CEH Study Guide Merged
An NMAP scan of a server shows port 25 is open. What risk could this pose? (A) Active Mail Relay (B) Web portal data leak (C) Open printer sharing (D) Clear text authentication
A
In which of the following attacks, does an attacker divert a user to a spoofed website by poisoning the DNS server or the DNS cache on the user's system? (A) DNS Poisoining (B) Cybersquating (C) Domain Hijacking (D) Domain Snipping
A
Network-level session hijacking attacks ____________ level protocols. (A) Transport and internet level protocols (B) Application level protocols (C) Network or Internet level protocols (D) Data link level protocols
A
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? (A) nessus & (B) nessus + (C) nessus -d (D) nessus *s
A
Out of the following RFCrack commands, which command is used by an attacker to perform jamming? (A) python RFCrack.py -j -F 314000000 (B) python RFCrack.py -i (C) python RFCrack.py -r -U "-75" -L "-5" -M MOD_2FSK -F 314350000 (D) python RFCrack.py -r -M MOD_2FSK -F 314350000
A
Out of the following, which network-level session hijacking technique is useful in gaining unauthorized access to a computer with the help of a trusted host's IP address? (A) IP Spoofing: Source Routed Packets (B) TCP/IP Hijacking (C) UDP Hijacking (D) Bling Hijacking
A
Passive reconnaissance involves collecting information through which of the following? (A) Publicly Accessible Sources (B) Trace-route analysis (C) Social Engineering (D) Email tracking
A
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations? (A) Cain and Abel (B) Hping (C) John the Ripper (D) Nikto
A
Posing as an authorized AP by beaconing the WLAN's SSID to lure users is known as __________. (A) Evil Twin AP (B) Masquerading (C) Man-in-the-Middle Attack (D) Honeypot Access Point
A
Robert is a user with a privileged account and he is capable of connecting to the database. Rock wants to exploit Robert's privilege account. How can he do that? (A) Access the database and perform malicious activities at the OS level (B) Reject entries that contain binary data, escape sequences, and comment characters (C) Use the most restricive SQL account types for applications (D) Design the code in such a way it traps and handles exceptions appropriatley
A
Robert, a penetration tester is trying to perform SQL penetration testing on the SQL database of the company to discover coding errors and security loopholes. Robert sends massive amounts of random data to the SQL database through the web application in order to crash the web application of the company. After observing the changes in the output, he comes to know that web application is vulnerable to SQL injection attacks. Which of the following testing techniques is Robert using to find out the loopholes? (A) Fuzzing Testing (B) Stored Procedure Injection (C) Out of Band Explotation (D) Alternate Encodings
A
SQL injection attacks do not exploit a specific software vulnerability; instead they target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. (A) True (B) False
A
Sarah is facing one of the biggest challenges in her career—she has to design the early warning DDoS detection techniques for her employer. She starts with the network analysis and detection of an increase in activity levels and analyzing the network flows (focusing on network's packet header information). Her idea is to try to spot the increase in specific traffic, which is above normal traffic rate for this specific network flow. Which DDoS detection technique is she trying to implement? (A) Activity profiling (B) NetFlow detection (C) Change-point detection (D) Wavelet-based signal analysis
A
Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method? (A) Passwords stored using hashes are nonreversible, making finding the password much more difficult. (B) Hashing is faster when compared to more traditional encryption algorithms. (C) It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained. (D) If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.
A
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses__________________? (A) The same key on each end of the transmission medium (B) Multiple keys for non-repudiation of bulk data (C) Bulk encryption for data transmission over fiber (D) Different keys on both ends of the transport medium
A
The security analyst for Danels Company arrives this morning to his office and verifies the primary home page of the company. He notes that the page has the logo of the competition and writings that do not correspond to the true page. What kind of attack do the observed signals correspond to? (A) Defacement (B) DDoS (C) Phishing (D) Http Attack
A
Thomas is a cyber thief trying to hack Bluetooth-enabled devices at public places. He decided to hack Bluetooth-enabled devices by using a DoS attack. He started sending an oversized ping packet to a victim's device, causing a buffer overflow and finally succeeded. What type of Bluetooth device attack is Thomas most likely performing? (A) Bluesmacking (B) Bluejacking (C) Blue Snarfing (D) Bluebugging
A
What is the correct order of phases of social engineering attack? (A) Research on target company → selecting target → develop the relationship → exploit the relationship (B) Selecting target → develop the relationship → research on target company→ exploit the relationship (C) Develop the relationship → research on target company → selecting target → exploit the relationship (D) Selecting target → research on target company → develop the relationship → exploit the relationship
A
What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack? (A) Injecting parameters into a connection string using semicolons as a separator (B) Inserting malicious Javascript code into input parameters (C) Adding multiple parameters with the same name in HTTP requests (D) Setting a user's session identifier (SID) to an explicit known value
A
When a person (or software) steals, can calculate, or can guess part of the communication channel between client and the server application or protocols used in the communication, he can hijack the ______. (A) Session (B) Channel (C) TCP protocol (D) UDP protocol
A
Which of the following attacks allows an attacker to access sensitive information by intercepting and altering communications between an end user and webservers? (A) Man-in-the-middle attack (B) DoS attack (C) Directory Traversal attack (D) HTTP response splitting attack
A
Which of the following categories of security controls strengthens the system against incidents by minimizing or eliminating vulnerabilities? (A) Preventive Controls (B) Corrective Controls (C) Deterrent Controls (D) Detective Controls
A
Which of the following command is used to set the maximum number of secure MAC addresses for the interface on a Cisco switch? (A) switchport port-security maximum 1 vlan access (B) snmp-server enable traps port-security trap-rate 5 (C) switchport port-security violation restrict (D) switchport port-security aging time 2
A
Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? (A) Configure IIS (B) Implement VPN (C) TCP/IP and IPSec (D) Configure Web Servers
A
Which of the following firewall solution tool has the following features: ● Two-way firewall that monitors and blocks inbound as well as outbound traffic ● Allows users to browse the web privately ● Identity protection services help to prevent identity theft by guarding crucial data of the users. It also offers PC protection and data encryption ● Through Do Not Track, it stops data-collecting companies from tracking the online users ● Online Backup to backs up files and restores the data in the event of loss, theft, accidental deletion or disk failure (A) ZoneAlarm PRO FIREWALL 2018 (B) Vangaurd Enforcer (C) zIPS (D) Wifi Inspector
A
Which of the following information is collected using enumeration? (A) Network resources, network shares, and machine names. (B) Email Recipient's system IP address and geolocation. (C) Open ports and services. (D) Operating systems, location of web servers, users and passwords.
A
Which of the following insider threat is caused due to the employee's laxity toward security measures, policies, and practices? (A) Negligent insider (B) Compromised insider (C) Professional insider (D) Malicious insider
A
Which of the following involves injection of malicious code through a web application? (A) Command Injection (B) SQL Injection (C) Shell Injection (D) LDAP Injection
A
Which of the following is NOT a type of DDoS attack? (A) Phishing attack (B) Volume (volumetric) attack (C) Protocol attack (D) Application layer attack
A
Which of the following is a generic exploit designed to perform advanced attacks against human elements to compromise a target to offer sensitive information? (A) Social-engineer toolkit (SET) (B) Wireshark (C) Cain and Abel (D) NetScanTools Pro
A
Which of the following is considered an acceptable option when managing a risk? (A) Mitigate the risk (B) Deny the risk (C) Reject the risk (D) Initiate the risk
A
Which of the following malware types restricts access to the computer system's files and folders, and demands a payment to the malware creator(s) in order to remove the restrictions? (A) Ransomeware (B) Trojan Horse (C) Adware (D) Spyware
A
Which of the following mechanisms should be incorporated into the cloud services to facilitate networks and resources to improve the response time of a job with maximum throughput? (A) Load Balancing (B) Encryption mechanism (C) Two-factor authentication (D) Lockout mechanism
A
Which of the following parameters enables NMAP's operating system detection feature? (A) NMAP =O (B) NMAP -oS (C) NMAP -sV (D) NAMP -sC
A
Which of the following processes allows Android users to attain privileged control within Android's subsystem? (A) Rooting (B) Warchalking (C) Jailbreaking (D) Wardriving
A
Which of the following refers to a policy allowing an employee to bring his or her personal devices such as laptops, smartphones, and tablets to the workplace and using them for accessing the organization's resources as per their access privileges? (A) BYOD (B) Social Engineering (C) Phishing (D) Spear-Phishing
A
Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity? (A) Reduce parallel connections on congestion (B) Consider unscanned ports as closed (C) Netstat WMI Scan (D) Silent Dependencies
A
Which of the following technique defends servers against blind response forgery? (A) UDP source port randomization (B) Removal of carriage returns (CRs) and linefeeds (LFs) (C) Restriction of web application access to unique IPs (D) Disallow carriage return (%0d or \r) and line feed (%0a or \n) characters
A
Which of the following technique is used to gather information about the target without direct interaction with the target? (A) Passive Footprinting (B) Enumeration (C) Active Footprinting (D) Scanning
A
Which of the following techniques is used to detect rogue APs? (A) RF Scanning (B) Passphrases (C) AES/CCMP encryption (D) Non-discoverable mode
A
Which of the following windows service vulnerability does the WannaCry ransomware exploit during the attack on any windows machine? (A) SMB (B) DNS (C) SMTP (D) SNMP
A
Select all correct answers. To defend against SQL injection, a developer needs to take proper actions in configuring and developing an application. Select all correct statements that help in defending against SQL injection attacks. (divide answers with comma and space) (A) Avoid constructing dynamic SQL with concatenated Input values (B) Ensure that the Web configuration files for each application do not contain sensitive information (C) Keep untrusted data separate from commands and queries (D) Apply input validation only on the client side
A, B
Sniffers work at which of the following open systems interconnect (OSI) layers? (A) Transport layer (B) Data link layer (C) Presentation layer (D) Application layer
B
Which of the following protocols uses TCP or UDP as its transport protocol over port 389? (A) SMTP (B) LDAP (C) SIP (D) SNMP
B
Which of the following ransomware is a dreadful data-encrypting parasite that not only infects the computer system but also has the ability to corrupt data on unmapped network shares? (A) Peta-NotPetya (B) Locky (C) Mischa (D) WannaCry
B
Which of the following command is used by the attackers to query the ntpd daemon about its current state? (A) ntptrace (B) ntpdc (C) ntpq (D) ntpdate
B Explanation:ntpdate: This command collects the number of time samples from a number of time sources ntptrace: This command determines from where the NTP server gets time and follows the chain of NTP servers back to its prime time source ntpdc: This command queries the ntpd daemon about its current state and requests changes in that state ntpq: This command monitors NTP daemon ntpd operations and determine performance
A penetration tester is attempting to scan an internal corporate network from the Internet without alerting the border sensor. Which of the following techniques should the tester consider using? (A) Scanning using fragmented IP packets (B) Tunneling over high port numbers (C) Tunneling scan over SSH (D) Spoofing an IP address
C
Name the communication model where the IoT devices communicate with the cloud service through gateways? (A) Device-to-cloud communication model (B) Device-to-device communication model (C) Device-to-gateway communication model (D) Back-end data-sharing communication model
C
Which element of public key infrastructure (PKI) verifies the applicant? (A) Certificate authority (B) Validation authority (C) Registration authority (D) Verification authority
C
Which of the following networks is used for very long-distance communication? (A) ZigBee (B) Bluetooth (C) WiMax (D) Wi-Fi
C
Which protocol defines the payload formats, types of exchange, and naming conventions for security information such as cryptographic algorithm or security policies. Identify from the following options. (A) AH (B) ESP (C) DOI (D) ISAKMP
C
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use? (A) -sT (B) -sS (C) -sU (D) -sn
D
An attacker injects the following SQL query: blah" AND 1=(SELECT COUNT(*) FROM mytable); What is the intention of the attacker? (A) Updating Table (B) Adding New Records (C) Deleting a Table (D) Identifying the Table Name
D
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job? (A) Begin the reconnaissance phase with passive information gathering and then move into active information gathering (B) Start by foot-printing the network and mapping out the plan of attack (C) Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack (D) Define the penetration testing scope
D
During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with a local system account. How can this weakness be exploited to access the system? (A) Using the Metasploit psexec module setting the SA/admin credential (B) Invoking the stored procedure xp_shell to spawn a Windows command shell (C) Invoking the stored procedure cmd_shell to spawn a Windows command shell (D) Invoking the stored procedure xp_cmdshell to spawn a Windows command shell
D
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining (A) Financial soundness and business viability metrics (B) Standard practice for configuration mangement (C) Contract agreement writing standards (D) Guidelines and practices for security controls
D
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? (A) NMAP -P0 -A -O -p1-65535 192.168.0/24 (B) NMAP -PN -O -sS -p 1-1024 192.168.0/8 (C) NMAP -P0 -A -sT -p0-65535 192.168.0/16 (D) NMAP -PN -A -O -sS 192.168.2.0/24
D
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? (A) ICMP ping sweep to determine which hosts on the network are not available (B) Traceroute to control the path of the packets sent during the scan (C) Fingerprinting to identify which operating systems are running on the network (D) Timing options to slow the speed that the port scan is conducted
D
Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)? (A) Base Metrics (B) Environmental Metrics (C) Temporal Metrics (D) Active Metrics
D
Which assessment focuses on transactional Web applications, traditional client-server applications, and hybrid systems? (A) Wireless network assessment (B) Passive assessment (C) Active assessment (D) Application assessment
D
A Company called "We are Secure Ltd." has a router that has eight I/O ports, of which, the port one is connected to WAN and the other seven ports are connected to various internal networks. Network Administrator has observed a malicious DoS activity against the router through one of the eight networks. The DoS attack uses 100% CPU utilization and shuts down the Internet connection. The systems administrator tried to troubleshoot the router by disconnect ports one-by-one in order to identify the source network of the DoS attack. After disconnecting port number 6, the CPU utilization normalized and Internet connection resumes. With this information complete the system administrator came to a conclusion that the source of the attack was from _______________ network. (A) Local Area network (LAN) (B) Campus Area Network (CAN) (C) Wide Area Network (WAN) (D) Metropolitan Area Network (MAN)
A
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? (A) Set type=ns (B) Request type=ns (C) Transfer type=ns (D) Locate type=ns
A
A hacker was able to sniff packets on a company's wireless network. The following information was discovered: the Key 10110010 01001011 and the Ciphertext 01100101 01011010. (A) 11010111 00010001 (B) 00101000 11101110 (C) 11110010 01011011 (D) 00001101 10100100
A
A network administrator wants to configure port security on a Cisco switch. Which of the following command helps the administrator to enable port security on an interface? (A) switchport port-security (B) switchport port-security aging time 2 (C) switchport port-security aging type inactivity (D) switchport port-security maximum 1
A
A newly discovered flaw in a software application would be considered as which kind of security vulnerability? (A) Zero-day vulnerability (B) Input validation flaw (C) HTTP header injection vulnerability (D) Time-to-check to time-to-use flaw
A
A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? (A) Finding the top-level domains (TLDs) and sub-domains of a target through web services (B) Querying published name servers of the target (C) Performing social engineering (D) Performing trace-route analysis
A
A security administrator is looking for a patch management tool which scans the organization's network and manages security and non-security patches. Which of the following patch management tool, he/she can use in order to perform the required task? (A) GFI LanGuard (B) Netscan Pro (C) Nikto (D) Burp Suite
A
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work, so the consultant prints out several audits that they have performed for previous companies. Which of the following is likely to occur as a result? (A) The consultant may expose vulnerabilities of other companies. (B) The consultant will ask for money on the bid because of the great work (C) The company accepting bids will hire the consultant because of the great work performed (D) The company accepting bids will want the same type of format of testing
A
A systems administrator in a small company named "We are Secure Ltd." has a problem with their Internet connection. The following are the symptoms: the speed of the Internet connection is slow (so slow that it is unusable). The router connecting the company to the Internet is accessible and it is showing a large amount of SYN packets flowing from one single IP address. The company's Internet speed is only 5 Mbps, which is usually enough during normal working hours. What type of attack is this? (A) DoS (B) DDoS (C) DRDoS (D) MitM
A
A tester has been hired to perform source code review of a web application to detect SQL injection vulnerabilities. As part of the testing process, he needs to get all the information about the project from the development team. During the discussion with the development team, he comes to know that the project is in the initial stage of the development cycle. As per the above scenario, which of the following processes does the tester need to follow in order to save the company's time and money? (A) The tester needs to perform static code analysis as it covers the structural and statement coverage testing (B) The tester needs to perform static code analysis as it covers the executable file of the code (C) The tester needs to perform dynamic code analysis as it uncovers bugs in the software system (D) The tester needs to perform dynamic code analysis as it finds and fixes the defects
A
An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file? (A) Chosen plain-text attack (B) Timing attack (C) Replay attack (D) Memory trade-off attack
A
An attacker identified that port 139 on the victim's Windows machine is open and he used that port to identify the resources that can be accessed or viewed on the remote system. What is the protocol that allowed the attacker to perform this enumeration? (A) NetBIOS (B) SMTP (C) SNMP (D) LDAP
A
An attacker is using session hijacking on the victim system to perform further exploitation on the target network. Identify the type of attacks an attacker can perform using session hijacking? (A) Sniffing (B) Piggybacking (C) Dumpster Diving (D) Tailgating
A
An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host. Which of the following Hping commands he/she needs to use to gather the required information? (A) hping3 <Target IP> -Q -p 139 -s (B) hping3 -F -P -U 10.0.0.25 -p 80 (C) hping3 -A <Target IP> -p 80 (D) hping3 -S <Target IP> -p 80 --tcp-timestamp
A
An attacker uses the following SQL query to perform an SQL injection attack SELECT * FROM users WHERE name = '' OR '1'='1'; Identify the type of SQL injection attack performed. (A) Tautology (B) Illegal/Logically Incorrect Query (C) UNION SQL Injection (D) End-of-Line Comment
A
An attacker wants to exploit a target machine. In order to do this, he needs to identify potential vulnerabilities that are present in the target machine. What tool should he use to achieve his objective? (A) Nessus (B) Hydra (C) Netcraft (D) HTTrack
A
An ethical hacker is performing penetration testing on the target organization. He decided to test the organization's network to identify the systems running in promiscuous mode. Identify the tool that the ethical hacker needs to employ? (A) Nmap (B) FOCA (C) Recon-ng (D) FaceNiff
A
Analyze the following image and answer the question: https://gyazo.com/1eb2641c940e64de428357d6f2d224f4 This is the end result of what type of attack? (A) XSS (Cross-Site Scripting) (B) Session Fixation (C) CSRF (Cross-site request forgery) (D) this is normal HTTP communication
A
Cristine is the CEO of a global corporation that has several branch offices around the world. The company employs over 300 workers, half of whom use computers. Recently, the company suffered from a ransomware attack that disrupted many services, and many people have written to Cristine with questions about why it happened. She asks Edwin, the systems administrator, about servers that have encrypted information. Edwin explains to Cristine that the servers have a screen asking about bitcoins to pay to decrypt the information, but he does not know why. What team does the company lack? (A) CSIRT (B) Vulnerability Management Team (C) Administrators Team (D) Unencrypt Team
A
Detective security controls detect and react appropriately to the incidents that happen on the cloud system. Which of the following is an example of detective security controls? (A) Employing IDSs and IPSs (B) Identifying warning sign on the fence (C) Implementing strong authentication mechanism (D) Restoring system Backups
A
Don Parker, a security analyst, is hired to perform a DoS test on a company. Which of the following tools can he successfully utilize to perform this task? (A) Hping3 (B) Recon-ng (C) N-Stalker (D) Cain and +
A
During a penetration test, Marin exploited a blind SQLi and exfiltrated session tokens from the database. What can he do with this data? (A) Marin can do Session hijacking (B) Marin can do SQLi (SQL injection) (C) Marin can do XSS (Cross-site scripting) (D) Marin can do CSRF (Cross-Site Request Foregery
A
During the penetration testing in company "Credit Cards Rus Ltd." Marin was using the sslstrip tool in order to sniff HTTPS traffic. Knowing that HTTPS traffic is encrypted and cannot be sniffed normally, explain the reason why it is possible to see the traffic in cleartext. (A) Sslstrip tool is exploiting user behavior and if a user does not type https:// in front of the link, and the website has redirection from HTTP to HTTPS, it will intercept HTTP 302 redirection and send the user exactly what the user asked for, i.e. HTTPsite (B) Sslstrip tool is exploiting an older or in HTTP protocol, allowing it to gracefully decrypt http traffic by intercepting HTTP 403 denied messages and sending user HTTP 200 OK messages (C) Sslstrip tool is exploiting certificate signing and it is sending its own certificate instead of the original one, allowing for the traffic to be easily decrypted (D) Sslstrip tool is exploiting network bug, which allows it to decrypt HTTPS protocols (TLS and SSL) by sending gratuitous ARP packets to all the nodes on the network
A
During the penetration testing of e-banking application, Marin is using burp to analyze the traffic. Unfortunately intercepting the traffic between the website and the browser that Marin is testing does not work with his burp installation. Website is using HSTS (HTTP Strict Transport Security). What can Marin do to fix this issue? (A) Marin has to install burp certificate into trusted CA's in order to intercept the traffic between website and the browser is protected with HSTS. He can do that by configuring the web browser with burp as the proxy server and then navigating to https://burp website. There he has to download burp CA certificate and install it in browser trust pool. (B) Marin has to install burp certificate into trusted CA's in order to intercept the traffic between the website protected with HSTS. He can do that automatically by navigating to https://burp website (C) Marin has to install burp certificate into trusted CA's in order to intercept the traffic between the website protected with HSTS. He can do that automatically by configuring web browser with burp as the proxy server and then navigating to https://burp website (D) That's impossible. HSTS prevents any type of MitM or traffic analysis+
A
During the penetration testing of the MyBank public website, Marin discovered a credit/interest calculator running on server side, which calculates a credit return plan. The application accepts the following parameters: amount=100000&duration=10&scale=month Assuming that parameter amount is the amount of credit, the user is calculating the interest and credit return plan (in this case for 100,000 USD), parameter duration is the timeframe the credit will be paid off, and scale defines how often the credit rate will be paid (year, month, day, ...). How can Marin proceed with testing weather this web application is vulnerable to DoS? (A) Change the parameter duration to a large number and change scale value to "day" and resend the packet few times to observe the delay. (B) Change the parameter duration to a small number and leave scale value on "month" and resend the packet few times to observe the delay. (C) Change the parameter duration to a small number and change scale value to "day" and resend the packet few times to observe the delay. (D) Leave the parameter duration as is and change the scale value to "year" and resend the packet few times to observe the delay.
A
During the penetration testing, Marin identified a web application that could be exploited to gain the root shell on the remote machine. The only problem was that in order to do that he would have to know at least one username and password usable in the application. Unfortunately, guessing usernames and brute-forcing passwords did not work. Marin does not want to give up his attempts. Since this web application,was being used by almost all users in the company and was using http protocol, so he decided to use Cain & Abel tool in order to identify at least one username and password. After a few minutes, the first username and password popped-up and he successfully exploited the web application and the physical machine. What type of attack did he use in order to find the username and password to access the web application? (A) ARP spoofing (B) DNS spoofing (C) TCP protocol hijacking (D) UDP protocol hijacking
A
Fill in the blank._________ is the art of collecting information about Bluetooth enabled devices such as manufacturer, device model and firmware version. (A) BluePrinting (B) Bluejacking (C) Bluebugging (D) BlueSniff
A
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. A competitor learns that employees use their own personal smartphones to communicate with other employees of Highlander, Incorporated. Which information security attack vector should the competitor use to gather information over a long period of time from the phones, without the victim being aware that he or she has been compromised? (A) Advanced Persistent Threat (B) Mobile Threats (C) Viruses and worms (D) Botnet
A
How does an attacker perform a "social engineered clickjacking" attack? (A) By injecting malware into legitimate-looking websites to trick users by clicking them (B) By mimicking legitimate institutions, such as banks, in an attempt to steal passwords and credit card (C) By exploiting flaws in browser software to install malware merely by visiting a website (D) By attaching a malicious file to an e-mail and sending the e-mail to a multiple target address
A
Identify the Trojan which exhibits the following characteristics: - Login attempts with 60 different factory default username and password pairs - Built for multiple CPU architectures (x86, ARM, Sparc, PowerPC, Motorola) - Connects to CnC to allows the attacker to specify an attack vector Increases bandwidth usage for infected bots - Identifies and removes competing malware (A) Mirai (B) PlugBot (C) Windigo (D) Ramnit
A
Identify the reason why Web Applications are vulnerable to SQL injection attacks? (A) Error messages reveal important information (B) Tests the content of string variables and accept onyl expected values (C) Reject entries that contain binary data, escape sequences, and comment characters (D) Avoid constructing dynamic SQL with concatenated input values
A
Identify the services provided by the application layer of the cloud security control model? (A) SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec (B) DLP, CMF, Database Activity Monitoring, Encryption (C) Physical Plant Security, CCTV, Guards (D) Hardware and software RoT and API's
A
If a threat detection software installed in any organization network either does not record the malicious event or ignores the important details about the event, then what kind of vulnerability is it? (A) Insufficient Logging and Monitoring (B) Broken Access Control (C) Security Misconfiguration (D) Sensitive Data Exposure
A
If an attacker compromises a DNS server and changes the DNS settings so that all the requests coming to the target webserver are redirected to his/her own malicious server, then which attack did he perform? (A) DNS server hijacking (B) DoS attack (C) DNS aplification attack (D) HTTP response splitting attack
A
If an attacker wants to reconstruct malicious firmware from a legitimate firmware in order to maintain access to the victim device, which of the following tools can he use to do so? (A) Firmware Mod Kit (B) RFCrack (C) RIoT Vulnerability Scanner (D) Zigbee Framework
A
In order to avoid data loss from a Mobile device, which of following Mobile Device Management security measures should you consider? (A) Perform periodic backup and synchronization (B) Encrypt storage (C) Configure Application certification rules (D) Enable Remote Management
A
In which of the following a?acks is the prac?ce of spying on the user of a cash-dispensing machine or other electronic device performed in order to obtain their personal identification number, password, and so on? (A) Shoulder Surfing (B) Tailgating (C) Piggybacking (D) Dumpster Diving
A
In which of the following attacks does an attacker use a malicious script to exploit poorly patched vulnerabilities in an IoT device? (A) Exploit kits (B) Side channel attack (C) Sybil attack (D) Replay attack
A
In which of the following attacks does an attacker use multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks? (A) Sybil attack (B) Rolling code attack (C) DoS attack (D) Replay attack
A
In which of the following attacks, can an attacker obtain ciphertexts encrypted under two different keys and gather plaintext and matching ciphertext? (A) Related-key attack (B) Chosen-plaintext attack (C) Ciphertext-only attack (D) Adaptive chosen-plaintext attack
A
In which phase of a social engineering attack does an attacker indulges in dumpster diving? (A) Research on target (B) Develop the relationship (C) Selecting target (D) Exploit the relationship
A
InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? (A) Trying to attempt social engineering by dumpster diving (B) Trying to attempt social engineering by shoulder surfing (C) Trying to attempt social engineering by eavesdropping (D) Trying to attempt social engineering using phishing
A
Ivan works as security consultant at "Ask Us Intl." One of his clients is under a large-scale protocol-based DDoS attack, and they have to decide how to deal with this issue. They have some DDoS appliances that are currently not configured. They also have a good communication channel with providers, and some of the providers have fast network connections. In an ideal scenario, what would be the best option to deal with this attack. Bear in mind that this is a protocol-based DDoS attack with at least 10 000 bots sending the traffic from the entire globe! (A) Block the traffic at the provider level (B) Absorb the attack at the provider level (C) Filter the traffic at the company Internet facing routers (D) Absorb the attack at the client site
A
Jacob Hacker wants to infect the network of a competitor with a worm virus. He sets the worm to autoexecute and loads 50 copies of the worm onto 50 separate USB drives. He drives to the competitor's campus and drops the USB keys at various locations around the campus. He waits for random employees to pick it up and who might check to see what is on them by plugging them into their computer. Once an employee has inserted the key, the worm autoexecutes and the network is infected. What type of attack is described here? (A) Social Engineering (B) Distributed Denial-of-Service (DDoS) attack (C) Brute force attack (D) Virus attack
A
James has published personal information about all senior executives of Essential Securities Bank on his blog website. He has collected all this information from multiple social media websites and publicly accessible databases. What is this known as? (A) Doxing (B) Impersonation (C) Phishing (D) Social Engineering
A
John is a pen tester working with an information security consultant based in Paris. As part of a penetration testing assignment, he was asked to perform wireless penetration testing for a large MNC. John knows that the company provides free Wi-Fi access to its employees on the company premises. He sets up a rogue wireless access point with the same SSID as that of the company's Wi-Fi network just outside the company premises. He sets up this rogue access point using the tools that he has and hopes that the employees might connect to it. What type of wireless confidentiality attack is John trying to do? (A) Evil Twin AP (B) KRACK Attack (C) War Driving (D) WEP Cracking
A
Jonathan, a solutions architect with a start-up, was asked to redesign the company's web infrastructure to meet the growing customer demands. He proposed the following architecture to the management: https://gyazo.com/3b8ed7f1d417d0e376bb4a7facd7f854 What is Jonathan's primary objective? (A) Ensuring high availability (B) Ensuring confidentiality of the data (C) Ensuring integrity of the application servers (D) Proper user authentication
A
Jose sends a link to the employee of a target organization, falsely claiming to be from a legitimate site in an attempt to acquire his account information. Identify the attack performed by Jose? (A) Phishing (B) Impersonation (C) Vishing (D) Eavesdropping
A
Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to show the results to his boss. What kind of role is shown in the scenario? (A) Gray Hat hacker (B) White Hat hacker (C) Annoying Employee (D) Black Hat hacker
A
Luka is a black hat hacker trying to compromise a victim's computer session. The attack he is trying to do is called stored XSS, and he is expecting to see an active user's session tokens in his web server logs. The command that Luka is using is given below: (A) Java is case sensitive AND script tag is not used properly (B) Not using script tag properly (C) This is JavaScript, and Java is a case sensitive language (D) Everything is OK
A
Marin is performing penetration testing on the target organization. He discovered some vulnerabilities in the organization's website. He decided to insert malicious JavaScript code into a vulnerable dynamic web page to collect information such as credentials, cookies, etc. Identify the attack performed by Marin? (A) Cross-site Scripting Attack (B) Cross-site Request Forgery Attack (C) Session Replay Attack (D) Man-in-the-Browser Attack
A
Marin is using the mitmf tool during a penetration test and after few minutes this is what pops up on the screen. https://gyazo.com/f236b38e6142c7a952aaeb131b191dbf A few seconds later though, the hash is different. https://gyazo.com/1a8ef848907300ff5af44c0d94de9a75 (A) This is Microsoft NTLMv2 hash—it's salted, so it will be different for every new request. (B) This is Microsoft NTLMv2 hash. It's different because this is another user accessing the website. (C) This is Microsoft NTLMv2 hash. It's different because user is visiting another website. Each website will have its own unique hash. (D) This is Microsoft NTLMv2 hash. It's different because user changed the password in the meantime
A
Marin was using sslstrip tool for many years against most of the websites, like Gmail, Facebook, Twitter, etc. He was supposed to give a demo on internet (in)security and wanted to show a demo where he can intercept 302 redirects between his machine and Gmail server. But unfortunately it does not work anymore. He tried the same on Facebook and Twitter and the result was the same. He then tried to do it on the company OWA (Outlook Web Access) deployment and it worked! He now wants to use it against Gmail in his demo because CISO thinks that security through obscurity is a best way to a secure system (obviously BAD CISO) and demonstrating something like that on company live system is not allowed. How can Marin use sslstrip or similar tool to strip S from HTTP? (A) Marin can use mitmf tool with sslstrip+ and dnsspoof modules. He should use IE in "InPrivate browsing" mode to ignore the HSTS cookie if the cookie was already stored on his machine, or he can use some older browser version (IE, Firefox, Chrome, Safari, Opera, ...) which didn't use the HSTS cookies. (B) Marin can use mitmf tool with sslstrip+ and dnsspoof modules. He can use any web browser he wants because sslstrip+ can go around HSTS without any additional tool or setting (C) There is no option which will allow Marin to do that, since HSTS prevents this type of attack (D) Marin can use sslstripHSTS tool to do this
A
Mark is working as a penetration tester in InfoSEC, Inc. One day, he notices that the traffic on the internal wireless router suddenly increases by more than 50%. He knows that the company is using a wireless 802.11 a/b/g/n/ac network. He decided to capture live packets and browse the traffic to investigate the issue to find out the actual cause. Which of the following tools should Mark use to monitor the wireless network? (A) CommView for WiFi (B) WiFiFoFum (C) BlueScanner (D) WiFish Finder
A
Michel, a professional hacker, is trying to perform time-based blind SQL injection attacks on the MySQL backend database of RadioTV Inc. He decided to use an SQL injection tool to perform this attack. Michel surfed the Internet and finally found a tool which has the following features: Sends heavy queries to the target database to perform a Time-Based Blind SQL Injection attack. Database Schema extraction from SQL Server, Oracle and MySQL. Data extraction from Microsoft Access 97/2000/2003/2007 databases. Parameter Injection using HTTP GET or POST. Which of the following tools does Michael use to perform time-based blind SQL injection attacks on the MySQL backend database? (A) Marathon Tool (B) SQLiX (C) SQLDict (D) WebCruiser
A
MitB (Man in the Browser) is a session hijacking technique heavily used by e-banking Trojans. The most popular ones are Zeus and Gameover Zeus. Explain how MitB attack works. (A) Malware is injected between the browser and OS API, enabling to see the data before encryption (when data is sent from the machine) and after decryption (when data is being received by the machine). (B) Malware is injected between the browser and keyboard driver, enabling to see all keystrokes (C) Malware is injected between the browser and network.dll, enabling to see the data before it is sent to the network and while it is being received from the network (D) Man-in-the-Browser is just another name for sslstrip MitM attack
A
Ransomware encrypts the files and locks systems, thereby leaving the system in an unusable state. The compromised user has to pay ransom to the attacker to unlock the system and get the files decrypted. Petya delivers malicious code can that even destroy the data with no scope of recovery. What is this malicious code called? (A) Payload (B) Bot (C) Vulnerability (D) Honeypot
A
Repeated probes of the available services on your machines (A) Repeated probes of the available services on your machines (B) Rare login attempts from remote hosts (C) Sudden decrease in bandwidth consumption is an indication of intrusion (D) Connection requests from IPs from those systems within the network range
A
Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? (A) Smith should use online services such as netcraft.com to find the company's internal URLs. (B) Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs (C) (D) Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs
A
Steve works as a penetration tester in a firm named InfoSecurity. Recently, Steve was given an assignment to test the security of the company's web applications and backend database. While conducting the test, he sends a malicious SQL query with conditional timing delays to the backend database through the web application. This conditional time delay forces the database to wait for a specified amount of time before responding. He performs the same task using different malicious SQL queries. By observing various query responses from the database, Steve came to know that the web application is vulnerable to an SQL injection attack. What type of SQL injection attack is Steve most likely performing? (A) Blind SQL injection (B) Error-based SQL injection (C) Union-based SQL injection (D) Out-of-band SQL injection
A
Steven, a wireless network administrator, has just finished setting up his company's wireless network. He has enabled various security features such as changing the default SSID and enabling strong encryption on the company's wireless router. Steven decides to test the wireless network for confidentiality attacks to check whether an attacker can intercept information sent over wireless associations, whether sent in clear text or encrypted by Wi-Fi protocols. As a part of testing, he tries to capture and decode unprotected application traffic to obtain potentially sensitive information using hardware or software tools such as Ettercap, Kismet, Wireshark, etc. What type of wireless confidentiality attack is Steven trying to do? (A) Eavesdropping (B) Evil twin AP (C) Masquerading (D) WEP Key Cracking
A
Susan works for "CustomData Intl." and she has to deploy a guest Wi- Fi. She did everything by the manual and deployed the guest Wi-Fi successfully. The deployed guest Wi-Fi is separated from the company network, it is protected with WPA2 and every user wants to use the Wi-Fi has to ask for a username and password. There is one problem though—after a few months she noticed that the users connecting to the guest Wi-Fi are being attacked with MitM attacks. She identified that the MitM attack was initiated with ARP spoofing. She found that someone is stealing users' web application credentials, including Windows system credentials in some cases. Unfortunately, internal users have also become prey to these attacks since they used guest Wi-Fi because it was more open than their internal network. So, only external guests are not being compromised. She wanted to mitigate this issue and the first step she took was to ban all internal users from guest using Wi-Fi network. What, according to you, is the easiest and probably the best way to prevent the ARP spoofing attacks on Wi-Fi networks? (A) Use Client isolation WiFi feature (B) Use IPsec on WiFi (C) Use HTTPS all the time (D) It's the impossible to protect WiFi from ARP spoofing
A
What is the goal of a DDoS attack? (A) Render a network or computer incapable of providing normal service (B) Create bugs in web applications (C) Exploit a weakness in the TCP stack (D) Capture files from a remote computer
A
What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room? (A) Encrypt the data on the hard drive. (B) Back up everything on the laptop and store the backup in a safe place. (C) Use a strong logon password to the operating system. (D) Set a BIOS password.
A
What is the outcome of the command "nc -l -p 2222 | nc 10.1.0.43 1234"? (A) Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234. (B) Netcat will listen on 10.1.0.43 interface for 1234 seconds on port 2222 (C) Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222. (D) Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.
A
Which of the PKI components is responsible for issuing and verifying digital certificate? (A) Certificate authority (CA) (B) Registration authority (RA) (C) End user (D) Validation authority (VA)
A
Which of the following Wi-Fi discovery tools facilitates detection of Wireless LANs using the 802.11a/b/g WLAN standards and is commonly used for wardriving, verifying network configurations, finding locations with poor coverage and detecting rouge APs? (A) NetStumbler (B) WeFi (C) AirCrack-NG (D) WifiScanner
A
Which of the following android applications allows you to find, lock or erase a lost or stolen device? (A) Find My Device (B) Faceniff (C) Find my iPhone (D) X-Ray
A
Which of the following applications allows attackers to identify the target devices and block the access of Wi-Fi to the victim devices in a network? (A) NetCut (B) Network Spoofer (C) DroidSheep (D) KingoRoot
A
Which of the following applications is used for Jailbreaking iOS? (A) Pangu Anzhuang (B) KingoRoot (C) One Click Root (D) Superboot
A
Which of the following browser applications encrypts your Internet traffic and then hides it by bouncing through a series of computers around the world? (A) ORBOT (B) Mozilla Firefox (C) Google Chrome (D) UC Browser
A
Which of the following can pose a risk to mobile platform security? (A) Connecting two separate networks such as Wi-Fi and Bluetooth simultaneously (B) Install applications from trusted application stores (C) Disable wireless access such as Wi-Fi or Bluetooth, if not in use (D) Securely wipe or delete the data when disposing of the device
A
Which of the following cryptographic algorithms is used by CCMP? (A) AES (B) DES (C) RC4 (D) TKIP
A
Which of the following device is used to analyze and monitor the RF spectrum? (A) WIDS (B) Router (C) Firewall (D) Switch
A
Which of the following enumeration techniques is used by a network administrator to replicate domain name system (DNS) data across many DNS servers, or to backup DNS files? (A) Extract information using DNS Zone Transfer (B) Extract user names using email IDs (C) Extract information using default passwords (D) Brute force Active Directory
A
Which of the following is a network threat? (A) Session Hijacking (B) SQL Injection (C) Arbitrary Code Execution (D) Privilege Escalation
A
Which of the following is a security consideration for the gateway component of IoT architecture? (A) Multi-directional encrypted communications, strong authentication of all the components, automatic updates (B) Local storage security, encrypted communications channels (C) Storage encryption, update components, no default passwords (D) Secure web interface, encrypted storage
A
Which of the following is an active reconnaissance technique? (A) Scanning a system by using tools to detect open port (B) Collecting information about a target from search engines (C) Collecting contact information from yellow pages (D) Performing Dumpster Diving
A
Which of the following is considered as a token to identify a 802.11 (Wi-Fi) network (by default it is the part of the frame header sent over a wireless local area network (WLAN))? (A) SSID (B) Hotspot (C) Access Point (D) Association
A
Which of the following is considered to be a session hijacking attack? (A) Taking over a TCP Session (B) Taking over a UDP Session (C) Monitoring over a TCP Session (D) Monitoring over a UDP Session
A
Which of the following is defined as a package that is used to address a critical defect in a live environment, and contains a fix for a single issue? (A) Hotfix (B) Patch (C) Vulnerability (D) Penetration test
A
Which of the following is not a characteristic of virtualization in cloud computing technology? (A) Storage (B) Isolation (C) Partitioning (D) Encapsulation
A
Which of the following is not a countermeasure for phishing attacks? (A) Disable the "block texts from the internet" feature from your provider (B) Do not click on any links included in the SMS (C) Review the bank's policy on sending SMS (D) Never reply to a SMS that urges you to act or respond quickly
A
Which of the following processes is supposed to install a modified set of kernel patches that allows users to run third-party applications not signed by the OS vendor? (A) JailBreaking (B) WarDriving (C) Spear-Phishing (D) SandBoxing
A
Which of the following protocol uses magnetic field induction to enable communication between two electronic devices? (A) Near Field Communication (NFC) (B) Ha-Low (C) LTE-Advanced (D) Multimedia over Coax Alliance (MoCA)
A
Which of the following technique involves sending no packets and just capturing and monitoring the packets flowing in the network? (A) Passive sniffing (B) Active sniffing (C) Network scanning (D) Port sniffing
A
Which of the following tool determines the OS of the queried host by looking in detail at the network characteristics of the HTTP response received from the website? (A) Netcraft (B) Nmap (C) Wireshark (D) Netcat
A
Which of the following tools can be used by a pentester to test the security of web applications? (A) Fiddler (B) BetterCAP (C) MITMI (D) Cain & Abel
A
Which of the following tools is an antivirus program that is used to detect viruses? (A) Clamwin (B) DriverView (C) WannaCry (D) ZeuS
A
Which of the following tools offers SaaS technology and assists in operating IoT products in a reliable, scalable, and secure manner? (A) SeaCat.io (B) Firmalyzer Enterprise (C) DigiCert IoT Security Solution (D) beSTORM
A
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing? (A) Nessus (B) NMAP (C) BeEF (D) Metasploit
A
Which of the following utility uses the ICMP protocol concept and Time to Live ('TTL') field of IP header to find the path of the target host in the network? (A) Traceroute (B) Whois (C) TCP/IP (D) DNS Lookup
A
Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords ? (A) "[main]" "enc_GroupPWD=" ext:txt (B) "Config" intitle:"Index of" intext:vpn (C) filetype:pcf "cisco" "GroupPwd" (D) inurl:/remote/login?lang=en
A
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions? (A) Honeypot (B) Firewall (C) DeMilitarized Zone (DMZ) (D) Intrusion Detection System (IDS)
A
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common? (A) They use the same packet capture utility. (B) They use the same packet analysis engine. (C) They send alerts to security monitors. (D) They are written in Java.
A
Which virus has the following characteristics: • Inserts dead code • Reorders instructions • Reshapes the expressions • Modifies program control structure (A) Metamorphic Virus (B) Cluster Virus (C) Stealth Virus (D) Macro Virus
A
You are the security administrator of Xtrinity, Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being followed by the employees, you discover that an employee has attached his laptop to his personal 4G Wi-Fi device. He has used this 4G connection to download certain files from the Internet, thereby bypassing your firewall. A security policy breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation? (A) Enforce the corporate security policy (B) Install a network-based IDS (C) Conduct a needs analysis (D) Reconfigure the Firewall
A
A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. The ethical hacker is working on Windows system and trying to obtain login credentials. He decided to sniff and capture network traffic using an automated tool and use the same tool to crack the passwords of users. Which of the following techniques can be employed by the ethical hacker? (A) Guess passwords using Medusa or Hydra against a network service. (B) Capture administrators' RDP traffic and decode it with Cain and Abel. (C) Capture LANMAN Hashes and crack them with L0phtCrack. (D) Capture every users' traffic with Ettercap.
B
A covert channel is a channel that: (A) Transfers information via a communication path within a computer system, or network for transfer of data (B) Transfers information over, within a computer system, or network that is outside of the security policy. (C) Transfers information over, within a computer system, or network that is encrypted. (D) Transfers information over, within a computer system, or network that is within the security policy
B
A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field? (A) if (billingAddress != 50) {update field} else exit (B) if (billingAddress <= 50) {update field} else exit (C) if (billingAddress = 50) {update field} else exit (D) if (billingAddress != 50) {update field} else exit
B
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use? (A) -sU (B) -sO (C) -sS (D) -sP
B
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack? (A) Paros Proxy (B) BBProxy (C) BBCrack (D) Blooover
B
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? (A) Information Reporting (B) Passive Information Gathering (C) Active Information Gathering (D) Vulnerability Assessment
B
A security consultant decides to scrutinize the information by categorizing information as top secret, proprietary, for internal use only, for public use, etc. Which of the following attack can be mitigated using such countermeasure? (A) Forensic attack (B) Social engineering attack (C) Scanning attack (D) Address Resolution Protocol (ARP) spoofing attack
B
A security engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing webservers. The engineer decides to start by using netcat to port 80. The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2017 01:41:33 GMT Date: Mon, 16 Jan 2017 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed? (A) Cross-site scripting (B) Banner grabbing (C) SQL Injection (D) Whois database query
B
A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back-end database. In order for the tester to see if an SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request? (A) Semicolon (B) Single quote (C) Exclamation Mark (D) Double Quote
B
An NMAP scan of a server shows port 69 is open. What risk could this pose? (A) Weak SSL version (B) Unauthenticated access (C) Web portal data leak (D) Cleartext login
B
An attacker can perform attacks such as CSRF, SQLi, and XSS attack by exploiting which of the following IoT device vulnerability? (A) Insecure network services (B) Insecure web interface (C) Insecure software/firmware (D) Insecure cloud interface
B
An attacker sends numerous fake requests to the webserver from various random systems that results in the webserver crashing or becoming unavailable to the legitimate users. Which attack did the attacker perform? (A) DNS server hijacking (B) DoS attack (C) DNS amplification attack (D) HTTP response splitting attack
B
An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. Which cryptanalytic technique can the attacker use now in his attempt to discover the encryption key? (A) Known plaintext attack (B) Chosen ciphertext attack (C) Meet in the middle attack (D) Birthday attack
B
An attacker tries to recover the plaintext of a message without knowing the required key in advance. For this he may first try to recover the key, or may go after the message itself by trying every possible combination of characters. Which code breaking method is he using? (A) One-time pad (B) Brute force (C) Frequency analysis (D) Trickery and deceit
B
An attacker wants to crack passwords using attack techniques like brute-forcing, dictionary attack, and password guessing attack. What tool should he use to achieve his objective? (A) Nessus (B) Hydra (C) Burp Suite (D) Netcraft
B
An attacker wants to exploit a webpage. From which of the following points does he start his attack process? (A) Identify server-side technologies (B) Identify entry points for user input (C) Identify server-side functionality (D) Map the attack surface
B
An e-commerce site was put into a live environment and the programmers failed to remove the secret entry point (bits of code embedded in programs) that was used during the application development to quickly gain access at a later time, often during the testing or debugging phase. What is this secret entry point known as? (A) SDLC Process (B) Trap Door (C) Honey Pot (D) SQL Injection
B
At a Windows server command prompt, which command could be used to list the running services? (A) Sc config (B) Sc query (C) Sc query \\servername (D) Sc query type= running
B
Bad Pete would like to locally log onto a PC located inside a secure facility. He dresses like a delivery driver and holds a package outside of the secure facility and waits for someone to open the door. Once he gains entry, he finds an empty office with a PC and gains entry to the network. What is this type of activity known as? (A) Personal Attack (B) Social Engineering (C) Open door policy attack (D) Social equity attack
B
By performing which of the following Jailbreaking techniques does a mobile device start up completely, and it will no longer have a patched kernel after a user turns the device off and back on? (A) Tethered Jailbreaking (B) Semi-Tethered Jailbreaking (C) None of the listed (D) Untethered Jailbreaking
B
Choose an ICANN accredited registrar and encourage them to set registrar-lock on the domain name in order to avoid which attack? (A) Denail-of-Service Attack (B) DNS Hijacking Attack (C) Session Hijacking Attack (D) Man-in-the-Middle Attack
B
Gordon was not happy with the product that he ordered from an online retailer. He tried to contact the seller's post purchase service desk, but they denied any help in this matter. Therefore, Gordon wants to avenge this by damaging the retailer's services. He uses a utility named high orbit ion cannon (HOIC) that he downloads from an underground site to flood the retailer's system with requests so that the retailer's site was unable to handle any further requests even from legitimate users' purchase requests. What type of attack is Gordon using? (A) Gordon is using poorly designed input validation routines to create and/or to alter commands so that he gains access to the secure data and execute commands. (B) Gordon is using a denial-of-service attack. (C) Gordon is executing commands or is viewing data outside the intended target path. (D) Gordon is taking advantage of an incorrect configuration that leads to access with higher-than-expected privilege.
B
Identify the monitoring tool that exhibits the following features: - Configurable and moveable columns for any event property. - Filters can be set for any data field, including fields not configured as columns. - Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data. - Process tree tool shows the relationship of all processes referenced in a trace. - Native log format preserves all data for loading in a different Process Monitor instance (A) IDA Pro (B) Process Monitor (C) TCP View (D) Netstat
B
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? (A) Broadcast ping (B) Hping (C) Tracroute (D) TCP ping
B
In which of the following attacks does the attacker exploit the vulnerability in the Object Exchange (OBEX) protocol that Bluetooth uses to exchange information? (A) BlueSniff (B) Bluesnarfing (C) Bluejacking (D) Bluebugging
B
In which of the following attacks, an attacker intercepts legitimate messages from a valid communication and continuously send the intercepted message to the target device to crash the target device? (A) Side Channel Attack (B) Replay Attack (C) Ransomware Attack (D) Man-in-the-middle Attack
B
In which of the following cloud security control layers do the security controls DNSSEC, OAuth operates? (A) Computation and Storage Layer (B) Network Layer (C) Management Layer (D) Information Layer
B
In which of the following processes do the station and access point use the same WEP key to provide authentication, which means that this key should be enabled and configured manually on both the access point and the client? (A) Open-system authentication process (B) Shared key authentication process (C) WPA encryption (D) WEP encryption
B
Ivan works as security consultant at "Ask Us Intl." One of his clients is under a large-scale application layer-based DDoS attack, and they have to decide how to deal with this issue. Web application under attack is being used to send the user filled forms and save the data in MySQL database. Since the DDoS is abusing POST functionality, not only web application and web server are in DDoS condition but also MySQL database is in DDoS condition. They have some DDoS appliances that are currently not configured. They also have good communication channel with providers, and some of the providers have fast network connections. In an ideal scenario, what would be the best option to deal with this attack. Bear in mind that this is an application layer-based DDoS attack which sends at least 1000 malicious POST requests per second spread through the entire globe! (A) Filter the traffic at the company Internet facing routers (B) Use CAPTCHA (C) Absorb the attack at the provider level (D) Absorb the attack at the client site
B
Jack a malicious hacker wants to break into Brown Co.'s computers and obtain their secret information related to Company's quotations. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him "just to double check our records." Jane does not suspect anything amiss, and reveals her password. Jack can now access Brown Co.'s computers with a valid username and password, to steal the confidential company's quotations. Identify the attack performed by Jack? (A) Scanning (B) Social Engineering (C) Reverse Engineering (D) Footprinting
B
Jamie is asked to create firewall policies for two new software solutions. The new software solutions will give employees access to their payroll data and live company stock performance. The payroll system is located at 10.7.2.155 using port 5789 webpage.While the stock data system is located at 10.7.2.158 using port 5479 webpage, existing servers used by the employees are located at 10.7.2.0/24. The employees are placed in two buildings with subnets of 10.7.40.0/24Of the following options, which will provide more granular access: (A) Add any 10.7.2.155 5789 permit any 10.7.2.158 5479 permit (B) Add any 10.7.2.155 5789 eq www permit any 10.7.2.158 5479 eq www permit (C) Add any 10.7.2.155 eq www permit any 10.7.2.158 eq www permit (D) Add any 10.7.2.0/24 eq www permit any 10.7.2.0/24 eq www permit
B
Name the communication model, where the IoT devices use protocols such as ZigBee, Z-Wave or Bluetooth, to interact with each other? (A) Device-to-Gateway Communication Model (B) Device-to-Device Communication Model (C) Device-to-Cloud Communication Model (D) Back-End Data-Sharing Communication Model
B
Once an attacker gathers information about a target device in the first phase, what is the second phase in IoT device hacking? (A) Maintain access (B) Vulnerability scanning (C) Information gathering (D) Gain access
B
Out of the following, which session hijacking detection technique involves using packet-sniffing software such as Wireshark and SteelCentral packet analyzer to monitor session hijacking attacks? (A) Normal Telnet session (B) Manual method (C) Forcing an ARP entry (D) Automatic method
B
Paul has been contracted to test a network, and he intends to test for any DoS vulnerabilities of the network servers. Which of the following automated tools can be used to discover systems that are vulnerable to DoS? (A) Cain and Abel (B) Nmap (C) Netcraft (D) John the ripper
B
Sean who works as a network administrator has just deployed an IDS in his organization's network. Sean deployed an IDS that generates four types of alerts that include: true positive, false positive, false negative, and true negative.In which of the following conditions does the IDS generate a true positive alert? (A) A true positive is a condition occurring when an IDS fails to react to an actual attack event. (B) A true positive is a condition occurring when an event triggers an alarm and causes the IDS to react as if a real attack is in progress. (C) A true positive is a condition occurring when an event triggers an alarm when no actual attack is in progress. (D) A true positive is a condition occurring when an IDS identifies an activity as acceptable behavior and the activity is acceptable.
B
Sohum is carrying out a security check on a system. This security check involves carrying out a configuration-level check through the command line in order to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Which type of assessment is performed by Sohum? (A) External Assessment (B) Host based Assessment (C) Network based Assessment (D) Internal Assessment
B
Stephany is the leader of an information security team of a global corporation that has several branch offices around the world. In the past six months, the company has suffered several security incidents. The CSIRT explains to Stephany that the incidents have something in common: the source IP addresses of all the incidents are from one of the new branches. A lot of the outsourcing staff come to this office to connect their computers to the LAN. What is the most accurate security control to implement to resolve the primary source of the incidents? (A) Internal Firewall (B) Network access control (NAC) (C) Antimalware application (D) Awareness to employees
B
Tesla is running an application with debug enabled in one of its system. Under which category of vulnerabilities can this flaw be classified? (A) Design Flaws (B) Misconfiguration (C) Operating System Flaws (D) Unpatched servers
B
The components such as DLP, CMF, database activity monitoring, and encryption are included in which of the following cloud security control layers? (A) Computer and Storage (B) Information Layer (C) Applications Layer (D) Management Layer
B
The components such as NIDS/NIPS, firewalls, DPI, Anti-DDoS, QoS, DNSSEC, and OAuth are included in which of the following cloud security control layers? (A) Computer and Storage Layer (B) Network Layer (C) (D)
B
Using which one of the following tools can an attacker perform BlueBorne or airborne attacks such as replay, fuzzing, and jamming? (A) RIoT vulnerability scanning (B) HackRF one (C) Foren6 (D) Zigbee framework
B
What happens when a switch CAM table becomes full? (A) The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF. (B) The switch then acts as a hub by broadcasting packets to all machines on the network. (C) The CAM overflow table will cause the switch to crash causing denial-of-service (DoS). (D) Every packet is dropped and the switch sends out simple network management protocol (SNMP) alerts to the intrusion detection system (IDS) port.
B
What information is gathered about the victim using email tracking tools? (A) Information on an organization's web pages since their creation (B) Recipient's IP address, Geolocation, PRoxy detection, Operating system and Browser Information (C) Username of the clients, operating systems, email addresses, and list of software (D) Targeted contact data, extracts the URL and meta tag for website promotion
B
What is the correct order of steps in the system hacking cycle? (A) Escalating Privileges -> Gaining Access -> Executing Applications -> Covering Tracks -> Hiding Files (B) Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks (C) Executing Applications -> Gaining Access -> Covering Tracks -> Escalating Privileges -> Hiding Files (D) Covering Tracks -> Hiding Files -> Escalating Privileges -> Executing Applications -> Gaining Access
B
What is the correct pcap filter to capture all transmission control protocol (TCP)traffic going to or from host 192.168.0.125 on port 25? (A) port 25 and host 192.168.0.125 (B) tcp.port == 25 and ip.addr == 192.168.0.125 (C) host 192.168.0.125:25 (D) tcp.src == 25 and ip.host == 192.168.0.125
B
What is the main advantage that a network-based IDS/IPS system has over a host-based solution? (A) They will not interfere with user interfaces. (B) They do not use host system resources. (C) They are easier to install and configure. (D) They are placed at the boundary, allowing them to inspect all traffic.
B
What results will the following command yield? nmap -sS -O -p 123-153 192.168.100.3 (A) A stealth scan, opening port 123 and 153 (B) A stealth scan, determine operating system, and scanning ports 123 to 153. (C) A stealth scan, checking all open ports excluding ports 123 to 153 (D) A stealth scan, checking open ports 123 to 153
B
Which cipher encrypts the plain text digit (bit or byte) one by one? (A) Modern cipher (B) Stream cipher (C) Block cipher (D) Classical cipher
B
Which of the following DoS attack detection techniques analyzes network traffic in terms of spectral components? It divides incoming signals into various frequencies and examines different frequency components separately. (A) Activity Profiling (B) Wavelet-based Signal Analysis (C) Signature-based Analysis (D) Change-point Detection
B
Which of the following Hping3 command is used to perform ACK scan? (A) hping3 -8 50-60 -S <IP Address> -V (B) hping3 -A <IP Address> -p 80 (C) hping3 -2 <IP Address> -p 80 (D) hping3 -1 <IP Address> -p 80
B
Which of the following Nmap command is used by attackers to identify IPv6 capabilities of an IoT device? (A) nmap -sA -P0 <IP> (B) nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> (C) nmap -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> (D) nmap -n -Pn -sS -pT:0-65535 -v -A -oX <Name><IP>
B
Which of the following Trojan construction kits is used to create user-specified Trojans by selecting from the various options available? (A) Trojan.Gen (B) DarkHorse Trojan Virus Maker (C) Senna Spy Trojan Generator (D) Win32.Trojan.BAT
B
Which of the following Trojans uses port number 1863 to perform attack? (A) Priority (B) XtremeRAT (C) Millenium (D) Devil
B
Which of the following attack is not selected as OWASP Top 10 Application Security Risks in the year 2017? (A) Injection attacks (B) DDoS attacks (C) Insecure Deserialization attacks (D) XML External Entity (XXE) attacks
B
Which of the following attacks can be prevented by implementing token or biometric authenthction as a defense strategy? (A) Shoulder surfing (B) Impersonation (C) Eavesdropping (D) Fake SMS
B
Which of the following attacks occurs when an intruder maliciously alters the visual appearance of a webpage by inserting or substituting provocative, and frequently, offending data? (A) Man-in-the-middle attack (B) Website defacement (C) Directory traversal attack (D) HTTP response splitting attack
B
Which of the following automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses? (A) Firewalls (B) Web Spiders (C) Proxies (D) Banners
B
Which of the following countermeasure helps in defending against KRACK attack? (A) Enable MAC address filtering on access points or routers (B) Turn On auto-updates for all the wireless devices and patch the device firmware (C) Choose Wired Equivalent Privacy (WEP) instead of Wi-Fi Protected Access (WPA) (D) Enable SSID broadcasts
B
Which of the following database is used to delete the history of the target website? (A) TCP-IP and IPSec filters (B) archive.org (C) Whois Lookup database (D) Implement VPN
B
Which of the following defines the role of a root certificate authority (CA) in a public key infrastructure (PKI)? (A) The root CA is used to encrypt e-mail messages to prevent unintended disclosure of data. (B) The CA is the trusted root that issues certificates. (C) The root CA is the recovery agent used to encrypt data when a user's certificate is lost. (D) The root CA stores the user's hash value for safekeeping.
B
Which of the following iOS applications allows you to find, lock or erase a lost or stolen device? (A) X-Ray (B) Find My iPhone (C) Find My Device (D) Faceniff
B
Which of the following includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)? (A) TKIP (B) WPA2 (C) WPA (D) WEP
B
Which of the following is NOT an objectives of network scanning? (A) Discover the network's live hosts (B) Discover the usernames and passwords (C) Discover the services running (D) Discover the services running
B
Which of the following is a Mobile Device Management Software? (A) Phonty (B) XenMobile (C) SpyBubble (D) GadgetTrak
B
Which of the following is a hijacking technique where an attacker masquerades as a trusted host to conceal his identity, hijack browsers or websites, or gain unauthorized access to a network? (A) Port-scanning (B) IP address spoofing (C) Source routing (D) Firewalking
B
Which of the following is an example of an asymmetric encryption implementation? (A) SHA1 (B) PGP (C) 3DES (D) MD5
B
Which of the following is true for automated patch management process? (A) Assess -> Detect -> Acquire -> Deploy -> Test -> Maintain (B) Detect -> Assess -> Acquire -> Test -> Deploy -> Maintain (C) Acquire -> Assess -> Detect -> Deploy -> Test -> Maintain (D) Acquire -> Assess -> Detect -> Test -> Deploy -> Maintain
B
Which of the following malware is a self-replicating program that produces its code by attaching copies of itself to other executable codes and operates without the knowledge of the user? (A) Trojan (B) Virus (C) Exploit kit (D) Worm
B
Which of the following methods carries the requested data to the webserver as a part of the message body? (A) HTTP GET (B) HTTP POST (C) IBM DB2 (D) Cold Fusion
B
Which of the following mobile applications is used to perform Denial-of-Service Attacks? (A) DroidSheep (B) Low Orbit Ion Cannon (LOIC) (C) Unrevoked (D) MTK Droid
B
Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications? (A) Smurf Attack (B) Ping of death (C) TCP hijacking (D) SYN flooding
B
Which of the following open source tools would be the best choice to scan a network for potential targets? (A) John the Ripper (B) NMAP (C) hashcat (D) Cain & Abel
B
Which of the following problems can be solved by using Wireshark? (A) Tracking version changes of source code (B) Troubleshooting communication resets between two systems (C) Checking creation dates on all webpages on a server (D) Resetting the administrator password on multiple systems
B
Which of the following protocol encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel? (A) RADIUS (B) PEAP (C) LEAP (D) CCMP
B
Which of the following protocols is responsible for accessing distributed directories and access information such as valid usernames, addresses, departmental details, and so on? (A) NTP (B) LDAP (C) DNS (D) SMTP
B
Which of the following protocols is the technology for both gateway-to-gateway (LAN-to-LAN) and host to gateway (remote access) enterprise VPN solutions? (A) SNMP (B) IPSec (C) SMTP (D) NetBios
B
Which of the following protocols is used by BlueJacking to send anonymous messages to other Bluetooth-equipped devices? (A) LMB (B) OBEX (C) L2CAP (D) SDP
B
Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products? (A) Core Impact (B) Microsoft Baseline Security Analyzer (C) Retina (D) Microsoft Security Baseline Analyzer
B
Which of the following steps in enumeration penetration testing extracts information about encryption and hashing algorithms, authentication type, key distribution algorithms, SA LifeDuration, etc.? (A) Perform DNS enumeration (B) Perform IPsec enumeration (C) Perform NTP enumeration (D) Perform SMTP enumeration
B
Which of the following technique allows users to authenticate web servers? (A) HTTPS (B) HPKP (C) SSH (D) SFTP
B
Which of the following techniques is used to distribute malicious links via some communication channel such as mails to obtain private information from the victims? (A) Vishing (B) Phishing (C) Dumpster Diving (D) Piggybacking
B
Which of the following techniques rely on tunneling to transmit one protocol data in another protocol? (A) Steganography (B) A covert channel (C) Asymmetric routing (D) Scanning
B
Which of the following term refers to the process of reducing the severity of vulnerabilities in vulnerability management life cycle? (A) Vulnerability Assessment (B) Remediation (C) Risk Assessment (D) Verification
B
Which of the following three service models are the standard cloud service models? (A) Private, Public, and Community (B) SaaS, PaaS, and IaaS (C) SaaS, IaaS, and Hybrid (D) XaaS, Private, and Public
B
Which of the following tools can be used to detect web server hacking attempts and alert you through emails? (A) Nessus (B) WebsiteCDS (C) Nmap (D) Netcraft
B
Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? (A) Metadata extraction tools (B) WHOIS lookup tools (C) Web spidering tools (D) Traceroute tools
B
Which of the following tools is not used to perform OS banner grabbing? (A) Nmap (B) Wireshark (C) Telnet (D) Netcat
B
Which of the following tools is used to build rules that aim to detect SQL injection attacks? (A) Nmap (B) Snort (C) Masscan (D) SuperScan
B
Which of the following tools provides comprehensive vulnerability management for mobile devices, smartphones, and tablets? (A) FaceNiff (B) Retina CS for Mobile (C) zANTI (D) Pamn IP Scanner
B
Which of the following viruses infect only occasionally upon satisfying certain conditions or when the length of the file falls within a narrow range? (A) Encryption viruses (B) Sparse infector viruses (C) Cluster viruses (D) Stealth virus
B
Which of the following volumetric attacks technique transfers messages to the broadcast IP address in order to increase the traffic over a victim system and consuming his entire bandwidth? (A) Protocol attack (B) Amplification attack (C) Application layer attacks (D) Flood attack
B
Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? (A) intitle:"D-Link VoIP Router" "Welcome" (B) inurl:"NetworkConfiguration" cisco (C) inurl:"ccmuser/logon.asp" (D) inurl:/voice/advanced/ intitle:Linksys SPA configuration
B
Which protocol enables an attacker to enumerate user accounts and devices on a target system? (A) SMTP (B) SNMP (C) TCP (D) NetBIOS
B
Which statement is TRUE regarding network firewalls preventing Web Application attacks? (A) Network firewalls cannot prevent attacks because they are too complex to configure. (B) Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened. (C) Network firewalls can prevent attacks if they are properly configured. (D) Network firewalls can prevent attacks because they can detect malicious HTTP traffic.
B
While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/Type 3 for all the pings you have sent out. What is the most likely cause of this? (A) UDP port is open (B) UDP port is closed (C) The firewall is dropping the packets (D) The host does not respond to ICMP packets
B
You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks or SQL injection techniques? (A) site: Wikipedia.org intitle:"SQL Injection" (B) SQL Injection site:Wikipedia.org (C) allinurl: Wikipedia.org intitle:"SQL Injection" (D) site:Wikipedia.org related:"SQL Injection"
B
(A) DNS Lookup (B) Traceroute (C) WhoIs Lookup (D) TCP/IP
C
A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response? (A) Say yes; do the job for free (B) Say no; make sure the friend knows the risk she's asking the CEH to take (C) Say no; the friend is not the owner of the account (D) Say yes; the friend needs help to gather evidence
C
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator understand this situation? (A) True negatives (B) False negatives (C) False positives (D) True positives
C
A penetration tester is conducting a port scan on a specific host. The tester found several open ports that were confusing in concluding the operating system (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 7.70 at 2018-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89 (A) The host is likely a Windows machine (B) The host is likely a router (C) The host is likely a printer (D) The host is likely a Linux machine
C
A security engineer is attempting to perform scanning on a company's internal network to verify security policies of their networks. The engineer uses the following NMAP command: nmap -n -sS -P0 -p 80 ***.***.**.** What type of scan is this? (A) Comprehensive Scan (B) Intense Scan (C) Stealth Scan (D) Quick Scan
C
A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer can transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway, they are both on the 192.168.1.0/24. Which of the following has occurred? (A) The computer is using an invalid IP address (B) The gateway and the computer are not on the same network (C) The gateway is not routing to a public IP address (D) The computer is not using a private IP address
C
An attacker breaks an n bit key cipher into 2 n/2 number of operations in order to recover the key. Which cryptography attack is he performing? (A) Timing attack (B) Rubber hose attack (C) Chosen-key attack (D) Known-plaintext attack
C
An attacker creates anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attack. Which of the following threats is he posing to the cloud platform? (A) Insufficient due dilligence (B) Data Breac/Loss (C) Abuse and nefarious use of cloud services (D) Insecure Interface and APIs
C
An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit? (A) Broken access control (B) Sensitive data exposure (C) Security misconfiguration (D) SQL injection
C
An attacker is sending spoofed router advertisement messages so that all the data packets travel through his system. Then the attacker is trying to sniff the traffic to collect valuable information from the data packets to launch further attacks such as man-in-the-middle, denial-of-service, and passive sniffing attacks on the target network. Which of the following technique is the attacker using in the above scenario? (A) DHCP Starvation Attack (B) ARP Spoofing (C) IRDP Spoofing (D) MAC Flooding
C
An attacker sends an e-mail containing a malicious Microsoft office document to target WWW/FTP servers and embed Trojan horse files as software installation files, mobile phone software, and so on to lure a user to access them.Identify by which method the attacker is trying to bypass the firewall. (A) Bypassing WAF using XSS attack (B) Bypassing firewall through external systems (C) Bypassing firewall through content (D) Bypassing firewall through MITM attack
C
Anonymous, a known hacker group, claim to have taken down 20,000 Twitter accounts linked to Islamic State in response to the Paris attacks that left 130 people dead. How can you categorize this attack by Anonymous? (A) Cracking (B) Spoofing (C) Hacktivism (D) Social Engineering
C
Bob is trying to access his friend Jason's email account without his knowledge. He guesses and tries random passwords to log into the email account resulting in the lockdown of the email account for the next 24 hours. Now, if Jason tries to access his account even with his genuine password, he cannot access the email account for the next 24 hours. How can you categorize this DoS? (A) Bandwidth attack (B) Peer-to-Peer attack (C) Application-level attack (D) Permanent Denial-of-Service (PDoS) attack
C
Check Point's FireWall-1 listens to which of the following TCP ports? (A) 1080 (B) 1072 (C) 259 (D) 1745
C
Company A and Company B have just merged and each has its own public key infrastructure (PKI). What must the certificate authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company? (A) Cross-site exchange (B) Poly key reference (C) Cross certification (D) Poly key exchange
C
Encrypted communications, strong authentication credentials, secure web interface, encrypted storage, and automatic updates are the security considerations for which of the following components? (A) Edge (B) Mobile (C) Cloud Platform (D) Gateway
C
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The laptops utilize direct access to automatically connect their machines to the Highlander, Incorporated, network when they are not in the regional offices. The laptops are set up to use IPsec when communicating with the cloud-based file server. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology, which of the main elements of information security has Highlander, Incorporated, NOT addressed in its plans for its laptops? (A) Integrity (B) Availability (C) Confidentiality (D) Authenticity
C
How many bit checksum is used by the TCP protocol for error checking of the header and data and to ensure that communication is reliable? (A) 13-bit (B) 15-bit (C) 16-bit (D) 14-bit
C
Identify the type of a DoS attack where an attacker sends e-mails, Internet relay chats (IRCs), tweets, and posts videos with fraudulent content for hardware updates to the victim with the intent of modifying and corrupting the updates with vulnerabilities or defective firmware. (A) Internet control message protocol(ICMP) flood attack (B) SYN flooding attack (C) Phlashing attack (D) Ping of death attack
C
If an attacker wants to gather information such as IP address, hostname, ISP, device's location, and the banner of the target IoT device, which of the following types of tools can he use to do so? (A) IoT hacking tools (B) Vulnerability scanning tools (C) Information gathering tools (D) Sniffing tools
C
If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking, attacks, what would you do to avoid the attacks? (A) Enable Remote Management (B) Configure Application certification rules (C) Harden Browser permission rules (D) Delete Cookies
C
If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking, attacks, what would you do to avoid the attacks? (A) Enable Remote Management (B) Delete cookies (C) Harden browser permission rules (D) Configure Application certification rules
C
In order to avoid data loss from a Mobile device, which of following Mobile Device Management security measures should you consider? (A) Encrypt Storage (B) Configure Application certification rules (C) Perform periodic backup and synchronization (D) Enable Remote Management
C
In order to prevent an illegitimate user from performing a brute force attack, what security mechanism should be implemented to the accounts? (A) Use of strong passwords (B) Use of SSL/TLS (C) Account lockout mechanism (D) Secure boot chain mechanism
C
In which of the following attacks does an attacker steal a CSP's or client's credentials by methods such as phishing, pharming, social engineering, and exploitation of software vulnerabilities? (A) Wrapping Attack (B) DNS Attack (C) Service Hijacking Using Social Engineering Attacks (D) Side Channel Attack
C
In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table? (A) Piggybacked query (B) In-line comments (C) UNION SQL Injection (D) Tautology
C
In which of the following attacks does an attacker use the same communication channel to perform the attack and retrieve the results? (A) Blind SQL injection (B) Out-of-band SQL injection (C) In-band SQL injection (D) Inferential SQL injection
C
In which of the following cloud deployment models does the provider make services such as applications, servers, and data storage available to the public over the Internet? (A) Prviate Cloud (B) Hybrid Cloud (C) Public Cloud (D) Community Cloud
C
In which of the following hacking phases does an attacker try to detect listening ports to find information about the nature of services running on the target machine? (A) Maintaining Access (B) Cleaning Tracks (C) Scanning (D) Gaining access
C
In which of the following identity thefts does an attacker acquire information from different victims to create a new identity? (A) Social identity theft (B) Identity cloning and concealment (C) Synthetic identity theft (D) Tax identity theft
C
In which of the following is the original data signal multiplied with a pseudo random noise spreading code? (A) Orthogonal Frequency-division Multiplexing (OFDM) (B) Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM) (C) Direct-sequence Spread Spectrum (DSSS) (D) Frequency-hopping Spread Spectrum (FHSS)
C
In which of the following online services can a security analyst upload the suspicious file to identify whether the file is a genuine one or a malicious one? (A) Whois.com (B) domainsearch.com (C) VirusTotal.com (D) Netcraft.com
C
In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested? (A) Mutation-based (B) None of the listed answers (C) Protocol-based (D) Generation-based
C
Information gathered from social networking websites such as Facebook, Twitter, and LinkedIn can be used to launch which of the following types of attacks? (A) SQL Injection Attack (B) Distributed denial of service attack (C) Social engineering attack (D) Smurf Attack
C
Jean Power wants to try and locate passwords from company XYZ. He waits until nightfall and climbs into the paper recycling dumpster behind XYZ, searching for information. What is Jean doing? (A) Social engineering (B) Paper tracking (C) Dumpster diving (D) Password finding
C
Martha is a network administrator in a company named "Dubrovnik Walls Ltd.". She realizes that her network is under a DDoS attack. After careful analysis, she realizes that a large amount of fragmented packets are being sent to the servers present behind the "Internet facing firewall." What type of DDoS attack is this? (A) Application layer attack (B) SYN flood attack (C) Protocol attack (D) Volume (volumetric) attack
C
Mike works for a company "Fourth Rose Intl." as the sales manager. He was sent to Las Vegas on a business trip to meet his clients. After the successful completion of his meeting, Mike went back to his hotel room, connected to the hotel Wi-Fi network and attended his other scheduled online client meetings through his laptop. After returning back to his office headquarters, Mike connects his laptop to the office Wi-Fi network and continues his work; however, he observes that his laptop starts to behave strangely. It regularly slows down with blue screening from time-to-time and rebooting without any apparent reason. He raised the issue with his system administrator. Some days later, the system administrator in Mike's company observed the same issue in various other computers in his organization. Meanwhile, he has also observed that large amounts of unauthorized traffic from various IP addresses of "Fourth Rose Intl." were directed toward organizational web server. Security division of the company analyzed the network traces and identified that Mike's Laptop's IP address has authorized and initiated other computers in the network to perform DDoS abuse over the organizational web server. They further identified a malicious executable backdoor file on Mike's Laptop that connects to a remote anonymous computer. This remote computer is responsible for sending commands to Mike's Laptop in order to initiate and execute DDoS attack over the organizational web server. In this case, Mike's laptop was part of the _________? (A) IRC attack (B) Command-and-control (C&C) center (C) Botnet attack (D) Bot attack
C
Out of the following attacks, which attack is a physical attack that is performed on a cryptographic device/cryptosystem to gain sensitive information? (A) DUHK attack (B) MITM attack (C) Side channel attack (D) Hash collision attack
C
Out of the following options, identify the function of the following command performed on a Cisco switch. "switchport port-security mac-address sticky" (A) Configures the maximum number of secure MAC addresses for the port (B) Configures the secure MAC address aging time on the port (C) Adds all secure MAC addresses that are dynamically learned to the running configuration (D) Configures the switch port parameters to enable port security
C
Out of the following, identify the attack that is used for cracking a cryptographic algorithm using multiple keys for encryption. (A) Rainbow Table Attack (B) Side Channel Attack (C) Meet-in-the-middle Attack (D) DUHK Attack
C
Out of the following, which is not a component of the IPsec protocol? (A) IPsec policy agent (B) Oakley (C) HPKP (D) IKE
C
Out of the following, which layer is responsible for encoding and decoding data packets into bits? (A) Application layer (B) Session layer (C) Data Link layer (D) Network layer
C
Out of the following, which network-level session hijacking technique can be used to inject malicious data or commands into the intercepted communications in a TCP session? (A) UDP hijacking (B) RST hijacking (C) Blind hijacking (D) TCP/IP hijacking
C
Sarah is facing one of the biggest challenges in her career—she has to design the early warning DDoS detection techniques for her employer. She starts developing the detection technique which uses signal analysis to detect anomalies. The technique she is employing analyzes network traffic in terms of spectral components where she divides the incoming signals into various frequencies and analyzes different. Which DDoS detection technique is she trying to implement? (A) Activity profiling (B) Change-point detection (C) Wavelet-based signal analysis (D) NetFlow detection
C
Secure update server, verify updates before installation, and sign updates are the solutions for which of the following IoT device vulnerabilities? (A) Insecure network services (B) Privacy concerns (C) Insecure software / firmware (D) Insecure cloud interface
C
Siya is using a tool to defend critical data and applications without affecting performance and productivity. Following are the features of the tool: Pre-built, real-time reports that display big-picture analyses on traffic, top applications, and filtered attack events. Permits to see, control, and leverage the rules, shared services, and profiles of all the firewall devices throughout the network. Comprises of in-line, bump-in-the-wire intrusion prevention system with layer two fallback capabilities. Gives an overview of current performance for all HP systems in the network, including launch capabilities into targeted management applications by using monitors. Identify the tool used by Siya- (A) AlienVault® OSSIM™ (B) Zimperium's zIPS™ (C) TippingPoint IPS (D) Wifi Inspector
C
Teyla is a security analyst for BAYARA Company. She is responsible for the firewall, antivirus, IPS, and web filtering security controls. She wants to protect the employees from a new phishing attack.What should Teyla do? (A) Use IPS to block phishing. (B) Block outbound traffic to the ports 80 and 443 in the firewall. (C) Use the web filtering application to prevent the employees from accessing the phishing webpage. (D) Block the phishing via antivirus.
C
WPA2 uses AES for wireless data encryption at which of the following encryption levels? (A) 64 bit and CCMP (B) 128 bit and CRC (C) 128 bit and CCMP (D) 128 bit and TKIP
C
What is the correct order for vulnerability management life cycle? (A) Verification → vulnerability assessment → monitor → remediation → creating baseline → risk assessment (B) Verification → risk assessment → monitor → remediation → creating baseline → vulnerability assessment (C) Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor (D) Monitor → risk assessment → remediation → verification → creating baseline → vulnerability assessment
C
What is the objective of a reconnaissance phase in a hacking life- cycle? (A) Gaining access to the target system with admin/root level privileges (B) Gaining access to the target system and network (C) Gathering as much information as possible about the target (D) Identifying specific vulnerabilities in the target network
C
What is the port number used by DNS servers to perform DNS zone transfer? (A) TCP/UDP 135 (B) TCP 139 (C) TCP/UDP 53 (D) UDP 137
C
What is the primary drawback of using Advanced Encryption Standard (AES) algorithm with a 256-bit key to share sensitive data? (A) To get messaging programs to function with this algorithm requires complex configurations. (B) Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication. (C) It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message. (D) It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.
C
Which Google search query will search for any configuration files a target certifiedhacker.com may have? (A) site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp | intext:cfg | intext:txt | intext:ora | intext:ini (B) allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext: reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini (C) site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini (D) site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext: reg || ext:inf || ext:rdp || ext:cfg || ext:txt || ext:ora || ext:ini
C
Which element in a vulnerability scanning report allows the system administrator to obtain additional information about the scanning such as the origin of the scan? (A) Target information (B) Services (C) Classification (D) Scan Information
C
Which of the following DoS/DDoS countermeasures strategy can you implement using a honeypot? (A) Mitigating attacks (B) Absorbing attacks (C) Deflecting attacks (D) Degrading services
C
Which of the following SMTP in-built commands tells the actual delivery addresses of aliases and mailing lists? (A) PSINFO (B) VRFY (C) EXPN (D) RCPT TO
C
Which of the following attacks are not performed by an attacker who exploits SQL injection vulnerabilities? (A) Authentication Bypass (B) Remote Code Execution (C) Covering Tracks (D) Information Disclosure
C
Which of the following backdoors is used by the WannaCry ransomware to perform remote code execution and further propagation on a victim machine? (A) satanz (B) Kovter (C) Doublepulsar (D) EternalBlue
C
Which of the following business challenges could be solved by using a vulnerability scanner? (A) Auditors want to discover if all systems are following a standard naming convention. (B) There is an urgent need to remove administrator access from multiple machines for an employee who quit. (C) There is a monthly requirement to test corporate compliance with host application usage and security policies. (D) A web server was compromised and management needs to know if any future systems were compromised.
C
Which of the following categories of security controls minimizes the consequences of an incident by limiting the damage? (A) Deterrent Controls (B) Preventive Controls (C) Corrective Controls (D) Detective Controls
C
Which of the following commands does an attacker use to detect HTTP Trace? (A) nmap -p80 --script http-userdir -enum localhost (B) nmap --script hostmap <host> (C) nmap -p80 --script http-trace <host> (D) nmap --script http-enum -p80 <host>
C
Which of the following countermeasures prevent buffer overruns? (A) Use the most restrictive SQL account ypes for applications (B) Keep trusted data separate from commands and queries (C) Test the size and data type of the input and enforce appropriate limits (D) Apply the least privilage rule to run the applications that access the DBMS
C
Which of the following cryptography attack methods is usually performed without the use of a computer? (A) Rainbow table attack (B) Ciphertext-only attack (C) Rubber hose attack (D) Chosen key attack
C
Which of the following describes a component of public key infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations? (A) Recovery agent (B) Key registry (C) Key escrow (D) Directory
C
Which of the following is a Mobile Device Management Software? (A) SpyBubble (B) Phonty (C) XenMobile (D) GadgetTrak
C
Which of the following is a Snort rule that is used to detect and block SQL injection attack? (A) * OR 6 BETWEEN 1 AND 7 (B) UNION Select Password (C) SqlDataAdapter myCommand = new SqlDataAdapter("LoginStoredProcedure '" + Login.Text +"'", conn); (D) /(\%27)|(\')|(\-\-)|(\%23)|(#)/ix
C
Which of the following is a common Service Oriented Architecture (SOA) vulnerability? (A) VPath injection (B) SQL injection (C) XML denial of service issues (D) Cross-site scripting
C
Which of the following is a program that is installed without the user's knowledge and can bypass the standard system authen?ca?on or conven?onal system mechanism like IDS, firewalls, etc. without being detected? (A) Proxy Server Trojans (B) Remote Access Trojans (C) Backdoor Trojans (D) Covert Channel Trojans
C
Which of the following is a routing protocol that allows the host to discover the IP addresses of active routers on their subnet by listening to router advertisement and soliciting messages on their network? (A)DHCP (B) DNS (C) IRDP (D) ARP
C
Which of the following is a symmetric cryptographic algorithm? (A) PKI (B) DSA (C) 3DES (D) RSA
C
Which of the following is a type of network protocol for port-based network access control (PNAC)? (A) SFTP (B) SSH (C) IEEE 802.1X suites (D) SSL
C
Which of the following is an appropriate defense strategy to prevent attacks such as piggybacking and tailgating? (A) Employee training, best practices, and checklists for using passwords (B) Train technical support executives and system administrators never to reveal passwords or other information by phone or email (C) Implement strict badge, token or biometric authentication, employee training, and security guards (D) Educate vendors about social engineering
C
Which of the following is not a feature of Mobile Device Management Software? (A) Peform real time monitoring and reporting (B) Enforce policies and track inventory (C) Sharing confidential data among devices and networks (D) Remotely wipe data in the lost or stolen device
C
Which of the following is not a type of DNS attack? (A) Domain Snipping (B) Domain Hijacking (C) Session Hijacking (D) Cybersquating
C
Which of the following is not a type of network-level hijacking? (A) Blind Hijacking (B) Man-in-the-Middle: Packet Sniffer (C) Session Hijacking (D) UDP Hijacking
C
Which of the following is used to connect wireless devices to a wireless/wired network? (A) Bandwidth (B) Hotspot (C) Access point (AP) (D) Association
C
Which of the following processes of PKI (public key infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations? Certificate revocation (A) Certificate revocation (B) Certificate cryptography (C) Certificate validation (D) Certificate issuance
C
Which of the following provides storage on a different machine or disk after the original disk is filled up? (A) Document root (B) Server root (C) Virtual document tree (D) Virtual hosting
C
Which of the following regional internet registries (RIRs) provides services related to the technical coordination and management of Internet number resources in Canada, the United States, and many Caribbean and North Atlantic islands? (A) LACNIC (B) APNIC (C) ARIN (D) AFRINIC
C
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP? (A) Nessus scripting engine (B) SAINT scripting engine (C) NMAP scripting engine (D) Metasploit scripting engine
C
Which of the following short range wireless communication protocol is used for home automation that allows devices to communicate with each other on local wireless LAN? (A) MoCA (B) Cellular (C) Thread (D) VSAT
C
Which of the following statements is not true for securing iOS devices? (A) Do not jailbreak or root your device if used within enterprise environments (B) Do not store sensitive data on client-side database (C) Disable Jailbreak Detection (D) Disable Javascript and add-ons from web browser
C
Which of the following steps in enumeration penetration testing serves as an input to many of the ping sweep and port scanning tools for further enumeration? (A) Perform competitive intelligence (B) Perform ARP poisoning (C) Calculate the subnet mask (D) Perform email footprinting
C
Which of the following teams has the responsibility to check for updates and patches regularly? (A) Red team (B) Vulnerability assessment team (C) Patch management team (D) Security software development team
C
Which of the following terms refers to a set of hotfixes packed together? (A) Patch (B) Hotfic pack (C) Service pack (D) Repair pack
C
Which of the following terms refers to an advanced form of phishing in which the attacker redirects the connection between the IP address and its target server? (A) Pretexting (B) Hacking (C) Pharming (D) Skimming
C
Which of the following tool is a DNS Interrogation Tool? (A) NetScan Tools Pro (B) SandCat Browser (C) DIG (D) Hping
C
Which of the following toolbars is used to provide an open application program interface (API) for developers and researchers to integrate anti-phishing data into their applications? (A) SET (B) Metasploit (C) Netcraft (D) DroidSheep
C
Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? (A) Website Mirroring Tools (B) Metatdata Extraction Tools (C) Email Tracking Tools (D) Web Updates Monitoring Tools
C
Which of the following tools can be used to perform RST hijacking on a network? (A) FOCA (B) Nmap (C) Colasoft's Packet Builder (D) Recon-ng
C
Which of the following tools can not be used to perform SNMP enumeration? (A) SNScan (B) Nsauditor Network Security Auditor (C) SuperScan (D) SoftPerfect Network Scanner
C
Which of the following tools is not used for iOS Jailbreaking? (A) Velonzy (B) Yalu (C) Unrevoked (D) TaiG
C
Which of the following tools is not used to perform webserver information gathering? (A) Nmap (B) Netcraft (C) Wireshark (D) Whois
C
Which of the following tools is used to execute commands of choice by tunneling them inside the payload of ICMP echo packets if ICMP is allowed through a firewall? (A) HTTPTunnel (B) AckCmd (C) Loki (D) Anonymizer
C
Which of the following tools is used to perform a rolling code attack by obtaining the rolling code sent by the victim? (A) HackRF one (B) RIoT vulnerability scanning (C) RF crack (D) Zigbee framework
C
Which of the following tools is used to root the Android OS? (A) DroidSheep (B) LOIC (C) TunesGo (D) zANTI
C
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11? (A) Clamwin (B) Sub7 (C) Nessus (D) Trucrypt
C
Which of the statements concerning proxy firewalls is correct? (A) Proxy firewalls block network packets from passing to and from a protected network. (B) Firewall proxy servers decentralize all activity for an application. (C) Computers establish a connection with a proxy firewall that initiates a new network connection for the client. (D) Proxy firewalls increase the speed and functionality of a network.
C
Which term is used to refer service announcements provided by services in response to connection requests and often carry vendor's version of information? (A) Scanning phase (B) Port (C) Banner (D) Network discovery phase
C
Which term refers to common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system ? (A) Banner Grabbing (B) Port Scanning (C) Buffer Overflows (D) Active Footprinting
C
Which tool includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems? (A) Wireshark (B) Netcraft (C) Microsoft Baseline Security Analyzer (MBSA) (D) FOCA
C
Which tool would be used to collect wireless packet data? (A) John the Ripper (B) Netcat (C) NetStumbler (D) Nessus
C
William has been hired by the ITSec, Inc. to perform web application security testing. He was asked to perform black box penetration testing to test the security of the company's web applications. No information is provided to William about the company's network and infrastructure. William notices that the company website is dynamic and must make use of a backend database. He wants to see if an SQL injection would be possible. As part of the testing, he tries to catch instances where the user input is used as part of an SQL identifier without any input sanitization. Which of the following characters should William use as the input data to catch the above instances? (A) Right square bracket ( ]) (B) Single Quote (') (C) Double Quote (") (D)Semicolon (;)
C
You are a security engineer for XYZ Corp. You are looking for a cloud-based e-mail provider to migrate the company's legacy on-premise e-mail system to. What type of cloud service model will the new e-mail system be running on? (A) XaaS (B) PaaS (C) SaaS (D) IaaS
C
You are a security engineer for a cloud-based startup, XYZ Partners LLC, and they would like you to choose the best platform to run their environment from. The company stores sensitive PII and must be SOC 2 compliant. They would like to run their Windows server VMs and directory services from the cloud. Which of the following services and deployment models would meet the company's requirements? (A) XaaS and Community (B) PaaS and Private (C) IaaS and Private (D) SaaS and Hybrid
C
You are performing a port scan with Nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results? (A) Fragmented packet scan (B) Stealth scan (C) Connect scan (D) XMAS scan
C
A computer technician is using the latest version of a word- processing software and discovers that a particular sequence of characters is causing the entire computer to crash. The technician researches the bug and discovers that no one else has experienced the problem. What is the appropriate next step? (A) Find an underground bulletin board and attempt to sell the bug to the highest bidder (B) Ignore the problem completely and let someone else deal with it (C) Create a document that will crash the computer when opened and send it to friends (D) Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix
D
A hacker wants to encrypt and compress 32-bit executables and .NET apps without affecting their direct functionality. Which of the following cryptor tools should be used by the hacker? (A) Hidden sight crypter (B) Cypherx (C) Java crypter (D) BitCrypter
D
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator understand this situation? (A) True positives (B) True negatives (C) False negatives (D) False positives
D
A person approaches a network administrator and wants advice on how to send encrypted e-mail from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend? (A) Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS) (B) IP Security (IPsec) (C) Multipurpose Internet Mail Extensions (MIME) (D) Pretty Good Privacy (PGP)
D
A privilege escalation threat is caused due to which of the following weaknesses? (A) Weak authentication and authorization controls could lead to illegal access thereby compromising confidential and critical data stored in the cloud (B) Due to flaws while provisioning or de-provisioning networks or vulnerabilities in communication encryption (C) Due to isolation failure, cloud customers can gain illegal access to the data (D) A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed.
D
A systems administrator in a small company named "We are Secure Ltd." has a problem with their Internet connection. The following are the symptoms: The speed of the Internet connection is slow (so slow that it is unusable). The router connecting the company to the Internet is accessible and it is showing largeamount of router solicitation messages from neighboring routers even though the router is not supposed to receive any of these messages. What type of attack is this? (A) DDoS (Distributed Denial of Service) (B) MitM (Man in the Middle) (C) DoS (Denial of Service) (D) DRDoS (Distributed Reflected Denial of Service)
D
An attacker has been successfully modifying the purchase price of items purchased on the company's website. The security administrators verify thewebserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price? (A) By utilizing a buffer overflow attack (B) By using SQL injection (C) By using cross site scripting (D) By changing hidden form values
D
An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this? (A) Denial-of-service attack (B) Phishing attack (C) Jamming attack (D) Water hole attack
D
An attacker tries to enumerate the username and password of an account named "rini Mathew" on wordpress.com. On the first attempt, the attacker tried to login as "rini.mathews," which resulted in the login failure message "invalid email or username." On the second attempt, the attacker tried to loginas "rinimathews," which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username "rinimathews" exists. What is the attack that is performed by the attacker? (A) Phishing (B) Man-in-the-middle (C) Brute-forcing (D) Username enumeration
D
Anyone can send an encrypted message to Bob but only Bob can read it. Using PKI, when Alice wishes to send an encrypted message to Bob, she looks up Bob's public key in a directory, uses it to encrypt the message, and sends it off. Bob then uses his private key to decrypt the message and read it. No one listening in can decrypt the message. Thus, although many people may know the public key of Bob and use it to verify Bob's signatures, they cannot discover Bob's private key and use it to forge digital signatures. This is referred to as the principle of: (A) Non-repudiation (B) Asymmetry (C) Symmetry (D) Irreversibility
D
During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability? (A) The web application does not have the secure flag set. (B) The victim user should not have an endpoint security solution (C) The victim's browser must have ActiveX technology enabled. (D) The session cookies do not have the HttpOnly flag set.
D
Eric, a professional hacker, is trying to perform a SQL injection attack on the back-end database system of the InfomationSEC, Inc. During the information gathering process, he identifies that MYSQL server is the back-end database engine used. Eric has tried various SQL injection attack attempts based on the information gathered but all of his attempts failed. Later, he discovered that IPS system is blocking all the SQL injection attack attempts. Eric decided to bypass the IPS using string concatenation IPS evasion technique where he needs to break the SQL query into a number of small pieces and concatenates the SQL query end-to-end. Which of the following string concatenation operator Eric need to use in the SQL query to concatenate the SQL query end-to-end? (A) "+" operator (B) "||" operator (C) "&" operator (D) "concat(,)" operator
D
Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21—no response TCP port 22—no responseTCP port 23—Time-to-live exceeded (A) The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host. (B) The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error. (C) The lack of response from ports 21 and 22 indicate that those services are not running on the destination server. (D) The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.
D
Identify the component of the web server that provides storage on a different machine or a disk after the original disk is filled-up? (A) Server Root (B) Document Root (C) Virtual Hosting (D) Virtual document tree
D
If an attacker intercepts an established connection between two communicating parties using spoofed packets, and then pretends to be one of them, then which network-level hijacking is he performing? (A) RST hijacking (B) IP spoofing (C) Man-in-the-middle: packet sniffer (D) TCP/IP hijacking
D
If your web application sets any cookie with a secure attribute, what does this mean? (A) The cookie will not be sent cross-domain (B) The cookie can not be accessed by JavaScript (C) Cookies will be sent cross-domain (D) The client will send the cookie only over an HTTPS connection
D
In order to protect a device against insecure network services vulnerability, which of the following solutions should be implemented? (A) Implement secure password recovery mechanisms (B) End-to-end encryption (C) Enable two-factor authentication (D) Disable UPnP
D
In what way do the attackers identify the presence of layer 7 tar pits? (A) By looking at the IEEE standards for the current range of MAC addresses (B) By looking at the responses with unique MAC address 0:0:f:ff:ff:ff (C) By analyzing the TCP window size (D) By looking at the latency of the response from the service
D
In which of the following attacks does an attacker ride an active computer session by sending an email or tricking the user into visiting a malicious web page while they are logged into the targeted site? (A) Side Channel Attack (B) DNS Attack (C) Wrapping Attack (D) Session Hijacking Using Session Riding
D
In which of the following attacks does an attacker use a conditional OR clause in such a way that the condition of the WHERE clause will always be true? (A) UNION SQL Injection (B) Illegal/logically incorrect query (C) End-of-line comment (D) Tautology
D
In which of the following attacks does the attacker spoofs the source IP address with the victim's IP address and sends large number of ICMP ECHO request packets to an IP broadcast network? (A) Ping of death attack (B) UDP flood attack (C) SYN flood attack (D) Smurf attack
D
In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data? (A) Generation-based (B) None of the listed answers (C) Protocol-based (D) Mutation-based
D
John is a college dropout and spends most of his time on social networking sites looking for the people living in the city and gather their details. One day, he saw a girl's profile and found her email ID from her timeline. John sent her a mail stating that he possessed her private photos and if she fails to provide him with her bank account details, he will upload those images to social networking sites. (A) Vishing (B) Whaling (C) Pharming (D) Spear Phishing
D
Manav wants to simulate a complete system and provide an appealing target to push hackers away from the production systems of his organization. By using some honeypot detection tool, he offers typical Internet services such as SMTP, FTP, POP3, HTTP, and TELNET, which appear perfectly normal to attackers. However, it is a trap for an attacker by messing them so that he leaves some traces knowing that they had connected to a decoy system that does none of the things it appears to do; but instead, it logs everything and notifies the appropriate people. Can you identify the tool? (A) Glasswire (B) TinyWall (C) PeerBlock (D) SPECTER
D
Martha is a network administrator in a company named "Dubrovnik Walls Ltd." She realizes that her network is under a DDoS attack. After careful analysis, she realizes that large amounts of UDP packets are being sent to the organizational servers that are present behind the "Internet facing firewall." What type of DDoS attack is this? (A) SYN flood attack (B) Protocol attack (C) Application layer attack (D) Volume (volumetric) attack
D
Martha is a network administrator in company named "Dubrovnik Walls Ltd." She realizes that her network is under a DDoS attack. After careful analysis, she realizes that large amount of HTTP POST requests are being sent to the web servers behind the WAF. The traffic is not legitimate, since the web application requires workflow to be finished in order to send the data with the POST request, and this workflow data is missing. So, What type of DDoS attack is this? (A) Volume (volumetric) attack (B) SYN flood attack (C) Protocol attack (D) Application layer attack
D
Michel, a professional hacker, is trying to perform an SQL injection attack on the MS SQL database system of the CityInfo, Inc. by bypassing the signature-based IDS. He tried various IDS evasion techniques and finally succeeded with one where he breaks the SQL query into a number of small pieces and uses the + sign to join SQL query end to end.Which of the following IDS evasion techniques he uses to bypass the signature-based IDS? (A) Char encoding (B) URL encoding (C) Hex encoding (D) String concatenation
D
Name an attack where an attacker interrupts communication between two devices by using the same frequency signals on which the devices are communicating. (A) Side channel attack (B) Replay attack (C) Man-in-the-middle attack (D) Jamming attack
D
Name an attack where the attacker connects to nearby devices and exploits the vulnerabilities of the Bluetooth protocol to compromise the device? (A) Rolling code attack (B) Jamming attack (C) DDoS attack (D) BlueBorne attack
D
Out of the following, which is not a type of side-channel attack? (A) Acoustic Cryptanlysis (B) Timing Attack (C) Data Remanence (D) Cybersquatting
D
Out of the following, which is not an active sniffing technique? (A) Switch port stealing (B) Spoofing attack (C) MAC flooding (D) Domain snipping
D
Roy is a network administrator at an organization. He decided to establish security policies at different levels in the organization. He decided to restrict the installation of USB drives in the organization and decided to disable all the USB ports. Which of the following countermeasure Roy must employ? (A) Adopt documented change management (B) Ensure a regular update of software (C) Use multiple levels of antivirus defense (D) Implement proper access privileges
D
Sanya is a security analyst in a multinational company who wants to schedule scans across multiple scanners, use wizards to easily and quickly create policies and wants to send results via email to her boss. Which vulnerability assessment tool should she use to get the best results? (A) Wireshark (B) Recon-ng (C) FOCA (D) Nessus Professional
D
Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: - Secretly observes the target to gain critical information - Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique. (A) Phishing (B) Dumpster Diving (C) Tailgating (D) Shoulder Surfing
D
SecTech Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, SecTech does not have the required resources or capabilities to perform a vulnerability assessment. They decide to purchase a vulnerability assessment tool to test a host or application for vulnerabilities. Which of the following factors should the organization NOT consider while purchasing a vulnerability assessment tool? (A) Types of vulnerabilities being assessed (B) Test run scheduling (C) Functionality for writing own tests (D) Links to patches
D
Stephany is worried because in the past six weeks she has received two and three times the amount of e-mails that she usually receives, and most of it is not related to her work. What kind of problem is Stephany facing? (A) External attack (B) Phishing (C) Malware (D) SPAM
D
The DDoS tool created by anonymous sends junk HTTP GET and POST requests to flood the target, and its second version of the tool (the first version had different name) that was used in the so-called Operation Megaupload is called _______. (A) Dereil (B) BanglaDOS (C) Pandora DDoS (D) HOIC
D
What is the default port used by IPSEC IKE protocol? (A) Port 4500 (B) Port 50 (C) Port 51 (D) Port 500
D
What is the main difference between a "Normal" SQL injection and a "Blind" SQL injection vulnerability? (A) The request to the webserver is not visible to the administrator of the vulnerable application (B) The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code injection (C) A successful attack does not show an error message to the administrator of the affected application (D) The vulnerable application does not display errors with information about injection results to the attacker
D
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? (A) Distributive (B) Passive (C) Reflective (D) Active
D
Which command lets a tester enumerate live systems in a class C network via ICMP using native Windows tools? (A) for %V in (1 1 255) do PING 192.168.2.%V (B) ping 192.168.2.255 (C) ping 192.168.2. (D) for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"
D
Which evasion technique is used by attackers to encode the attack packet payload in such a way that the destination host can only decode the packet but not the IDS? (A) Unicode Evasion (B) Fragmentation Attack (C) Session splicing (D) Obfuscation
D
Which of the following IoT architecture layers consists of all the hardware parts like sensors, RFID tags, readers or other soft sensors, and the device itself? (A) Internet layer (B) Middleware layer (C) Application layer (D) Edge technology layer (E) Access gateway layer
D
Which of the following IoT technology components collects data that undergoes data analysis, from the gateway? (A) IoT gateway (B) Sensing technology (C) Remote control using mobile app (D) Cloud server/data storage
D
Which of the following NIST cloud reference architecture factors manages cloud services in terms of use, performance, and delivery, and who also maintains a relationship between cloud providers and consumers? (A) Cloud Carrier (B) Cloud Consumer (C) Cloud Provider (D) Cloud Broker
D
Which of the following Rootkit Trojans performs targeted attacks against various organizations and arrives on the infected system by being downloaded and executed by the Trickler dubbed "DoubleFantasy," covered by TSL20110614-01 (Trojan.Win32.Micstus.A)? (A) Hardware/firmware rootkit (B) Boot loader level rootkitc (C) GrayFish rootkit (D) EquationDrug rootkit
D
Which of the following analysis techniques involves going through the executable binary code without actually executing it to have a better understanding of the malware and its purpose? (A) System baselining (B) Spectrum analysis (C) Dynamic Malware analysis (D) Static malware analysis
D
Which of the following availability attacks involve exploiting the CSMA/CA Clear Channel Assessment (CCA) mechanism to make a channel appear busy? (A) Beacon Flood (B) Routing Attack (C) Authenticate Flood (D) Denial-of-Service
D
Which of the following countermeasures helps in defending against WPA/WPA2 cracking? (A) Avoid using public Wi-Fi networks (B) Make sure to enable two factor authentication (C) Change the default SSID after WLAN configuration (D) Select a random passphrase that is not made up of dictionary words
D
Which of the following firewalls is used to secure mobile device? (A) TinyWall (B) Comodo firewall (C) Glasswire (D) NetPatch firewall
D
Which of the following hping command performs UDP scan on port 80? (A) hping3 -F -P -U <IP Address> -p 80 (B) hping3 -1 <IP Address> -p 80 (C) hping3 -A <IP Address> -p 80 (D) hping3 -2 <IP Address> -p 80
D
Which of the following is NOT a best practice for cloud security? (A) Verify one's cloud in public domain blacklists (B) Disclose applicable logs and data to customers (C) Undergo AICPA SAS 70 Type II Audits (D) Provide unauthorized server access using security checkpoints
D
Which of the following is a characteristic of public key infrastructure (PKI)? (A) Public-key cryptosystems are faster than symmetric-key cryptosystems. (B) Public-key cryptosystems do not provide technical nonrepudiation via digital signatures. (C) Public-key cryptosystems do not require a secure key distribution channel. (D) Public-key cryptosystems distribute public-keys within digital signatures.
D
Which of the following is a defense technique for MAC spoofing used in switches that restricts the IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database? (A) DHCP snooping binding table (B) Authentication, authorization, and accounting (AAA) (C) Dynamic ARP inspection (D) P Source Guard
D
Which of the following is a web application that does not have the secure flag set and that is implemented by OWASP that is full of known vulnerabilities? (A) WebScarab (B) WebBugs (C) VULN_HTML (D) WebGoat
D
Which of the following is an attack detection technique that monitors the network packet's header information? This technique also determines the increase inoverall number of distinct clusters and activity levels among the network flow clusters? (A) Ping of death attack (B) Sequential Change-point detection (C) Wavelet-based signal analysis (D) Activity profiling
D
Which of the following is considered as a quality checking and assurance technique used to identify coding errors and security loopholes in web applications? (A) Session Hijacking (B) Hash Stealing (C) Sandboxing (D) Fuzz Testing
D
Which of the following is not a defensive measure for web server attacks? (A) Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL) (B) Encrypt or restrcit intranet traffic (C) Ensure that protected resources are mapped to HttpForbiddenHandler and unused HttpModules are removed (D) Configure IIS to accept URLs with "../"
D
Which of the following is not a legitimate cloud computing attack? (A) Man-In-The-Middle (MiTM) (B) Privilege Escalation (C) Denial-Of-Service (D) Port Scanning
D
Which of the following is not a patch management tool? (A) Symantec client management suite (B) Software vulnerability manager (C) GFI LanGuard (D) Burp suite
D
Which of the following is not a session hijacking technique? (A) Session fixation (B) Session sidejacking (C) Cross-site scripting (D) DNS hijacking
D
Which of the following is not an action present in Snort IDS? (A) Alert (B) Log (C) Pass (D) Audit
D
Which of the following is used to detect bugs and irregularities in web applications? (A) Generation-based fuzz testing (B) Mutation-based fuzz testing (C) Protocol-based fuzz testing (D) Source code review
D
Which of the following policies addresses the areas listed below: - Issue identification (ID) cards and uniforms, along with other access control measures to the employees of a particular organization. - Office security or personnel must escort visitors into visitor rooms or lounges. - Restrict access to certain areas of an organiza?on in order to prevent unauthorized users from compromising security of sensi?ve data. (A) Defnese strategy (B) Password security polcies (C) Special-access policies (D) Physical security policies
D
Which of the following protocols is not vulnerable to sniffing? (A) Hyper Text Transfer Protocol (HTTP) (B) Telnet and Rlogin (C) Post Office Protocol (POP) (D) Secure Sockets Layer (SSL)
D
Which of the following protocols is responsible for synchronizing clocks of networked computers? (A) DNS (B) LDAP (C) SMTP (D) NTP
D
Which of the following protocols provides reliable multiprocess communication service in a multinetwork environment? (A) UDP (B) SNMP (C) SMTP (D) TCP
D
Which of the following statements correctly defines a zero-day attack? (A) An attack that exploits vulnerabilities after the software developer releases a patch for the vulnerability (B) An attack that could not exploit vulnerabilities even though the software developer has not released a patch (C) An attack that exploits an application even if there are zero vulnerabilities (D) An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability
D
Which of the following system table does MS SQL Server database use to store metadata? Hackers can use this system table to acquire database schema information to further compromise the database. (A) sysdbs (B) sysrows (C) syscells (D) sysobjects
D
Which of the following techniques helps the attacker in identifying the OS used on the target host in order to detect vulnerabilities on a target system? (A) Source routing (B) Port scanning (C) IP address decoy (D) Banner grabbing
D
Which of the following techniques is used to create complex search engine queries? (A) Bing Search (B) Yahoo Search (C) DuckDuckGo (D) Google hacking
D
Which of the following threats is closely related to medical identity theft? (A) Criminal identity theft (B) Social identity theft (C) Synthetic identity theft (D) Insurance identity theft
D
Which of the following tools can be used to perform LDAP enumeration? (A) Nsauditor Network Security Auditor (B) SuperScan (C) SoftPerfect Network Scanner (D) JXplorer
D
Which of the following tools is not a NetBIOS enumeration tool? (A) SuperScan (B) Hyena (C) NetScanTools Pro (D) OpUtils
D
Which of the following types of cloud computing services provides virtual machines and other abstracted hardware and operating systems (OSs) which may be controlled through a service API? (A) PaaS (B) SaaS (C) XaaS (D) IaaS
D
Which of the following types of jail-breaking allows user-level access but does not allow iboot-level access? (A) iBoot Exploit (B) None of the listed (C) Bootrom Exploit (D) Userland Exploit
D
Which of the following windows utilities allow an attacker to perform NetBIOS enumeration? (A) SetRequest (B) GetRequest (C) ntpdate (D) nbtstat
D
Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting (A) Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting (B) Results matching all words in the query (C) Results for matches on target.com and Marketing.target.com that include the word "accounting" (D) Results matching "accounting" in domain target.com but not on the site Marketing.target.com
D
Which technology do SOAP services use to format information? (A) ISDN (B) SATA (C) PCI (D) XML
D
Which type of assessment tools are used to find and identify previously unknown vulnerabilities in a system? (A) Scope assessment tools (B) Active Scanning Tools (C) Application-layer vulnerability assessment tools (D) Depth assessment tools
D
You are a security engineer for XYZ Inc. Your company is based on a private cloud infrastructure and discovers a potential breach through a vulnerability that was not properly patched. XYZ Inc. wants to perform a root cause analysis and discover if any data was exfiltrated and if so, what type of information did it contain? How would XYZ Inc. find out this information? (A) Vulnerability Scanning (B) Penetration Testing (C) Data Analysis (D) Cloud Forensics
D
Which of the following is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards? (A) 802.11n (B) 802.11i (C) 802.11d (D) 802.11e
V