Question Set (1)

Question 1

What is passive reconnaissance?

Answer 1

Passive reconnaissance does not directly impact, alert or establish any type of connection between the victim and the adversary.

Question 2

Which encryption was selected by NIST as the principle method of providing confidentiality after the DES algorithm?

Answer 2

AES

Question 3

What tool is able to conduct a Man-In-The-Middle attack on an 802.3 environment?

Answer 3

Cain & Able

Question 4

What is the difference between a traditional firewall and an IPS?

Answer 4

An IPS can dissect packets

Question 5

Why is it important to scan your target network slowly?

Answer 5

To avoid alerting the IDS

Question 6

What is the most cost effective way to prevent social engineering attacks?

Answer 6

Implement user awareness training

Question 7

In which phase within the ethical hacking framework do you alter or delete log information?

Answer 7

Covering tracks

Question 8

A hacker is conducting the following on the target workstation: nmap -sT 192.33.10.5 Which phase is the attacker in?

Answer 8

Scanning and enumeration

Question 9

Which encryption algorithm is a symmetric stream cipher

Answer 9

RC4

Question 10

What is the most important aspect when conducting a penetration test?

Answer 10

Receiving a formal written agreement

Question 11

You are CISO for a tech company. You need to implement an encryption cipher for your mobile devices. What encryption standard will you most likely chooose?

Answer 11

ECC: Elliptic Curve Cryptography requires less computational resources because it uses shorter keys compared to other asymmetric methods. It is often used in low-power devices for this reason.

Question 12

What does a SYN scan accomplish?

Answer 12

It establishes only a “half open” connection. It is used to detect open ports but does not complete the 3-way handshake.

Question 13

What is the major vulnerability for an ARP request?

Answer 13

The address request can be spoofed with the attacker’s MAC address.

Question 14

You are CISO of a website. It has been compromised. What is your most likely first course of action?

Answer 14

Restrict access to sensitive information

Question 15

In what phase is an attacker who is currently conducting a successful man-in-the-middle attack?

Answer 15

Maintaining access

Question 16

What method of exploitation allows the adversary to test for SQL queries within the URL?

Answer 16

SQL Injection

Question 17

What is the default TTL value for Microsoft Window 7 OS?

Answer 17

128

Question 18

Which input value would you utilize in order to evaluate and test for SQL injection vulnerabilities?

Answer 18

1’ or ‘1’ = 1

Question 19

What is the downside of using SSH with telnet when it comes to security?

Answer 19

You can not see what the adversary is doing.

Question 20

What year did the Ping of Death first appear?

Answer 20

1996

Question 21

Which of the following was most infectious:

a. Melisa
b. I Love You
c. Blue Cross
d. Stuxnet

Answer 21

The Melisa virus. The Melisa virus occurred on March 26, 1999 and infected over 100,000 computers within 3 days. It exploited the fact that macros were enabled by default in the MS Office Ste. The macro executed and emailed contacts found w/in MS Outlook.

Question 22

You receive a ticket from a user that their computer is slow and sometimes documents disappear or move location. You remote into the user’s computer to investigate. Where is the most likely place to see if any new processes have started?

Answer 22

The “Processes” tab in Task Manager

Question 23

What does a checksum indicate?

Answer 23

A checksum indicates that there were changes to the data during transit or at rest.

Question 24

What key strengths does RSA use?

Answer 24

1024 and 2048 bit key strengths as asymmetric encryption algorithms

Question 25

To provide non-repudiation for email, which algorithm would you choose to implement?

Answer 25

DSA (Digital Signature Algorithm) provides only non-repudiation for emails. It does not provide confidentiality, integrity or even authentication.