Botnet Trojan

207
Q

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

A. if (source matches 10.20.20.1 and destination matches 10.10.0/24 and port matches 443) then permit.
B. if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
C. if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit.
D. if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

A

C. if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit.

208
Q

This anti-virus analysis method works by executing malicious code on a virtual machine to simulate CPU and memory activities.

A. Code emulation
B. Heuristic Analysis
C. Integrity checking
D. Scanning

A

A. Code emulation

209
Q

It is discovered that someone has caused information leakage on your computer (might be referred to as spillage). You disconnect it from the network, power it down and remove the keyboard and mouse. What step in incident handling did you just complete?

A. Containment
B. Discovery
C. Recovery
D. Eradication

A

A. Containment

210
Q

In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data through a technique known as wardriving.

Which Algorithm is this referring to?

A. Temporal Key Integrity Protocol (TKIP)
B. Wi-Fi Protected Access 2 (WPA2)
C. Wired Equivalent Privacy (WEP)
D. Wi-Fi Protected Access (WPA)

A

C. Wired Equivalent Privacy (WEP)

211
Q

What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it’s made on the provider’s environment.

A. Cloud based
B. Honypot based
C. Heuristics based
D. Behavioral based

A

A. Cloud based

212
Q

An attacker changes the profile picture information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.
< /iframe >

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

A. Cross-Site Scripting
B. Cross-Site Request Forgery
C. Browser Hacking
D. SQL Injection

A

B. Cross-Site Request Forgery

213
Q

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

A. False-negative
B. False-positive
C. Backdoor
D. Brute force attack

A

B. False-positive

214
Q

Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

A. nmap -p 445 -n - T4 –open 10.1.0.0/16
B. nmap -s 445 -sU -T5 10.1.0.0/16
C. nmap -p 445 –max -Pn 10.1.0.0/16
D. nmap -sn -sF 10.1.0.0/16 445

A

A. nmap -p 445 -n - T4 –open 10.1.0.0/16

215
Q

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various
aspects in information security such as data confidentiality, data integrity, authentication, and non repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and
electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce. Basic example to understand how cryptography works is given below:

SECURE (plain text) +1 (+1 next letter. for example, the letter ““T”” is used for ““S”” to encrypt.) TFDVSF (encrypted text) + = logic => Algorithm 1= Factor => Key
Which of the following choices are true about cryptography?

A. Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared
session key and to achieve a communication way.
B. Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext
C. Algorithm is not the secret, key is the secret.
D. Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for
encrypt.

A

C. Algorithm is not the secret, key is the secret.

216
Q

There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data result in the same value is ?

A. Polymorphism
B. Escrow
C. Collusion
D. Collision

A

D. Collision

217
Q

Why is a penetration test considered to be more thorough than vulnerability scan?

A. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
B. It is not - a penetration test is often performed by an automated tool, while a vulnerability scan requires active
engagement.
C. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability
scan does not typically involve active exploitation.
D. Vulnerability scans only do host discovery and port scanning by default.

A

C. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability
scan does not typically involve active exploitation.

218
Q

You have compromised a server. You want to communicate and pivot traffic from one place to the next over the network securely and evade detection by IDS, etc. What is the best approach?

A. Install cryptcat and encrypt all outgoing packets from this server.
B. Use Http
C. Install and use telnet which is by default encrypted.
D. Use ADS

A

A. Install cryptcat and encrypt all outgoing packets from this server.

219
Q

During the Evidence Gathering and Handling phase of the incident response, what is the most important thing to do?

A. Creating detailed notes about lessons learned from the incident.
B. Recording the date and time when evidence is gathered, and the location where the evidence is stored.
C. Recording what is discussed at every incident response meeting.
D. Reviewing the evidence in careful detail to identify the attacking hosts.

A

B. Recording the date and time when evidence is gathered, and the location where the evidence is stored.

220
Q

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, president, or managers. The time a hacker spends performing research to locate this information about a company is known as?

A. Exploration
B. Enumeration
C. Investigation
D. Reconnaissance

A

D. Reconnaissance

221
Q

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

A. Public
B. Shared
C. Private
D. Root

A

C. Private

222
Q

Identify the web application attack where attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

A. LDAP Injection attack
B. Cross Site Request Forgery (CSRF)
C. SQL Injection attack
D. Cross Site Scripting (XSS)

A

D. Cross Site Scripting (XSS)

223
Q

Which of the following is true hash type and sort order that is utilized when using psexec’s smbpass option?

A. LM:NTLM
B. LM:NT
C. NTLM:LM
D. NT:LM

A

A. LM:NTLM

224
Q

What term describes the amount of risk that remains after the vulnerabilities are classified, and the countermeasures have been deployed?

A. Impact risk
B. Inherent risk
C. Residual risk
D. Deferred risk

A

C. Residual risk

225
Q

You are performing a penetration test for a client, and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain. If the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command

would you type at the nslookup prompt to attempt a zone transfer?

A. Is-d abccorp.local
B. Server 192.168.10.2 -t all
C. list server=192.168.10.2 type=all
D. list domain=abccorp.local type=zone

A

A. Is-d abccorp.local

226
Q

What is the main security service a cryptographic hash provides?

A. Integrity and computational infeasibility
B. Message authentication and collision resistance
C. Integrity and ease of computation
D. Integrity and collision resistance

A

D. Integrity and collision resistance

227
Q

You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24.

What command would you use?

A. wireshark–capture–local–maksed 192.168.8.0–range 24
B. sudo tshark -f”net 192.168.8.0/24”
C. tshark-net 192.255.255.255 mask 192.168.8.0
D. wireshark–fetch “192.168.8.*”

A

A. wireshark–capture–local–maksed 192.168.8.0–range 24

228
Q

Why containers are less secure that virtual machines?

A. Host OS on containers has a larger surface attack.Your answer
B. Containers may fulfill disk space of the host.
C. Containers are attached to the same virtual network.
D. A compromise container may cause a CPU starvation of the host.

A

C. Containers are attached to the same virtual network.

229
Q

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

A. Acceptable-use policy
B. Firewall-management policy
C. Permissive policy
D. Remote- access policy

A

C. Permissive policy

230
Q

John finished a C programming course and created a small C program to monitor network traffic and to produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all devices based on some thresholds. The solution is conceptually which of the following?

A. A hybrid IDS
B. A signature IDS
C. A behavioral IDS
D. Just a network monitoring tool.

A

C. A behavioral IDS

231
Q

What two conditions must a digital signature meet?

A. Has to be legit and neat.
B. Has to be unforgeable, and has to be authentic.
C. Has to be the same number of characters as a physical signature and must be unique.
D. Must be unique and have special characters.

A

B. Has to be unforgeable, and has to be authentic.

232
Q

What does mean the line 7 of the traceroute:

ark@debian-lxde:~$ traceroute -n 8.8.8.8
traceroute to 8.8.8.8(8.8.8.8), 30 hops max, 60 byte packets
1 192.168.2.1 0.914 ms 1.000 ms 1.054 ms
2 192.168.1.1 2.364 ms 1.983 ms 2.126 ms
3 ***
4 193.253.85.230 2.313 ms 3.021 ms 2.848 ms
5 81.253.182.230 3.086 ms 2.868 ms 4.077 ms
6 81.253.184.82 10.248 ms 10.268 ms 10.085 ms
7 81.52.200.209 6.970 ms 81.52.200.217 6.454 ms 81.52.200.2097.179 -ms
8 81.52.186.142 6.766 ms 7.278 ms 7.206 ms
9 209.85.244.252 8.847 ms 8.644 ms 8.639 ms
10 8.8.8.8 9.289 ms 9.123 ms 9.024 ms
ark@debian-lxde:~$

A. MPLS is used between router 6 and router 7
B. The traffic is encapsulated by a GRE tunnel between router 3 and *
C. The 81.52.200.217 address is a host which has redirected the traffic
D. Router 81.253.184.82 has two equivalent paths toward destination

A

C. The 81.52.200.217 address is a host which has redirected the traffic

233
Q

Developers at your company are creating a web application which will be available for use by anyone on the Internet. The developers have taken the approach of implementing a Three-Tier Architecture for the web application. The developers are now asking you which network should the Presentation Tier (front-end web server) be placed in?

A. DMZ network
B. Mesh network
C. Isolated vlan network
D. Internal network

A

A. DMZ network

234
Q

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implanted the necessary controls. After that another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with most business profit?

A. Accept the risk
B. Introduce more controls to bring risk to 0%
C. Mitigate the risk
D. Avoid the risk

A

A. Accept the risk

235
Q

You are tasked to configure to DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23. Which of the following IP addresses could be leased as a result of the configuration?

A. 10.1.5.200
B. 10.1.4.156
C. 10.1.255.200
D. 10.1.4.254

A

A. 10.1.5.200

10.1.4.0/24 = 10.1.4.1-255 or a mask of 255.255.255.0
10.1.4.0/23 = 10.1.4.1-10.1.5.255 or a mask of 255.255.254.0
A bit is borrowed from the mask to create an additional network (10.1.5 network).

236
Q

The database used by Metaspoilt Pro to store host data is

A. IBMDB2
B. Postgres DB
C. Oracle DB
D. MySQL

A

B. Postgres DB

237
Q

The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. Also he needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router no body can access to the ftp and the permitted hosts cannot access to the Internet. According to the next configuration what is happening in the network?
access-list 102 deny tcp any any
access-list 104 permit udp host 10.0.0.3 any
access-list 110 permit tcp host 10.0.0.2 eq www any
access-list 108 permit tcp any eq ftp any
access-list 102 deny tcp any any

A. The ACL 104 needs to be first because is UDP
B. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router
C. The ACL for FTP must be before the ACL 110
D. The ACL 110 needs to be changed to port 80

A

B. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

238
Q

An attacker using a rogue wireless AP, performed a MITM attack and injected HTML code to embed a malicious applet in all the HTTP connections. When users accessed any page, the applet ran and exploited many machines. Which of the following tools did the attacker probably use to inject the HTML code?

A. Ettercap
B. Tcpdump
C. Wireshark
D. Aircrack-ng

A

A. Ettercap

239
Q

When tuning security alerts, what is the best approach?

A. Raise false postives, raise false negatives
B. Decrease false negatives
C. Tune to avoid false positives and false negatives
D. Decrease false positives.

A

C. Tune to avoid false positives and false negatives

240
Q

A Multihomed firewall has a minimum of how many network connections?

A. 5
B. 2
C. 3
D. 4

A

B. 2

241
Q

Which regulation defines security and privacy controls for Federal information systems and organizations?

A. PCI-DSS
B. HIPAA
C. EU Safe Harbor
D. NIST-800-53

A

D. NIST-800-53

242
Q

Jim’s company regularly performs backups of their critical severs. But the company can’t afford to send backup tapes to an off-site vendor for long term storage and archiving. Instead Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes aren’t stored offsite. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

A. Degauss the backup tapes and transport them in a lock box.
B. Encrypt the backup tapes and use a courier to transport them.
C. Encrypt the backup tapes and transport them in a lock box.
D. Hash the backup tapes and transport them in a lock box.

A

C. Encrypt the backup tapes and transport them in a lock box.

243
Q

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

A. -O
B. -T5
C. -T0
D. -A

A

B. -T5

244
Q

Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

A. Protect the payload and the headers
B. Work at the Data Link Layer
C. Encrypt
D. Authenticate

A

B. Work at the Data Link Layer

245
Q

Which of the following is a series vulnerability in the popular OpenSSl cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet>

A. Heartbleed Bug
B. Shellshock
C. SSL/TLS Renegotiation Vulnerability
D. POODLE

A

A. Heartbleed Bug

246
Q

You are performing information gathering for an important penetration test. You have found pdf, doc,and images in your objective. You decide to extract metadata from these files and analyze it.

What tool will help you with the task?

A. Dimitry
B. Metagoofil
C. Armitage
D. cdpsnarf

A

B. Metagoofil

247
Q

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office wants to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

A. Smurf Attack
B. MAC flooding
C. ARP Poisoning
D. DNS spoofing

A

D. DNS spoofing

248
Q

You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the configuration of his Windows system you find two static routes:route add 10.0.0.0 mask 255.0.0.0 10.0.0.1route add 0.0.0.0 mask 255.0.0.0 199.168.0.1 What is
the main purpose of those static routes?

A. The first static route indicated that the internal traffic will use an external gateway and the second static route
indicates that the traffic will be rerouted
B. Both static routes indicate that the traffic is internal with different gateway
C. Both static routes indicate that the traffic is external with different gateway
D. The first static route indicates that the internal addresses are using the internal gateway and the
static route indicated that all the traffic that is not internal must go to and external gateway

A

D. The first static route indicates that the internal addresses are using the internal gateway and the
static route indicated that all the traffic that is not internal must go to and external gateway

249
Q

You have successfully logged on a linux system. You want now cover your track. Your login attempt may be logged on several files located in /var/log.

Which file does NOT belong to the list:

A. btmp
B. user.log
C. auth.log
D. wtmp

A

A. btmp

250
Q

Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?

A. Object Oriented Architecture
B. Lean Coding
C. Service Oriented Architecture
D. Agile Process

A

C. Service Oriented Architecture

251
Q

What does the -oX flag do in an Nmap scan?

A. Perform an eXpress scan
B. Output the results in XML format to a file
C. Perform a Xmas scan
D. Output the results in truncated format to the screen

A

B. Output the results in XML format to a file

252
Q

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to “www.MyPersonalBank.com”, that the user is directed to a phishing site.

Which file does the attacker need to modify?

A. Hosts
B. Sudoers
C. Networks
D. Boot.ini

A

A. Hosts

253
Q

Which of the following algorithms is used for Kerberos encryption?

A. DSA
B. ECC
C. DES
D. RSA

A

A. DSA

254
Q

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

A. Asymmetric cryptography is computationally expensive in comparison. However, it’s well-suited to
securely negotiate keys for use with symmetric cryptography.
B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
C. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric
encryption instead.
D. Symmetric encryption allows the server to securely transmit the session keys out-of-band.

A

A. Asymmetric cryptography is computationally expensive in comparison. However, it’s well-suited to
securely negotiate keys for use with symmetric cryptography.

255
Q

Jimmy is standing outside a secure entrance to a facility. He is pretending to having a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close. What just happened?

A. Tailgating
B. Phishing
C. Whaling
D. Masquerading

A

A. Tailgating

256
Q

What is the least important information when you analyse a public IP address in a security alert?]

A. Geolocation
B. Whois
C. DNS
D. ARP

A

D. ARP

257
Q

The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

A. ACK
B. SYN-ACK
C. RST
D. SYN

A

D. SYN

258
Q

Seth is starting a penetration test from inside the network. He hasn’t been given any information about the network. What type of test is he conducting?

A. Internal, Blackbox
B. External, Blackbox
C. Internal, Whitebox
D. External, Whitebox

A

A. Internal, Blackbox

259
Q

Which of the following is the best countermeasuer against encrypting Ransomware?

A. Use multiple antivirus softwares
B. Analyze the ransomware to get decryption keys of encrypted data
C. Keep some generation of off-line backup
D. Pay a ransom

A

C. Keep some generation of off-line backup

260
Q

This configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described.

A. Multicast
B. Port forwarding
C. WEM
D. Promiscuous Mode

A

D. Promiscuous Mode

261
Q

If you are dealing with a firewall misconfiguration that causes you to not be able to browse to websites by domain name, but you’re able to by entering the websites ip address, which port is likely being blocked to cause this issue?

A. Traffic is blocked on UDP port 80
B. Traffic is blocked on TCP port 54
C. Traffic is blocked on UDP port 53
D. Traffic is blocked on TCP port 80

A

C. Traffic is blocked on UDP port 53

262
Q

Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting

A. Results matching “accounting” in domain target.com but not on the site Marketing.target.com
B. Results matching all words in the query
C. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the
word accounting
D. Results for matches on target.com and Marketing.target.com that include the word “accounting”

A

A. Results matching “accounting” in domain target.com but not on the site Marketing.target.com