CEH Exam Ch 4-20 Evens Study Guide
A Company called "We are Secure Ltd." has a router that has eight I/O ports, of which, the port one is connected to WAN and the other seven ports are connected to various internal networks. Network Administrator has observed a malicious DoS activity against the router through one of the eight networks. The DoS attack uses 100% CPU utilization and shuts down the Internet connection. The systems administrator tried to troubleshoot the router by disconnect ports one-by-one in order to identify the source network of the DoS attack. After disconnecting port number 6, the CPU utilization normalized and Internet connection resumes. With this information complete the system administrator came to a conclusion that the source of the attack was from _______________ network. (A) Local Area network (LAN) (B) Campus Area Network (CAN) (C) Wide Area Network (WAN) (D) Metropolitan Area Network (MAN)
A
A hacker was able to sniff packets on a company's wireless network. The following information was discovered: the Key 10110010 01001011 and the Ciphertext 01100101 01011010. (A) 11010111 00010001 (B) 00101000 11101110 (C) 11110010 01011011 (D) 00001101 10100100
A
A network administrator wants to configure port security on a Cisco switch. Which of the following command helps the administrator to enable port security on an interface? (A) switchport port-security (B) switchport port-security aging time 2 (C) switchport port-security aging type inactivity (D) switchport port-security maximum 1
A
A systems administrator in a small company named "We are Secure Ltd." has a problem with their Internet connection. The following are the symptoms: the speed of the Internet connection is slow (so slow that it is unusable). The router connecting the company to the Internet is accessible and it is showing a large amount of SYN packets flowing from one single IP address. The company's Internet speed is only 5 Mbps, which is usually enough during normal working hours. What type of attack is this? (A) DoS (B) DDoS (C) DRDoS (D) MitM
A
An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file? (A) Chosen plain-text attack (B) Timing attack (C) Replay attack (D) Memory trade-off attack
A
An attacker identified that port 139 on the victim's Windows machine is open and he used that port to identify the resources that can be accessed or viewed on the remote system. What is the protocol that allowed the attacker to perform this enumeration? (A) NetBIOS (B) SMTP (C) SNMP (D) LDAP
A
An ethical hacker is performing penetration testing on the target organization. He decided to test the organization's network to identify the systems running in promiscuous mode. Identify the tool that the ethical hacker needs to employ? (A) Nmap (B) FOCA (C) Recon-ng (D) FaceNiff
A
Don Parker, a security analyst, is hired to perform a DoS test on a company. Which of the following tools can he successfully utilize to perform this task? (A) Hping3 (B) Recon-ng (C) N-Stalker (D) Cain and +
A
During the penetration testing of the MyBank public website, Marin discovered a credit/interest calculator running on server side, which calculates a credit return plan. The application accepts the following parameters: amount=100000&duration=10&scale=month Assuming that parameter amount is the amount of credit, the user is calculating the interest and credit return plan (in this case for 100,000 USD), parameter duration is the timeframe the credit will be paid off, and scale defines how often the credit rate will be paid (year, month, day, ...). How can Marin proceed with testing weather this web application is vulnerable to DoS? (A) Change the parameter duration to a large number and change scale value to "day" and resend the packet few times to observe the delay. (B) Change the parameter duration to a small number and leave scale value on "month" and resend the packet few times to observe the delay. (C) Change the parameter duration to a small number and change scale value to "day" and resend the packet few times to observe the delay. (D) Leave the parameter duration as is and change the scale value to "year" and resend the packet few times to observe the delay.
A
Fill in the blank._________ is the art of collecting information about Bluetooth enabled devices such as manufacturer, device model and firmware version. (A) BluePrinting (B) Bluejacking (C) Bluebugging (D) BlueSniff
A
If a threat detection software installed in any organization network either does not record the malicious event or ignores the important details about the event, then what kind of vulnerability is it? (A) Insufficient Logging and Monitoring (B) Broken Access Control (C) Security Misconfiguration (D) Sensitive Data Exposure
A
If an attacker wants to reconstruct malicious firmware from a legitimate firmware in order to maintain access to the victim device, which of the following tools can he use to do so? (A) Firmware Mod Kit (B) RFCrack (C) RIoT Vulnerability Scanner (D) Zigbee Framework
A
In which of the following attacks does an attacker use a malicious script to exploit poorly patched vulnerabilities in an IoT device? (A) Exploit kits (B) Side channel attack (C) Sybil attack (D) Replay attack
A
In which of the following attacks does an attacker use multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks? (A) Sybil attack (B) Rolling code attack (C) DoS attack (D) Replay attack
A
In which of the following attacks, can an attacker obtain ciphertexts encrypted under two different keys and gather plaintext and matching ciphertext? (A) Related-key attack (B) Chosen-plaintext attack (C) Ciphertext-only attack (D) Adaptive chosen-plaintext attack
A
Ivan works as security consultant at "Ask Us Intl." One of his clients is under a large-scale protocol-based DDoS attack, and they have to decide how to deal with this issue. They have some DDoS appliances that are currently not configured. They also have a good communication channel with providers, and some of the providers have fast network connections. In an ideal scenario, what would be the best option to deal with this attack. Bear in mind that this is a protocol-based DDoS attack with at least 10 000 bots sending the traffic from the entire globe! (A) Block the traffic at the provider level (B) Absorb the attack at the provider level (C) Filter the traffic at the company Internet facing routers (D) Absorb the attack at the client site
A
John is a pen tester working with an information security consultant based in Paris. As part of a penetration testing assignment, he was asked to perform wireless penetration testing for a large MNC. John knows that the company provides free Wi-Fi access to its employees on the company premises. He sets up a rogue wireless access point with the same SSID as that of the company's Wi-Fi network just outside the company premises. He sets up this rogue access point using the tools that he has and hopes that the employees might connect to it. What type of wireless confidentiality attack is John trying to do? (A) Evil Twin AP (B) KRACK Attack (C) War Driving (D) WEP Cracking
A
Mark is working as a penetration tester in InfoSEC, Inc. One day, he notices that the traffic on the internal wireless router suddenly increases by more than 50%. He knows that the company is using a wireless 802.11 a/b/g/n/ac network. He decided to capture live packets and browse the traffic to investigate the issue to find out the actual cause. Which of the following tools should Mark use to monitor the wireless network? (A) CommView for WiFi (B) WiFiFoFum (C) BlueScanner (D) WiFish Finder
A
Out of the following RFCrack commands, which command is used by an attacker to perform jamming? (A) python RFCrack.py -j -F 314000000 (B) python RFCrack.py -i (C) python RFCrack.py -r -U "-75" -L "-5" -M MOD_2FSK -F 314350000 (D) python RFCrack.py -r -M MOD_2FSK -F 314350000
A
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations? (A) Cain and Abel (B) Hping (C) John the Ripper (D) Nikto
A
Posing as an authorized AP by beaconing the WLAN's SSID to lure users is known as __________. (A) Evil Twin AP (B) Masquerading (C) Man-in-the-Middle Attack (D) Honeypot Access Point
A
Repeated probes of the available services on your machines (A) Repeated probes of the available services on your machines (B) Rare login attempts from remote hosts (C) Sudden decrease in bandwidth consumption is an indication of intrusion (D) Connection requests from IPs from those systems within the network range
A
Sarah is facing one of the biggest challenges in her career—she has to design the early warning DDoS detection techniques for her employer. She starts with the network analysis and detection of an increase in activity levels and analyzing the network flows (focusing on network's packet header information). Her idea is to try to spot the increase in specific traffic, which is above normal traffic rate for this specific network flow. Which DDoS detection technique is she trying to implement? (A) Activity profiling (B) NetFlow detection (C) Change-point detection (D) Wavelet-based signal analysis
A
Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method? (A) Passwords stored using hashes are nonreversible, making finding the password much more difficult. (B) Hashing is faster when compared to more traditional encryption algorithms. (C) It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained. (D) If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.
A
Steven, a wireless network administrator, has just finished setting up his company's wireless network. He has enabled various security features such as changing the default SSID and enabling strong encryption on the company's wireless router. Steven decides to test the wireless network for confidentiality attacks to check whether an attacker can intercept information sent over wireless associations, whether sent in clear text or encrypted by Wi-Fi protocols. As a part of testing, he tries to capture and decode unprotected application traffic to obtain potentially sensitive information using hardware or software tools such as Ettercap, Kismet, Wireshark, etc. What type of wireless confidentiality attack is Steven trying to do? (A) Eavesdropping (B) Evil twin AP (C) Masquerading (D) WEP Key Cracking
A
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses__________________? (A) The same key on each end of the transmission medium (B) Multiple keys for non-repudiation of bulk data (C) Bulk encryption for data transmission over fiber (D) Different keys on both ends of the transport medium
A
The security analyst for Danels Company arrives this morning to his office and verifies the primary home page of the company. He notes that the page has the logo of the competition and writings that do not correspond to the true page. What kind of attack do the observed signals correspond to? (A) Defacement (B) DDoS (C) Phishing (D) Http Attack
A
Thomas is a cyber thief trying to hack Bluetooth-enabled devices at public places. He decided to hack Bluetooth-enabled devices by using a DoS attack. He started sending an oversized ping packet to a victim's device, causing a buffer overflow and finally succeeded. What type of Bluetooth device attack is Thomas most likely performing? (A) Bluesmacking (B) Bluejacking (C) Blue Snarfing (D) Bluebugging
A
What is the goal of a DDoS attack? (A) Render a network or computer incapable of providing normal service (B) Create bugs in web applications (C) Exploit a weakness in the TCP stack (D) Capture files from a remote computer
A
What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room? (A) Encrypt the data on the hard drive. (B) Back up everything on the laptop and store the backup in a safe place. (C) Use a strong logon password to the operating system. (D) Set a BIOS password.
A
What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack? (A) Injecting parameters into a connection string using semicolons as a separator (B) Inserting malicious Javascript code into input parameters (C) Adding multiple parameters with the same name in HTTP requests (D) Setting a user's session identifier (SID) to an explicit known value
A
Which of the PKI components is responsible for issuing and verifying digital certificate? (A) Certificate authority (CA) (B) Registration authority (RA) (C) End user (D) Validation authority (VA)
A
Which of the following Wi-Fi discovery tools facilitates detection of Wireless LANs using the 802.11a/b/g WLAN standards and is commonly used for wardriving, verifying network configurations, finding locations with poor coverage and detecting rouge APs? (A) NetStumbler (B) WeFi (C) AirCrack-NG (D) WifiScanner
A
Which of the following command is used to set the maximum number of secure MAC addresses for the interface on a Cisco switch? (A) switchport port-security maximum 1 vlan access (B) snmp-server enable traps port-security trap-rate 5 (C) switchport port-security violation restrict (D) switchport port-security aging time 2
A
Which of the following cryptographic algorithms is used by CCMP? (A) AES (B) DES (C) RC4 (D) TKIP
A
Which of the following device is used to analyze and monitor the RF spectrum? (A) WIDS (B) Router (C) Firewall (D) Switch
A
Which of the following enumeration techniques is used by a network administrator to replicate domain name system (DNS) data across many DNS servers, or to backup DNS files? (A) Extract information using DNS Zone Transfer (B) Extract user names using email IDs (C) Extract information using default passwords (D) Brute force Active Directory
A
Which of the following firewall solution tool has the following features: ● Two-way firewall that monitors and blocks inbound as well as outbound traffic ● Allows users to browse the web privately ● Identity protection services help to prevent identity theft by guarding crucial data of the users. It also offers PC protection and data encryption ● Through Do Not Track, it stops data-collecting companies from tracking the online users ● Online Backup to backs up files and restores the data in the event of loss, theft, accidental deletion or disk failure (A) ZoneAlarm PRO FIREWALL 2018 (B) Vangaurd Enforcer (C) zIPS (D) Wifi Inspector
A
Which of the following information is collected using enumeration? (A) Network resources, network shares, and machine names. (B) Email Recipient's system IP address and geolocation. (C) Open ports and services. (D) Operating systems, location of web servers, users and passwords.
A
Which of the following involves injection of malicious code through a web application? (A) Command Injection (B) SQL Injection (C) Shell Injection (D) LDAP Injection
A
Which of the following is NOT a type of DDoS attack? (A) Phishing attack (B) Volume (volumetric) attack (C) Protocol attack (D) Application layer attack
A
Which of the following is a security consideration for the gateway component of IoT architecture? (A) Multi-directional encrypted communications, strong authentication of all the components, automatic updates (B) Local storage security, encrypted communications channels (C) Storage encryption, update components, no default passwords (D) Secure web interface, encrypted storage
A
Which of the following is considered as a token to identify a 802.11 (Wi-Fi) network (by default it is the part of the frame header sent over a wireless local area network (WLAN))? (A) SSID (B) Hotspot (C) Access Point (D) Association
A
Which of the following protocol uses magnetic field induction to enable communication between two electronic devices? (A) Near Field Communication (NFC) (B) Ha-Low (C) LTE-Advanced (D) Multimedia over Coax Alliance (MoCA)
A
Which of the following technique involves sending no packets and just capturing and monitoring the packets flowing in the network? (A) Passive sniffing (B) Active sniffing (C) Network scanning (D) Port sniffing
A
Which of the following techniques is used to detect rogue APs? (A) RF Scanning (B) Passphrases (C) AES/CCMP encryption (D) Non-discoverable mode
A
Which of the following tools offers SaaS technology and assists in operating IoT products in a reliable, scalable, and secure manner? (A) SeaCat.io (B) Firmalyzer Enterprise (C) DigiCert IoT Security Solution (D) beSTORM
A
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions? (A) Honeypot (B) Firewall (C) DeMilitarized Zone (DMZ) (D) Intrusion Detection System (IDS)
A
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common? (A) They use the same packet capture utility. (B) They use the same packet analysis engine. (C) They send alerts to security monitors. (D) They are written in Java.
A
A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. The ethical hacker is working on Windows system and trying to obtain login credentials. He decided to sniff and capture network traffic using an automated tool and use the same tool to crack the passwords of users. Which of the following techniques can be employed by the ethical hacker? (A) Guess passwords using Medusa or Hydra against a network service. (B) Capture administrators' RDP traffic and decode it with Cain and Abel. (C) Capture LANMAN Hashes and crack them with L0phtCrack. (D) Capture every users' traffic with Ettercap.
B
A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field? (A) if (billingAddress != 50) {update field} else exit (B) if (billingAddress <= 50) {update field} else exit (C) if (billingAddress = 50) {update field} else exit (D) if (billingAddress != 50) {update field} else exit
B
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack? (A) Paros Proxy (B) BBProxy (C) BBCrack (D) Blooover
B
An attacker can perform attacks such as CSRF, SQLi, and XSS attack by exploiting which of the following IoT device vulnerability? (A) Insecure network services (B) Insecure web interface (C) Insecure software/firmware (D) Insecure cloud interface
B
An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. Which cryptanalytic technique can the attacker use now in his attempt to discover the encryption key? (A) Known plaintext attack (B) Chosen ciphertext attack (C) Meet in the middle attack (D) Birthday attack
B
An attacker tries to recover the plaintext of a message without knowing the required key in advance. For this he may first try to recover the key, or may go after the message itself by trying every possible combination of characters. Which code breaking method is he using? (A) One-time pad (B) Brute force (C) Frequency analysis (D) Trickery and deceit
B
An attacker wants to exploit a webpage. From which of the following points does he start his attack process? (A) Identify server-side technologies (B) Identify entry points for user input (C) Identify server-side functionality (D) Map the attack surface
B
At a Windows server command prompt, which command could be used to list the running services? (A) Sc config (B) Sc query (C) Sc query \\servername (D) Sc query type= running
B
Gordon was not happy with the product that he ordered from an online retailer. He tried to contact the seller's post purchase service desk, but they denied any help in this matter. Therefore, Gordon wants to avenge this by damaging the retailer's services. He uses a utility named high orbit ion cannon (HOIC) that he downloads from an underground site to flood the retailer's system with requests so that the retailer's site was unable to handle any further requests even from legitimate users' purchase requests. What type of attack is Gordon using? (A) Gordon is using poorly designed input validation routines to create and/or to alter commands so that he gains access to the secure data and execute commands. (B) Gordon is using a denial-of-service attack. (C) Gordon is executing commands or is viewing data outside the intended target path. (D) Gordon is taking advantage of an incorrect configuration that leads to access with higher-than-expected privilege.
B
In which of the following attacks does the attacker exploit the vulnerability in the Object Exchange (OBEX) protocol that Bluetooth uses to exchange information? (A) BlueSniff (B) Bluesnarfing (C) Bluejacking (D) Bluebugging
B
In which of the following attacks, an attacker intercepts legitimate messages from a valid communication and continuously send the intercepted message to the target device to crash the target device? (A) Side Channel Attack (B) Replay Attack (C) Ransomware Attack (D) Man-in-the-middle Attack
B
In which of the following processes do the station and access point use the same WEP key to provide authentication, which means that this key should be enabled and configured manually on both the access point and the client? (A) Open-system authentication process (B) Shared key authentication process (C) WPA encryption (D) WEP encryption
B
Ivan works as security consultant at "Ask Us Intl." One of his clients is under a large-scale application layer-based DDoS attack, and they have to decide how to deal with this issue. Web application under attack is being used to send the user filled forms and save the data in MySQL database. Since the DDoS is abusing POST functionality, not only web application and web server are in DDoS condition but also MySQL database is in DDoS condition. They have some DDoS appliances that are currently not configured. They also have good communication channel with providers, and some of the providers have fast network connections. In an ideal scenario, what would be the best option to deal with this attack. Bear in mind that this is an application layer-based DDoS attack which sends at least 1000 malicious POST requests per second spread through the entire globe! (A) Filter the traffic at the company Internet facing routers (B) Use CAPTCHA (C) Absorb the attack at the provider level (D) Absorb the attack at the client site
B
Jamie is asked to create firewall policies for two new software solutions. The new software solutions will give employees access to their payroll data and live company stock performance. The payroll system is located at 10.7.2.155 using port 5789 webpage.While the stock data system is located at 10.7.2.158 using port 5479 webpage, existing servers used by the employees are located at 10.7.2.0/24. The employees are placed in two buildings with subnets of 10.7.40.0/24Of the following options, which will provide more granular access: (A) Add any 10.7.2.155 5789 permit any 10.7.2.158 5479 permit (B) Add any 10.7.2.155 5789 eq www permit any 10.7.2.158 5479 eq www permit (C) Add any 10.7.2.155 eq www permit any 10.7.2.158 eq www permit (D) Add any 10.7.2.0/24 eq www permit any 10.7.2.0/24 eq www permit
B
Name the communication model, where the IoT devices use protocols such as ZigBee, Z-Wave or Bluetooth, to interact with each other? (A) Device-to-Gateway Communication Model (B) Device-to-Device Communication Model (C) Device-to-Cloud Communication Model (D) Back-End Data-Sharing Communication Model
B
Once an attacker gathers information about a target device in the first phase, what is the second phase in IoT device hacking? (A) Maintain access (B) Vulnerability scanning (C) Information gathering (D) Gain access
B
Paul has been contracted to test a network, and he intends to test for any DoS vulnerabilities of the network servers. Which of the following automated tools can be used to discover systems that are vulnerable to DoS? (A) Cain and Abel (B) Nmap (C) Netcraft (D) John the ripper
B
Sean who works as a network administrator has just deployed an IDS in his organization's network. Sean deployed an IDS that generates four types of alerts that include: true positive, false positive, false negative, and true negative.In which of the following conditions does the IDS generate a true positive alert? (A) A true positive is a condition occurring when an IDS fails to react to an actual attack event. (B) A true positive is a condition occurring when an event triggers an alarm and causes the IDS to react as if a real attack is in progress. (C) A true positive is a condition occurring when an event triggers an alarm when no actual attack is in progress. (D) A true positive is a condition occurring when an IDS identifies an activity as acceptable behavior and the activity is acceptable.
B
Sniffers work at which of the following open systems interconnect (OSI) layers? (A) Transport layer (B) Data link layer (C) Presentation layer (D) Application layer
B
Using which one of the following tools can an attacker perform BlueBorne or airborne attacks such as replay, fuzzing, and jamming? (A) RIoT vulnerability scanning (B) HackRF one (C) Foren6 (D) Zigbee framework
B
What happens when a switch CAM table becomes full? (A) The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF. (B) The switch then acts as a hub by broadcasting packets to all machines on the network. (C) The CAM overflow table will cause the switch to crash causing denial-of-service (DoS). (D) Every packet is dropped and the switch sends out simple network management protocol (SNMP) alerts to the intrusion detection system (IDS) port.
B
What is the correct pcap filter to capture all transmission control protocol (TCP)traffic going to or from host 192.168.0.125 on port 25? (A) port 25 and host 192.168.0.125 (B) tcp.port == 25 and ip.addr == 192.168.0.125 (C) host 192.168.0.125:25 (D) tcp.src == 25 and ip.host == 192.168.0.125
B
What is the main advantage that a network-based IDS/IPS system has over a host-based solution? (A) They will not interfere with user interfaces. (B) They do not use host system resources. (C) They are easier to install and configure. (D) They are placed at the boundary, allowing them to inspect all traffic.
B
Which cipher encrypts the plain text digit (bit or byte) one by one? (A) Modern cipher (B) Stream cipher (C) Block cipher (D) Classical cipher
B
Which of the following DoS attack detection techniques analyzes network traffic in terms of spectral components? It divides incoming signals into various frequencies and examines different frequency components separately. (A) Activity Profiling (B) Wavelet-based Signal Analysis (C) Signature-based Analysis (D) Change-point Detection
B
Which of the following Nmap command is used by attackers to identify IPv6 capabilities of an IoT device? (A) nmap -sA -P0 <IP> (B) nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> (C) nmap -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> (D) nmap -n -Pn -sS -pT:0-65535 -v -A -oX <Name><IP>
B
Which of the following attack is not selected as OWASP Top 10 Application Security Risks in the year 2017? (A) Injection attacks (B) DDoS attacks (C) Insecure Deserialization attacks (D) XML External Entity (XXE) attacks
B
Which of the following automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses? (A) Firewalls (B) Web Spiders (C) Proxies (D) Banners
B
Which of the following countermeasure helps in defending against KRACK attack? (A) Enable MAC address filtering on access points or routers (B) Turn On auto-updates for all the wireless devices and patch the device firmware (C) Choose Wired Equivalent Privacy (WEP) instead of Wi-Fi Protected Access (WPA) (D) Enable SSID broadcasts
B
Which of the following defines the role of a root certificate authority (CA) in a public key infrastructure (PKI)? (A) The root CA is used to encrypt e-mail messages to prevent unintended disclosure of data. (B) The CA is the trusted root that issues certificates. (C) The root CA is the recovery agent used to encrypt data when a user's certificate is lost. (D) The root CA stores the user's hash value for safekeeping.
B
Which of the following includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)? (A) TKIP (B) WPA2 (C) WPA (D) WEP
B
Which of the following is a hijacking technique where an attacker masquerades as a trusted host to conceal his identity, hijack browsers or websites, or gain unauthorized access to a network? (A) Port-scanning (B) IP address spoofing (C) Source routing (D) Firewalking
B
Which of the following is an example of an asymmetric encryption implementation? (A) SHA1 (B) PGP (C) 3DES (D) MD5
B
Which of the following problems can be solved by using Wireshark? (A) Tracking version changes of source code (B) Troubleshooting communication resets between two systems (C) Checking creation dates on all webpages on a server (D) Resetting the administrator password on multiple systems
B
Which of the following protocol encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel? (A) RADIUS (B) PEAP (C) LEAP (D) CCMP
B
Which of the following protocols is responsible for accessing distributed directories and access information such as valid usernames, addresses, departmental details, and so on? (A) NTP (B) LDAP (C) DNS (D) SMTP
B
Which of the following protocols is the technology for both gateway-to-gateway (LAN-to-LAN) and host to gateway (remote access) enterprise VPN solutions? (A) SNMP (B) IPSec (C) SMTP (D) NetBios
B
Which of the following protocols is used by BlueJacking to send anonymous messages to other Bluetooth-equipped devices? (A) LMB (B) OBEX (C) L2CAP (D) SDP
B
Which of the following protocols uses TCP or UDP as its transport protocol over port 389? (A) SMTP (B) LDAP (C) SIP (D) SNMP
B
Which of the following steps in enumeration penetration testing extracts information about encryption and hashing algorithms, authentication type, key distribution algorithms, SA LifeDuration, etc.? (A) Perform DNS enumeration (B) Perform IPsec enumeration (C) Perform NTP enumeration (D) Perform SMTP enumeration
B
Which of the following volumetric attacks technique transfers messages to the broadcast IP address in order to increase the traffic over a victim system and consuming his entire bandwidth? (A) Protocol attack (B) Amplification attack (C) Application layer attacks (D) Flood attack
B
Which protocol enables an attacker to enumerate user accounts and devices on a target system? (A) SMTP (B) SNMP (C) TCP (D) NetBIOS
B
Which statement is TRUE regarding network firewalls preventing Web Application attacks? (A) Network firewalls cannot prevent attacks because they are too complex to configure. (B) Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened. (C) Network firewalls can prevent attacks if they are properly configured. (D) Network firewalls can prevent attacks because they can detect malicious HTTP traffic.
B
Which of the following command is used by the attackers to query the ntpd daemon about its current state? (A) ntptrace (B) ntpdc (C) ntpq (D) ntpdate
B Explanation:ntpdate: This command collects the number of time samples from a number of time sources ntptrace: This command determines from where the NTP server gets time and follows the chain of NTP servers back to its prime time source ntpdc: This command queries the ntpd daemon about its current state and requests changes in that state ntpq: This command monitors NTP daemon ntpd operations and determine performance
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator understand this situation? (A) True negatives (B) False negatives (C) False positives (D) True positives
C
An attacker breaks an n bit key cipher into 2 n/2 number of operations in order to recover the key. Which cryptography attack is he performing? (A) Timing attack (B) Rubber hose attack (C) Chosen-key attack (D) Known-plaintext attack
C
An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit? (A) Broken access control (B) Sensitive data exposure (C) Security misconfiguration (D) SQL injection
C
An attacker is sending spoofed router advertisement messages so that all the data packets travel through his system. Then the attacker is trying to sniff the traffic to collect valuable information from the data packets to launch further attacks such as man-in-the-middle, denial-of-service, and passive sniffing attacks on the target network. Which of the following technique is the attacker using in the above scenario? (A) DHCP Starvation Attack (B) ARP Spoofing (C) IRDP Spoofing (D) MAC Flooding
C
An attacker sends an e-mail containing a malicious Microsoft office document to target WWW/FTP servers and embed Trojan horse files as software installation files, mobile phone software, and so on to lure a user to access them.Identify by which method the attacker is trying to bypass the firewall. (A) Bypassing WAF using XSS attack (B) Bypassing firewall through external systems (C) Bypassing firewall through content (D) Bypassing firewall through MITM attack
C
Bob is trying to access his friend Jason's email account without his knowledge. He guesses and tries random passwords to log into the email account resulting in the lockdown of the email account for the next 24 hours. Now, if Jason tries to access his account even with his genuine password, he cannot access the email account for the next 24 hours. How can you categorize this DoS? (A) Bandwidth attack (B) Peer-to-Peer attack (C) Application-level attack (D) Permanent Denial-of-Service (PDoS) attack
C
Check Point's FireWall-1 listens to which of the following TCP ports? (A) 1080 (B) 1072 (C) 259 (D) 1745
C
Company A and Company B have just merged and each has its own public key infrastructure (PKI). What must the certificate authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company? (A) Cross-site exchange (B) Poly key reference (C) Cross certification (D) Poly key exchange
C
Encrypted communications, strong authentication credentials, secure web interface, encrypted storage, and automatic updates are the security considerations for which of the following components? (A) Edge (B) Mobile (C) Cloud Platform (D) Gateway
C
How many bit checksum is used by the TCP protocol for error checking of the header and data and to ensure that communication is reliable? (A) 13-bit (B) 15-bit (C) 16-bit (D) 14-bit
C
Identify the type of a DoS attack where an attacker sends e-mails, Internet relay chats (IRCs), tweets, and posts videos with fraudulent content for hardware updates to the victim with the intent of modifying and corrupting the updates with vulnerabilities or defective firmware. (A) Internet control message protocol(ICMP) flood attack (B) SYN flooding attack (C) Phlashing attack (D) Ping of death attack
C
If an attacker wants to gather information such as IP address, hostname, ISP, device's location, and the banner of the target IoT device, which of the following types of tools can he use to do so? (A) IoT hacking tools (B) Vulnerability scanning tools (C) Information gathering tools (D) Sniffing tools
C
In order to prevent an illegitimate user from performing a brute force attack, what security mechanism should be implemented to the accounts? (A) Use of strong passwords (B) Use of SSL/TLS (C) Account lockout mechanism (D) Secure boot chain mechanism
C
In which of the following is the original data signal multiplied with a pseudo random noise spreading code? (A) Orthogonal Frequency-division Multiplexing (OFDM) (B) Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM) (C) Direct-sequence Spread Spectrum (DSSS) (D) Frequency-hopping Spread Spectrum (FHSS)
C
In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested? (A) Mutation-based (B) None of the listed answers (C) Protocol-based (D) Generation-based
C
Martha is a network administrator in a company named "Dubrovnik Walls Ltd.". She realizes that her network is under a DDoS attack. After careful analysis, she realizes that a large amount of fragmented packets are being sent to the servers present behind the "Internet facing firewall." What type of DDoS attack is this? (A) Application layer attack (B) SYN flood attack (C) Protocol attack (D) Volume (volumetric) attack
C
Mike works for a company "Fourth Rose Intl." as the sales manager. He was sent to Las Vegas on a business trip to meet his clients. After the successful completion of his meeting, Mike went back to his hotel room, connected to the hotel Wi-Fi network and attended his other scheduled online client meetings through his laptop. After returning back to his office headquarters, Mike connects his laptop to the office Wi-Fi network and continues his work; however, he observes that his laptop starts to behave strangely. It regularly slows down with blue screening from time-to-time and rebooting without any apparent reason. He raised the issue with his system administrator. Some days later, the system administrator in Mike's company observed the same issue in various other computers in his organization. Meanwhile, he has also observed that large amounts of unauthorized traffic from various IP addresses of "Fourth Rose Intl." were directed toward organizational web server. Security division of the company analyzed the network traces and identified that Mike's Laptop's IP address has authorized and initiated other computers in the network to perform DDoS abuse over the organizational web server. They further identified a malicious executable backdoor file on Mike's Laptop that connects to a remote anonymous computer. This remote computer is responsible for sending commands to Mike's Laptop in order to initiate and execute DDoS attack over the organizational web server. In this case, Mike's laptop was part of the _________? (A) IRC attack (B) Command-and-control (C&C) center (C) Botnet attack (D) Bot attack
C
Name the communication model where the IoT devices communicate with the cloud service through gateways? (A) Device-to-cloud communication model (B) Device-to-device communication model (C) Device-to-gateway communication model (D) Back-end data-sharing communication model
C
Out of the following attacks, which attack is a physical attack that is performed on a cryptographic device/cryptosystem to gain sensitive information? (A) DUHK attack (B) MITM attack (C) Side channel attack (D) Hash collision attack
C
Out of the following options, identify the function of the following command performed on a Cisco switch. "switchport port-security mac-address sticky" (A) Configures the maximum number of secure MAC addresses for the port (B) Configures the secure MAC address aging time on the port (C) Adds all secure MAC addresses that are dynamically learned to the running configuration (D) Configures the switch port parameters to enable port security
C
Out of the following, identify the attack that is used for cracking a cryptographic algorithm using multiple keys for encryption. (A) Rainbow Table Attack (B) Side Channel Attack (C) Meet-in-the-middle Attack (D) DUHK Attack
C
Out of the following, which layer is responsible for encoding and decoding data packets into bits? (A) Application layer (B) Session layer (C) Data Link layer (D) Network layer
C
Sarah is facing one of the biggest challenges in her career—she has to design the early warning DDoS detection techniques for her employer. She starts developing the detection technique which uses signal analysis to detect anomalies. The technique she is employing analyzes network traffic in terms of spectral components where she divides the incoming signals into various frequencies and analyzes different. Which DDoS detection technique is she trying to implement? (A) Activity profiling (B) Change-point detection (C) Wavelet-based signal analysis (D) NetFlow detection
C
Secure update server, verify updates before installation, and sign updates are the solutions for which of the following IoT device vulnerabilities? (A) Insecure network services (B) Privacy concerns (C) Insecure software / firmware (D) Insecure cloud interface
C
Siya is using a tool to defend critical data and applications without affecting performance and productivity. Following are the features of the tool: Pre-built, real-time reports that display big-picture analyses on traffic, top applications, and filtered attack events. Permits to see, control, and leverage the rules, shared services, and profiles of all the firewall devices throughout the network. Comprises of in-line, bump-in-the-wire intrusion prevention system with layer two fallback capabilities. Gives an overview of current performance for all HP systems in the network, including launch capabilities into targeted management applications by using monitors. Identify the tool used by Siya- (A) AlienVault® OSSIM™ (B) Zimperium's zIPS™ (C) TippingPoint IPS (D) Wifi Inspector
C
Teyla is a security analyst for BAYARA Company. She is responsible for the firewall, antivirus, IPS, and web filtering security controls. She wants to protect the employees from a new phishing attack.What should Teyla do? (A) Use IPS to block phishing. (B) Block outbound traffic to the ports 80 and 443 in the firewall. (C) Use the web filtering application to prevent the employees from accessing the phishing webpage. (D) Block the phishing via antivirus.
C
WPA2 uses AES for wireless data encryption at which of the following encryption levels? (A) 64 bit and CCMP (B) 128 bit and CRC (C) 128 bit and CCMP (D) 128 bit and TKIP
C
What is the port number used by DNS servers to perform DNS zone transfer? (A) TCP/UDP 135 (B) TCP 139 (C) TCP/UDP 53 (D) UDP 137
C
What is the primary drawback of using Advanced Encryption Standard (AES) algorithm with a 256-bit key to share sensitive data? (A) To get messaging programs to function with this algorithm requires complex configurations. (B) Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication. (C) It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message. (D) It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.
C
Which element of public key infrastructure (PKI) verifies the applicant? (A) Certificate authority (B) Validation authority (C) Registration authority (D) Verification authority
C
Which of the following DoS/DDoS countermeasures strategy can you implement using a honeypot? (A) Mitigating attacks (B) Absorbing attacks (C) Deflecting attacks (D) Degrading services
C
Which of the following SMTP in-built commands tells the actual delivery addresses of aliases and mailing lists? (A) PSINFO (B) VRFY (C) EXPN (D) RCPT TO
C
Which of the following cryptography attack methods is usually performed without the use of a computer? (A) Rainbow table attack (B) Ciphertext-only attack (C) Rubber hose attack (D) Chosen key attack
C
Which of the following describes a component of public key infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations? (A) Recovery agent (B) Key registry (C) Key escrow (D) Directory
C
Which of the following is a common Service Oriented Architecture (SOA) vulnerability? (A) VPath injection (B) SQL injection (C) XML denial of service issues (D) Cross-site scripting
C
Which of the following is a symmetric cryptographic algorithm? (A) PKI (B) DSA (C) 3DES (D) RSA
C
Which of the following is a type of network protocol for port-based network access control (PNAC)? (A) SFTP (B) SSH (C) IEEE 802.1X suites (D) SSL
C
Which of the following is used to connect wireless devices to a wireless/wired network? (A) Bandwidth (B) Hotspot (C) Access point (AP) (D) Association
C
Which of the following networks is used for very long-distance communication? (A) ZigBee (B) Bluetooth (C) WiMax (D) Wi-Fi
C
Which of the following processes of PKI (public key infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations? Certificate revocation (A) Certificate revocation (B) Certificate cryptography (C) Certificate validation (D) Certificate issuance
C
Which of the following short range wireless communication protocol is used for home automation that allows devices to communicate with each other on local wireless LAN? (A) MoCA (B) Cellular (C) Thread (D) VSAT
C
Which of the following steps in enumeration penetration testing serves as an input to many of the ping sweep and port scanning tools for further enumeration? (A) Perform competitive intelligence (B) Perform ARP poisoning (C) Calculate the subnet mask (D) Perform email footprinting
C
Which of the following tool is a DNS Interrogation Tool? (A) NetScan Tools Pro (B) SandCat Browser (C) DIG (D) Hping
C
Which of the following tools can not be used to perform SNMP enumeration? (A) SNScan (B) Nsauditor Network Security Auditor (C) SuperScan (D) SoftPerfect Network Scanner
C
Which of the following tools is used to execute commands of choice by tunneling them inside the payload of ICMP echo packets if ICMP is allowed through a firewall? (A) HTTPTunnel (B) AckCmd (C) Loki (D) Anonymizer
C
Which of the following tools is used to perform a rolling code attack by obtaining the rolling code sent by the victim? (A) HackRF one (B) RIoT vulnerability scanning (C) RF crack (D) Zigbee framework
C
Which of the statements concerning proxy firewalls is correct? (A) Proxy firewalls block network packets from passing to and from a protected network. (B) Firewall proxy servers decentralize all activity for an application. (C) Computers establish a connection with a proxy firewall that initiates a new network connection for the client. (D) Proxy firewalls increase the speed and functionality of a network.
C
Which term is used to refer service announcements provided by services in response to connection requests and often carry vendor's version of information? (A) Scanning phase (B) Port (C) Banner (D) Network discovery phase
C
Which tool would be used to collect wireless packet data? (A) John the Ripper (B) Netcat (C) NetStumbler (D) Nessus
C
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator understand this situation? (A) True positives (B) True negatives (C) False negatives (D) False positives
D
A person approaches a network administrator and wants advice on how to send encrypted e-mail from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend? (A) Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS) (B) IP Security (IPsec) (C) Multipurpose Internet Mail Extensions (MIME) (D) Pretty Good Privacy (PGP)
D
A systems administrator in a small company named "We are Secure Ltd." has a problem with their Internet connection. The following are the symptoms: The speed of the Internet connection is slow (so slow that it is unusable). The router connecting the company to the Internet is accessible and it is showing largeamount of router solicitation messages from neighboring routers even though the router is not supposed to receive any of these messages. What type of attack is this? (A) DDoS (Distributed Denial of Service) (B) MitM (Man in the Middle) (C) DoS (Denial of Service) (D) DRDoS (Distributed Reflected Denial of Service)
D
An attacker has been successfully modifying the purchase price of items purchased on the company's website. The security administrators verify thewebserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price? (A) By utilizing a buffer overflow attack (B) By using SQL injection (C) By using cross site scripting (D) By changing hidden form values
D
An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this? (A) Denial-of-service attack (B) Phishing attack (C) Jamming attack (D) Water hole attack
D
An attacker tries to enumerate the username and password of an account named "rini Mathew" on wordpress.com. On the first attempt, the attacker tried to login as "rini.mathews," which resulted in the login failure message "invalid email or username." On the second attempt, the attacker tried to loginas "rinimathews," which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username "rinimathews" exists. What is the attack that is performed by the attacker? (A) Phishing (B) Man-in-the-middle (C) Brute-forcing (D) Username enumeration
D
Anyone can send an encrypted message to Bob but only Bob can read it. Using PKI, when Alice wishes to send an encrypted message to Bob, she looks up Bob's public key in a directory, uses it to encrypt the message, and sends it off. Bob then uses his private key to decrypt the message and read it. No one listening in can decrypt the message. Thus, although many people may know the public key of Bob and use it to verify Bob's signatures, they cannot discover Bob's private key and use it to forge digital signatures. This is referred to as the principle of: (A) Non-repudiation (B) Asymmetry (C) Symmetry (D) Irreversibility
D
During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability? (A) The web application does not have the secure flag set. (B) The victim user should not have an endpoint security solution (C) The victim's browser must have ActiveX technology enabled. (D) The session cookies do not have the HttpOnly flag set.
D
Eric, a professional hacker, is trying to perform a SQL injection attack on the back-end database system of the InfomationSEC, Inc. During the information gathering process, he identifies that MYSQL server is the back-end database engine used. Eric has tried various SQL injection attack attempts based on the information gathered but all of his attempts failed. Later, he discovered that IPS system is blocking all the SQL injection attack attempts. Eric decided to bypass the IPS using string concatenation IPS evasion technique where he needs to break the SQL query into a number of small pieces and concatenates the SQL query end-to-end. Which of the following string concatenation operator Eric need to use in the SQL query to concatenate the SQL query end-to-end? (A) "+" operator (B) "||" operator (C) "&" operator (D) "concat(,)" operator
D
Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21—no response TCP port 22—no responseTCP port 23—Time-to-live exceeded (A) The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host. (B) The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error. (C) The lack of response from ports 21 and 22 indicate that those services are not running on the destination server. (D) The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.
D
If your web application sets any cookie with a secure attribute, what does this mean? (A) The cookie will not be sent cross-domain (B) The cookie can not be accessed by JavaScript (C) Cookies will be sent cross-domain (D) The client will send the cookie only over an HTTPS connection
D
In order to protect a device against insecure network services vulnerability, which of the following solutions should be implemented? (A) Implement secure password recovery mechanisms (B) End-to-end encryption (C) Enable two-factor authentication (D) Disable UPnP
D
In what way do the attackers identify the presence of layer 7 tar pits? (A) By looking at the IEEE standards for the current range of MAC addresses (B) By looking at the responses with unique MAC address 0:0:f:ff:ff:ff (C) By analyzing the TCP window size (D) By looking at the latency of the response from the service
D
In which of the following attacks does the attacker spoofs the source IP address with the victim's IP address and sends large number of ICMP ECHO request packets to an IP broadcast network? (A) Ping of death attack (B) UDP flood attack (C) SYN flood attack (D) Smurf attack
D
In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data? (A) Generation-based (B) None of the listed answers (C) Protocol-based (D) Mutation-based
D
Manav wants to simulate a complete system and provide an appealing target to push hackers away from the production systems of his organization. By using some honeypot detection tool, he offers typical Internet services such as SMTP, FTP, POP3, HTTP, and TELNET, which appear perfectly normal to attackers. However, it is a trap for an attacker by messing them so that he leaves some traces knowing that they had connected to a decoy system that does none of the things it appears to do; but instead, it logs everything and notifies the appropriate people. Can you identify the tool? (A) Glasswire (B) TinyWall (C) PeerBlock (D) SPECTER
D
Martha is a network administrator in a company named "Dubrovnik Walls Ltd." She realizes that her network is under a DDoS attack. After careful analysis, she realizes that large amounts of UDP packets are being sent to the organizational servers that are present behind the "Internet facing firewall." What type of DDoS attack is this? (A) SYN flood attack (B) Protocol attack (C) Application layer attack (D) Volume (volumetric) attack
D
Martha is a network administrator in company named "Dubrovnik Walls Ltd." She realizes that her network is under a DDoS attack. After careful analysis, she realizes that large amount of HTTP POST requests are being sent to the web servers behind the WAF. The traffic is not legitimate, since the web application requires workflow to be finished in order to send the data with the POST request, and this workflow data is missing. So, What type of DDoS attack is this? (A) Volume (volumetric) attack (B) SYN flood attack (C) Protocol attack (D) Application layer attack
D
Michel, a professional hacker, is trying to perform an SQL injection attack on the MS SQL database system of the CityInfo, Inc. by bypassing the signature-based IDS. He tried various IDS evasion techniques and finally succeeded with one where he breaks the SQL query into a number of small pieces and uses the + sign to join SQL query end to end.Which of the following IDS evasion techniques he uses to bypass the signature-based IDS? (A) Char encoding (B) URL encoding (C) Hex encoding (D) String concatenation
D
Name an attack where an attacker interrupts communication between two devices by using the same frequency signals on which the devices are communicating. (A) Side channel attack (B) Replay attack (C) Man-in-the-middle attack (D) Jamming attack
D
Name an attack where the attacker connects to nearby devices and exploits the vulnerabilities of the Bluetooth protocol to compromise the device? (A) Rolling code attack (B) Jamming attack (C) DDoS attack (D) BlueBorne attack
D
Out of the following, which is not an active sniffing technique? (A) Switch port stealing (B) Spoofing attack (C) MAC flooding (D) Domain snipping
D
The DDoS tool created by anonymous sends junk HTTP GET and POST requests to flood the target, and its second version of the tool (the first version had different name) that was used in the so-called Operation Megaupload is called _______. (A) Dereil (B) BanglaDOS (C) Pandora DDoS (D) HOIC
D
What is the default port used by IPSEC IKE protocol? (A) Port 4500 (B) Port 50 (C) Port 51 (D) Port 500
D
Which command lets a tester enumerate live systems in a class C network via ICMP using native Windows tools? (A) for %V in (1 1 255) do PING 192.168.2.%V (B) ping 192.168.2.255 (C) ping 192.168.2. (D) for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"
D
Which evasion technique is used by attackers to encode the attack packet payload in such a way that the destination host can only decode the packet but not the IDS? (A) Unicode Evasion (B) Fragmentation Attack (C) Session splicing (D) Obfuscation
D
Which of the following IoT architecture layers consists of all the hardware parts like sensors, RFID tags, readers or other soft sensors, and the device itself? (A) Internet layer (B) Middleware layer (C) Application layer (D) Edge technology layer (E) Access gateway layer
D
Which of the following IoT technology components collects data that undergoes data analysis, from the gateway? (A) IoT gateway (B) Sensing technology (C) Remote control using mobile app (D) Cloud server/data storage
D
Which of the following availability attacks involve exploiting the CSMA/CA Clear Channel Assessment (CCA) mechanism to make a channel appear busy? (A) Beacon Flood (B) Routing Attack (C) Authenticate Flood (D) Denial-of-Service
D
Which of the following countermeasures helps in defending against WPA/WPA2 cracking? (A) Avoid using public Wi-Fi networks (B) Make sure to enable two factor authentication (C) Change the default SSID after WLAN configuration (D) Select a random passphrase that is not made up of dictionary words
D
Which of the following firewalls is used to secure mobile device? (A) TinyWall (B) Comodo firewall (C) Glasswire (D) NetPatch firewall
D
Which of the following is a characteristic of public key infrastructure (PKI)? (A) Public-key cryptosystems are faster than symmetric-key cryptosystems. (B) Public-key cryptosystems do not provide technical nonrepudiation via digital signatures. (C) Public-key cryptosystems do not require a secure key distribution channel. (D) Public-key cryptosystems distribute public-keys within digital signatures.
D
Which of the following is a defense technique for MAC spoofing used in switches that restricts the IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database? (A) DHCP snooping binding table (B) Authentication, authorization, and accounting (AAA) (C) Dynamic ARP inspection (D) P Source Guard
D
Which of the following is a web application that does not have the secure flag set and that is implemented by OWASP that is full of known vulnerabilities? (A) WebScarab (B) WebBugs (C) VULN_HTML (D) WebGoat
D
Which of the following is an attack detection technique that monitors the network packet's header information? This technique also determines the increase inoverall number of distinct clusters and activity levels among the network flow clusters? (A) Ping of death attack (B) Sequential Change-point detection (C) Wavelet-based signal analysis (D) Activity profiling
D
Which of the following is considered as a quality checking and assurance technique used to identify coding errors and security loopholes in web applications? (A) Session Hijacking (B) Hash Stealing (C) Sandboxing (D) Fuzz Testing
D
Which of the following is not an action present in Snort IDS? (A) Alert (B) Log (C) Pass (D) Audit
D
Which of the following is used to detect bugs and irregularities in web applications? (A) Generation-based fuzz testing (B) Mutation-based fuzz testing (C) Protocol-based fuzz testing (D) Source code review
D
Which of the following protocols is not vulnerable to sniffing? (A) Hyper Text Transfer Protocol (HTTP) (B) Telnet and Rlogin (C) Post Office Protocol (POP) (D) Secure Sockets Layer (SSL)
D
Which of the following protocols is responsible for synchronizing clocks of networked computers? (A) DNS (B) LDAP (C) SMTP (D) NTP
D
Which of the following protocols provides reliable multiprocess communication service in a multinetwork environment? (A) UDP (B) SNMP (C) SMTP (D) TCP
D
Which of the following tools can be used to perform LDAP enumeration? (A) Nsauditor Network Security Auditor (B) SuperScan (C) SoftPerfect Network Scanner (D) JXplorer
D
Which of the following tools is not a NetBIOS enumeration tool? (A) SuperScan (B) Hyena (C) NetScanTools Pro (D) OpUtils
D
Which of the following windows utilities allow an attacker to perform NetBIOS enumeration? (A) SetRequest (B) GetRequest (C) ntpdate (D) nbtstat
D
Which technology do SOAP services use to format information? (A) ISDN (B) SATA (C) PCI (D) XML
D
Which of the following is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards? (A) 802.11n (B) 802.11i (C) 802.11d (D) 802.11e
V