Questions 1-25

Question 1

The “gray box testing” methodology enforces what kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. The internal operation of a system is completely known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. Only the internal operation of a system is known to the tester.

Answer 1

C. The internal operation of a system is only partly accessible to the tester.

Question 2

The “black box testing” methodology enforces which kind of restriction?
A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is completely known to the tester.
C. Only the external operation of a system is accessible to the tester.
D. The internal operation of a system is only partly accessible to the tester.

Answer 2

C. Only the external operation of a system is accessible to the tester.

Question 3

Under the “Post-attack Phase and Activities,” it is the responsibility of the tester to restore the systems to a pretest
state.
Which of the following activities should not included in this phase?
I. Removing all files uploaded on the system
II. Cleaning all registry entries
III. Mapping of network state
IV. Removing all tools and maintaining backdoor for reporting
A. III
B. IV
C. III and IV
D. All should be included

Answer 3

C. III and IV

Question 4

The “white box testing” methodology enforces what kind of restriction?
A. The internal operation of a system is only partly accessible to the tester.
B. Only the external operation of a system is accessible to the tester.
C. Only the internal operation of a system is known to the tester.
D. The internal operation of a system is completely known to the tester.

Answer 4

D. The internal operation of a system is completely known to the tester.

Question 5

A regional bank hires your company to perform a security assessment on their network after a recent data
breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?
A. Place a front-end web server in a demilitarized zone that only handles external web traffic.
B. Move the financial data to another server on the same IP subnet
C. Require all employees to change their passwords immediately
D. Issue new certificates to the web servers from the root certificate authority

Answer 5

A. Place a front-end web server in a demilitarized zone that only handles external web traffic.

Question 6

What is the process of logging, recording, and resolving events that take place in an organization?
A. Incident Management Process
B. Metrics
C. Internal Procedure
D. Security Policy

Answer 6

A. Incident Management Process

Question 7

Nation-state threat actors often discover vulnerabilities and hold on the them until they want to launch a
sophisticated attack. The Sutxnet attack was an unprecedented style of attack because it used four types of
vulnerability.
What is this style of attack called?
A. zero-hour
B. no-day
C. zero-day
D. zero-sum

Answer 7

C. zero-day

Question 8

What is the benefit of performing an unannounced Penetration Testing?
A. It is best to catch critical infrastructure unpatched.
B. The tester will have an actual security posture visibility of the target network.
C. Network security would be in a “best state” posture.
D. The tester could not provide an honest analysis.

Answer 8

B. The tester will have an actual security posture visibility of the target network.

Question 9

This international organization regulates billions of transactions daily and provides security guidelines to protect
personally identifiable information (PII). These security controls provide a baseline and prevent low-level
hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described?
A. International Security Industry Organization (ISIO)
B. Center for Disease Control (CDC)
C. Payment Card Industry (PCI)
D. Institute of Electrical and Electronics Engineers (IEEE)

Answer 9

C. Payment Card Industry (PCI)

Question 10

Which of the following incident handling process phases is responsible for defining rules, collaborating human
workforce, creating a backup plan, and testing plans for an organization?
A. Preparation phase
B. Identification phase
C. Recovery phase
D. Containment phase

Answer 10

A. Preparation phase

Question 11

It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles and electronic
medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures
are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.
Which of the following regulations best matches the description?
A. HIPAA
B. COBIT
C. FISMA
D. ISO/IEC 27002

Answer 11

A. HIPAA

Question 12

A security analyst is performing an audit on the network to determine if there are any deviations from the
security policies in place. The analyst discovers that a user from the IT department had a dial-out modem
installed. Which is security policy it must the security analyst check to see if dial-out modems are allowed?
A. Firewall management policy
B. Permissive policy
C. Remote access policy
D. Acceptable use policy

Answer 12

C. Remote access policy

Question 13

An enterprise recently moved to a new office in the new neighborhood is a little risky. The CEO wants to
monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?
A. Install a CCTV with cameras pointing to the entrance doors and the street
B. Use an IDS in the entrance doors and install some of them near the corners
C. Use lights in all the entrance doors and along the company’s perimeter
D. Use fences in the entrance doors

Answer 13

A. Install a CCTV with cameras pointing to the entrance doors and the street

Question 14

Which of the following security policies define the use of VPN for gaining access to an internal corporate
network?
A. Network Security policy
B. Access control policy
C. Remote access policy
D. Information protection policy

Answer 14

C. Remote access policy

Question 15

A newly discovered flaw in a software application would be considered which kind of security vulnerability?
A. Input validation flaw
B. 0-day vulnerability
C. Time-to-check to time-to-use flaw
D. HTTP header injection vulnerability

Answer 15

B. 0-day vulnerability

Question 16

It has been reported to you that someone has caused an information spillage on their computer. You go to the
computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in
incident handling did you just complete?
A. Recovery
B. Containment
C. Eradication
D. Discovery

Answer 16

B. Containment

Question 17

What network security concept requires multiple layers of security controls to be placed through out an IT
infrastructure, which improves the security posture of an organization to defend against malicious attacks or
potential vulnerabilities?
A. Network-Based Intrusion Detection System
B. Defense in depth
C. Security through obscurity
D. Host-Based Intrusion Detection System

Answer 17

B. Defense in depth

Question 18

Which type of security feature stops vehicles from crashing through the doors of a building?
A. Bollards
B. Mantrap
C. Receptionist
D. Turnstile

Answer 18

A. Bollards

Question 19

Seth is starting a penetration test from inside the network. He hasn’t been given any information about the
network. What type of test is he conducting?
A. External, Whitebox
B. External,Blackbox
C. Internal, Whitebox
D. Internal, Blackbox

Answer 19

D. Internal, Blackbox

Question 20

What is the role of test automation in security testing?
A. It is an option but it tends to be very expensive
B. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace
manual testing completely.
C. Test automation is not usable in security due to the complexity of the tests
D. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup
inconsistencies

Answer 20

B. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace
manual testing completely.

Question 21

Which protocol and port number might be needed in order to send log messages to a log analysis tool that
resides behind a firewall?
A. UDP 541
B. UDP 514
C. UDP 123
D. UDP 415

Answer 21

B. UDP 514

Question 22

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
A. Jack the ripper
B. nessus
C. tcpdump
D. ethereal

Answer 22

C. tcpdump

Question 23

In Risk Management, how is the term “likelihood” related to the concept of “threat?”
A. Likelihood is a possible threat-source that may exploit a vulnerability.
B. Likelihood is the probability that a threat-source will exploit a vulnerability.
C. Likelihood is the likely source of a threat that could exploit a vulnerability.
D. Likelihood is the probability that a vulnerability is a threat-source.

Answer 23

B. Likelihood is the probability that a threat-source will exploit a vulnerability.

Question 24

WPA2 uses AES for wireless data encryption at which of the following encryption levels?
A. 128 bit and CCMP
B. 128 bit and TKIP
C. 128 bit and CRC
D. 64 bit and CCMP

Answer 24

A. 128 bit and CCMP

Question 25

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
A. Read the first 512 bytes of the tape
B. Perform a full restore
C. Read the last 512 bytes of the tape
D. Restore a random file

Answer 25

B. Perform a full restore