Questions 51-75

Question 1

What type of a vulnerability/attack is it when the malicious person forces the user's browser to send an
authenticated request to a server?
A. Cross-site request forgery
B. Session hijacking
C. Cross-site scripting
D. Server side request forgery

Answer 1

A. Cross-site request forgery

Question 2

Which of the following is incorrect?
Standard Range (ft)
802.11a       150-150
802.11b       150-150
802.11g       150-150
802.16 (WiMax)     30 miles
A. 802.11b
B. 802.11g
C. 802.11a
D. 802.16 (WiMax)

Answer 2

C. 802.11a

Question 3

If you are the Network Admin and you get a Compliant that some of the Websites are no longer accessible.
You try to ping the servers, it’s reachable. Then you type the IP address and then try on the browser, even then
its accessible. But they are not accessible when you try using the URL.
What may be the Problem ?
A. Traffic is Blocked on TCP port 80.
B. Traffic is Blocked on UDP Port 53.
C. Traffic is blocked on TCP Port 54.
D. Traffic is Blocked on UDP port 80

Answer 3

B. Traffic is blocked on UDP Port 53

Question 4

What is the least important information when you analyse a public IP address in a security alert?
A. Whois
B. ARP
C. DNS
D. Geolocation

Answer 4

B. ARP

Question 5

In Wireshark, the packet bytes panes shows the data of the current packet in which format?
A. Binary
B. ASCII only
C. Decimal
D. Hexadecimal

Answer 5

D. Hexadecimal

Question 6

Which of the following antenna commonly used in communications for a frequency band of 10 MHz to VHF and
UHF?
A. Parabolic grid antenna
B. Omnidirectional antenna
C. Dipole antenna
D. Yagi antenna

Answer 6

D. Yagi antenna

Question 7

Which one of the following options represents a conceptual characteristic of an anomaly-based IDS over a
signature-based IDS?
A. Can identify unknown attacks
B. Cannot deal with encrypted network traffic
C. Produces less false positives
D. Requires vendor updates for new threats

Answer 7

A. Can identify unknown attacks

Question 8

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform
external and internal penetration testing?
A. At least once every three years and after any significant infrastructure or application upgrade or
modification
B. At least once a year and after any significant infrastructure or application upgrade or modification
C. At least once every two years and after any significant infrastructure or application upgrade or modification
D. At least twice a year and after any significant infrastructure or application upgrade or modification

Answer 8

B. At least once a year and after any significant infrastructure or application upgrade or modification

Question 9

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he configure
properly the firewall to allow access just to servers/ports which can have direct internet access, and block the
access to workstations.
Bob also concluded that DMZ really makes sense just when a stateful firewall is available, which is not the
case of TPNQM SA.
In this context, what you can say?
A. Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations.
B. Bob is partially right. Actually, DMZ doesn’t make sense when a stateless firewall is available.
C. Bob is partially right. He doesn’t need to separate networks if he can create rules by destination IPs, one by
one.
D. Bob can be right, DMZ doesn’t make sense combined with stateless firewalls.

Answer 9

A. Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations.

Question 10

You are Monitoring the Network of your Organization. You notice that
1. There is huge Outbound Connections from your Internal Network to External IP’s.
2. On further Investigation you see that the external IP’s are Blacklisted.
3. Some connections are Accepted and some Dropped .
4. You find that it’s a CnC communication.
Which of the Following solution will you Suggest ?
A. Clean the Malware which are trying to Communicate with the External Blacklist IP’s.
B. Update the Latest Signatures on your IDS/IPS.
C. Block the Blacklist IP’s @ Firewall.
D. Both B and C

Answer 10

D. Both B and C

Question 11

You need a tool that can do network intrusion prevention, but also intrusion detection and can function as a
network sniffer and records network activity, what tool would you most likely select?
A. Cain & Abel
B. Nmap
C. Snort
D. Nessus

Answer 11

C. Snort

Question 12

When you are performing a risk assessment you need to determine the potential impacts if some of the critical
business processes of the company interrupt its service. What is the name of the process you need to
determine those critical business?
A. Disaster Recovery Planning (DRP)
B. Emergency Plan Response (EPR)
C. Risk Mitigation
D. Business Impact Analysis (BIA)

Answer 12

D. Business Impact Analysis (BIA)

Question 13

Which of the following attacks exploits web page vulnerabilities that allow an attacker to force an unsuspecting
user’s browser to send malicious requests they did not intend?
A. Cross-Site Request Forgery (CSRF)
B. File Injection Attack
C. Command Injection Attacks
D. Hidden Field Manipulation Attack

Answer 13

A. Cross-Site Request Forgery (CSRF)

Question 14

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and
out the target network based on pre-defined set of rules.
Which of the following types of firewalls can protect against SQL injection attacks?
A. Data-driven firewall
B. Web application firewall
C. Stateful firewall
D. Packet firewall

Answer 14

B. Web application firewall

Question 15

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the
following attack scenarios will compromise the privacy of her data?
A. Hacker Harry breaks into the cloud server and steals the encrypted data.
B. Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before
C. Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server
successfully resists Andrew’s attempt to access the stored data
D. None of these scenarios compromise the privacy of Alice’s data

Answer 15

B. Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

Question 16

Which of the following provides a security professional with the most information about the system’s security
posture?
A. Wardriving, warchalking, social engineering
B. Phishing, spamming, sending trojans
C. Social engineering, company site browsing, tailgating
D. Port scanning, banner grabbing, service identification

Answer 16

D. Port scanning, banner grabbing, service identification

Question 17

Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the
packets?
A. IPsec driver
B. Internet Key Exchange (IKE)
C. Oakley
D. IPsec Policy Agent

Answer 17

A. IPsec driver

Question 18

You are attempting to run a Nmap portscan on a web server. Which of the following commands would result in
a scan of common ports with the least amount of noise in order to evade an IDS?
A. nmap -sT -O -T0
B. nmap -sP -p-65535 -T5
C. nmap -A - Pn
D. nmap -A –host-timeout 99 -T1

Answer 18

A. nmap -sT -O -T0

Question 19

What is purpose of a demilitarized zone on a network?
A. To provide a place to put the honeypot
B. To only provide direct access to the nodes within the DMZ and protect the network behind it
C. To scan all traffic coming through the DMZ to the internal network
D. To contain the network devices you wish to protect

Answer 19

B. To only provide direct access to the nodes within the DMZ and protect the network behind it

Question 20

An attacker, using a rogue wireless AP, performed a MITM attack and injected a HTML code to embed a
malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited many
machines.
Which one of the following tools the hacker probably used to inject HTML code?
A. Aircrack-ng
B. Tcpdump
C. Ettercap
D. Wireshark

Answer 20

C. Ettercap

Question 21

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a
very fast scan?
A. -A
B. -T5
C. -O
D. -T0

Answer 21

B. -T5

Question 22

You need to deploy a new web-based software package for your organization. The package requires three
separate servers and needs to be available on the Internet. What is the recommended architecture in terms of
server placement?
A. A web server facing the Internet, an application server on the internal network, a database server on the internal network.
B. All three servers need to be placed internally.
C. All three servers need to face the Internet, so they can communicate between themselves.
D. A web server and the database server facing the Internet, an application server on the internal network.

Answer 22

A. A web server facing the Internet, an application server on the internal network, a database server on the internal network.

Question 23

You are working as a Security Analyst in a Company XYZ . XYZ owns the whole Subnet range of 23.0.0.0/8
and 192.168.0.0/8.
While monitoring the Data you find a high number of outbound connections. You see that IP’s Owned by XYZ
(Internal) and Private IP’s are communicating to a Single Public IP. Therefore the Internal IP’s are Sending
data to the Public IP.
After further analysis you find out that this Public IP is a blacklisted IP and the internal communicating Devices
are compromised.
What kind of attack does the above scenario depict ?
A. Botnet Attack
B. Advanced Persistent Threats
C. Rootkit Attack
D. Spear Phishing Attack

Answer 23

A. Botnet Attack

Question 24

Which of the following is considered as one of the most reliable forms of TCP scanning?
A. Xmas Scan
B. TCP Connect / Full Open Scan
C. Half-open Scan
D. NULL Scan

Answer 24

B. TCP Connect / Full Open Scan

Question 25

An attacker scans a host with the below command. Which three flags are set?
# nmap -sX host.domain.com
A. This is Xmas scan. SYN and ACK flags are set
B. This is SYN scan. SYN flag is set.
C. This is ACK scan. ACK flag is set.
D. This is Xmas scan. URG, PUSH and FIN are set.

Answer 25

D. This is Xmas scan. URG, PUSH and FIN are set.