100-250 ENES BEYIN COK ONEMLI SEYI
NO: 102 Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems? A. getsystem B. getuid C. keylogrecorder 35 D. autoroute
A
NO: 122 This kind of password cracking method uses word lists in combination with numbers and special characters: A. Hybrid B. Linear C. Symmetric D. Brute Force
A
NO: 153 Consider the following Nmap output: 51 what command-line parameter could you use to determine the type and version number of the web server? A. -sv B. -Pn C. -V D. -ss
A
NO: 246 When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task? A. http-methods B. http enum C. http-headers D. http-git
A
NO: 249 You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line. Which command would you use? A. c:\compmgmt.msc B. c:\services.msc C. c:\ncpa.cp 90 D. c:\gpedit
A
NO: 176 At what stage of the cyber kill chain theory model does data exfiltration occur? A. Actions on objectives B. Weaponization C. installation D. Command and control
A 62
NO: 196 Which of the following statements about a zone transfer is correct? (Choose three.) A. A zone transfer is accomplished with the DNS B. A zone transfer is accomplished with the nslookup service C. A zone transfer passes all zone information that a DNS server maintains D. A zone transfer passes all zone information that a nslookup server maintains E. A zone transfer can be prevented by blocking all inbound TCP port 53 connections F. Zone transfers cannot occur on the Internet
A C E
NO: 188 Which protocol is used for setting up secure channels between two devices, typically in VPNs? A. PEM B. ppp C. IPSEC D. SET
C
NO: 237 85 Which of the following commands checks for valid users on an SMTP server? A. RCPT B. CHK C. VRFY D. EXPN
C
NO: 161 Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this? A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer. B. He can send an IP packet with the SYN bit and the source address of his computer. C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch. D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.
D
NO: 167 The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack? A. The buffer overflow attack has been neutralized by the IDS B. The attacker is creating a directory on the compromised machine C. The attacker is attempting a buffer overflow attack and has succeeded D. The attacker is attempting an exploit that launches a command-line shell
D
NO: 172 You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select? A. Nmap B. Cain & Abel C. Nessus D. Snort
D
NO: 107 Which among the following is the best example of the third step (delivery) in the cyber kill chain? 36 A. An intruder sends a malicious attachment via email to a target. B. An intruder creates malware to be used as a malicious attachment to an email. C. An intruder's malware is triggered when a target opens a malicious email attachment. D. An intruder's malware is installed on a target's machine.
A
NO: 109 Under what conditions does a secondary name server request a zone transfer from a primary name server? 37 A. When a primary SOA is higher that a secondary SOA B. When a secondary SOA is higher that a primary SOA C. When a primary name server has had its service restarted D. When a secondary name server has had its service restarted E. When the TTL falls to zero
A
NO: 110 Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch. In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full? A. Switch then acts as hub by broadcasting packets to all machines on the network B. The CAM overflow table will cause the switch to crash causing Denial of Service C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port
A
NO: 130 Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario? A. Medium B. Low C. Critical D. High
A
NO: 142 An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct. What is the attack technique employed by the attacker to crack the passwords of the industrial control systems? A. Side-channel attack B. Denial-of-service attack C. HMI-based attack D. Buffer overflow attack
A
NO: 143 A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers? A. tcp.port = = 21 B. tcp.port = 23 C. tcp.port = = 21 | | tcp.port = =22 D. tcp.port ! = 21
A
NO: 145 A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag:"b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed? A. Banner grabbing B. SQL injection C. Whois database query D. Cross-site scripting
A
NO: 146 After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 369. Which service Is this and how can you tackle the problem? A. The service is LDAP. and you must change it to 636. which is LDPAPS. B. The service is NTP. and you have to change It from UDP to TCP in order to encrypt it C. The findings do not require immediate actions and are only suggestions. D. The service is SMTP, and you must change it to SMIME. which is an encrypted way to send emails.
A
NO: 147 Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]". Which statement 49 below is true? A. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees. B. This is a scam because Bob does not know Scott. C. Bob should write to [email protected] to verify the identity of Scott. D. This is probably a legitimate message as it comes from a respectable organization.
A
NO: 149 In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this? A. Privilege Escalation B. Shoulder-Surfing C. Hacking Active Directory D. Port Scanning 50
A
NO: 155 Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs? A. Nikto B. John the Ripper C. Dsniff 52 D. Snort
A
NO: 157 Why containers are less secure that virtual machines? A. Host OS on containers has a larger surface attack. B. Containers may full fill disk space of the host. C. A compromise container may cause a CPU starvation of the host. D. Containers are attached to the same virtual network.
A
NO: 158 You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use? A. filetype B. ext C. inurl D. site
A
NO: 163 You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem? A. Traffic is Blocked on UDP Port 53 B. Traffic is Blocked on TCP Port 80 C. Traffic is Blocked on TCP Port 54 D. Traffic is Blocked on UDP Port 80
A
NO: 170 Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input? BU COMMANDE KAGITTAN BAK A. XXE B. SQLi C. IDOR D. XXS
A
NO: 171 Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn't log out from emails or other social media accounts, and etc. After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons. Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret? A. Warning to those who write password on a post it note and put it on his/her desk B. Developing a strict information security policy C. Information security awareness training D. Conducting a one to one discussion with the other employees about the importance of information security
A
NO: 173 You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about? A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain 61 B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
A
NO: 174 When discussing passwords, what is considered a brute force attack? A. You attempt every single possibility until you exhaust all possible combinations or discover the password B. You threaten to use the rubber hose on someone unless they reveal their password C. You load a dictionary of words into your cracking program D. You create hashes of a large number of words and compare it with the encrypted passwords E. You wait until the password expires
A
NO: 181 Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon? A. Internal monologue attack B. Combinator attack C. Rainbow table attack D. Dictionary attack
A
NO: 191 Which type of security feature stops vehicles from crashing through the doors of a building? A. Bollards B. Receptionist C. Mantrap D. Turnstile
A
NO: 193 John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John? A. Advanced persistent B. threat Diversion theft C. Spear-phishing sites 69 D. insider threat
A
NO: 194 Jim's company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim's company keeps the backup tapes in a safe in the office. Jim's company is audited each year, and the results from this year's audit show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit? A. Encrypt the backup tapes and transport them in a lock box. B. Degauss the backup tapes and transport them in a lock box. C. Hash the backup tapes and transport them in a lock box. D. Encrypt the backup tapes and use a courier to transport them.
A
NO: 203 jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario? A. website mirroring B. Session hijacking C. Web cache poisoning D. Website defacement 73
A
NO: 223 A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server? A. Botnet Trojan B. Banking Trojans C. Turtle Trojans D. Ransomware Trojans
A
NO: 227 John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort? A. Create an incident checklist. B. Select someone else to check the procedures. C. Increase his technical skills. D. Read the incident manual every time it occurs.
A
NO: 229 A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The "ps" command shows that the "nc" file is running as process, and the netstat command shows the "nc" process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible? A. File system permissions B. Privilege escalation C. Directory traversal D. Brute force login
A
NO: 234 An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next? A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer. B. He will activate OSPF on the spoofed root bridge. C. He will repeat this action so that it escalates to a DoS attack. D. He will repeat the same attack against all L2 switches of the network.
A
NO: 244 When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline? A. Data items and vulnerability scanning B. Interviewing employees and network engineers C. Reviewing the firewalls configuration D. Source code review
A
NO: 100 Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven's iPhone through the infected computer and is able to monitor and read all of Steven's activity on the iPhone, even after the device is out of the communication zone. Which of the following attacks is performed by Clark in above scenario? A. IOS trustjacking B. lOS Jailbreaking C. Exploiting SS7 vulnerability D. Man-in-the-disk attack
A 34
NO: 111 John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario? A. loTSeeker B. loT Inspector C. AT&T loT Platform D. Azure loT Central
A 38
NO: 169 Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information. Which of the following attacks can be performed by exploiting the above vulnerability? A. DROWN attack B. Padding oracle attack C. Side-channel attack D. DUHK attack
A 58 59
NO: 180 This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm? A. Twofish encryption algorithm B. HMAC encryption algorithm C. IDEA D. Blowfish encryption algorithm
A 64
NO: 207 During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario? A. Server Message Block (SMB) B. Network File System (NFS) C. Remote procedure call (RPC) D. Telnet
A 75
NO: 212 There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used? A. WEP B. RADIUS C. WPA D. WPA3
A 77
NO: 241 Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials? A. Social engineering B. insider threat C. Password reuse D. Reverse engineering
A 87
NO: 247 Heather's company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud- hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution? A. SaaS B. IaaS C. CaaS D. PasS
A 89
NO: 228 Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? Select the best answers. A. SNMPUtil B. SNScan 83 C. SNMPScan D. Solarwinds IP Network Browser E. NMap
A B D
NO: 108 John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario? A. Proxy scanner B. Agent-based scanner C. Network-based scanner D. Cluster scanner
B
NO: 113 Attempting an injection attack on a web server based on responses to True/False questions is called which of the following? A. Compound SQLi B. Blind SQLi C. Classic SQLi D. DMS-specific SQLi
B
NO: 124 _________ is a type of phishing that targets high-profile executives such as CEOs, CFOs, politicians, and celebrities who have access to confidential and highly valuable information. A. Spear phishing B. Whaling C. Vishing D. Phishing
B
NO: 132 Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information? A. BU COMMANDE KAGITTAN BAK B. BU COMMANDE KAGITTAN BAK C. BU COMMANDE KAGITTAN BAK D. BU COMMANDE KAGITTAN BAK
B
NO: 134 Identify the correct terminology that defines the above statement. A. Vulnerability Scanning B. Penetration Testing C. Security Policy Implementation D. Designing Network Security
B
NO: 136 Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called? A. Information Audit Policy (IAP) B. Information Security Policy (ISP) C. Penetration Testing Policy (PTP) D. Company Compliance Policy (CCP)
B
NO: 141 The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described? A. Multi-cast mode B. Promiscuous mode C. WEM D. Port forwarding
B
NO: 144 48 Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run? A. Macro virus B. Stealth/Tunneling virus C. Cavity virus D. Polymorphic virus
B
NO: 148 SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may Bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLI types leverages a database server's ability to make DNS requests to pass data to an attacker? A. Union-based SQLI B. Out-of-band SQLI C. ln-band SQLI D. Time-based blind SQLI
B
NO: 156 An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed? A. Reverse Social Engineering B. Tailgating C. Piggybacking D. Announced
B
NO: 166 Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal? A. har.txt B. SAM file C. wwwroot D. Repair file
B
NO: 168 57 Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working? A. Time Keeper B. NTP C. PPP D. OSPP
B
NO: 190 How can you determine if an LM hash you extracted contains a password that is less than 8 characters long? A. There is no way to tell because a hash cannot be reversed B. The right most portion of the hash is always the same C. The hash always starts with AB923D D. The left most portion of the hash is always the same E. A portion of the hash will be all 0's
B
NO: 198 Which of the following statements is FALSE with respect to Intrusion Detection Systems? A. Intrusion Detection Systems can be configured to distinguish specific content in network packets B. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic C. Intrusion Detection Systems require constant update of the signature library D. Intrusion Detection Systems can examine the contents of the data n context of the network protocol
B
NO: 202 Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows. A. 64 B. 128 C. 255 D. 138
B
NO: 209 During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic? A. Circuit B. Stateful C. Application D. Packet Filtering
B
NO: 213 Why is a penetration test considered to be more thorough than vulnerability scan? A. Vulnerability scans only do host discovery and port scanning by default. B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation. C. It is not - a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement. D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
B
NO: 216 Which of the following statements is TRUE? A. Packet Sniffers operate on the Layer 1 of the OSI model. B. Packet Sniffers operate on Layer 2 of the OSI model. C. Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model. D. Packet Sniffers operate on Layer 3 of the OSI model.
B
NO: 218 80 Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer? A. Use the built-in Windows Update tool B. Use a scan tool like Nessus C. Check MITRE.org for the latest list of CVE findings D. Create a disk image of a clean Windows installation
B
NO: 222 Kevin, a professional hacker, wants to penetrate CyberTech Inc.'s network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? A. Desynchronization B. Obfuscating C. Session splicing D. Urgency flag
B
NO: 224 What port number is used by LDAP protocol? A. 110 82 B. 389 C. 464 D. 445
B
NO: 225 Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company. What is the API vulnerability revealed in the above scenario? A. Code injections B. Improper use of CORS C. No ABAC validation D. Business logic flaws
B
NO: 232 You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you will use? 84 A. nmap -T4 -q 10.10.0.0/24 B. nmap -T4 -F 10.10.0.0/24 C. nmap -T4 -r 10.10.1.0/24 D. nmap -T4 -O 10.10.0.0/24
B
NO: 236 DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man- in-the-middle attacks? A. Spanning tree B. Dynamic ARP Inspection (DAI) C. Port security D. Layer 2 Attack Prevention Protocol (LAPP)
B
NO: 238 Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario? A. Nmap B. Burp Suite C. CxSAST D. Wireshark
B
NO: 242 Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS? A. Produces less false positives B. Can identify unknown attacks C. Requires vendor updates for a new threat D. Cannot deal with encrypted network traffic
B
NO: 243 Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system. For this particular attempt, what was the last stage of the cyber kill chain that Josh performed? A. Exploitation B. Weaponization C. Delivery D. Reconnaissance
B
NO: 248 What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key? A. Man-in-the-middle attack B. Meet-in-the-middle attack C. Replay attack D. Traffic analysis attack
B
NO: 126 Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario? A. ophcrack B. Hootsuite C. VisualRoute D. HULK
B 43 There area unit many totally different plans to decide on from, from one user set up up to a bespoken enterprise account that's appropriate for much larger organizations.
NO: 165 Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas? A. Red hat B. white hat C. Black hat D. Gray hat
B 56
NO: 184 Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network lo identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? A. internal assessment B. Passive assessment C. External assessment D. Credentialed assessment
B 66
NO: 215 What is the common name for a vulnerability disclosure program opened by companies In platforms such as HackerOne? A. Vulnerability hunting program B. Bug bounty program C. White-hat hacking program D. Ethical hacking program
B 78 79
NO: 245 The "Gray-box testing" methodology enforces what kind of restriction? A. Only the external operation of a system is accessible to the tester. B. The internal operation of a system in only partly accessible to the tester. C. Only the internal operation of a system is known to the tester. D. The internal operation of a system is completely known to the tester.
B 88
NO: 240 As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? A. Use the same machines for DNS and other applications 86 B. Harden DNS servers C. Use split-horizon operation for DNS servers D. Restrict Zone transfers E. Have subnet diversity between DNS servers
B C D E
NO: 104 A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting? A. Man-in-the-middle attack B. Brute-force attack C. Dictionary attack D. Session hijacking
C
NO: 105 Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers? A. Presentation tier B. Application Layer C. Logic tier D. Data tier
C
NO: 112 Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack? A. Gobbler B. KDerpNSpoof C. BetterCAP D. Wireshark
C
NO: 116 39 Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next? A. Take over the session B. Reverse sequence prediction C. Guess the sequence numbers D. Take one of the parties offline
C
NO: 118 Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command. What is Eve trying to do? A. Eve is trying to connect as a user with Administrator privileges B. Eve is trying to enumerate all users with Administrative privileges C. Eve is trying to carry out a password crack for user Administrator D. Eve is trying to escalate privilege of the null user to that of Administrator
C
NO: 119 While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user? 40 A. Clickjacking B. Cross-Site Scripting C. Cross-Site Request Forgery D. Web form input validation
C
NO: 120 Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!" From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page: After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack? A. ARP spoofing B. SQL injection C. DNS poisoning D. Routing table injection
C
NO: 121 A newly joined employee. Janet, has been allocated an existing system used by a previous 41 employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also Identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin? A. Credentialed assessment B. Database assessment C. Host-based assessment D. Distributed assessment
C
NO: 125 Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address. What is the first thing that Nedved needs to do before contacting the incident response team ? A. Leave it as it Is and contact the incident response te3m right away B. Block the connection to the suspicious IP Address from the firewall C. Disconnect the email server from the network D. Migrate the connection to the backup email server
C
NO: 127 An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure? A. Robotium B. BalenaCloud C. Flowmon D. IntentFuzzer
C
NO: 128 What would you enter if you wanted to perform a stealth scan using Nmap? A. BU COMMANDE KAGITTAN BAK B. BU COMMANDE KAGITTAN BAK C. BU COMMANDE KAGITTAN BAK D. BU COMMANDE KAGITTAN BAK
C
NO: 131 An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack? A. MAC Flooding B. Smurf Attack C. DNS spoofing D. ARP Poisoning
C
NO: 133 The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"? A. Regularly test security systems and processes. 45 B. Encrypt transmission of cardholder data across open, public networks. C. Assign a unique ID to each person with computer access. D. Use and regularly update anti-virus software on all systems commonly affected by malware.
C
NO: 135 Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server. Which of the following countermeasures must Larry implement to secure the user accounts on the web server? A. Enable unused default user accounts created during the installation of an OS B. Enable all non-interactive accounts that should exist but do not require interactive login C. Limit the administrator or toot-level access to the minimum number of users D. Retain all unused modules and application extensions
C
NO: 137 46 What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool? A. Performing content enumeration using the bruteforce mode and 10 threads B. Shipping SSL certificate verification C. Performing content enumeration using a wordlist D. Performing content enumeration using the bruteforce mode and random file extensions
C
NO: 138 Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA. In this context, what can you say? A. Bob can be right since DMZ does not make sense when combined with stateless firewalls B. Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one C. Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations D. Bob is partially right. DMZ does not make sense when a stateless firewall is available
C
NO: 139 You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts? A. John the Ripper B. SET C. CHNTPW D. Cain & Abel
C
NO: 150 You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS? A. BU COMMANDE KAGITTAN BAK B. BU COMMANDE KAGITTAN BAK C. BU COMMANDE KAGITTAN BAK D. BU COMMANDE KAGITTAN BAK
C
NO: 154 Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower ent ry cost Which type of IDS is best suited for Tremp's requirements? A. Gateway-based IDS B. Network-based IDS C. Host-based IDS D. Open source-based
C
NO: 159 John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall? A. DNS cache snooping B. DNSSEC zone walking C. DNS tunneling method D. DNS enumeration 53
C
NO: 160 what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows? A. BU COMMANDE KAGITTAN BAK B. BU COMMANDE KAGITTAN BAK C. BU COMMANDE KAGITTAN BAK D. BU COMMANDE KAGITTAN BAK
C
NO: 162 Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming? A. Bluesmacking B. BlueSniffing C. Bluejacking D. Bluesnarfing
C
NO: 164 OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server? A. BU COMMANDE KAGITTAN BAK B. BU COMMANDE KAGITTAN BAK C. BU COMMANDE KAGITTAN BAK D. BU COMMANDE KAGITTAN BAK
C
NO: 175 Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email? A. PyLoris B. Slowloris C. Evilginx D. PLCinject
C
NO: 177 Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks? A. Data-driven firewall B. Packet firewall C. Web application firewall D. Stateful firewall
C
NO: 187 Which ios jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot? A. Tethered jailbreaking B. Semi-tethered jailbreaking C. Untethered jailbreaking D. Semi-Untethered jailbreaking
C
NO: 199 Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SVN ping scan? BU COMMANDE KAGITTAN BAK
C
NO: 201 As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester? A. Service Level Agreement B. Project Scope C. Rules of Engagement D. Non-Disclosure Agreement
C
NO: 208 While using your bank's online servicing you notice the following string in the URL bar: "http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21" You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes. Which type of vulnerability is present on this site? A. Cookie Tampering B. SQL Injection C. Web Parameter Tampering D. XSS Reflection
C
NO: 210 Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a 76 malicious user Rob tries to get access to the account of a benign user Ned. Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability? BU COMMANDE KAGITTAN BAK
C
NO: 217 Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem? A. Disable unused ports in the switches B. Separate students in a different VLAN C. Use the 802.1x protocol D. Ask students to use the wireless network
C
NO: 219 What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common? A. All are hacking tools developed by the legion of doom B. All are tools that can be used not only by hackers, but also security personnel C. All are DDOS tools D. All are tools that are only effective against Windows E. All are tools that are only effective against Linux
C
NO: 226 This TCP flag instructs the sending system to transmit all buffered data immediately. A. SYN B. RST C. PSH D. URG E. FIN
C
NO: 230 PGP, SSL, and IKE are all examples of which type of cryptography? A. Digest B. Secret Key C. Public Key D. Hash Algorithm
C
NO: 231 Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks. What is the countermeasure Mike applied to defend against jamming and scrambling attacks? A. Allow the usage of functions such as gets and strcpy B. Allow the transmission of all types of addressed packets at the ISP level C. Implement cognitive radios in the physical layer D. A Disable TCP SYN cookie protection
C
NO: 239 Shiela is an information security analyst working at HiTech Security Solutions. She is performing service version discovery using Nmap to obtain information about the running services and their versions on a target system. Which of the following Nmap options must she use to perform service version discovery on the target host? A. -SN B. -SX C. -sV D. -SF
C
NO: 129 Peter, a system administrator working at a reputed IT firm, decided to work from his home and login remotely. Later, he anticipated that the remote connection could be exposed to session hijacking. To curb this possibility, he implemented a technique that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. What is the technique followed by Peter to send files securely through a remote connection? A. DMZ B. SMB signing C. VPN D. Switch network
C 44
NO: 182 Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario? A. Docker client B. Docker objects C. Docker daemon D. Docker registries
C 65
NO: 186 You have the SOA presented below in your Zone. Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries? collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600) A. One day B. One hour C. One week D. One month
C 67
NO: 197 jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However. Jane has a long, complex password on her router. What attack has likely occurred? A. Wireless sniffing B. Piggybacking C. Evil twin D. Wardriving
C 71
NO: 200 Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario? A. Diversion theft B. Baiting C. Honey trap D. Piggybacking
C 72
NO: 101 What is GINA? A. Gateway Interface Network Application B. GUI Installed Network Application CLASS C. Global Internet National Authority (G-USA) D. Graphical Identification and Authentication DLL
D
NO: 106 A zone file consists of which of the following Resource Records (RRs)? A. DNS, NS, AXFR, and MX records B. DNS, NS, PTR, and MX records C. SOA, NS, AXFR, and MX records D. SOA, NS, A, and MX records
D
NO: 114 Which of the following provides a security professional with most information about the system's security posture? A. Phishing, spamming, sending trojans B. Social engineering, company site browsing tailgating C. Wardriving, warchalking, social engineering D. Port scanning, banner grabbing service identification
D
NO: 115 Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an encryption software, which is a free implementation of the OpenPGP standard that uses both symmetric-key cryptography and asymmetric-key cryptography for improved speed and secure key exchange. What is the encryption software employed by Sam for securing the email messages? A. PGP B. S/MIME C. SMTP D. GPG
D
NO: 117 An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site. Which file does the attacker need to modify? A. Boot.ini B. Sudoers C. Networks D. Hosts
D
NO: 123 Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read, and export sensitive information shared between connected devices. To perform this attack, Clark executed various btlejack commands. Which of the following commands was used by Clark to hijack the connections? A. BU COMMANDE KAGITTAN BAK B. BU COMMANDE KAGITTAN BAK C. BU COMMANDE KAGITTAN BAK D. BU COMMANDE KAGITTAN BAK
D
NO: 140 The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by Debry Inc.? A. WEP B. WPA C. WPA2 47 D. WPA3
D
NO: 151 Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks. What is the technique employed by Kevin to improve the security of encryption keys? A. Key derivation function B. Key reinstallation C. A Public key infrastructure D. Key stretching
D
NO: 152 what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages? A. httpd.conf B. administration.config C. idq.dll D. php.ini
D
NO: 178 Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following results: TTL: 64 Window Size: 5840 What is the OS running on the target machine? A. Solaris OS B. Windows OS C. Mac OS D. Linux OS
D
NO: 183 User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place? A. Application B. Transport C. Session D. Presentation
D
NO: 185 Which results will be returned with the following Google search query? site:target.com - site:Marketing.target.com accounting A. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting. B. Results matching all words in the query. C. Results for matches on target.com and Marketing.target.com that include the word "accounting" D. Results matching "accounting" in domain target.com but not on the site Marketing.target.com
D
NO: 192 Judy created a forum, one day. she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images: BU COMMANDE KAGITTAN BAK What issue occurred for the users who clicked on the image? A. The code inject a new cookie to the browser. B. The code redirects the user to another site. C. The code is a virus that is attempting to gather the users username and password. D. This php file silently executes the code and grabs the users session cookie and session ID.
D
NO: 195 Fingerprinting an Operating System helps a cracker because: 70 A. It defines exactly what software you have installed B. It opens a security-delayed window based on the port being scanned C. It doesn't depend on the patches that have been applied to fix existing security holes D. It informs the cracker of which vulnerabilities he may be able to exploit on your system
D
NO: 204 You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax? A. hping2 host.domain.com B. hping2 --set-ICMP host.domain.com C. hping2 -i host.domain.com D. hping2 -1 host.domain.com
D
NO: 206 Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";) A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111 74 B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
D
NO: 211 This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information. What type of attack is this? A. Time-based SQL injection B. Union SQL injection C. Error-based SQL injection D. Blind SQL injection
D
NO: 214 Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack. A. Enumeration B. Vulnerability analysis C. Malware analysis D. Scanning networks
D
NO: 220 You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c What is the hexadecimal value of NOP instruction? A. 0x60 B. 0x80 C. 0x70 D. 0x90
D
NO: 221 Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages. Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication? A. WSDL B. WS Work Processes C. WS-Policy D. WS-Security 81
D
NO: 233 Which regulation defines security and privacy controls for Federal information systems and organizations? A. HIPAA B. EU Safe Harbor C. PCI-DSS D. NIST-800-53
D
NO: 179 A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed? A. Firewall-management policy B. Acceptable-use policy C. Permissive policy D. Remote-access policy
D 63
NO: 189 You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ""FTP on the network!"";) A. A firewall IPTable B. FTP Server rule C. A Router IPTable D. An Intrusion Detection System
D 68
NO: 103 Which of the following is a component of a risk assessment? A. Administrative safeguards B. Physical security C. DMZ D. Logical interface
A
NO: 235 Which of the following tools can be used for passive OS fingerprinting? A. nmap B. tcpdump C. tracert D. ping
B
NO: 205 Which method of password cracking takes the most time and effort? A. Dictionary attack B. Shoulder surfing C. Rainbow tables D. Brute force
D