Practice Test A-B ISM 326
Which command-line parameter would you use to disable name resolutions in tcpdump?
-n
Which of the following best indicates a top-level parent domain?
.org
Which of the following represent the private IP address? Each correct answer represents a complete solution. Choose all that apply.
/////172.16.186.242//// /////10.153.203.18///// ////192.168.17.4/////
Camila, a network administrator, observes the subnet mask 255.255.255.252. Which CIDR notation will she use to indicate the subnet mask?
/22
If you were to see the subnet mask 255.255.252.0, what CIDR notation (prefix) would you use to indicate the same thing?
/22
What financial filing is required for public companies and would provide you with the annual report?
14-A
Which of these addresses would be considered a private address (RFC 1918 address)?
172.20.128.240
An organization asks its network administrator to block all Telnet traffic. Which of the following ports should the administrator block on the firewall?
23
A user has created a VPC having the CIDR /22 network. Which of the following subnet masks will the user use to indicate the same network?
255.255.252.0
What version of SNMP introduced encryption and user-based authentication? End of ch 6
3
What would a signal range for a Bluetooth 4.0 device commonly be?
300 ft.
What status code will you get if your attempt to use the VRFY command fails?
550
In the following packet, what port is the source port? 20:45:55.272087 IP yazpistachio.lan.62882 > loft.lan.afs3-fileserver: Flags [P.], seq 915235445:915235528, ack 3437317287, win 2048, options [nop,nop,TS val 1310611430 ecr 1794010423], length 83
62882
In the TCP three-way handshake, what is done next after the initial SYN packet is sent?
A SYN/ACK packet is sent
What is the difference between a false positive and a false negative?
A false positive indicates a finding that doesn't exist, while a false negative doesn't indicate a finding that does exist.
If you were to see the following command in someone's history, what would you think had happened? msfvenom -i 5 -p windows/x64/shell_reverse_tcp -o program
A malicious program was generated.
What does pivoting on a compromised system get you?
A route to extra networks
What is the primary difference between a worm and a virus?
A worm can self-propagate.
If you were looking up information about a company in New Zealand, which RIR would you be looking in for data?
APNIC
You are informed that the additional allocation of an IP address is required in North America. Which of the following RIR (Regional Internet registry) would you be looking in for allocation?
ARIN
Which of the following types of sniffing techniques is generally referred to as the MITM (man-in-the-middle) attack?
ARP poisoning
John works as a network administrator at Infosoft Inc. He suspects that malware is attempting a buffer overflow attack in a kernel module. Which of the following techniques will John use to protect against the attack?
ASLR
Which of the following is one factor of a defense in depth approach to a network design?
Access control lists on routers
What is the use of a MAC address?
Addressing systems on the local network
What would you use a security information event manager for?
Aggregating and providing search for log data
What tool could you use to enable sniffing on your wireless network to acquire all headers?
Airmon-ng
What would be the purpose of running a ping sweep?
All of these
Which of these would be an example of pretexting?
An email from a former co-worker
What is the primary purpose of polymorphic code for malware programs?
Antivirus evasion
You are evaluating the security of your organization's wireless network and found that SSID broadcasting is turned on. Who among the following will have access to a wireless network's SSID?
Anyone in the organization
Taylor, a black hat hacker, makes use of a program called slowhttptest to send requests asking for overlapping ranges of bytes. Which of the following attacks is she performing?
Apache Killer
What is nmap looking at when it conducts a version scan?
Application banners
Why is it important to store system logs remotely?
Attackers might delete local logs.
The DNS server where records for a domain belonging to an organization or enterprise reside is called the _________ server.
Authoritative
Which social engineering principle may allow a phone call from the help desk to be effective?
Authority
As a network administrator, your manager instructs you to reduce the organization's accessibility to the file server. She claims that doing so will aid in preventing company trade secrets from being leaked to the public; however, you understand that doing so will have a negative impact on productivity and aggravate employees. Which part of the CIA triad is being impacted here?
Availability
If you were on client engagement and discovered that you left an external hard drive with essential data on it at home, which security principle would you be violating?
Availability
What security property does a denial of service violate?
Availability
Which core concept has the ability for information or services that must be accessible at a moment's notice?
Availability
Your organization allows employees to bring personally owned devices and connect them to the organization's network. What approach is the organization using?
BYOD
Christina works as a project manager at XYZ. She was terminated from her position, where she was using her cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following allows this action?
BYOD policy
What type of attack would you be using by putting malware onto USB sticks that were given out at a security conference?
Baiting
Olivia, a black hat hacker, captures the information transmitted by the remote host to expose the application type, application version, and even operating system type and version. Which of the following techniques will she use to obtain information about the target system?
Banner Grabbing
Laura works as a vulnerability tester at XYZ. While performing a vulnerability scan, she believes that there are Windows file shares in use on the enterprise network. Which of the following will she use to prove her theory?
Bell-LaPadula
Pete, a security engineer, grants access to network resources based on authenticating an individual's fingerprint during a scan. Which security method does he use in determining identity?
Biometric authentication
Granting access to a system based on a factor such as an individual's retina during a scan is an example of what type of authentication method?
Biometrics
Juan, a penetration tester, is asked to perform a penetration test from an external IP address with no prior knowledge of the internal IT systems. What kind of test will Juan perform?
Black box
What can an intrusion prevention system do that an intrusion detection system can't?
Block or reject network traffic.
An attacker wants to send unsolicited messages to a user's Bluetooth device. Which of the following Bluetooth hacking techniques will the attacker use?
BlueJacking
Why is bluesnarfing potentially more dangerous than bluejacking from the standpoint of the victim?
Bluejacking sends while bluesnarfing receives.
Which of the following is an attack that connects to a Bluetooth device to grab data from that device?
Bluesnarfing
Which type of network uses a group of zombie computers to carry out the commands of the bot master?
Botnet
What is the policy that allows people to use their own smartphones on the enterprise network?
Bring your own device
The packet indicates the physical destination address as ff.ff.ff.ff.ff.ff. What type of MAC address is this?
Broadcast
Your organization has asked you to perform a brute force scan that actively sends messages to devices to determine what they are. Which of the following will you use?
Btscanner
What would be the result of sending the string AAAAAAAAAAAAAAAAA into a variable that has been allocated space for 8 bytes?
Buffer overflow
An attacker wants to send commands to the bots, which are endpoints in a botnet. Which of the following servers will he use?
C2
In a botnet, what are the systems that tell individual bots what to do called?
C2 servers
Your organization issues certificates to users by collecting information from the user and then generating the key to provide to the user. Which of the following is responsible for this?
CA
Harry, a white hat hacker, has created his own CA for creating a fake digital certificate. What key will he use to create the signature on the certificate?
CA's private key
What is the web page you may be presented with when connecting to a wireless access point, especially in a public place?
Captive portal
A system creates a certificate with the assigned public and private keys and digitally signs it. What is the system's role?
Certificate authority
Which hardware vendor uses the term SPAN on switches?
Cisco
Your organization has asked you to provide the number of bits in a network prefix. Which of the following notations will you use?
Classless Inter-Domain Routing
The ______ is the end of a client/server communication that goes on the infected system if it is communicating with infrastructure.
Client
What attack can a proximity card be susceptible to?
Cloning
Which of the following is used for authentication within SNMP?
Community string
What is the /etc/ettercap/etter.dns file used for?
Configuring hostnames to IP addresses
What does a defense in breadth approach add?
Consideration for a broader range of attacks
What is the purpose of using a disassembler?
Converting opcodes to mnemonics
If you were to see the following in a packet capture, what attack would you expect is happening?
Cross-site scripting
Which is the second phase in the ethical hacking methodology?
Cross-site scripting
Joseph works as a security administrator at XYZ. His network is being flooded by ICMP packets. He observes that the packets came from multiple different IP addresses. What kind of attack is this?
DDoS
Your organization has asked you to use the same key for encryption and decryption of messages. Which of the following methods of encryption will you use?
DES
Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?
DMZ
Which of these protocols would be most likely to be used in an amplification attack?
DNS
What is one downside to running a default tcpdump without any parameters?
DNS requests
Juan, a black hat hacker, gains access to the DNS server and redirects the direction of www.xyz.com to his IP address. Now, when the employees want to go to www.xyz.com, they are being redirected to the attacker machine. What kind of attack has Juan performed?
DNS spoofing
At which protocol layer does the Berkeley Packet Filter operate?
Data Link
A breach was caused in which a customer's personal information was compromised. Jordan, a security analyst, is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should he use to remediate the vulnerabilities?
Data leak prevention
What is the SMB protocol used for?
Data transfers on Windows systems
You work as a security assistant at XYZ and asked to analyze spyware dynamically on the company's web site. Which of the following tools will you use?
Debugger
Which of the following approach uses multiple layers of firewalls and other security devices?
Defense in depth
Joseph, a black hat hacker, wants to bring a railway website down so that it fails to serve the people who want to book tickets. Which of the following attacks will he perform?
Denial of service
What would the Low Orbit Ion Cannon be used for?
Denial of service attacks
What is the four-stage handshake used for?
Deriving keys
The UDP headers contain which of the following fields?
Destination port, source port, checksum, and length
The organization wants to derive keys when an encryption session is started. Which of the following mechanisms will the organization use?
Diffie-Hellman
Your organization wants to allow two parties in an encrypted communication to generate a key without ever transmitting any data that would allow the key to be known. Which of the following will the organization use?
Diffie-Hellman
If you have a wordlist and you are trying to identify all paths in a website, even if they may not be exposed through links, what strategy might you be using?
Directory enumeration
What type of enumeration would you use the utility dirb for?
Directory enumeration
How would someone keep a baiting attack from being successful?
Disable autorun.
What type of attack is a compromise of availability?
DoS
What information would you not expect to find in the response to a whois query about an IP address?
Domain association
What is the purpose of a dropper?
Drop files
What does the malware that is referred to as a dropper do?
Drops files that may be more malware
What would you use Cuckoo Sandbox for?
Dynamic analysis of malware
What command would you use to get the list of mail servers for a domain? CH 4 end
EDGAR
What SMTP command would you use to get the list of users in a mailing list?
EXPN
You find after you get access to a system that you are the user www-data. What might you try to do very shortly after getting access to the system?
Elevate privileges.
If you found a colleague searching at pgp.mit.edu, what would they likely be looking for?
Email addresses
Your organization has asked you to use a tool named theHarvester. What they are trying to make you identify?
Email addresses
Which of these may be considered an evasive technique?
Encoding data
How would you ensure that confidentiality is implemented in an organization?
Encryption
Which of the following will you use to identify whether an executable is packed?
Entry point
Which of the following statements regarding ethical hacking are true? Each correct answer represents a complete solution. Choose all that apply.
Ethical hacking should not involve writing to or modifying the target systems. /////////////////////// An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services. ///////////////////////Testing should be remotely performed offsite.
What program could be used to perform spoofing attacks and also supports plug-ins?
Ettercap
Which tool is able to conduct a man-in-the-middle attack particularly in a LAN network environment? Each correct answer represents a complete solution. Choose two.
Ettercap, Cain & Abel
Perrie, an auditor, found that there were no documented security procedures during a security audit of IT processes. What should he do?
Evaluate existing policies
If you were looking for reliable exploits you could use against known vulnerabilities, what would you use?
Exploit-DB
Jordan, a white hat hacker, observes an incorrect alert triggered by an intrusion prevention system. What type of event has occurred in the scenario?
False Positive
What statistic are you more likely to be concerned about when thinking about implementing biometrics?
False acceptance rate
What is the purpose of a SYN flood?
Fill up connection buffers at the operating system.
Jordan, a software tester, is randomly generating invalid inputs in an attempt to crash the program. Which of the following software testing techniques will he use to determine if a software program properly handles a wide range of invalid input?
Firewall
Larry, a network administrator, accesses the Internet frequently and wants to protect her company's network from external attacks. Which of the following options will help her to achieve her aim?
Firewall
What security element would be a crucial part of a defense in depth network design?
Firewall
Which of these would be a reason why communications should originate from inside the infected network? End of ch 8
Firewall
Which method identifies the size and scope of the target network?
Footprinting
Why would an attacker use an alternate data stream on a Windows system?
For hiding files
What is the purpose of a deauthentication attack?
Forcing stations to reauthenticate
You've been asked to implement a policy that defines how retired hard drives are sanitized securely. Which of the following would be the least acceptable?
Format the Hard drives
How many stages are used in the WPA handshake?
Four
Which of the following attacks uses UDP packets to target the broadcast address and cause a DDoS?
Fraggle
What is fragroute primarily used for?
Fragmenting application traffic
Juan, a network administrator, was asked to decrypt a substitution cipher. Which of the following will he use?
Frequency analysis
If you needed to guarantee complete fault tolerance, what network architecture would you be most likely to use?
Full mesh
Jordan, a software tester, is randomly generating invalid inputs in an attempt to crash the program. Which of the following software testing techniques will he use to determine if a software program properly handles a wide range of invalid input?
Fuzzing
An intrusion detection system can perform which of the following functions?
Generate alerts on traffic
What would you use the program rtgen for?
Generating rainbow tables
What would you use sslstrip for? End of ch9
Getting plaintext traffic
You are an attacker who has successfully infiltrated your target's web server. You performed a web defacement on the targeted organization's website, and you were able to create your own credentials with administrative privileges. Before conducting data exfiltration, what will you do?
Go back and delete or edit the logs.
Juan, a black hat hacker, writes the following command: nc -l -u -p55566 < /etc/passwd What does the above command in netcat do?
Grabs the /etc/passwd file when connected to the UDP port 55566
What do we call an ARP response without a corresponding ARP request?
Gratuitous ARP
Which of these protocols would be used to communicate with an IoT device?
HTTP
What is the advantage of using a rootkit?
Hiding processes and files
An attacker uses an amplification factor to multiply its power. Which of the following protocols has the attacker used?
ICMP
What protocol is used for a Smurf attack?
ICMP
Which protocol is necessary to enable the functionality of traceroute?
ICMP
An attacker has successfully compromised a machine on the network and found a server that is alive on the same network. The attacker tries to ping it but didn't get any response back. Which of the following is responsible for this scenario?
ICMP is disabled on the target server.
If you wanted a tool that could help with both static and dynamic analysis of malware, which would you choose?
IDA
Which header field is used to reassemble fragmented IP packets?
IP identification
Which protocol is a set of extensions that provide for encryption from one location to another?
IPSec
What is the SSID used for?
Identifying a network
What is the purpose of performing a Bluetooth scan?
Identifying endpoints
What would you use VirusTotal for?
Identifying malware against antivirus engines
What would you use Wappalyzer for?
Identifying web technologies
Katy, a penetration tester, observes illegal activities on a client's computer. Which of the following actions should she take?
Immediately stop the test and report the finding to the authorities.
What social engineering vector would you use if you wanted to gain access to a building?
Impersonation
Joseph, a vulnerability tester, discovers a serious flaw in the implementation of DNS, which impacts everyone on the Internet. Which of the following approaches would be the most responsible way for him to share this knowledge?
Inform the vendor and provide a 90-day waiting period before public disclosure.
What are the two types of wireless networks?
Infrastructure and ad hoc
An attacker is trying to determine the best methods of attack and what may be available at the target worth gaining access to. The attacker is in which phase of security testing?
Initial reconnaissance
As a black hat hacker, you identify a WAP at the mall that you're going to exploit. You discover that the WAP is using WEP. Which method will you utilize to exploit the WAP?
Initialization vector
What is the term used for the random value in WEP that allowed WEP to be cracked?
Initialization vector
What part of the encryption process was weak in WEP? End of ch11
Initialization vector
Jacob, a security administrator, wants to protect an organization against an SQL injection attack. Which of the following controls will he implement?
Input validation /////////////////////////////////////////////////////////Parameterized queries //////////////// /// Web application firewall
What information does a buffer overflow intend to control?
Instruction pointer
What is the IPC$ share used for?
Interprocess communication
What are RPCs primarily used for?
Interprocess communications
If you were implementing defense in breadth, what might you do?
Introduce a DevSecOps culture
Your company has asked you about a single-purpose device that can be used in different automation capacities. Which of the following will you suggest?
IoT
Which form of biometrics scans a pattern in the area of the eye around the pupil?
Iris scanning
As a network administrator, Taylor is experiencing intermittent security issues. What is the first thing she should do?
Isolate the problem
What is one reason for using a scan like an ACK scan?
It may get through firewalls and IDS devices.
Why would someone use a Trojan?
It pretends to be something else.
A hacker wants to find information concerning the hardware or software used in a targeted company. Which of the following can be a great source for the hacker?
Job posting
You want to extract passwords from memory. Which of the following technical assessment tools will you use?
John the Ripper
What wireless attack would you use to take a known piece of information in order to be able to decrypt wireless traffic?
Key reinstallation
A black hat hacker was able to install a device at an unattended workstation and was able to recover passwords, account information, and other information the next day. What did the black hat hacker install?
Keylogger
What tactic will an attacker use once he had obtained access to a system?
Lateral movement
You are working on a red-team engagement. Your team leader has asked you to use baiting as a way to get in. What are you being asked to do? End of ch10
Leave USB sticks around.
What order, from bottom to top, does the TCP/IP architecture use?
Link, Internet, Transport, and Application
What social networking site would be most likely to be useful in gathering information about a company, including job titles?
As a pentester, what content might you include in addition to your general findings?
List of identified vulnerabilities
What would you use a bluebugging attack for?
Listening to a physical space
Your organization is planning for incidents and makes sure that they are also storing system logs in a central location. It means that anything you do to the logs on the local system won't have an impact because the place any investigator is going to is the central log repository. Which of the following is explained in the scenario?
Log manipulation
You have noticed a malicious code that crashes your web server at a point when it reaches 10 million total visits. Which of the following threats is responsible for this?
Logic bomb
Laura, a security analyst, is concerned about the risk of tailgating attacks against her organization and wants to prevent this risk from materializing. Which of the following will she use?
Man trap
What is a viable approach to protecting against tailgating?
Man trap
What are data descriptions in SNMP called?
Management information base
What might an attacker be trying to do by using the clearev command in Meterpreter?
Manipulate log files.
What Windows utility is used to perform port scans, traceroutes, DNS resolutions, and ping sweeps?
MegaPing
Which of these would be an example of a loss of integrity?
Memory failures causing disk drivers to run incorrectly
If you needed to enumerate data across multiple services and also store the data for retrieval later, what tool would you use?
Metasploit
What could you use to generate your own malware?
Metasploit
What tool would you use to compromise a system and then perform post-exploitation actions?
Metasploit
Which of the following can perform automated attacks on services, ports, applications, and unpatched security flaws in a computer system?
Metasploit
What could you use to obtain password hashes from a compromised system? End of chapter 7
Mimikatz
Hyena, a project manager, is managing risk. Which of the following is an acceptable option for her?
Mitigate the risk
Which of the following is both a security issue for an organization and a privacy issue for a BYOD user?
Mixing personal and corporate data
What are the three date and time stamps stored as part of the file metadata?
Modified, accessed, and created
What mode has to be enabled on a network interface to allow all headers in wireless traffic to be captured?
Monitor
What mode needs to be enabled to get all headers from wireless network communications?
Monitor
Which of the following agencies was created to protect organizational operations, assets, and individuals from threats such as malicious cyber attacks, natural disasters, structural failures, and human errors?
NIST
Which of the following regulations defines security and privacy controls for federal information systems and organizations?
NIST SP 800-53
What would you get from running the command dig ns domain.com?
Name server records for domain.com
What utility would you use to gather information about domain names, workstation names, and Windows network shares?
Nbtstat
Which of these is a built-in program on Windows for gathering information using SMB?
Nbtstat
Which of the following tools is used to scan for vulnerabilities on a target system or a network?
Nessus
To connect to and directly interact with a service, what utility could you use?
Netcat
One of your colleagues asks you regarding network firewalls preventing web application attacks. What will you tell the colleague?
Network firewalls cannot prevent attacks if ports 80 and 443 are open.
What wouldn't you see when you capture wireless traffic that includes radio headers?
Network type
What program would you use to enumerate services?
Nmap
Which of these tools allows you to create your own enumeration function based on ports being identified as open?
Nmap
An attacker wants to perform a Bluetooth attack without using specialized equipment. What is the farthest away he could be to perform the attack?
No more than 300 feet
Which of these tools would be most beneficial when trying to dynamically analyze malware?
OllyDbg
What is the target of a command injection attack?
Operating system
You want to verify and authenticate the identity of individuals within the enterprise taking part in data exchange. Which of the following will you use?
PKI
Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?
PSH
Taylor works as a network administrator at XYZ. The organization has allowed her to run her application code on systems managed and controlled by the organization. To which of the following cloud computing models does this map closely?
PaaS
Jordan, a network administrator, writes the following command: tcpdump -i eth1 port 80? Which of the following packets is he capturing?
Packets to and from port 80
Hanna, a black hat hacker, is performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, and searching the bank's job postings. What phase is the hacker currently in?
Passive reconnaissance
Which of the following is an act of locating weaknesses and vulnerabilities of information systems by copying the intent and actions of malicious hackers?
Penetration testing
What would the result of a high false failure rate be?
People having to call security
What would you need to do before you could perform a DNS spoof attack?
Perform ARP spoof.
Ron was just hired as a penetration tester for the red team. Which of the following best describes him?
Perform offensive security tasks to test the network's security.
What types of authentications are allowed in a WPA-encrypted network?
Personal and enterprise
An attacker, masquerading as a trusted entity, dupes a victim by sending an instant message. The user is then tricked to install malware and reveal sensitive information. Which of the following attacks is explained in the scenario?
Phishing
Jacob works as a network analyst at XYZ. He was asked to identify all systems that were responsive to a company's network. Which of the following techniques will he use?
Ping Sweep
The organization wants to derive keys when an encryption session is started. Which of the following mechanisms will the organization use?
Place the attachment in a malware sandbox.
Which of these could you enumerate on a WordPress site using wpscan?
Plug-ins
What documents provide high-level guidance dictated by business goals and objectives?
Policy
Camilla, a security analyst, has been given a task to identify open ports and resolve security issues of the server. Which of the following tools will she use? Each correct answer represents a complete solution. Choose all that apply.
Port scanner Protocol analyzer
Ron, a black hat hacker, is looking for a target's corporate credentials. For this, he has used a fictitious scenario to persuade the target to engage with him. Which type of attack is this?
Pretexting
The use of a script to perform a social engineering attack is called what?
Pretexting
You get a phone call from someone telling you they are from IRS and they are sending the police to your house now to arrest you unless you provide a method of payment immediately. What tactic is the caller using?
Pretexting
As a security administrator, you ask your team to conduct a review to determine who has increased their user access privilege over time. What are they evaluating?
Privilege escalation
What is it called when you obtain administrative privileges from a normal user account?
Privilege escalation
Which of these is a reason to use an exploit against a local vulnerability?
Privilege escalation
Which of the following is a method of executing arbitrary code in the address space of a separate live process?
Process injection
An organization's configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit, rather than passing only the frames that the controller is intended to receive. Which of the following is being described in the scenario?
Promiscuous mode
Juan works as a network administrator at XYZ. An IDS has alerted him to a possibly malicious sequence of packets sent to a web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can Juan use to determine if these packets are genuinely malicious or simply a false positive?
Protocol analyzer
Which functionality in Wireshark will provide you with percentages for every protocol in the packet capture, ordered by protocol layers?
Protocol hierarchy
Ian works as a security administrator at XYZ Inc. He wants employees and others who have been authorized are provided with a badge. Which of the following will he use?
RFID
If you were checking on the IP addresses for a company in France, what RIR would you be checking with for details?
RIPE
Which of these passes objects between systems?
RMI
What is the process Java programs communicate with to get a dynamic port allocation?
RMI registry
Which of the following is a service that allows remote systems to consume procedures external to the application calling them?
RPC
What is the response to a connection request to a closed port in TCP?
RST
Which flag forces both sender and receiver on the network to terminate their connection with one another?
RST
What technique would a cracker use to improve the speed of password cracking?
Rainbow table
A user side-loaded a popular app from an unauthorized third-party app store. When the user installed the app, it displayed a screen asking for payment and stating that if the payment was not received, the user would lose all access to data that was stored on their phone. What was installed on the user's phone?
Ransomware
Shawn, a vulnerability tester, was asked to investigate a compromised system. He discovers that the system has a malware variant called WannaCry installed. Which of the following does this closely map to?
Ransomware
What is the difference between a virus and ransomware?
Ransomware may be a virus.
Your company gives you a free simulator for LINUX. Later, you feel like you should buy the simulator in response. What social engineering principle gets you to buy the simulator because you feel obligated to respond to the company's favor?
Reciprocity
As an attacker, you found your target. You spend the next two weeks observing and watching personnel move in and move out of the facility. You also observe how the front desk handles large packages delivered as well as people who do not have access badges. You finally come up with a solid schedule of security patrols that you see being conducted. What is it that you are doing?
Reconnaissance
What strategy does a local, caching DNS server use to look up records when asked?
Recursive
Which of the following is the practice of rigorously challenging plans, policies, systems, and assumptions by adopting an adversarial approach?
Red Teaming
Why would you use automated tools for social engineering attacks?
Reduce complexity.
What underlying functionality is necessary to enable Windows file sharing?
Remote Procedure Call
Laura, a vulnerability tester, runs a Nessus vulnerability scan of her network and discovers systems running SSL 3.0. Which of the following actions should she take to remediate this vulnerability?
Replace SSL with TLS
If you were looking for the definitive documentation on a protocol, what would you consult?
Request for comments
You are the chief information security officer for a popular social website. You recently learned that your web servers have been compromised with the SSL Heart Bleed zero-day exploit. What will be your most likely first course of action to defend against?
Restrict access to sensitive information.
Which of the following types of scanning is used on the eye to measure the layer of blood vessels?
Retinal
What tool does a Java program need to use to implement remote process communication?
Rmic
What kind of access point is being used in an evil twin attack?
Rogue
Taylor, a black hat hacker, wants to hide processes from the process list, hide files, registry entries, and intercept keystrokes. Which of the following will she use?
Rootkit
What type of malware can be used to provide backdoor access to a system?
Rootkit
Which is a collection of computer software designed to grant an unauthorized user access to a computer or certain programs?
Rootkit
Which of the following is a collection of software tools that gives a threat actor remote access to and control over a computer or other system?
Rootkit
What would you use MegaPing for?
Running a port scan
What tool could you use to generate email attacks as well as wireless attacks?
SE Toolkit
Juan works as a database administrator at XYZ Inc. He wants to retrieve all elements from the database table "wubble". Which of the following commands will he use?
SELECT * FROM wubble
Which of the following algorithms will you use to provide better protection against brute force attacks by using a 160-bit message digest?
SHA-1
What element could be used to facilitate log collection, aggregation, and correlation?
SIEM
You want to adopt security technology to assist with log aggregation, correlation, and analysis. Which of the following will you use?
SIEM
Laura works as a vulnerability tester at XYZ. While performing a vulnerability scan, she believes that there are Windows file shares in use on the enterprise network. Which of the following will she use to prove her theory?
SMB
Sam, a penetration tester, has been actively scanning the client network on which he is doing a vulnerability assessment test. While conducting a port scan, he notices open ports in the range of 135 and 139. Which of the following is listening on those ports?
SMB
Olive, a network analyst, blocks port 161 after the enumeration stage. Which of the following necessary services could be blocked?
SNMP
You are asked to gather data from a system using a management information base. Which of the following protocols will you use?
SNMP
Which of the following is a standardized mechanism for managing network devices?
SNMPv1
What is the advantage of using SNMPv3 over SNMPv1?
SNMPv3 supports encryption.
If you were to see ' or one one in a packet capture, what would you expect was happening?
SQL injection
You are a security administrator for a movie production company. One of your daily duties is to check the IDS logs when you are alerted. You notice that you received a lot of incomplete three-way handshakes and your memory performance has been dropping significantly on your web server and customers are complaining of really slow connections. What could be the actual issue?
SYN Flood
What are the messages sent as part of a TCP three-way handshake?
SYN, SYN/ACK, ACK
What are the three steps in the TCP handshake as described by the flags set?
SYN, SYN/ACK, and ACK
Which of the following implements the SMB protocol on Unix-like operating systems?
Samba
Which is the second phase in the ethical hacking methodology?
Scanning and enumeration
What would you use credentials for a vulnerability scanner?
Scanning for local vulnerabilities
Jacob works as a security analyst at XYZ. He wants to find a Metasploit exploit that works with a software package he is targeting. Which of the following will help him to locate this?
Searchsploit
The PDU for TCP is called a _____.
Segment
Juan, a network administrator, wants to send a response for a node to update its IP to MAC mapping in the entire network. Which of the following will he perform?
Send gratuitous ARP responses.
Which of these would be a way to exploit a client-side vulnerability?
Sending a crafted URL
What would you be trying to enumerate if you were to use enum4linux?
Shares and/or users
You see the following text written down—port:20000 source address. What does that likely reference?
Shodan search
What technique does a slow read attack use?
Small file retrieval requests
Which of these devices would not be considered part of the Internet of Things?
Smartphone
You've received a text message from an unknown number that is only five digits long. It doesn't have any text, just a URL. What might this be an example of?
Smishing
Jacob, a security administrator, monitors packets in his network with Wireshark. He finds a lot of ICMP Echo packets directed towards the 255.198.126.134 address. What type of attack is he looking at?
Smurf attack
John, a security analyst, wants to monitor network activity and identify packets that contain malicious content. Which of the following tools will he use?
Snort
Which of the following products might be used as an intrusion detection system?
Snort
Which of the following social engineering principles is in use when you see a line of people at a vendor booth at a security conference waiting to grab free USB sticks and CDs?
Social proof
If you were to see the following command run, what would you assume? hping -S -p 25 10.5.16.2
Someone was trying to probe an email port on the target.
Brett received a fake email asking to donate money to a charity group that operates in Nigeria. The email instructs him to provide his bank account information that will be used to deduct two dollars from his account every month for the charity. What may be the issue here?
Spear phishing
What is the reason for using rainbow tables?
Speed prioritized over disk space
How does an evil twin attack work?
Spoofing an SSID
Your organization wants you to implement stronger encryption algorithms. Which of the following documents need to be modified to define the specifications for these new algorithms?
Standards
Joseph, a network administrator, wants to create dynamic connections on an ethernet network by using a switch. Which of the following topologies will he use?
Star
Which network topology are you most likely to run across in a large enterprise network?
Star-bus hybrids
Wonder, a network analyst, wants to ensure that the packets are part of the established session. Which of the following firewalls will she use?
Stateful Firewall
What is one advantage of static analysis over dynamic analysis of malware?
Static analysis limits your exposure to infection.
Jacob, an ethical hacker, wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides security through obscurity. What technique is Jacob using?
Steganography
Joseph, a security analyst, is preparing to submit a malware sample to VirusTotal for review. He wants to match a malware sample to the VirusTotal database without disclosing its contents. Which of the following would allow Joseph to do so?
Submit a hash
What problem does port spanning overcome?
Switches filter traffic.
Why might you have more endpoints shown at layer 4 than at layer 2?
Systems may initiate multiple connections to the same host.
Joseph, a security analyst, analyzes network traffic and notices that the SYN flag is set on a packet. Which of the following protocols is in use in the given scenario?
TCP
What protocol is being used in the frame listed in this summary? 719 42.691135 157.240.19.26 192.168.86.26 TCP 1464 443 → 61618 [ACK] Seq=4361 Ack=1276 Win=31232 Len=1398
TCP
Which protocol would you use for transport if you needed to ensure that all your messages were received in the right order?
TCP
Jacob, a network administrator, is crafting an iptables firewall rule that will restrict inbound connections using the SSH protocol. What port should Jacob configure in his rule?
TCP port 22
What is an XMAS scan?
TCP scan with FIN/PSH/URG set
The attacker enters the organization's building by following an employee after he has opened the door with his badge. Which of the following types of breach has the attacker performed?
Tailgate
Juan is hired to do physical penetration testing at the XYZ company. On the first day of his assessment, he goes to the company's building dressed as a technician and waits in the lobby for an employee, to pass through the main access gate, then he follows the employee behind to get into the restricted area. Which type of attack did he perform?
Tailgating
Which of these may be considered worst practices when it comes to vulnerability scans?
Taking no action on the results
What would you use a job listing for when performing reconnaissance?
Technologies used
Jeff is hired to perform a penetration test for XYZ Inc. During the test, one of the employees' computers crashes as a consequence of the penetration test. The crash was not supposed to be a part of the test. What might have prevented such a problem?
Terms of contract
What are two sections you would commonly find in a portable executable (PE) file?
Text and data
What would you be looking for with the following Google query? filetype:txt Administrator:500:
Text files including the text Administrator:500:
Your end clients report that they cannot reach any website on the external network. As the network administrator, you decide to conduct some fact-finding. Upon your investigation, you determine that you are able to ping outside of the LAN to external websites using their IP addresses. Pinging websites with their domain name resolution does not work. What is most likely causing the issue?
The DNS server is not functioning correctly.
What does nmap look at for fingerprinting an operating system?
The IP ID field and the initial sequence number
What is the difference between a SYN scan and a full connect scan?
The SYN scan doesn't complete the three-way handshake.
One of the considerations that should be reviewed is the processing speed while purchasing a biometric system. Which of the following best describes what it is meant by processing?
The amount of time it takes to be either accepted or rejected from when an individual provides Identification and authentication information
What would be one reason not to write malware in Python?
The python interpreter may not be available.
Which of these techniques might be used to maintain access to a system?
The run key in the Windows Registry
What does the following line mean? Sequence number: 4361 (relative sequence number)
The sequence number shown is not the real sequence number.
John, a security analyst, is probing a DNS server and discovers that it is configured as an open server. Which of the following risks is associated with this configuration?
The server may be used in an amplification attack.
If you receive a RST packet back from a target host, what do you know about your target? End of ch 5
The source port in the RST message is closed.
Why does an ACK scan not indicate clearly that ports are open?
The target system ignores the message.
The following shows a time stamp: 630 41.897644 192.168.86.210 239.255.255.250 SSDP 750 NOTIFY * HTTP/1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT] What does the time of this message reflect?
The time since packet start
If you were to see that someone was using OpenVAS, followed by Nessus, what might you assume?
They were trying to reduce false positives.
You are asked about the ethics behind training on how to hack a system to an ethical hacker. Which of the following will you suggest?
Think like hackers and know how to defend such attacks.
You have received the text message on your mobile phone that says, "Hello, this is Bob from the Bing Bank. Kindly contact me for a vital transaction on [email protected]". Which of the following statements is true?
This is a scam as everybody can get a @bing address, not the Bing customer service employees.
How many layers in the OSI model map to the top layer in the TCP/IP architecture?
Three
What would be necessary for a TCP conversation to be considered established by a stateful firewall?
Three-way handshake complete
What is it called when you manipulate the time stamps on files?
Timestomping
Why would you use an encoder when you are creating malware using Metasploit?
To evade antivirus
Why would you use wireless social engineering?
To gather credentials
What is the purpose of a packer for malware?
To obscure the actual program
What is the purpose of a security policy? end at ch quiz 3
To provide high-level guidance on the role of security
Jordan, a security manager, allows remote employees to login to the network via a VPN. He is concerned that a remote employee's credentials might be compromised. Which of the following will he use to mitigate the risk?
Token authentication
If you saw the following command line, what would you be capturing? tcpdump -i eth2 host 192.168.10.5
Traffic to and from 192.168.10.5
Joseph, a security administrator, wants to monitor and make alterations on specific file changes to determine the possibility of system compromise. Which of the following will he use to check for the integrity?
Trip wire
If you were to notice operating system commands inside a DNS request while looking at a packet capture, what might you be looking at?
Tunneling attack
If you wanted a lightweight protocol to send real-time data over, which of these would you use?
UDP
Which information would a packet filter use to make decisions about what traffic to allow into the network?
UDP source port
What is one reason a UDP scan may take longer than a TCP scan of the same host?
UDP will retransmit more.
What has been done to the following string?
URL encoding
Juan, a security analyst, wants to recognize the broad range of attacks that are happening in the organization and the vectors that are used. Which of the following will he use?
UTM
Which of the following is the lowest level of data classification in use within the government?
Unclassified
To remove malware from the network before it gets to the endpoint, you would use which of the following?
Unified threat management appliance
What information could you get from running p0f?
Uptime
Alicia works as a security administrator at XYZ Inc. She observes that the possibility of log files being altered by an attacker is increasing day by day. Which of the following will she do to mitigate the risk?
Use SIEM
What is the target of a cross-site scripting attack?
User
What important event can be exposed by enabling auditing?
User Login
What does John the Ripper's single crack mode, the default mode, do?
Uses known information and mangling rules
What method might you use to successfully get malware onto a mobile device?
Using a third-party app store
Utility, possession, and authenticity
Utility, possession, and authenticity
What additional properties does the Parkerian hexad offer over the CIA triad?
Utility, possession, and authenticity
Mark, a security manager, categorizes an information system and determines that the loss of integrity of a specific information type would impact business significantly. Based on this, he recommends the implementation of several solutions. Which of the following, when combined, would mitigate this risk?
Validation
You are working with a colleague and you see them interacting with an email server using the VRFY command. What is it your colleague doing?
Verifying email addresses
Taylor, a network analyst, was asked to identify the application running on a port. What type of nmap scan will he use?
Version
Juan, a white hat hacker, wants to inject malware that requires a host application for replication into an organization system. Which of the following will he use?
Virus
Which of the following is defined as an act of using VoIP for phishing, which involves using social engineering over the telephone system to obtain private information from an individual?
Vishing
Which of these forms of biometrics is least likely to give a high true accept rate while minimizing false reject rates?
Voiceprint identification
Which term best describes the absence or weakness of a safeguard related to an asset?
Vulnerability
Laura, a penetration tester, is asked to identify which services and desktops have missing security patches. Which of the following will she use to accomplish the task?
Vulnerability scanner
Marry, a deployment manager, works with a software development group to assess the security of a new version of the organization's internally developed ERP tool. The organization prefers focusing on assessing security throughout the life cycle. Which of the following methods should she perform to assess the security of the product?
Vulnerability scanning of the production environment
Which protocol is used to create a secure environment in a wireless network?
WPA
What would you be using by pushing a button on an access point to gain authenticated access?
WPS
Julia, a penetration tester, wants to use a browser plug-in to identify technologies used on a website. Which of the following will she use?
Wappalyzer
Which of these isn't an example of an attack that compromises integrity?
Watering hole
Which of these is an example of an application layer gateway?
Web application firewall
What application would be a common target for client-side exploits?
Web browser
What is the role of an individual who interrogates a system with permission?
White hat hacker
Which of the following refers to people who always do their work for good?
White hat hacker
What tool would allow you to run an evil twin attack?
Wifiphisher
Mark, a network administrator, observes that Wireshark is showing the following information:
Wireshark has calculated the information
What can you say about [TCP Segment Len: 35], as provided by Wireshark?
Wireshark has inferred this information.
Joseph, a vulnerability tester, observes that malware is spreading from system to system on the organization's network by automatically scanning for open file shares and connecting to them with default credentials. Which of the following is described in the scenario?
Worm
What type of program exists primarily to propagate and spread itself to other systems and can do so without any user action to initiate?
Worm
Your organization wants to include information about the identity of the certificate holder so that verification of the certificate can happen. Which of the following will the organization use?
X.509
Juan, a security analyst, observes an attack that occurs from the code on the web server accepting data coming from the client without doing any data validation. Which of the following is responsible for this?
XML
The attacker enters the organization's building by following an employee after he has opened the door with his badge. Which of the following types of breach has the attacker performed?
XML entity injection
If you were to see the following in a packet capture, what would you think was happening? Entity
XML external entity injection
An attacker sends a misleading email with a link containing malicious JavaScript to gain access to a user's account credentials. Which of the following web application attacks the attacker is performing?
XSS
What is an advantage of a phone call over a phishing email?
You are able to go into more detail with pretexting.
What would be a reason to use the Override feature in OpenVAS?
You want to change a severity rating on a finding.
Hanna, a black hat hacker, wants to access the bank systems remotely and steal banking information from those systems. Which of the following will she install on the target system?
Zeus
What technique would you ideally use to get all of the hostnames associated with a domain?
Zone Transfer
An attacker wants to manipulate log files by deleting the Windows Event Viewer logs. Which of the following will the attacker use?
clearev
How do you authenticate with SNMPv1?
community string
What command would you use to get the list of mail servers for a domain?
dig mx domain.com
Your company has been targeted by a series of phishing emails. To determine the attack, you quickly tell your users to verify senders. What do you do to implement this?
ensure that the email is digitally signed
Jacob, a security analyst, needs to identify shares and users on a target Windows system. Which of the following will he use?
enum4linux
Which of these services would be considered a storage as a service solution?
icloud
Joseph, a penetration tester, wants to examine links between data using graphs and link analysis. Which of the following tools will he use?
maltego
What is the advantage of using masscan over nmap?
masscan can scan more addresses faster.
Camilla, a software engineer, wants to gather NetBIOS statistics by acquiring information about a remote system. Which of the following utilities will he use?
nbtstat
Marie, a security analyst, was asked to prepare a list of all encryption ciphers supported by an SSH server. What utility will she use?
nmap
Which application can provide DNS zone transfer information?
nslookup
In Linux, which of the following files allows to see user information such as full name, phone number, and office information?
passwd
If you wanted to locate detailed information about a person using either their name or username you have, which website would you use?
peekyou.com
Which of the following types of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money to the operators of the malware to remove the restriction?
ransomware
Swan, a penetration tester, has gathered a lot of valuable information on her target. She has used some different tools and determined that on her target's network, a computer named XYZ Worsoft has port 548 open. Which of the following steps in the ethical hacking methodology is she performing?
scanning and enumeration
You need to identify all Excel spreadsheets available from the company Example Inc., whose domain is example.com. What search query would you use?
site:example.com filetype:xls
Which of the following allows an adversary to obtain passwords online in a passive manner?
sniffing
Why might you have problems with sslstrip?
sslstrip doesn't work with newer versions of TLS.
If a user wants to send information securely to another user in an open environment, what would they use?
the receiver's private key
What tool could be used to gather email addresses from PGP servers: Bing, Google, or LinkedIn?
theHarvester
Which of the following is defined as an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, DOS, or modification of data?
threat
Which program would you use if you wanted to only print specific fields from the captured packet?
tshark
Juan works as a security administrator at XYZ. He configured the most secure policies and tightened every device on his network. He is confident that hackers will never be able to gain access to his network. His peer says even the best network security technologies cannot prevent hackers from gaining access to the network because of the presence of the "weakest link" in the security chain. What is this "weakest link" refer to?
untrained staff
Juan, a penetration tester, notices that the traffic gets blocked when he tried to pass IRC traffic from a web-enabled host. However, he also noticed that outbound HTTP traffic is being allowed. What type of firewall is being utilized for outbound traffic?
web application
What tool could you use to clone a website?
wget
John works as a database administrator at XYZ. He was asked to query the RIR for information about an IP address block. Which of the following utilities will he use to obtain information?
whois
Which of the following provides free information about a website that includes phone number, administrator's email, and even the domain registration authority?
whois