Questions 101-125

Question 1

Perspective clients want to see sample reports from previous penetration tests.
What should you do next?
A. Decline but, provide references.
B. Share full reports with redactions.
C. Share reports, after NDA is signed.
D. Share full reports, not redacted.

Answer 1

B. Share full reports with redactions.

Question 2

Which regulation defines security and privacy controls for Federal information systems and organizations?
A. EU Safe Harbor
B. HIPPA
C. NIST-800-53
D. PCI-DSS

Answer 2

C. NIST-800-53

Question 3

During a security audit of IT processes, an IS auditor found that there were no documented security
procedures. What should the IS auditor do?
A. Create a procedures document
B. Conduct compliance testing
C. Terminate the audit
D. Identify and evaluate existing practices

Answer 3

D. Identify and evaluate existing practices

Question 4

Which of these options is the most secure procedure for storing backup tapes?
A. In a climate controlled facility offsite
B. On a different floor in the same building
C. In a cool dry environment
D. Inside the data center for faster retrieval in a fireproof safe

Answer 4

A. In a climate controlled facility offsite

Question 5

You are using NMAP to resolve domain names into IP addresses for ping sweep later.
Which of the following commands looks for IP addresses?
A. >host -t a hackeddomain.com
B. >host -t ns hackeddomain.com
C. >host -t soa hackeddomain.com
D. >host -t AXFR hackeddomain.com

Answer 5

A. >host -t a hackeddomain.com

Question 6

You’ve just been hired to perform a pen test on an organization that has been subjected to a large-scale attack.
The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk.
What is one of the first things you should do when given the job?
A. Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.
B. Start the wireshark application to start sniffing network traffic.
C. Interview all employees in the company to rule out possible insider threats.
D. Establish attribution to suspected attackers.

Answer 6

A. Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.

Question 7

Which of the following is a component of a risk assessment?
A. Logical interface
B. DMZ
C. Physical security
D. Administrative safeguards

Answer 7

C. Physical security

Question 8

It is a vulnerability in GNU’s bash shell, discovered in September of 2014, that gives attackers access to run
remote commands on a vulnerable system. The malicious software can take control of an infected machine,
launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers).
Which of the following vulnerabilities is being described?
A. Rootshock
B. Shellbash
C. Shellshock
D. Rootshell

Answer 8

C. Shellshock

Question 9

Which of the following incident handling process phases in responsible for defining rules, collaborating human
workforce, creating a back-up plan, and testing the plans for an organization?
A. Recovery phase
B. Identification phase
C. Preparation phase
D. Containment phase

Answer 9

C. Preparation phase

Question 10

What is the most common method to exploit the “Bash Bug” or “ShellShock” vulnerability?
A. SYN Flood
B. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server
C. SSH
D. Manipulate format strings in text fields

Answer 10

B. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

Question 11

A medium-sized healthcare IT business decides to implement a risk management strategy.
Which of the following is NOT one of the five basic responses to risk?
A. Delegate
B. Avoid
C. Accept
D. Mitigate

Answer 11

A. Delegate

Question 12

To maintain compliance with regulatory requirements, a security audit of the systems on a network must be
performed to determine their compliance with security policies. Which one of the following tools would most
likely be used in such an audit?
A. Port scanner
B. Protocol analyzer
C. Intrusion Detection System
D. Vulnerability scanner

Answer 12

D. Vulnerability scanner

Question 13

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion
Detection Systems (IDS) of the network of an organization that has experienced a possible breach of security.
When the investigator attempts to correlate the information in all of the logs, the sequence of many of the
logged events do not match up.
What is the most likely cause?
A. The attacker altered or erased events from the logs.
B. Proper chain of custody was not observed while collecting logs.
C. The security breach was a false positive.
D. The network devices are not all synchronized.

Answer 13

D. The network devices are not all synchronized.

Question 14

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will
require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore
the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the
SLE, ARO, and ALE. Assume the EF = 1 (100%).
What is the closest approximate cost of this replacement and recovery operation per year?
A. $1320
B. $146
C. $440
D. $100

Answer 14

B. $146

Question 15

It is an entity or event with the potential to adversely impact a system through unauthorized access,
destruction, disclosure, denial of service or modification of data.
Which of the following terms best matches the definition?
A. Risk
B. Attack
C. Vulnerability
D. Threat

Answer 15

D. Threat

Question 16

A company’s security policy states that all Web browsers must automatically delete their HTTP browser
cookies upon terminating. What sort of security breach is the policy attempting to mitigate?
A. Attempts by attackers to access the user and password information stored in the company’s SQL database.
B. Attempts by attackers to access web sites that trust the Web browser user by stealing the user’s
authentication credentials.
C. Attempts by attackers to access passwords stored on the user’s computer without the user’s knowledge.
D. Attempts by attackers to determine the user’s web browser usage patterns, including when sites were
visited and for how long.

Answer 16

D. Attempts by attackers to determine the user’s web browser usage patterns, including when sites were
visited and for how long.

Question 17

What term describes the amount or risk that remains after the vulnerabilities are classified and the
countermeasures have been deployed?
A. Impact risk
B. Deferred risk
C. Residual risk
D. Inherent risk

Answer 17

C. Residual risk

Question 18

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer
Management Console from command line.
Which command would you use?
A. c:\ncpa.cpl
B. c:\services.msc
C. c:\compmgmt.msc
D. c:\gpedit

Answer 18

C. c:\compmgmt.msc

Question 19

Your company performs penetration tests and security assessments for small and medium-sized business in
the local area. During a routine security assessment, you discover information that suggests your client is
involved with human trafficking.
What should you do?
A. Confront the client in a respectful manner and ask her about the data.
B. Copy the data to removable media and keep it in case you need it.
C. Immediately stop work and contact the proper legal authorities.
D. Ignore the data and continue the assessment until completed as agreed.

Answer 19

C. Immediately stop work and contact the proper legal authorities.

Question 20

Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his
spouse the network’s SSID and password and you hear them both clearly. What do you do with this
information?
A. Nothing, but suggested him to change the network’s SSID and password.
B. Only use his network when you have large downloads so you don’t tax your own network.
C. Sell his SSID and password to friends that come to your house, so it doesn’t slow down your network.
D. Log onto his network, after all it’s his fall that you can get it in.

Answer 20

A. Nothing, but suggested him to change the network’s SSID and password.

Question 21

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is
tested there. If it passes, then it moves on to Sid. What is the middle step called?
A. Third party running the code
B. Sandboxing the code
C. Fuzzy-testing the code
D. String validating the code

Answer 21

B. Sandboxing the code

Question 22

An IT employee got a call from one of our best customers. The caller wanted to know about the company’s
network infrastructure, systems, and team. New opportunities of integration are in sight for both company and
customer. What should this employee do?
A. Since the company’s policy is about customer service, he/she will provide information.
B. The employee cannot provide any information; but, anyway, he/she will provide the name of the person in
charge.
C. Disregarding the call, the employee should hang up.
D. The employee should not provide any information without previous management authorization.

Answer 22

D. The employee should not provide any information without previous management authorization.

Question 23

Which tier in the N-tier application architecture is responsible for moving and processing data between the two
tiers?
A. Data tier
B. Presentation tier
C. Application Layer
D. Logic tier

Answer 23

D. Logic tier

Question 24

A well intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he
do?
A. Notify the web site owner so that corrective action can be taken as soon as possible to patch the
vulnerability.
B. Ignore it.
C. Try to sell the information to a well paying party on the dark web.
D. Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.

Answer 24

A. Notify the web site owner so that corrective action can be taken as soon as possible to patch the
vulnerability.

Question 25

Which acts as control mechanism allows for multiple systems to use a central authentication server (CAS) that
permits users to authenticate once and gain access to multiple systems?
A. Role based access control (RBAC)
B. Windows authentication
C. Discretionary access control (DAC)
D. Single sign-on

Answer 25

D. Single sign-on