Questions 26-50

Question 1

An unauthorized individual enters a building following an employee through the employee entrance after the
lunch rush. What type of breach has the individual just performed?
A. Tailgating
B. Reverse Social Engineering
C. Piggybacking
D. Announced

Answer 1

A. Tailgating

Question 2

You are a security officer of a company. You had an alert from IDS that indicate one PC on your Intranet
connected to a blacklisted IP address(C2 Server) on the Internet. The IP address was blacklisted just before of
the alert. You are starting investigation to know the severity of situation roughly. Which of the following is
appropriate to analyze?
A. Event logs on domain controller
B. Event logs on the PC
C. Internet Firewall/Proxy log
D. IDS log

Answer 2

C. Internet Firewall/Proxy Log

Question 3

Code injection is a form of attack in which a malicious user:
A. Inserts additional code into the JavaScript running in the browser.
B. Gains access to the codebase on the server and inserts new code.
C. Inserts text into a data field that gets interpreted as code.
D. Gets the server to execute arbitrary code using a buffer overflow.

Answer 3

C. Insert text into a data field that gets interpreted as code.

Question 4

In which of the following cryptography attack methods, attacker makes a series of interactive queries, choosing
subsequent plaintexts based on the information from the previous encryptions?
A. Chosen-plaintext attack
B. Ciphertext-only attack
C. Adaptive chosen-plaintext attack
D. Known-plaintext attack

Answer 4

C. Adaptive chosen-plaintext attack

Question 5

When conducting a penetration test it is crucial to use all means to get all available information about the target
network. One of the ways to do that is by sniffing the network.Which of the following cannot be performed by
the passive network sniffing?
A. Collecting unencrypted information about usernames and passwords
B. Modifying and replaying captured network traffic
C. Capturing a network traffic for further analysis
D. Identifying operating systems, services, protocols and devices

Answer 5

B. Modifying and replaying captured network traffic

Question 6

If an attacker uses the command SELECT * FROM user WHERE name = ‘x’ AND userid IS NULL; –’; which
type of SQL injection attack is the attacker performing?
A. UNION SQL Injection
B. Tautology
C. End of Line Comment
D. Illegal/Logically Incorrect Query

Answer 6

C. End of line comment

Question 7

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in
the wired network to have Internet access.In the university campus there are many Ethernet ports available for
professors and authorized visitors, but not for students.
He identified this when the IDS alerted for malware activities in the network.
What Bob should do to avoid this problem?
A. Use the 802.1x protocol.
B. Disable unused ports in the switches.
C. Separate students in a different VLAN.
D. Ask students to use the wireless network.

Answer 7

A. Use the 802.1x protocol

Question 8

Steve, a scientist which works in a governmental security agency, developed a technological solution to
identify people based on walking patterns, and implemented this approach to a physical control access.
A camera captures people walking and identifies the individuals using Steve’s approach.
After that, people must approximate their RFID badges.Both identification are required to open the door.
In this case, we can say:
A. Although the approach has two phases, it actually implements just one authentication factor
B. The solution implements the two authentication factors: physical object and physical characteristic
C. Biological motion cannot be used to identify people
D. The solution will have a high level of false positives

Answer 8

B. The solution implements the two authentication factors: physical object and physical characteristic

Question 9

Bob finished a C programming course and created a small C application to monitor the network traffic and to
produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all
origins and using some thresholds.
In concept, the solution developed by Bob is actually:
A. Just a network monitoring tool
B. A behavioral IDS
C. A signature IDS
D. A hybrid IDS

Answer 9

B. A behavioral IDS

Question 10

Insecure direct object reference is a type of the vulnerability where application doesn’t verify if the user is
authorized to access internal object via its name or key.
Suppose the malicious user Rob tries to get an access to the account of the benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference
vulnerability?
A. GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1
Host: westbank.com
B. GET /restricted/accounts/?name=Ned HTTP/1.1
Host: westbank.com
C. GET /restricted/bank.getaccount(‘Ned’) HTTP/1.1
Host: westbank.com
D. GET /restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1
Host: westbank.com

Answer 10

B. GET /restricted/accounts/?name=Ned HTTP/1.1

Host: westbank.com

Question 11

Sam is working as a pen-tester in an organization in Houston. He performs penetration testing on IDS in order
to find the different ways an attacker uses to evade the IDS. Sam sends large amount of packets to the target
IDS that generate alerts which enable Sam to hide the real traffic. What type of method is Sam using to evade
IDS?
A. Obfuscating
B. False Positive Generation
C. Insertion Attack
D. Denial-of-Service

Answer 11

B. False Positive Generation

Question 12

Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library. This
weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used
to secure the Internet.
A. SSL/TLS Renegotiation Vulnerability
B. POODLE
C. Shellshock
D. Heartbleed Bug

Answer 12

D. Heartbleed Bug

Question 13

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he
uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate
CPU and memory activities.
Which type of virus detection method did Chandler use in this context?
A. Code Emulation
B. Scanning
C. Heuristic Analysis
D. Integrity checking

Answer 13

A. Code Emulation

Question 14

ping -* 6 192.168.0.101
output
Pinging 192.168.0.101 with 32 bytes of data:
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.101:
Packets: Sent = 6, Received = 6, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
What does the option * here ?
A. ‘a
B. ‘n
C. ‘s
D. ‘t

Answer 14

B. ‘n

Question 15

What is the benefit of performing an unannounced Penetration Testing?
A. It is best approach to catch critical infrastructure unpatched.
B. The tester will get a clearer picture of measures applied to information and system security of the
organization.
C. The tester could easily acquire a complete overview of the infrastructure of the organization.
D. The tester can test the response capabilities of the target organization.

Answer 15

B. The tester will get a clearer picture of measures applied to information and system security of the
organization.

Question 16

The purpose of a \_\_\_\_\_\_\_\_\_\_ is to deny network access to local area networks and other information assets
by unauthorized wireless devices.
A. Wireless Access Control List
B. Wireless Jammer
C. Wireless Analyzer
D. Wireless Access Point

Answer 16

A. Wireless Access Control List

Question 17

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic
undetected over the network and evade any possible Intrusion Detection System.
What is the best approach?
A. Install and use Telnet to encrypt all outgoing traffic from this server.
B. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection
Systems.
C. Install Cryptcat and encrypt outgoing packets from this server.
D. Use Alternate Data Streams to hide the outgoing packets from this server.

Answer 17

C. Install Cryptcat and encrypt outgoing packets from this server.

Question 18

NMAP -sn 192.168.11.200-215
The NMAP command above performs which of the following?
A. An operating system detect
B. A trace sweep
C. A port scan
D. A ping scan

Answer 18

D. A ping scan

Question 19

Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully
selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known
and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to
compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities.
Thus, the targeted entities are left with little or no defense against these exploits.
What type of attack is outlined in the scenario?
A. Watering Hole Attack
B. Shellshock Attack
C. Heartbleed Attack
D. Spear Phising Attack

Answer 19

A. Watering Hole Attack

Question 20

Which tool can be used to silently copy files from USB devices?
A. USB Sniffer
B. USB Snoopy
C. USB Grabber
D. USB Dumper

Answer 20

D. USB Dumper

Question 21

A virus that attempts to install itself inside of the file it is infecting is called ?
A. Stealth virus
B. Tunneling virus
C. Polymorphic virus
D. Cavity virus

Answer 21

D. Cavity virus

Question 22

Which of the following scanning method splits the TCP header into several packets and makes it difficult for
packet filters to detect the purpose of the packet?
A. SYN/FIN scanning using IP fragments\
B. ICMP Echo scanning
C. ACK flag probe scanning
D. IPID scanning

Answer 22

A. SYN/FIN scanning using IP fragments

Question 23

DNS cache snooping is a process of determining if the specified resource address present in the DNS cache
records. It may be useful during examination of the network to determine what software update resources are
used, thus discovering what software is installed.
What command is used to determine if the entry is present in DNS cache?
A. nslookup -fullrecursive update.antivirus.com
B. nslookup -norecursive update.antivirus.com
C. dnsnooping -rt update.antivirus.com
D. dns –snoop update.antivirus.com

Answer 23

B. nslookup -norecursive update.antivirus.com

Question 24

Identify the web application attack where attackers exploit vulnerabilities in dynamically generated web pages
to inject client-side script into web pages viewed by other users
A. LDAP Injection attack
B. Cross-Site Request Forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. SQL injection attack

Answer 24

C. Cross-Site Scripting (XSS)

Question 25

During the process of encryption and decryption, what keys are shared?
A. Public keys
B. User passwords
C. Public and private keys
D. Private keys

Answer 25

A. Public keys