T2.1
How do employers protect assets with security policies pertaining to employee surveillance activities? A. Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness. B. Employers use informal verbal communication channels to explain employee monitoring activities to employees. C. Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes. D. Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.
D.
Which of the following is the greatest threat posed by backups? A. A backup is the source of Malware or illicit information. B. A backup is unavailable during disaster recovery. C. A backup is incomplete because no verification was performed. D. An un-encrypted backup can be misplaced or stolen.
D.
The following are types of Bluetooth attack EXCEPT_____? A. Bluejacking B. Bluesmaking C. Bluesnarfing D. Bluedriving
D. Bluedriving is not a thing
Scenario: 1. Victim opens the attacker's web site. 2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'. 3. Victim clicks to the interesting and attractive content url. 4. Attacker creates a transparent 'iframe' in front of the url which victim attempt to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content or url that exists in the transparent 'iframe' which is setup by the attacker. What is the name of the attack which is mentioned in the scenario? A. HTTP Parameter Pollution B. HTML Injection C. Session Fixation D. ClickJacking Attack
D. ClickJacking attack
Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except. A. Protect the payload and the headers B. Authenticate C. Encrypt D. Work at the Data Link Layer
D. IPsec works at layer 3 (Network)
Using Windows CMD, how would an attacker list all the shares to which the current user context has access? A. NET USE B. NET CONFIG C. NET FILE D. NET VIEW
D. Net View displays a list of domains, computers, or resources that are being shared by the specified computer. Net Use connects a computer to or disconnects a computer from a shared resource
What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin? A. c:\compmgmt.msc B. c:\gpedit C. c:\ncpa.cpl D. c:\services.msc
A
A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate? A. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials. B. Attempts by attackers to access the user and password information stored in the company's SQL database. C. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge. D. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
A.
The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%). What is the closest approximate cost of this replacement and recovery operation per year? A. $146 B. $1320 C. $440 D. $100
A.
What is correct about digital signatures? A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party. B. Digital signatures may be used in different documents of the same type. C. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content. D. Digital signatures are issued once for each user and can be used everywhere until they expire.
A.
Which of the following is a component of a risk assessment? A. Administrative safeguards B. Physical security C. DMZ D. Logical interface
A. Administrative safeguards
You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: "FTP on the network!";) A. An Intrusion Detection System B. A firewall IPTable C. A Router IPTable D. FTP Server rule
A. An IDS
During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic? A. Application B. Circuit C. Stateful D. Packet Filtering
A. Application
What does a firewall check to prevent particular ports and applications from getting packets into an organization? A. Transport layer port numbers and application layer headers B. Presentation layer headers and the session layer port numbers C. Network layer headers and the session layer port numbers D. Application layer port numbers and the transport layer headers
A. Application layer firewalls analyze the application layer headers
An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database. <iframe src="http://www.vulnweb.com/updateif.php" style="display:none"></iframe> What is this type of attack (that can use either HTTP GET or HTTP POST) called? A. Cross-Site Request Forgery B. Cross-Site Scripting C. SQL Injection D. Browser Hacking
A. Cross-Site Request Forgery
env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd' What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? A. Display passwd content to prompt B. Removes the passwd file C. Changes all passwords in passwd D. Add new user to the passwd file
A. Display passwd content to prompt
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN? A. ESP transport mode B. AH permiscuous C. ESP confidential D. AH Tunnel mode
A. ESP transport mode is best because it is on the same LAN
The security concept of "separation of duties" is most similar to the operation of which type of security device? A. Firewall B. Bastion host C. Intrusion Detection System D. Honeypot
A. Firewall
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem? A. The WAP does not recognize the client's MAC address B. The client cannot see the SSID of the wireless network C. Client is configured for the wrong channel D. The wireless client is not configured to use DHCP
A. Many wireless networks use MAC Filtering
Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer? A. Use a scan tool like Nessus B. Use the built-in Windows Update tool C. Check MITRE.org for the latest list of CVE findings D. Create a disk image of a clean Windows installation
A. Nessus
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause? A. The network devices are not all synchronized. B. Proper chain of custody was not observed while collecting the logs. C. The attacker altered or erased events from the logs. D. The security breach was a false positive.
A. Network devices were not all synchonized
A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred? A. The gateway is not routing to a public IP address. B. The computer is using an invalid IP address. C. The gateway and the computer are not on the same network. D. The computer is not using a private IP address.
A. Not routing to a public IP address
Which of the following levels of algorithms does Public Key Infrastructure (PKI) use? A. RSA 1024 bit strength B. AES 1024 bit strength C. RSA 512 bit strength D. AES 512 bit strength
A. PKI uses RSA keys that are from 1024-4096 bits long
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy? A. Private B. Public C. Shared D. Root
A. Private
An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol is most likely able to handle this requirement? A. RADIUS B. DIAMETER C. Kerberos D. TACACS+
A. RADIUS
Which of the following tools can be used for passive OS fingerprinting? A. tcpdump B. nmap C. ping D. tracert
A. tcpdump because it just prints the contents of network packets and doesn't interject anything into the network
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports? A. Sarbanes-Oxley Act (SOX) B. Gramm-Leach-Bliley Act (GLBA) C. Fair and Accurate Credit Transactions Act (FACTA) D. Federal Information Security Management Act (FISMA)
A. SOX mandates that principle officers certify their companies financial reports quarterly
Which of the following is a protocol specifically designed for transporting event messages? A. SYSLOG B. SMS C. SNMP D. ICMP
A. SYSLOG is designed to transport event messages
Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications? A. Service Oriented Architecture B. Object Oriented Architecture C. Lean Coding D. Agile Process
A. Service Oriented Architecture
It is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers). Which of the following vulnerabilities is being described? A. Shellshock B. Rootshock C. Rootshell D. Shellbash
A. Shellshock
During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. What is this type of DNS configuration commonly called? A. Split DNS B. DNSSEC C. DynDNS D. DNS Scheme
A. Split DNS
To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such an audit? A. Vulnerability scanner B. Protocol analyzer C. Port scanner D. Intrusion Detection System
A. Vulnerability scanner
The network administrator contacts you and tells you that she noticed the temperature on the internal wireless router increases by more than 20% during weekend hours when the office was closed. She asks you to investigate the issue because she is busy dealing with a big conference and she doesn't have time to perform the task. What tool can you use to view the network traffic being sent and received by the wireless router? A. Wireshark B. Nessus C. Netcat D. Netstat
A. Wireshark
What are two things that are possible when scanning UDP ports? (Choose two.) A. A reset will be returned B. An ICMP message will be returned C. The four-way handshake will not be completed D. An RFC 1294 message will be returned E. Nothing
B and E
A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw? A. Insufficient security management B. Insufficient database hardening C. Insufficient input validation D. Insufficient exception handling
B.
In order to have an anonymous Internet surf, which of the following is best choice? A. Use SSL sites when entering personal information B. Use Tor network with multi-node C. Use shared WiFi D. Use public VPN
B.
Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities? A. Use cryptographic storage to store all PII B. Use encrypted communications protocols to transmit PII C. Use full disk encryption on all hard drives to protect PII D. Use a security token to log into all Web applications that use PII
B.
LM hash is a compromised password hashing function. Which of the following parameters describe LM Hash:? I - The maximum password length is 14 characters. II - There are no distinctions between uppercase and lowercase. III - It's a simple algorithm, so 10,000,000 hashes can be generated per second. A. I B. I, II, and III C. II D. I and II
B. All are true
Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company? A. Poly key exchange B. Cross certification C. Poly key reference D. Cross-site exchange
B. Cross Certification
Which of the following is a characteristic of Public Key Infrastructure (PKI)? A. Public-key cryptosystems are faster than symmetric-key cryptosystems. B. Public-key cryptosystems distribute public-keys within digital signatures. C. Public-key cryptosystems do not require a secure key distribution channel. D. Public-key cryptosystems do not provide technical non-repudiation via digital signatures.
B. Public keys are distributed within digital signatures
Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities? A. WebBugs B. WebGoat C. VULN_HTML D. WebScarab
B. WebGoat
A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below: Access List should be written between VLANs. Port security should be enabled for the intranet. A security solution which filters data packets should be set between intranet (LAN) and DMZ. A WAF should be used in front of the web applications. According to the section from the report, which of the following choice is true? A. MAC Spoof attacks cannot be performed. B. Possibility of SQL Injection attack is eliminated. C. A stateful firewall can be used between intranet (LAN) and DMZ. D. There is access control policy between VLANs.
C.
While performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser opens and shows an animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all his funds on the bank was gone. What Web browser-based security vulnerability got exploited by the hacker? A. Clickjacking B. Web Form Input Validation C. Cross-Site Request Forgery D. Cross-Site Scripting
C.
Suppose you've gained access to your client's hybrid network. On which port should you listen to in order to know which Microsoft Windows workstations has its file sharing enabled? A. 1433 B. 161 C. 445 D. 3389
C. 445 SMB file sharing
Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion? A. Regulatory compliance B. Peer review C. Change management D. Penetration testing
C. Change management
Which statement best describes a server type under an N-tier architecture? A. A group of servers at a specific layer B. A single server with a specific role C. A group of servers with a unique role D. A single server at a specific layer
C. Group of servers with a unique role
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11? A. Truecrypt B. Sub7 C. Nessus D. Clamwin
C. Nessus can be used to regularly test security of systems and processes
Which element of Public Key Infrastructure (PKI) verifies the applicant? A. Certificate authority B. Validation authority C. Registration authority D. Verification authority
C. Registration authority verifies the applicant
You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank's interest and your liabilities as a tester? A. Service Level Agreement B. Non-Disclosure Agreement C. Terms of Engagement D. Project Scope
C. Terms of engagement
SOAP services use which technology to format information? A. SATA B. PCI C. XML D. ISDN
C. XML