Questions

Question 1

What type of packets are used in linux traceroute?

Answer 1

UDP

Question 2

What effect does setting the ResrictAnonymous registry setting to 1 have on a Windows NT or 2000 system?

Answer 2

Prevents the enumaration of SAM accounts and names from malicious hacker

The RestrictAnonymous registry setting controls the level of enumeration granted to an anonymous user. If RestrictAnonymous is set to 0 (that is, the default setting), any user can obtain system information, including: user names and details, account policies, and share names. Anonymous users can use this information in an attack against your system. The list of user names and share names could help potential attackers identify who is an administrator, which computers have weak account protection, and which computers share information with the network.

Question 3

What is the default VLAN on most switches?

Answer 3

1

Question 4

What is the function of of the /etc/ftpusers file on a Unix FTP server?

Answer 4

Lists user that are not permitted on an FTP server

Question 5

Ports associated with IPSEC

Answer 5

UDP port 500, IP protocol 50 and 51

Question 6

The register_globals settings in php.ini are what?

Answer 6

Security risk if enabled and should be avoided

When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn’t require variable initialization means writing insecure code is that much easier.

Question 7

The UK Government protective marking levels are, from the lowest to highest protection

Answer 7

NPM, Protected,Restricted,Confidential,Secret,Top Secret

Question 8

Which of the following protocols provides confidentiality and integrity and is not vulnerable to mitm

Answer 8

SSHv2

Question 9

MongoDB

Answer 9

Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas.

Question 10

Privilege Ports

Answer 10

0-1023 inclusive

Question 11

What is the main function of ISAPI?

Answer 11

Collection of Window Based web server services

ISAPI stands for Internet Server Application Programming Interface registered at either site or global level.ISAPI filters are the set of program/DLL files that are registered with IIS to modify the behavior of a Web Server.ISAPI filter manage paths and filters both incoming and outgoing streams of data until they find one they need to process

Question 12

Why might a pen tester look for all files that have the mode bit 4000 set?

Answer 12

SUID files

Question 13

Which Algorithm could be used to negotiate shared encryption?

Answer 13

AES

Question 14

What command would you use to list the installed packages on a Redhat or Fedora system?

Answer 14

rpm -qa

Question 15

What command would you use to display the version number of a Microsoft SQL Server database if you are connected with a command-line client?

Answer 15

display version;

Question 16

How would you establish a null session to a Windows host from a Windows command shell?

Answer 16

NET USE \hostname\ipc$ “” /u:””

Question 17

Question 32: Correct
Which of these methods is the best way to determine if a remote host is running an X Window server that allows remote connections from the local host?

Answer 17

xdpyinfo -display remotehost:0.0

Question 18

A webserver return “Server: Microsoft-IIs/5.0” in the HTTP headers. What O/S is it probably using?

Answer 18

Windows Server 2000

Question 19

What is the purpose and legal reason for obtaining written permission before commencing a pen test?

Answer 19

Computer Misuse Act (CMA) says it is lawful to do so and if not done may be a breach

Written permission must be obtained before any pentest is conducted this is known as the authorisation form that is discussed during the scoping call. Failing to do may result in breaching the Computer Misuse Act (CMA)

Question 20

Which of these standards defines the structure of a digital certificate?

Answer 20

x.509

Question 21

What is the significance of the string “SEP” in the configuration filename of a Cisco IP Phone?

Answer 21

Selsuis Ethernet phone (original name for the CISCO IP Phone

Question 22

Which two routing protocols do not support Classless Inter-Domain Routing?

Answer 22

IGRP + RIP

Question 23

What does “export” signify for an SSL Cipher?

Answer 23

Weak Cipher which was acceptable for export under old US cryptography export regulations

Question 24

Which string in a NetBios name indicates that the specified host is a Master Browser?

Answer 24

MSBROWSE

Question 25

A web server returns "server: Microsoft-IIs/6.0" in the HTTP header. What operating system is it probably using?

Answer 25

Windows Server 2003

Question 26

IIS

Answer 26

IIS version Built-in 5. 0 Windows 2000 5. 1 Windows XP Pro 6. 0 Windows Server 2003 7. 0 Windows Vista and Windows Server 2008 7. 5 Windows 7 and Windows Server 2008 R2 8. 0 Windows 8 and Windows Server 2012

Question 27

Which of these techniques is commonly implemented in modern C compilers to prevent buffer overflow exploitation?

Answer 27

Canary Values

Question 28

What is the default password for the SYS user in reference to an Oracle 9i system?

Answer 28

CHANGE_ON_INSTALL

Question 29

Command used to preform DNS Zone Transfer

Answer 29

dig @test.example.com example.com axfr

Question 30

Query name server for DNS zone file that relate to a network black

Answer 30

dig @relay.example.com 130.80.198.in-addr.arpa axfr

Question 31

Which command will retrieve the version number from default installation of the BIND Name server

Answer 31

dig @nameserver version.bind txt chaos

Question 32

DHCP Messages

Answer 32

``` DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK DHCPNAK DHCPDECLINE DHCPRELEASE DHCPINFORM ```

Question 33

Microsoft PPTP

Answer 33

Point to Point Tunnelling Protocol uses TCP 1723 to negotiate and establish connection and IP procotol 47 GRE for data communication

Question 34

SIP

Answer 34

``` INVITE ACK BYE CANCEL REGISTER OPTIONS ```

Question 35

What are SIP and RTP protocols used for in VoIP pick the most relevant answer

Answer 35

SIP is used for setting up and closing down calls, TRP is used for audio data

Question 36

ONC/RPC Services

Answer 36

NTP,NFS,NETBIOS,NNTP

Question 37

Which Scan would be most likely to discover a firewall that blocks all traffic to itself from the interface connected to the network you are scanning from ?

Answer 37

Arp Scan

Question 38

What would you expect the finger 0@hostname against a solaris 8 system to display?

Answer 38

Users with empty GCOS field in the password file Older versions of Solaris that run the finger daemon are affected by enumeration bugs. For example, you can run the command finger 0@host and it will enumerate all users with an empty GCOS field in the password file. Furthermore you can run finger ‘a b c d e f g h’@host and it will enumerate all users on the remote target.

Question 39

Which of the following techniques can be used to prevent man in the middle attacks

Answer 39

Authenticating the server

Question 40

What is the maximum length of SSID

Answer 40

32 bytes

Question 41

On Unix system, what is the effect of the execute bit on a directory

Answer 41

It allows the directory to be traversed

Question 42

Digest Length for a SHA-1 Hash Function

Answer 42

160 bits

Question 43

Sys user default password on Oracle

Answer 43

There is no Default

Question 44

EAP

Answer 44

Extensible Authentication Protocol

Question 45

REST (web applcations)

Answer 45

Representational State Transfer

Question 46

IP Option

Answer 46

Record Route

Question 47

Ethernet Multicast MAC address

Answer 47

01:00:0c:cc:cc:cc

Question 48

Length of the IV for a WEP Key

Answer 48

24 bits

Question 49

Tool used for passive TCP/IP finger printing

Answer 49

p0f

Question 50

What RPC authentication mechanism does NFSv2 and v3 USE

Answer 50

AUTH_SYS, using UID and GID

Question 51

OSPF

Answer 51

Open Shortest Path First

Question 52

CRLF

Answer 52

Carriage Return / Line Feed"

Question 53

Which UDP port does RWHO use

Answer 53

513

Question 54

Which SQL server version was the SQL Server Resolution Service introduced ?

Answer 54

MS SQL Server 2000

Question 55

LDAP command injection characters

Answer 55

()&|=*`

Question 56

What version of SQL did CVE 2003 0780 impact ?

Answer 56

4.0.15

Question 57

Netbios Datagram service

Answer 57

138

Question 58

400 HTTP codes

Answer 58

``` 400 Bad Request 401 Unauthorized 402 Payment required 403 Forbidden 404 Not Found ```

Question 59

Which PHP version did the chunk_split() overflow function affect ?

Answer 59

PHP 5 before 5.2.3 and PHP 4 before 4.4.8 | DoS

Question 60

Where is SAM file located ?

Answer 60

C:\WINDOWS\system32\config

Question 61

Size of MAC address

Answer 61

48 bit

Question 62

Size of IPv4

Answer 62

32-bit

Question 63

Terminal services port ?

Answer 63

3389

Question 64

Port 5423

Answer 64

PostGres

Question 65

DES Key size ?

Answer 65

56 bits

Question 66

HTTP code indicates Bad Request ?

Answer 66

400

Question 67

ASP

Answer 67

Active Server Pages