Practice Test A-B ISM 326

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which command-line parameter would you use to disable name resolutions in tcpdump?

-n

Which of the following best indicates a top-level parent domain?

.org

Which of the following represent the private IP address? Each correct answer represents a complete solution. Choose all that apply.

/////172.16.186.242//// /////10.153.203.18///// ////192.168.17.4/////

Camila, a network administrator, observes the subnet mask 255.255.255.252. Which CIDR notation will she use to indicate the subnet mask?

/22

If you were to see the subnet mask 255.255.252.0, what CIDR notation (prefix) would you use to indicate the same thing?

/22

What financial filing is required for public companies and would provide you with the annual report?

14-A

Which of these addresses would be considered a private address (RFC 1918 address)?

172.20.128.240

An organization asks its network administrator to block all Telnet traffic. Which of the following ports should the administrator block on the firewall?

23

A user has created a VPC having the CIDR /22 network. Which of the following subnet masks will the user use to indicate the same network?

255.255.252.0

What version of SNMP introduced encryption and user-based authentication? End of ch 6

3

What would a signal range for a Bluetooth 4.0 device commonly be?

300 ft.

What status code will you get if your attempt to use the VRFY command fails?

550

In the following packet, what port is the source port? 20:45:55.272087 IP yazpistachio.lan.62882 > loft.lan.afs3-fileserver: Flags [P.], seq 915235445:915235528, ack 3437317287, win 2048, options [nop,nop,TS val 1310611430 ecr 1794010423], length 83

62882

In the TCP three-way handshake, what is done next after the initial SYN packet is sent?

A SYN/ACK packet is sent

What is the difference between a false positive and a false negative?

A false positive indicates a finding that doesn't exist, while a false negative doesn't indicate a finding that does exist.

If you were to see the following command in someone's history, what would you think had happened? msfvenom -i 5 -p windows/x64/shell_reverse_tcp -o program

A malicious program was generated.

What does pivoting on a compromised system get you?

A route to extra networks

What is the primary difference between a worm and a virus?

A worm can self-propagate.

If you were looking up information about a company in New Zealand, which RIR would you be looking in for data?

APNIC

You are informed that the additional allocation of an IP address is required in North America. Which of the following RIR (Regional Internet registry) would you be looking in for allocation?

ARIN

Which of the following types of sniffing techniques is generally referred to as the MITM (man-in-the-middle) attack?

ARP poisoning

John works as a network administrator at Infosoft Inc. He suspects that malware is attempting a buffer overflow attack in a kernel module. Which of the following techniques will John use to protect against the attack?

ASLR

Which of the following is one factor of a defense in depth approach to a network design?

Access control lists on routers

What is the use of a MAC address?

Addressing systems on the local network

What would you use a security information event manager for?

Aggregating and providing search for log data

What tool could you use to enable sniffing on your wireless network to acquire all headers?

Airmon-ng

What would be the purpose of running a ping sweep?

All of these

Which of these would be an example of pretexting?

An email from a former co-worker

What is the primary purpose of polymorphic code for malware programs?

Antivirus evasion

You are evaluating the security of your organization's wireless network and found that SSID broadcasting is turned on. Who among the following will have access to a wireless network's SSID?

Anyone in the organization

Taylor, a black hat hacker, makes use of a program called slowhttptest to send requests asking for overlapping ranges of bytes. Which of the following attacks is she performing?

Apache Killer

What is nmap looking at when it conducts a version scan?

Application banners

Why is it important to store system logs remotely?

Attackers might delete local logs.

The DNS server where records for a domain belonging to an organization or enterprise reside is called the _________ server.

Authoritative

Which social engineering principle may allow a phone call from the help desk to be effective?

Authority

As a network administrator, your manager instructs you to reduce the organization's accessibility to the file server. She claims that doing so will aid in preventing company trade secrets from being leaked to the public; however, you understand that doing so will have a negative impact on productivity and aggravate employees. Which part of the CIA triad is being impacted here?

Availability

If you were on client engagement and discovered that you left an external hard drive with essential data on it at home, which security principle would you be violating?

Availability

What security property does a denial of service violate?

Availability

Which core concept has the ability for information or services that must be accessible at a moment's notice?

Availability

Your organization allows employees to bring personally owned devices and connect them to the organization's network. What approach is the organization using?

BYOD

Christina works as a project manager at XYZ. She was terminated from her position, where she was using her cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following allows this action?

BYOD policy

What type of attack would you be using by putting malware onto USB sticks that were given out at a security conference?

Baiting

Olivia, a black hat hacker, captures the information transmitted by the remote host to expose the application type, application version, and even operating system type and version. Which of the following techniques will she use to obtain information about the target system?

Banner Grabbing

Laura works as a vulnerability tester at XYZ. While performing a vulnerability scan, she believes that there are Windows file shares in use on the enterprise network. Which of the following will she use to prove her theory?

Bell-LaPadula

Pete, a security engineer, grants access to network resources based on authenticating an individual's fingerprint during a scan. Which security method does he use in determining identity?

Biometric authentication

Granting access to a system based on a factor such as an individual's retina during a scan is an example of what type of authentication method?

Biometrics

Juan, a penetration tester, is asked to perform a penetration test from an external IP address with no prior knowledge of the internal IT systems. What kind of test will Juan perform?

Black box

What can an intrusion prevention system do that an intrusion detection system can't?

Block or reject network traffic.

An attacker wants to send unsolicited messages to a user's Bluetooth device. Which of the following Bluetooth hacking techniques will the attacker use?

BlueJacking

Why is bluesnarfing potentially more dangerous than bluejacking from the standpoint of the victim?

Bluejacking sends while bluesnarfing receives.

Which of the following is an attack that connects to a Bluetooth device to grab data from that device?

Bluesnarfing

Which type of network uses a group of zombie computers to carry out the commands of the bot master?

Botnet

What is the policy that allows people to use their own smartphones on the enterprise network?

Bring your own device

The packet indicates the physical destination address as ff.ff.ff.ff.ff.ff. What type of MAC address is this?

Broadcast

Your organization has asked you to perform a brute force scan that actively sends messages to devices to determine what they are. Which of the following will you use?

Btscanner

What would be the result of sending the string AAAAAAAAAAAAAAAAA into a variable that has been allocated space for 8 bytes?

Buffer overflow

An attacker wants to send commands to the bots, which are endpoints in a botnet. Which of the following servers will he use?

C2

In a botnet, what are the systems that tell individual bots what to do called?

C2 servers

Your organization issues certificates to users by collecting information from the user and then generating the key to provide to the user. Which of the following is responsible for this?

CA

Harry, a white hat hacker, has created his own CA for creating a fake digital certificate. What key will he use to create the signature on the certificate?

CA's private key

What is the web page you may be presented with when connecting to a wireless access point, especially in a public place?

Captive portal

A system creates a certificate with the assigned public and private keys and digitally signs it. What is the system's role?

Certificate authority

Which hardware vendor uses the term SPAN on switches?

Cisco

Your organization has asked you to provide the number of bits in a network prefix. Which of the following notations will you use?

Classless Inter-Domain Routing

The ______ is the end of a client/server communication that goes on the infected system if it is communicating with infrastructure.

Client

What attack can a proximity card be susceptible to?

Cloning

Which of the following is used for authentication within SNMP?

Community string

What is the /etc/ettercap/etter.dns file used for?

Configuring hostnames to IP addresses

What does a defense in breadth approach add?

Consideration for a broader range of attacks

What is the purpose of using a disassembler?

Converting opcodes to mnemonics

If you were to see the following in a packet capture, what attack would you expect is happening?

Cross-site scripting

Which is the second phase in the ethical hacking methodology?

Cross-site scripting

Joseph works as a security administrator at XYZ. His network is being flooded by ICMP packets. He observes that the packets came from multiple different IP addresses. What kind of attack is this?

DDoS

Your organization has asked you to use the same key for encryption and decryption of messages. Which of the following methods of encryption will you use?

DES

Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?

DMZ

Which of these protocols would be most likely to be used in an amplification attack?

DNS

What is one downside to running a default tcpdump without any parameters?

DNS requests

Juan, a black hat hacker, gains access to the DNS server and redirects the direction of www.xyz.com to his IP address. Now, when the employees want to go to www.xyz.com, they are being redirected to the attacker machine. What kind of attack has Juan performed?

DNS spoofing

At which protocol layer does the Berkeley Packet Filter operate?

Data Link

A breach was caused in which a customer's personal information was compromised. Jordan, a security analyst, is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should he use to remediate the vulnerabilities?

Data leak prevention

What is the SMB protocol used for?

Data transfers on Windows systems

You work as a security assistant at XYZ and asked to analyze spyware dynamically on the company's web site. Which of the following tools will you use?

Debugger

Which of the following approach uses multiple layers of firewalls and other security devices?

Defense in depth

Joseph, a black hat hacker, wants to bring a railway website down so that it fails to serve the people who want to book tickets. Which of the following attacks will he perform?

Denial of service

What would the Low Orbit Ion Cannon be used for?

Denial of service attacks

What is the four-stage handshake used for?

Deriving keys

The UDP headers contain which of the following fields?

Destination port, source port, checksum, and length

The organization wants to derive keys when an encryption session is started. Which of the following mechanisms will the organization use?

Diffie-Hellman

Your organization wants to allow two parties in an encrypted communication to generate a key without ever transmitting any data that would allow the key to be known. Which of the following will the organization use?

Diffie-Hellman

If you have a wordlist and you are trying to identify all paths in a website, even if they may not be exposed through links, what strategy might you be using?

Directory enumeration

What type of enumeration would you use the utility dirb for?

Directory enumeration

How would someone keep a baiting attack from being successful?

Disable autorun.

What type of attack is a compromise of availability?

DoS

What information would you not expect to find in the response to a whois query about an IP address?

Domain association

What is the purpose of a dropper?

Drop files

What does the malware that is referred to as a dropper do?

Drops files that may be more malware

What would you use Cuckoo Sandbox for?

Dynamic analysis of malware

What command would you use to get the list of mail servers for a domain? CH 4 end

EDGAR

What SMTP command would you use to get the list of users in a mailing list?

EXPN

You find after you get access to a system that you are the user www-data. What might you try to do very shortly after getting access to the system?

Elevate privileges.

If you found a colleague searching at pgp.mit.edu, what would they likely be looking for?

Email addresses

Your organization has asked you to use a tool named theHarvester. What they are trying to make you identify?

Email addresses

Which of these may be considered an evasive technique?

Encoding data

How would you ensure that confidentiality is implemented in an organization?

Encryption

Which of the following will you use to identify whether an executable is packed?

Entry point

Which of the following statements regarding ethical hacking are true? Each correct answer represents a complete solution. Choose all that apply.

Ethical hacking should not involve writing to or modifying the target systems. /////////////////////// An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services. ///////////////////////Testing should be remotely performed offsite.

What program could be used to perform spoofing attacks and also supports plug-ins?

Ettercap

Which tool is able to conduct a man-in-the-middle attack particularly in a LAN network environment? Each correct answer represents a complete solution. Choose two.

Ettercap, Cain & Abel

Perrie, an auditor, found that there were no documented security procedures during a security audit of IT processes. What should he do?

Evaluate existing policies

If you were looking for reliable exploits you could use against known vulnerabilities, what would you use?

Exploit-DB

Jordan, a white hat hacker, observes an incorrect alert triggered by an intrusion prevention system. What type of event has occurred in the scenario?

False Positive

What statistic are you more likely to be concerned about when thinking about implementing biometrics?

False acceptance rate

What is the purpose of a SYN flood?

Fill up connection buffers at the operating system.

Jordan, a software tester, is randomly generating invalid inputs in an attempt to crash the program. Which of the following software testing techniques will he use to determine if a software program properly handles a wide range of invalid input?

Firewall

Larry, a network administrator, accesses the Internet frequently and wants to protect her company's network from external attacks. Which of the following options will help her to achieve her aim?

Firewall

What security element would be a crucial part of a defense in depth network design?

Firewall

Which of these would be a reason why communications should originate from inside the infected network? End of ch 8

Firewall

Which method identifies the size and scope of the target network?

Footprinting

Why would an attacker use an alternate data stream on a Windows system?

For hiding files

What is the purpose of a deauthentication attack?

Forcing stations to reauthenticate

You've been asked to implement a policy that defines how retired hard drives are sanitized securely. Which of the following would be the least acceptable?

Format the Hard drives

How many stages are used in the WPA handshake?

Four

Which of the following attacks uses UDP packets to target the broadcast address and cause a DDoS?

Fraggle

What is fragroute primarily used for?

Fragmenting application traffic

Juan, a network administrator, was asked to decrypt a substitution cipher. Which of the following will he use?

Frequency analysis

If you needed to guarantee complete fault tolerance, what network architecture would you be most likely to use?

Full mesh

Jordan, a software tester, is randomly generating invalid inputs in an attempt to crash the program. Which of the following software testing techniques will he use to determine if a software program properly handles a wide range of invalid input?

Fuzzing

An intrusion detection system can perform which of the following functions?

Generate alerts on traffic

What would you use the program rtgen for?

Generating rainbow tables

What would you use sslstrip for? End of ch9

Getting plaintext traffic

You are an attacker who has successfully infiltrated your target's web server. You performed a web defacement on the targeted organization's website, and you were able to create your own credentials with administrative privileges. Before conducting data exfiltration, what will you do?

Go back and delete or edit the logs.

Juan, a black hat hacker, writes the following command: nc -l -u -p55566 < /etc/passwd What does the above command in netcat do?

Grabs the /etc/passwd file when connected to the UDP port 55566

What do we call an ARP response without a corresponding ARP request?

Gratuitous ARP

Which of these protocols would be used to communicate with an IoT device?

HTTP

What is the advantage of using a rootkit?

Hiding processes and files

An attacker uses an amplification factor to multiply its power. Which of the following protocols has the attacker used?

ICMP

What protocol is used for a Smurf attack?

ICMP

Which protocol is necessary to enable the functionality of traceroute?

ICMP

An attacker has successfully compromised a machine on the network and found a server that is alive on the same network. The attacker tries to ping it but didn't get any response back. Which of the following is responsible for this scenario?

ICMP is disabled on the target server.

If you wanted a tool that could help with both static and dynamic analysis of malware, which would you choose?

IDA

Which header field is used to reassemble fragmented IP packets?

IP identification

Which protocol is a set of extensions that provide for encryption from one location to another?

IPSec

What is the SSID used for?

Identifying a network

What is the purpose of performing a Bluetooth scan?

Identifying endpoints

What would you use VirusTotal for?

Identifying malware against antivirus engines

What would you use Wappalyzer for?

Identifying web technologies

Katy, a penetration tester, observes illegal activities on a client's computer. Which of the following actions should she take?

Immediately stop the test and report the finding to the authorities.

What social engineering vector would you use if you wanted to gain access to a building?

Impersonation

Joseph, a vulnerability tester, discovers a serious flaw in the implementation of DNS, which impacts everyone on the Internet. Which of the following approaches would be the most responsible way for him to share this knowledge?

Inform the vendor and provide a 90-day waiting period before public disclosure.

What are the two types of wireless networks?

Infrastructure and ad hoc

An attacker is trying to determine the best methods of attack and what may be available at the target worth gaining access to. The attacker is in which phase of security testing?

Initial reconnaissance

As a black hat hacker, you identify a WAP at the mall that you're going to exploit. You discover that the WAP is using WEP. Which method will you utilize to exploit the WAP?

Initialization vector

What is the term used for the random value in WEP that allowed WEP to be cracked?

Initialization vector

What part of the encryption process was weak in WEP? End of ch11

Initialization vector

Jacob, a security administrator, wants to protect an organization against an SQL injection attack. Which of the following controls will he implement?

Input validation /////////////////////////////////////////////////////////Parameterized queries //////////////// /// Web application firewall

What information does a buffer overflow intend to control?

Instruction pointer

What is the IPC$ share used for?

Interprocess communication

What are RPCs primarily used for?

Interprocess communications

If you were implementing defense in breadth, what might you do?

Introduce a DevSecOps culture

Your company has asked you about a single-purpose device that can be used in different automation capacities. Which of the following will you suggest?

IoT

Which form of biometrics scans a pattern in the area of the eye around the pupil?

Iris scanning

As a network administrator, Taylor is experiencing intermittent security issues. What is the first thing she should do?

Isolate the problem

What is one reason for using a scan like an ACK scan?

It may get through firewalls and IDS devices.

Why would someone use a Trojan?

It pretends to be something else.

A hacker wants to find information concerning the hardware or software used in a targeted company. Which of the following can be a great source for the hacker?

Job posting

You want to extract passwords from memory. Which of the following technical assessment tools will you use?

John the Ripper

What wireless attack would you use to take a known piece of information in order to be able to decrypt wireless traffic?

Key reinstallation

A black hat hacker was able to install a device at an unattended workstation and was able to recover passwords, account information, and other information the next day. What did the black hat hacker install?

Keylogger

What tactic will an attacker use once he had obtained access to a system?

Lateral movement

You are working on a red-team engagement. Your team leader has asked you to use baiting as a way to get in. What are you being asked to do? End of ch10

Leave USB sticks around.

What order, from bottom to top, does the TCP/IP architecture use?

Link, Internet, Transport, and Application

What social networking site would be most likely to be useful in gathering information about a company, including job titles?

LinkedIn

As a pentester, what content might you include in addition to your general findings?

List of identified vulnerabilities

What would you use a bluebugging attack for?

Listening to a physical space

Your organization is planning for incidents and makes sure that they are also storing system logs in a central location. It means that anything you do to the logs on the local system won't have an impact because the place any investigator is going to is the central log repository. Which of the following is explained in the scenario?

Log manipulation

You have noticed a malicious code that crashes your web server at a point when it reaches 10 million total visits. Which of the following threats is responsible for this?

Logic bomb

Laura, a security analyst, is concerned about the risk of tailgating attacks against her organization and wants to prevent this risk from materializing. Which of the following will she use?

Man trap

What is a viable approach to protecting against tailgating?

Man trap

What are data descriptions in SNMP called?

Management information base

What might an attacker be trying to do by using the clearev command in Meterpreter?

Manipulate log files.

What Windows utility is used to perform port scans, traceroutes, DNS resolutions, and ping sweeps?

MegaPing

Which of these would be an example of a loss of integrity?

Memory failures causing disk drivers to run incorrectly

If you needed to enumerate data across multiple services and also store the data for retrieval later, what tool would you use?

Metasploit

What could you use to generate your own malware?

Metasploit

What tool would you use to compromise a system and then perform post-exploitation actions?

Metasploit

Which of the following can perform automated attacks on services, ports, applications, and unpatched security flaws in a computer system?

Metasploit

What could you use to obtain password hashes from a compromised system? End of chapter 7

Mimikatz

Hyena, a project manager, is managing risk. Which of the following is an acceptable option for her?

Mitigate the risk

Which of the following is both a security issue for an organization and a privacy issue for a BYOD user?

Mixing personal and corporate data

What are the three date and time stamps stored as part of the file metadata?

Modified, accessed, and created

What mode has to be enabled on a network interface to allow all headers in wireless traffic to be captured?

Monitor

What mode needs to be enabled to get all headers from wireless network communications?

Monitor

Which of the following agencies was created to protect organizational operations, assets, and individuals from threats such as malicious cyber attacks, natural disasters, structural failures, and human errors?

NIST

Which of the following regulations defines security and privacy controls for federal information systems and organizations?

NIST SP 800-53

What would you get from running the command dig ns domain.com?

Name server records for domain.com

What utility would you use to gather information about domain names, workstation names, and Windows network shares?

Nbtstat

Which of these is a built-in program on Windows for gathering information using SMB?

Nbtstat

Which of the following tools is used to scan for vulnerabilities on a target system or a network?

Nessus

To connect to and directly interact with a service, what utility could you use?

Netcat

One of your colleagues asks you regarding network firewalls preventing web application attacks. What will you tell the colleague?

Network firewalls cannot prevent attacks if ports 80 and 443 are open.

What wouldn't you see when you capture wireless traffic that includes radio headers?

Network type

What program would you use to enumerate services?

Nmap

Which of these tools allows you to create your own enumeration function based on ports being identified as open?

Nmap

An attacker wants to perform a Bluetooth attack without using specialized equipment. What is the farthest away he could be to perform the attack?

No more than 300 feet

Which of these tools would be most beneficial when trying to dynamically analyze malware?

OllyDbg

What is the target of a command injection attack?

Operating system

You want to verify and authenticate the identity of individuals within the enterprise taking part in data exchange. Which of the following will you use?

PKI

Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?

PSH

Taylor works as a network administrator at XYZ. The organization has allowed her to run her application code on systems managed and controlled by the organization. To which of the following cloud computing models does this map closely?

PaaS

Jordan, a network administrator, writes the following command: tcpdump -i eth1 port 80? Which of the following packets is he capturing?

Packets to and from port 80

Hanna, a black hat hacker, is performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, and searching the bank's job postings. What phase is the hacker currently in?

Passive reconnaissance

Which of the following is an act of locating weaknesses and vulnerabilities of information systems by copying the intent and actions of malicious hackers?

Penetration testing

What would the result of a high false failure rate be?

People having to call security

What would you need to do before you could perform a DNS spoof attack?

Perform ARP spoof.

Ron was just hired as a penetration tester for the red team. Which of the following best describes him?

Perform offensive security tasks to test the network's security.

What types of authentications are allowed in a WPA-encrypted network?

Personal and enterprise

An attacker, masquerading as a trusted entity, dupes a victim by sending an instant message. The user is then tricked to install malware and reveal sensitive information. Which of the following attacks is explained in the scenario?

Phishing

Jacob works as a network analyst at XYZ. He was asked to identify all systems that were responsive to a company's network. Which of the following techniques will he use?

Ping Sweep

The organization wants to derive keys when an encryption session is started. Which of the following mechanisms will the organization use?

Place the attachment in a malware sandbox.

Which of these could you enumerate on a WordPress site using wpscan?

Plug-ins

What documents provide high-level guidance dictated by business goals and objectives?

Policy

Camilla, a security analyst, has been given a task to identify open ports and resolve security issues of the server. Which of the following tools will she use? Each correct answer represents a complete solution. Choose all that apply.

Port scanner Protocol analyzer

Ron, a black hat hacker, is looking for a target's corporate credentials. For this, he has used a fictitious scenario to persuade the target to engage with him. Which type of attack is this?

Pretexting

The use of a script to perform a social engineering attack is called what?

Pretexting

You get a phone call from someone telling you they are from IRS and they are sending the police to your house now to arrest you unless you provide a method of payment immediately. What tactic is the caller using?

Pretexting

As a security administrator, you ask your team to conduct a review to determine who has increased their user access privilege over time. What are they evaluating?

Privilege escalation

What is it called when you obtain administrative privileges from a normal user account?

Privilege escalation

Which of these is a reason to use an exploit against a local vulnerability?

Privilege escalation

Which of the following is a method of executing arbitrary code in the address space of a separate live process?

Process injection

An organization's configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit, rather than passing only the frames that the controller is intended to receive. Which of the following is being described in the scenario?

Promiscuous mode

Juan works as a network administrator at XYZ. An IDS has alerted him to a possibly malicious sequence of packets sent to a web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can Juan use to determine if these packets are genuinely malicious or simply a false positive?

Protocol analyzer

Which functionality in Wireshark will provide you with percentages for every protocol in the packet capture, ordered by protocol layers?

Protocol hierarchy

Ian works as a security administrator at XYZ Inc. He wants employees and others who have been authorized are provided with a badge. Which of the following will he use?

RFID

If you were checking on the IP addresses for a company in France, what RIR would you be checking with for details?

RIPE

Which of these passes objects between systems?

RMI

What is the process Java programs communicate with to get a dynamic port allocation?

RMI registry

Which of the following is a service that allows remote systems to consume procedures external to the application calling them?

RPC

What is the response to a connection request to a closed port in TCP?

RST

Which flag forces both sender and receiver on the network to terminate their connection with one another?

RST

What technique would a cracker use to improve the speed of password cracking?

Rainbow table

A user side-loaded a popular app from an unauthorized third-party app store. When the user installed the app, it displayed a screen asking for payment and stating that if the payment was not received, the user would lose all access to data that was stored on their phone. What was installed on the user's phone?

Ransomware

Shawn, a vulnerability tester, was asked to investigate a compromised system. He discovers that the system has a malware variant called WannaCry installed. Which of the following does this closely map to?

Ransomware

What is the difference between a virus and ransomware?

Ransomware may be a virus.

Your company gives you a free simulator for LINUX. Later, you feel like you should buy the simulator in response. What social engineering principle gets you to buy the simulator because you feel obligated to respond to the company's favor?

Reciprocity

As an attacker, you found your target. You spend the next two weeks observing and watching personnel move in and move out of the facility. You also observe how the front desk handles large packages delivered as well as people who do not have access badges. You finally come up with a solid schedule of security patrols that you see being conducted. What is it that you are doing?

Reconnaissance

What strategy does a local, caching DNS server use to look up records when asked?

Recursive

Which of the following is the practice of rigorously challenging plans, policies, systems, and assumptions by adopting an adversarial approach?

Red Teaming

Why would you use automated tools for social engineering attacks?

Reduce complexity.

What underlying functionality is necessary to enable Windows file sharing?

Remote Procedure Call

Laura, a vulnerability tester, runs a Nessus vulnerability scan of her network and discovers systems running SSL 3.0. Which of the following actions should she take to remediate this vulnerability?

Replace SSL with TLS

If you were looking for the definitive documentation on a protocol, what would you consult?

Request for comments

You are the chief information security officer for a popular social website. You recently learned that your web servers have been compromised with the SSL Heart Bleed zero-day exploit. What will be your most likely first course of action to defend against?

Restrict access to sensitive information.

Which of the following types of scanning is used on the eye to measure the layer of blood vessels?

Retinal

What tool does a Java program need to use to implement remote process communication?

Rmic

What kind of access point is being used in an evil twin attack?

Rogue

Taylor, a black hat hacker, wants to hide processes from the process list, hide files, registry entries, and intercept keystrokes. Which of the following will she use?

Rootkit

What type of malware can be used to provide backdoor access to a system?

Rootkit

Which is a collection of computer software designed to grant an unauthorized user access to a computer or certain programs?

Rootkit

Which of the following is a collection of software tools that gives a threat actor remote access to and control over a computer or other system?

Rootkit

What would you use MegaPing for?

Running a port scan

What tool could you use to generate email attacks as well as wireless attacks?

SE Toolkit

Juan works as a database administrator at XYZ Inc. He wants to retrieve all elements from the database table "wubble". Which of the following commands will he use?

SELECT * FROM wubble

Which of the following algorithms will you use to provide better protection against brute force attacks by using a 160-bit message digest?

SHA-1

What element could be used to facilitate log collection, aggregation, and correlation?

SIEM

You want to adopt security technology to assist with log aggregation, correlation, and analysis. Which of the following will you use?

SIEM

Laura works as a vulnerability tester at XYZ. While performing a vulnerability scan, she believes that there are Windows file shares in use on the enterprise network. Which of the following will she use to prove her theory?

SMB

Sam, a penetration tester, has been actively scanning the client network on which he is doing a vulnerability assessment test. While conducting a port scan, he notices open ports in the range of 135 and 139. Which of the following is listening on those ports?

SMB

Olive, a network analyst, blocks port 161 after the enumeration stage. Which of the following necessary services could be blocked?

SNMP

You are asked to gather data from a system using a management information base. Which of the following protocols will you use?

SNMP

Which of the following is a standardized mechanism for managing network devices?

SNMPv1

What is the advantage of using SNMPv3 over SNMPv1?

SNMPv3 supports encryption.

If you were to see ' or one one in a packet capture, what would you expect was happening?

SQL injection

You are a security administrator for a movie production company. One of your daily duties is to check the IDS logs when you are alerted. You notice that you received a lot of incomplete three-way handshakes and your memory performance has been dropping significantly on your web server and customers are complaining of really slow connections. What could be the actual issue?

SYN Flood

What are the messages sent as part of a TCP three-way handshake?

SYN, SYN/ACK, ACK

What are the three steps in the TCP handshake as described by the flags set?

SYN, SYN/ACK, and ACK

Which of the following implements the SMB protocol on Unix-like operating systems?

Samba

Which is the second phase in the ethical hacking methodology?

Scanning and enumeration

What would you use credentials for a vulnerability scanner?

Scanning for local vulnerabilities

Jacob works as a security analyst at XYZ. He wants to find a Metasploit exploit that works with a software package he is targeting. Which of the following will help him to locate this?

Searchsploit

The PDU for TCP is called a _____.

Segment

Juan, a network administrator, wants to send a response for a node to update its IP to MAC mapping in the entire network. Which of the following will he perform?

Send gratuitous ARP responses.

Which of these would be a way to exploit a client-side vulnerability?

Sending a crafted URL

What would you be trying to enumerate if you were to use enum4linux?

Shares and/or users

You see the following text written down—port:20000 source address. What does that likely reference?

Shodan search

What technique does a slow read attack use?

Small file retrieval requests

Which of these devices would not be considered part of the Internet of Things?

Smartphone

You've received a text message from an unknown number that is only five digits long. It doesn't have any text, just a URL. What might this be an example of?

Smishing

Jacob, a security administrator, monitors packets in his network with Wireshark. He finds a lot of ICMP Echo packets directed towards the 255.198.126.134 address. What type of attack is he looking at?

Smurf attack

John, a security analyst, wants to monitor network activity and identify packets that contain malicious content. Which of the following tools will he use?

Snort

Which of the following products might be used as an intrusion detection system?

Snort

Which of the following social engineering principles is in use when you see a line of people at a vendor booth at a security conference waiting to grab free USB sticks and CDs?

Social proof

If you were to see the following command run, what would you assume? hping -S -p 25 10.5.16.2

Someone was trying to probe an email port on the target.

Brett received a fake email asking to donate money to a charity group that operates in Nigeria. The email instructs him to provide his bank account information that will be used to deduct two dollars from his account every month for the charity. What may be the issue here?

Spear phishing

What is the reason for using rainbow tables?

Speed prioritized over disk space

How does an evil twin attack work?

Spoofing an SSID

Your organization wants you to implement stronger encryption algorithms. Which of the following documents need to be modified to define the specifications for these new algorithms?

Standards

Joseph, a network administrator, wants to create dynamic connections on an ethernet network by using a switch. Which of the following topologies will he use?

Star

Which network topology are you most likely to run across in a large enterprise network?

Star-bus hybrids

Wonder, a network analyst, wants to ensure that the packets are part of the established session. Which of the following firewalls will she use?

Stateful Firewall

What is one advantage of static analysis over dynamic analysis of malware?

Static analysis limits your exposure to infection.

Jacob, an ethical hacker, wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides security through obscurity. What technique is Jacob using?

Steganography

Joseph, a security analyst, is preparing to submit a malware sample to VirusTotal for review. He wants to match a malware sample to the VirusTotal database without disclosing its contents. Which of the following would allow Joseph to do so?

Submit a hash

What problem does port spanning overcome?

Switches filter traffic.

Why might you have more endpoints shown at layer 4 than at layer 2?

Systems may initiate multiple connections to the same host.

Joseph, a security analyst, analyzes network traffic and notices that the SYN flag is set on a packet. Which of the following protocols is in use in the given scenario?

TCP

What protocol is being used in the frame listed in this summary? 719 42.691135 157.240.19.26 192.168.86.26 TCP 1464 443 &#8594; 61618 [ACK] Seq=4361 Ack=1276 Win=31232 Len=1398

TCP

Which protocol would you use for transport if you needed to ensure that all your messages were received in the right order?

TCP

Jacob, a network administrator, is crafting an iptables firewall rule that will restrict inbound connections using the SSH protocol. What port should Jacob configure in his rule?

TCP port 22

What is an XMAS scan?

TCP scan with FIN/PSH/URG set

The attacker enters the organization's building by following an employee after he has opened the door with his badge. Which of the following types of breach has the attacker performed?

Tailgate

Juan is hired to do physical penetration testing at the XYZ company. On the first day of his assessment, he goes to the company's building dressed as a technician and waits in the lobby for an employee, to pass through the main access gate, then he follows the employee behind to get into the restricted area. Which type of attack did he perform?

Tailgating

Which of these may be considered worst practices when it comes to vulnerability scans?

Taking no action on the results

What would you use a job listing for when performing reconnaissance?

Technologies used

Jeff is hired to perform a penetration test for XYZ Inc. During the test, one of the employees' computers crashes as a consequence of the penetration test. The crash was not supposed to be a part of the test. What might have prevented such a problem?

Terms of contract

What are two sections you would commonly find in a portable executable (PE) file?

Text and data

What would you be looking for with the following Google query? filetype:txt Administrator:500:

Text files including the text Administrator:500:

Your end clients report that they cannot reach any website on the external network. As the network administrator, you decide to conduct some fact-finding. Upon your investigation, you determine that you are able to ping outside of the LAN to external websites using their IP addresses. Pinging websites with their domain name resolution does not work. What is most likely causing the issue?

The DNS server is not functioning correctly.

What does nmap look at for fingerprinting an operating system?

The IP ID field and the initial sequence number

What is the difference between a SYN scan and a full connect scan?

The SYN scan doesn't complete the three-way handshake.

One of the considerations that should be reviewed is the processing speed while purchasing a biometric system. Which of the following best describes what it is meant by processing?

The amount of time it takes to be either accepted or rejected from when an individual provides Identification and authentication information

What would be one reason not to write malware in Python?

The python interpreter may not be available.

Which of these techniques might be used to maintain access to a system?

The run key in the Windows Registry

What does the following line mean? Sequence number: 4361 (relative sequence number)

The sequence number shown is not the real sequence number.

John, a security analyst, is probing a DNS server and discovers that it is configured as an open server. Which of the following risks is associated with this configuration?

The server may be used in an amplification attack.

If you receive a RST packet back from a target host, what do you know about your target? End of ch 5

The source port in the RST message is closed.

Why does an ACK scan not indicate clearly that ports are open?

The target system ignores the message.

The following shows a time stamp: 630 41.897644 192.168.86.210 239.255.255.250 SSDP 750 NOTIFY * HTTP/1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT] What does the time of this message reflect?

The time since packet start

If you were to see that someone was using OpenVAS, followed by Nessus, what might you assume?

They were trying to reduce false positives.

You are asked about the ethics behind training on how to hack a system to an ethical hacker. Which of the following will you suggest?

Think like hackers and know how to defend such attacks.

You have received the text message on your mobile phone that says, "Hello, this is Bob from the Bing Bank. Kindly contact me for a vital transaction on [email protected]". Which of the following statements is true?

This is a scam as everybody can get a @bing address, not the Bing customer service employees.

How many layers in the OSI model map to the top layer in the TCP/IP architecture?

Three

What would be necessary for a TCP conversation to be considered established by a stateful firewall?

Three-way handshake complete

What is it called when you manipulate the time stamps on files?

Timestomping

Why would you use an encoder when you are creating malware using Metasploit?

To evade antivirus

Why would you use wireless social engineering?

To gather credentials

What is the purpose of a packer for malware?

To obscure the actual program

What is the purpose of a security policy? end at ch quiz 3

To provide high-level guidance on the role of security

Jordan, a security manager, allows remote employees to login to the network via a VPN. He is concerned that a remote employee's credentials might be compromised. Which of the following will he use to mitigate the risk?

Token authentication

If you saw the following command line, what would you be capturing? tcpdump -i eth2 host 192.168.10.5

Traffic to and from 192.168.10.5

Joseph, a security administrator, wants to monitor and make alterations on specific file changes to determine the possibility of system compromise. Which of the following will he use to check for the integrity?

Trip wire

If you were to notice operating system commands inside a DNS request while looking at a packet capture, what might you be looking at?

Tunneling attack

If you wanted a lightweight protocol to send real-time data over, which of these would you use?

UDP

Which information would a packet filter use to make decisions about what traffic to allow into the network?

UDP source port

What is one reason a UDP scan may take longer than a TCP scan of the same host?

UDP will retransmit more.

What has been done to the following string?

URL encoding

Juan, a security analyst, wants to recognize the broad range of attacks that are happening in the organization and the vectors that are used. Which of the following will he use?

UTM

Which of the following is the lowest level of data classification in use within the government?

Unclassified

To remove malware from the network before it gets to the endpoint, you would use which of the following?

Unified threat management appliance

What information could you get from running p0f?

Uptime

Alicia works as a security administrator at XYZ Inc. She observes that the possibility of log files being altered by an attacker is increasing day by day. Which of the following will she do to mitigate the risk?

Use SIEM

What is the target of a cross-site scripting attack?

User

What important event can be exposed by enabling auditing?

User Login

What does John the Ripper's single crack mode, the default mode, do?

Uses known information and mangling rules

What method might you use to successfully get malware onto a mobile device?

Using a third-party app store

Utility, possession, and authenticity

Utility, possession, and authenticity

What additional properties does the Parkerian hexad offer over the CIA triad?

Utility, possession, and authenticity

Mark, a security manager, categorizes an information system and determines that the loss of integrity of a specific information type would impact business significantly. Based on this, he recommends the implementation of several solutions. Which of the following, when combined, would mitigate this risk?

Validation

You are working with a colleague and you see them interacting with an email server using the VRFY command. What is it your colleague doing?

Verifying email addresses

Taylor, a network analyst, was asked to identify the application running on a port. What type of nmap scan will he use?

Version

Juan, a white hat hacker, wants to inject malware that requires a host application for replication into an organization system. Which of the following will he use?

Virus

Which of the following is defined as an act of using VoIP for phishing, which involves using social engineering over the telephone system to obtain private information from an individual?

Vishing

Which of these forms of biometrics is least likely to give a high true accept rate while minimizing false reject rates?

Voiceprint identification

Which term best describes the absence or weakness of a safeguard related to an asset?

Vulnerability

Laura, a penetration tester, is asked to identify which services and desktops have missing security patches. Which of the following will she use to accomplish the task?

Vulnerability scanner

Marry, a deployment manager, works with a software development group to assess the security of a new version of the organization's internally developed ERP tool. The organization prefers focusing on assessing security throughout the life cycle. Which of the following methods should she perform to assess the security of the product?

Vulnerability scanning of the production environment

Which protocol is used to create a secure environment in a wireless network?

WPA

What would you be using by pushing a button on an access point to gain authenticated access?

WPS

Julia, a penetration tester, wants to use a browser plug-in to identify technologies used on a website. Which of the following will she use?

Wappalyzer

Which of these isn't an example of an attack that compromises integrity?

Watering hole

Which of these is an example of an application layer gateway?

Web application firewall

What application would be a common target for client-side exploits?

Web browser

What is the role of an individual who interrogates a system with permission?

White hat hacker

Which of the following refers to people who always do their work for good?

White hat hacker

What tool would allow you to run an evil twin attack?

Wifiphisher

Mark, a network administrator, observes that Wireshark is showing the following information:

Wireshark has calculated the information

What can you say about [TCP Segment Len: 35], as provided by Wireshark?

Wireshark has inferred this information.

Joseph, a vulnerability tester, observes that malware is spreading from system to system on the organization's network by automatically scanning for open file shares and connecting to them with default credentials. Which of the following is described in the scenario?

Worm

What type of program exists primarily to propagate and spread itself to other systems and can do so without any user action to initiate?

Worm

Your organization wants to include information about the identity of the certificate holder so that verification of the certificate can happen. Which of the following will the organization use?

X.509

Juan, a security analyst, observes an attack that occurs from the code on the web server accepting data coming from the client without doing any data validation. Which of the following is responsible for this?

XML

The attacker enters the organization's building by following an employee after he has opened the door with his badge. Which of the following types of breach has the attacker performed?

XML entity injection

If you were to see the following in a packet capture, what would you think was happening? Entity

XML external entity injection

An attacker sends a misleading email with a link containing malicious JavaScript to gain access to a user's account credentials. Which of the following web application attacks the attacker is performing?

XSS

What is an advantage of a phone call over a phishing email?

You are able to go into more detail with pretexting.

What would be a reason to use the Override feature in OpenVAS?

You want to change a severity rating on a finding.

Hanna, a black hat hacker, wants to access the bank systems remotely and steal banking information from those systems. Which of the following will she install on the target system?

Zeus

What technique would you ideally use to get all of the hostnames associated with a domain?

Zone Transfer

An attacker wants to manipulate log files by deleting the Windows Event Viewer logs. Which of the following will the attacker use?

clearev

How do you authenticate with SNMPv1?

community string

What command would you use to get the list of mail servers for a domain?

dig mx domain.com

Your company has been targeted by a series of phishing emails. To determine the attack, you quickly tell your users to verify senders. What do you do to implement this?

ensure that the email is digitally signed

Jacob, a security analyst, needs to identify shares and users on a target Windows system. Which of the following will he use?

enum4linux

Which of these services would be considered a storage as a service solution?

icloud

Joseph, a penetration tester, wants to examine links between data using graphs and link analysis. Which of the following tools will he use?

maltego

What is the advantage of using masscan over nmap?

masscan can scan more addresses faster.

Camilla, a software engineer, wants to gather NetBIOS statistics by acquiring information about a remote system. Which of the following utilities will he use?

nbtstat

Marie, a security analyst, was asked to prepare a list of all encryption ciphers supported by an SSH server. What utility will she use?

nmap

Which application can provide DNS zone transfer information?

nslookup

In Linux, which of the following files allows to see user information such as full name, phone number, and office information?

passwd

If you wanted to locate detailed information about a person using either their name or username you have, which website would you use?

peekyou.com

Which of the following types of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money to the operators of the malware to remove the restriction?

ransomware

Swan, a penetration tester, has gathered a lot of valuable information on her target. She has used some different tools and determined that on her target's network, a computer named XYZ Worsoft has port 548 open. Which of the following steps in the ethical hacking methodology is she performing?

scanning and enumeration

You need to identify all Excel spreadsheets available from the company Example Inc., whose domain is example.com. What search query would you use?

site:example.com filetype:xls

Which of the following allows an adversary to obtain passwords online in a passive manner?

sniffing

Why might you have problems with sslstrip?

sslstrip doesn't work with newer versions of TLS.

If a user wants to send information securely to another user in an open environment, what would they use?

the receiver's private key

What tool could be used to gather email addresses from PGP servers: Bing, Google, or LinkedIn?

theHarvester

Which of the following is defined as an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, DOS, or modification of data?

threat

Which program would you use if you wanted to only print specific fields from the captured packet?

tshark

Juan works as a security administrator at XYZ. He configured the most secure policies and tightened every device on his network. He is confident that hackers will never be able to gain access to his network. His peer says even the best network security technologies cannot prevent hackers from gaining access to the network because of the presence of the "weakest link" in the security chain. What is this "weakest link" refer to?

untrained staff

Juan, a penetration tester, notices that the traffic gets blocked when he tried to pass IRC traffic from a web-enabled host. However, he also noticed that outbound HTTP traffic is being allowed. What type of firewall is being utilized for outbound traffic?

web application

What tool could you use to clone a website?

wget

John works as a database administrator at XYZ. He was asked to query the RIR for information about an IP address block. Which of the following utilities will he use to obtain information?

whois

Which of the following provides free information about a website that includes phone number, administrator's email, and even the domain registration authority?

whois


Kaugnay na mga set ng pag-aaral

Ch 7 | Interprofessional Issues: Collaboration and Collegiality

View Set

2.4 assessment types / special considerations

View Set