CIMS 100 Ch 1-9
Which of the following techniques rely on tunneling to transmit one protocol data in another protocol? A covert channel Asymmetric routing Steganography Scanning
A covert channel
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services? Web application patches A list of flaws and how to fix them An extensible security framework named COBIT A security certification for hardened web applications
A list of flaws and how to fix them
What results will the following command yield? nmap -sS -O -p 123-153 192.168.100.3 A stealth scan, checking all open ports excluding ports 123 to 153. A stealth scan, checking open ports 123 to 153. A stealth scan, determine operating system, and scanning ports 123 to 153. A stealth scan, opening port 123 and 153.
A stealth scan, determine operating system, and scanning ports 123 to 153.
Which of the following regional internet registries (RIRs) provides services related to the technical coordination and management of Internet number resources in Canada, the United States, and many Caribbean and North Atlantic islands? LACNIC AFRINIC APNIC ARIN
ARIN
Which of the following security policies protects the organizational resources and enables organizations to track their assets? User account policy Remote access policy Information protection policy Access control policy
Access control policy
Out of the following options, identify the function of the following command performed on a Cisco switch. "switchport port-security mac-address sticky" Configures the switch port parameters to enable port security Configures the maximum number of secure MAC addresses for the port Configures the secure MAC address aging time on the port Adds all secure MAC addresses that are dynamically learned to the running configuration
Adds all secure MAC addresses that are dynamically learned to the running configuration
Which of the following .dll file is used by the Zeus Trojan to access and manipulate Service Manager and Registry on a victim machine? Advapi32.dll n32dll.dll User32.dll Kernel32.dll
Advapi32.dll
Which of the following is an sh-compatible shell that stores command history in a file? Zsh Tcsh/Csh BASH ksh
BASH
Which of the following techniques helps the attacker in identifying the OS used on the target host in order to detect vulnerabilities on a target system? IP address decoy Banner grabbing Port scanning Source routing
Banner grabbing
Cristine is the CEO of a global corporation that has several branch offices around the world. The company employs over 300 workers, half of whom use computers. Recently, the company suffered from a ransomware attack that disrupted many services, and many people have written to Cristine with questions about why it happened. She asks Edwin, the systems administrator, about servers that have encrypted information. Edwin explains to Cristine that the servers have a screen asking about bitcoins to pay to decrypt the information, but he does not know why. What team does the company lack? unencrypt team. CSIRT. Administrators team. Vulnerability Management team.
CSIRT.
Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented manner? Peer review Regulatory compliance Penetration testing Change management
Change management
Which of the following channels is used by an attacker to hide data in an undetectable protocol? Covert Encrypted Classified Overt
Covert
Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? Website Mirroring Tools Web Updates Monitoring Tools Metadata Extraction Tools Email Tracking Tools
Email Tracking Tools
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining Standard best practice for configuration management Contract agreement writing standards Guidelines and practices for security controls Financial soundness and business viability metrics
Guidelines and practices for security controls
Anonymous, a known hacker group, claim to have taken down 20,000 Twitter accounts linked to Islamic State in response to the Paris attacks that left 130 people dead. How can you categorize this attack by Anonymous? Hacktivism Spoofing Social engineering Cracking
Hacktivism
Which of the following attacks can be prevented by implementing token or biometric authentication as a defense strategy? Fake SMS Shoulder surfing Impersonation Eavesdropping
Impersonation
Which of the following threats is closely related to medical identity theft? Criminal identity theft Insurance identity theft Synthetic identity theft Social identity theft
Insurance identity theft
Which of the following tool is used for cracking passwords? Nikto John the Ripper OpenVAS Havij
John the Ripper
Which of the following protocols uses TCP or UDP as its transport protocol over port 389? LDAP SIP SMTP SNMP
LDAP
Which of the following vulnerabilities is found in all the Intel processors and ARM processors deployed by Apple (and others) and leads to tricking a process to access out of bounds memory by exploiting CPU optimization mechanisms such as speculative execution? Dylib Hijacking Meltdown DLL Hijacking Privilege escalation
Meltdown
Which virus has the following characteristics: • Inserts dead code• Reorders instructions• Reshapes the expressions• Modifies program control structure Cluster Virus Metamorphic Virus Macro Virus Stealth Virus
Metamorphic Virus
In order to show improvement of security over time, what must be developed? Taxonomy of vulnerabilities Testing tools Reports Metrics
Metrics
In which of the following techniques is the text or an image considerably condensed in size, up to one page in a single dot, to avoid detection by unintended recipients? Computer-Based Methods Invisible Ink Spread Spectrum Microdots
Microdots
Which tool includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems? Wireshark Microsoft Baseline Security Analyzer (MBSA) FOCA Netcraft
Microsoft Baseline Security Analyzer (MBSA)
Identify the Trojan which exhibits the following characteristics: Login attempts with 60 different factory default username and password pairs Built for multiple CPU architectures (x86, ARM, Sparc, PowerPC, Motorola) Connects to CnC to allows the attacker to specify an attack vector Increases bandwidth usage for infected bots Identifies and removes competing malware Windigo Ramnit Mirai PlugBot
Mirai
Tesla is running an application with debug enabled in one of its system. Under which category of vulnerabilities can this flaw be classified? Operating System Flaws Design Flaws Unpatched servers Misconfiguration
Misconfiguration
Which of the following is considered an acceptable option when managing a risk? Reject the risk. Mitigate the risk. Initiate the risk. Deny the risk.
Mitigate the risk.
Which of the following open source tools would be the best choice to scan a network for potential targets? hashcat John the Ripper Cain & Abel NMAP
NMAP
Which one of the following techniques is used by attackers to hide their programs? Scanning NTFS Stream Enumeration Footprinting
NTFS Stream
h of the following protocols is responsible for synchronizing clocks of networked computers? DNS NTP SMTP LDAP
NTP
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing? Metasploit Nessus NMAP BeEF
Nessus
Which of the following is a legal channel for the transfer of data or information in a company network securely? Covert Timing Channel Covert Channel Covert Storage Channel Overt Channel
Overt Channel
How can rainbow tables be defeated? Use of non-dictionary words All uppercase character passwords Password salting Lockout accounts under brute force password cracking attempts
Password salting
Which of the following techniques is used to place an executable in a particular path in such a way that it will be executed by the application in place of the legitimate target? Scheduled Task File System Permissions Weakness Path Interception Application Shimming
Path Interception
Ransomware encrypts the files and locks systems, thereby leaving the system in an unusable state. The compromised user has to pay ransom to the attacker to unlock the system and get the files decrypted. Petya delivers malicious code can that even destroy the data with no scope of recovery. What is this malicious code called? Honeypot Payload Bot Vulnerability
Payload
Which of the following guidelines or standards governs the credit card industry? Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standards (PCI DSS) Control Objectives for Information and Related Technology (COBIT) Sarbanes-Oxley Act (SOX)
Payment Card Industry Data Security Standards (PCI DSS)
Which of the following steps in enumeration penetration testing extracts information about encryption and hashing algorithms, authentication type, key distribution algorithms, SA LifeDuration, etc.? Perform NTP enumeration Perform DNS enumeration Perform SMTP enumeration Perform IPsec enumeration
Perform IPsec enumeration
Which of the following can an administrator do to verify that a tape backup can be recovered in its entirety? Read the last 512 bytes of the tape. Restore a random file. Read the first 512 bytes of the tape. Perform a full restore.
Perform a full restore.
An attacker wants to monitor a target network traffic on one or more ports on the switch. In such a case, which of the following methods can he use? Lawful interception Port mirroring Active sniffing Wiretapping
Port mirroring
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Apart from Highlander employees, no one can access the cloud service. What type of cloud service is Highlander using? Hybrid cloud Public cloud Community cloud Private cloud
Private cloud
Identify the monitoring tool that exhibits the following features: Reliable capture of process details, including image path, command line, user and session ID. Configurable and moveable columns for any event property. Filters can be set for any data field, including fields not configured as columns. Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data. Process tree tool shows the relationship of all processes referenced in a trace. Native log format preserves all data for loading in a different Process Monitor instance Netstat IDA Pro Process Monitor TCP View
Process Monitor
Passive reconnaissance involves collecting information through which of the following? Publicly accessible sources Traceroute analysis Email tracking Social engineering
Publicly accessible sources
What information is gathered about the victim using email tracking tools? Username of the clients, operating systems, email addresses, and list of software. Targeted contact data, extracts the URL and meta tag for website promotion. Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information. Information on an organization's web pages since their creation.
Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information.
Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity? Silent Dependencies Consider unscanned ports as closed Netstat WMI Scan Reduce parallel connections on congestion
Reduce parallel connections on congestion
Which of the following term refers to the process of reducing the severity of vulnerabilities in vulnerability management life cycle? Vulnerability Assessment Remediation Verification Risk Assessment
Remediation
Company XYZ is one of the most famous and well-known organization across the globe for its cyber security services. It has received Best Cyber Security Certification Provider Award for three consecutive times. One day, a hacker identified severe vulnerability in XYZ's website and exploited the vulnerabilities in the website successfully compromising customers' private data. Besides the loss of data and the compromised network equipment, what has been the worst damage for Company XYZ? Routers. Credit Score. Reputation. Customers.
Reputation.
In which phase of a social engineering attack does an attacker indulges in dumpster diving? Selecting target Develop the relationship Exploit the relationship Research on target
Research on target
What is the correct order of phases of social engineering attack? Develop the relationship → research on target company → selecting target → exploit the relationship Selecting target → develop the relationship → research on target company → exploit the relationship Selecting target → research on target company → develop the relationship → exploit the relationship Research on target company → selecting target → develop the relationship → exploit the relationship
Research on target company → selecting target → develop the relationship → exploit the relationship
Which of the following tools provides comprehensive vulnerability management for mobile devices, smartphones, and tablets? Pamn IP Scanner FaceNiff zANTI Retina CS for Mobile
Retina CS for Mobile
In which phase of risk management process does an analyst calculate the organization's risks and estimate the likelihood and impact of those risks? Risk assessment Risk identification Risk treatment Risk monitoring and review
Risk assessment
What is the best defense against a privilege escalation vulnerability? Never perform debugging using bounds checkers and stress tests and increase the amount of code that runs with particular privilege. Run services with least privileged accounts and implement multifactor authentication and authorization. Never place executables in write-protected directories. Review user roles and administrator privileges for maximum utilization of automation services.
Run services with least privileged accounts and implement multifactor authentication and authorization.
Which of the following is used by an attacker to manipulate the log files? SECEVENT.EVT Auditpol.exe Clear_Event_Viewer_Logs.bat clearlogs.exe
SECEVENT.EVT
Which of the following terms refers to unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers? They usually focus on the quantity of attacks rather than the quality of the attacks that they initiate. Gray Hats Suicide Hackers Script Kiddies Hacktivist
Script Kiddies
Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. Sean was unable find any information. What should Sean do to get the information he needs? Sean should use Sublist3r tool Sean should use email tracking tools Sean should use WayBackMachine in Archive.org Sean should use website mirroring tools
Sean should use Sublist3r tool
What is the output returned by search engines when extracting critical details about a target from the Internet? Advanced search operators Open ports and Services Search Engine Results Pages ('SERPs') Operating systems, location of web servers, users and passwords
Search Engine Results Pages ('SERPs')
Which of the following protocols is not vulnerable to sniffing? Post Office Protocol (POP) Secure Sockets Layer (SSL) Hyper Text Transfer Protocol (HTTP) Telnet and Rlogin
Secure Sockets Layer (SSL)
Bayron is the CEO of a medium size company with regional operations in America. He recently hired a security analyst to implement an ISMS. This analyst will design and implement Patch Management, Vulnerability Management and Security Incident Handler procedures for the company. Which of these is a reactive process? Patch Management. A and B are correct. Security Incident Handler. Vulnerability Management.
Security Incident Handler.
What information should an IT system analysis provide to the risk assessor? Threat statement Impact analysis Management buy-in Security architecture
Security architecture
A network administrator is promoted as chief security officer at a local university. One of his new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location.During a meeting with an outside consultant, the chief security officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the network administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis.Which of the following is an issue with the situation? Lack of experience Segregation of duties Undue influence An inadequate disaster recovery plan
Segregation of duties
A computer installed with port monitoring, file monitoring, network monitoring, and antivirus software and connected to network only under strictly controlled conditions is known as: Sandbox Malwarebytes Sheep Dip Droidsheep
Sheep Dip
In which of the following attacks is the practice of spying on the user of a cash-dispensing machine or other electronic device performed in order to obtain their personal identification number, password, and so on? Piggybacking Shoulder surfing Dumpster diving Tailgating
Shoulder surfing
Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: Secretly observes the target to gain critical information Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique. Shoulder surfing Tailgating Phishing Dumpster diving
Shoulder surfing
Which of the following is a preventive control? Continuity of operations plan Performance review. Audit trail. Smart card authentication.
Smart card authentication.
Bad Pete would like to locally log onto a PC located inside a secure facility. He dresses like a delivery driver and holds a package outside of the secure facility and waits for someone to open the door. Once he gains entry, he finds an empty office with a PC and gains entry to the network. What is this type of activity known as? Personal attack Open door policy attack Social equity attack Social engineering
Social engineering
When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial? Network sniffing. Application security testing. Vulnerability scanning. Social engineering.
Social engineering.
Which of the following is a generic exploit designed to perform advanced attacks against human elements to compromise a target to offer sensitive information? NetScanTools Pro Social-engineer toolkit (SET) Wireshark Cain and Abel
Social-engineer toolkit (SET)
John is a college dropout and spends most of his time on social networking sites looking for the people living in the city and gather their details. One day, he saw a girl's profile and found her email ID from her timeline. John sent her a mail stating that he possessed her private photos and if she fails to provide him with her bank account details, he will upload those images to social networking sites. Whaling Vishing Spear Phishing Pharming
Spear Phishing
Which of the following vulnerabilities allows attackers to trick a processor to exploit speculative execution to read restricted data? Dylib Hijacking DLL Hijacking Spectre Meltdown
Spectre
Low humidity in a data center can cause which of the following problems? Corrosion Airborne contamination Static electricity Heat
Static electricity
Which of the following techniques refers to the art of hiding data "behind" other data without the target's knowledge? Footprinting Enumeration Steganography Scanning
Steganography
In which of the following identity thefts does an attacker acquire information from different victims to create a new identity? Social identity theft Identity cloning and concealment Synthetic identity theft Tax identity theft
Synthetic identity theft
Which of the following processes refers to taking a snapshot of the system at the time the malware analysis begins? API call monitoring Sandboxing System baselining Windows services monitoring
System baselining
Which of the following protocols provides reliable multiprocess communication service in a multinetwork environment? SNMP TCP UDP SMTP
TCP
What is the port number used by DNS servers to perform DNS zone transfer? UDP 137 TCP/UDP 53 TCP 139 TCP/UDP 135
TCP/UDP 53
A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer can transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway, they are both on the 192.168.1.0/24. Which of the following has occurred? The gateway and the computer are not on the same network. The gateway is not routing to a public IP address. The computer is using an invalid IP address. The computer is not using a private IP address.
The gateway is not routing to a public IP address.
You need to do an ethical hack for BAYARA Company, and the manager says that you need to obtain the password of the root account of the main server to hire you. You are in possession of a rainbow table, what else do you need to obtain the password of the root? Do a vulnerability assessment The hash of the root password Inject an SQL script into the database Perform a network recognition
The hash of the root password
How does the SAM database in Windows operating system store the user accounts and passwords? The operating system stores all passwords in a protected segment of volatile memory. The operating system uses key distribution center (KDC) for storing all user passwords. The operating system stores the passwords in a secret file that users cannot find. The operating system performs a one-way hash of the passwords.
The operating system stores all passwords in a protected segment of volatile memory.
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? Traceroute to control the path of the packets sent during the scan. Timing options to slow the speed that the port scan is conducted. Fingerprinting to identify which operating systems are running on the network. ICMP ping sweep to determine which hosts on the network are not available .
Timing options to slow the speed that the port scan is conducted.
What is the sole purpose of writing destructive Trojans? To copying itself to the system and create a scheduled task that executes the copied payload To randomly delete files, folders, registry entries, and local and network drives To stop the working of security programs such as firewall and IDS To trick the victim to install the malicious application
To randomly delete files, folders, registry entries, and local and network drives
Which of the following utility uses the ICMP protocol concept and Time to Live ('TTL') field of IP header to find the path of the target host in the network? Traceroute WhoIs DNS Lookup TCP/IP
Traceroute
Which of the following tools are useful in extracting information about the geographical location of routers, servers and IP devices in a network? Email Tracking Tools DNS Lookup tools Traceroute tools WhoIs Lookup tools
Traceroute tools
A penetration tester is attempting to scan an internal corporate network from the Internet without alerting the border sensor. Which of the following techniques should the tester consider using? Tunneling over high port numbers Tunneling scan over SSH Scanning using fragmented IP packets Spoofing an IP address
Tunneling scan over SSH
Which of the following malware is a self-replicating program that produces its code by attaching copies of itself to other executable codes and operates without the knowledge of the user? Trojan Worm Exploit kit Virus
Virus
In which of the following online services can a security analyst upload the suspicious file to identify whether the file is a genuine one or a malicious one? VirusTotal.com domainsearch.com Whois.com Netcraft.com
VirusTotal.com
Which of the following terms refers to the existence of a weakness, design flaw, or implementation error that can lead to an unexpected event compromising the security of the system? Zero-Day Attack Exploit Hacking Vulnerability
Vulnerability
Which of these is a preventive security control? Security incident handling Forensics Disaster recovery Vulnerability management
Vulnerability management
Which of the following is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system? WhoIs Lookup Traceroute TCP/IP DNS Lookup
WhoIs Lookup
A newly discovered flaw in a software application would be considered as which kind of security vulnerability? Time-to-check to time-to-use flaw HTTP header injection vulnerability Input validation flaw Zero-day vulnerability
Zero-day vulnerability
Which of the following database is used to delete the history of the target website? TCP/IP and IPSec filters archive.org Implement VPN WhoIs Lookup database
archive.org
An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host.Which of the following Hping commands he/she needs to use to gather the required information? hping3 -A <Target IP> -p 80 hping3 <Target IP> -Q -p 139 -s hping3 -S <Target IP> -p 80 --tcp-timestamp hping3 -F -P -U 10.0.0.25 -p 80
hping3 <Target IP> -Q -p 139 -s
Which of the following windows utilities allow an attacker to perform NetBIOS enumeration? GetRequest ntpdate SetRequest nbtstat
nbtstat
Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords ? filetype:pcf "cisco" "GroupPwd" "Config" intitle:"Index of" intext:vpn inurl:/remote/login?lang=en "[main]" "enc_GroupPwd=" ext:txt
"[main]" "enc_GroupPwd=" ext:txt
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use? -sS -sT -sU -sn
-sn
A hacker was able to sniff packets on a company's wireless network. The following information was discovered: the Key 10110010 01001011 and the Ciphertext 01100101 01011010. 00001101 10100100 11010111 00010001 11110010 01011011 00101000 11101110
11010111 00010001
Which of the following ports does Tiny Telnet Server Trojan use? 23 22 21 20
23
What is the length of ID number of an organization in a MAC address? 26 bits 24 bits 48 bits 12 bits
24 bits
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide? Registration of critical penetration testing for the Department of Homeland Security and public and private sectors. Measurement of key vulnerability assessments on behalf of the Department of Defense (DoD) and State Department, as well as private sectors. 24x7 CSIRT Services to any user, company, government agency, or organization. Maintenance of the nation's Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure.
24x7 CSIRT Services to any user, company, government agency, or organization.
Which of the following is the advantage of adopting a single sign on (SSO) system? Impacts user experience when an application times out the user needs to login again reducing productivity Decreased security as the logout process is different across applications A reduction in overall risk to the system since network and application attacks can only happen at the SSO point A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications
A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications
When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy? A senior creation approach. A bottom-up approach. An IT assurance approach. A top-down approach.
A top-down approach.
Arturo is the leader of information security professionals of a small financial corporation that has a few branch offices in Africa. The company suffered an attack of USD 10 million through an interbanking system. The CSIRT explained to Arturo that the incident occurred because 6 months ago the hackers came in from the outside through a small vulnerability, then they did a lateral movement to the computer of a person with privileges in the interbanking system. Finally, the hackers got access and did the fraudulent transactions.What is the most accurate name for the kind of attack in this scenario? External Attack APT Internal Attack Backdoor
APT
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? Distributive Reflective Active Passive
Active
Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)? Temporal Metrics Base Metrics Environmental Metrics Active Metrics
Active Metrics
An NMAP scan of a server shows port 25 is open. What risk could this pose? Open printer sharing Active mail relay Web portal data leak Clear text authentication
Active mail relay
Which of the following is one of the four critical components of an effective risk assessment? DMZ. Logical interface. Physical security. Administrative safeguards.
Administrative safeguards.
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. A competitor learns that employees use their own personal smartphones to communicate with other employees of Highlander, Incorporated. Which information security attack vector should the competitor use to gather information over a long period of time from the phones, without the victim being aware that he or she has been compromised? Viruses and Worms Advanced Persistent Threat Mobile Threats Botnet
Advanced Persistent Threat
Which of the following attack vectors is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time? The intention of this attack is to steal data rather than to cause damage to the network or organization. Botnet Advanced Persistent Threats Insider Attack Mobile Threats
Advanced Persistent Threats
Which of the following statements correctly defines a zero-day attack? An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability. An attack that exploits vulnerabilities after the software developer releases a patch for the vulnerability. An attack that exploits an application even if there are zero vulnerabilities. An attack that could not exploit vulnerabilities even though the software developer has not released a patch.
An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability.
Which assessment focuses on transactional Web applications, traditional client-server applications, and hybrid systems? Passive Assessment Application Assessment Active Assessment Wireless network Assessment
Application Assessment
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server and the company uses work folders to synchronize offline copies back to their devices. A competitor has finished the reconnaissance and scanning phases of their attack. They are going to try to gain access to the Highlander, Incorporated, laptops. Which would be the most likely level to gain access? Hardware Level Network Level Application Level Operating System
Application Level
Which of the following techniques do attackers use to escalate privileges in the Windows operating system? Launch Daemon Application Shimming Setuid and Setgid Plist Modification
Application Shimming
Which of the following items is unique to the N-tier architecture method of designing software applications? Application layers can be separated, allowing each layer to be upgraded independently from other layers. Data security is tied into each layer and must be updated for all layers when an upgrade is performed. Application layers can be written in C, ASP.NET, or Delphi without any performance loss. It is compatible with various databases including Access, Oracle, and SQL.
Application layers can be separated, allowing each layer to be upgraded independently from other layers.
When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing? At least twice a year or after any significant upgrade or modification At least once a year and after any significant upgrade or modification At least once every three years or after any significant upgrade or modification At least once every two years and after any significant upgrade or modification
At least once a year and after any significant upgrade or modification
Which of the following is a detective control? Continuity of operations plan. Security policy. Smart card authentication. Audit trail.
Audit trail.
Which of the following is a program that is installed without the user's knowledge and can bypass the standard system authentication or conventional system mechanism like IDS, firewalls, etc. without being detected? Backdoor Trojans Covert Channel Trojans Proxy Server Trojans Remote Access Trojans
Backdoor Trojans
Marina is a malware analyst with a bank in London. One day, she suspects a file to be a malware and tries to perform static analysis to identify its nature. She wants to analyze the suspicious file and extract the embedded strings in the file into a readable format. Which of the following tool can she use to perform this task? UPX ASPack BinText PE Explorer
BinText
A hacker wants to encrypt and compress 32-bit executables and .NET apps without affecting their direct functionality. Which of the following cryptor tools should be used by the hacker? Java crypter BitCrypter Cypherx Hidden sight crypter
BitCrypter
A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement state that the penetration test has to be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? Red box. Black box. White box. Grey box.
Black box.
Which of the following terms is used to refer the technique that uses aggressive SEO tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to get higher search engine ranking for their malware pages? Malvertising Blackhat Search Engine Optimization (SEO) Drive-by Downloads Spear Phishing
Blackhat Search Engine Optimization (SEO)
Javier works as a security analyst for a small company. He has heard about a new threat; a new malware that the antivirus does not detect yet. Javier has the hash for the new virus. What can Javier do to proactively protect his company? Send the hash information to the antivirus company Wait for the antivirus company to release a new version Generate his own new version of the antivirus with the malware hash Block with the antivirus anything that presents the same hash of the malware
Block with the antivirus anything that presents the same hash of the malware
Which term refers to common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system ? Port Scanning Buffer Overflows Banner Grabbing Active Footprinting
Buffer Overflows
How can a policy help improve an employee's security awareness? By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees By implementing written security procedures, enabling employee security training, and promoting the benefits of security By decreasing an employee's vacation time, addressing ad hoc employment clauses, and ensuring that managers know employee strengths By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative helpline
By implementing written security procedures, enabling employee security training, and promoting the benefits of security
How does an attacker perform a "social engineered clickjacking" attack? By attaching a malicious file to an e-mail and sending the e-mail to a multiple target address By exploiting flaws in browser software to install malware merely by visiting a website By injecting malware into legitimate-looking websites to trick users by clicking them By mimicking legitimate institutions, such as banks, in an attempt to steal passwords and credit card
By injecting malware into legitimate-looking websites to trick users by clicking them
What is the command used by an attacker to establish a null session with the target machine? C:\clearlogs.exe -app C:\>auditpol \\<ip address of target> auditpol /get /category:* C :\>auditpol \\<ip address of target> /disable
C:\>auditpol \\<ip address of target>
Which of the following is a primary service of the U.S. CSIRT? CSIRT provides penetration testing service to support exception reporting on incidents worldwide by individuals and multinational corporations. CSIRT provides computer security surveillance service to supply a government with important intelligence information on individuals traveling abroad. CSIRT provides vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or a company's asset. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.
CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.
A hacker is sniffing the network traffic and trying to crack the encrypted passwords using Dictionary, Brute-Force, and Cryptanalysis attacks. Which of the following tool helps the hacker to recover the passwords? Nessus Hoovers Metagoofil Cain and Abel
Cain and Abel
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations? Hping Cain and Abel Nikto John the Ripper
Cain and Abel
Which of the following steps in enumeration penetration testing serves as an input to many of the ping sweep and port scanning tools for further enumeration? Perform competitive intelligence Perform ARP poisoning Calculate the subnet mask Perform email footprinting
Calculate the subnet mask
A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. The ethical hacker is working on Windows system and trying to obtain login credentials. He decided to sniff and capture network traffic using an automated tool and use the same tool to crack the passwords of users. Which of the following techniques can be employed by the ethical hacker? Capture LANMAN Hashes and crack them with L0phtCrack. Capture every users' traffic with Ettercap. Guess passwords using Medusa or Hydra against a network service. Capture administrators' RDP traffic and decode it with Cain and Abel.
Capture administrators' RDP traffic and decode it with Cain and Abel.
Which of the following tools is an antivirus program that is used to detect viruses? DriverView ClamWin WannaCry ZeuS
ClamWin
Which element in a vulnerability scanning report allows the system administrator to obtain additional information about the scanning such as the origin of the scan? Target information Classification Services Scan information
Classification
In which of the following hacking phases does an attacker use steganography and tunneling techniques to hide communication with the target for continuing access to the victim's system and remain unnoticed and uncaught? Reconnaissance Enumeration Scanning Clearing Tracks
Clearing Tracks
Identify the technique used by the attackers to wipe out the entries corresponding to their activities in the system log to remain undetected? Clearing logs Executing applications Escalating privileges Gaining access
Clearing logs
Highlander, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications.There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology and trends in network security, what would be the primary target of a hacker trying to compromise Highlander? Personal Smartphones Cloud Based File Server Personal Laptops Company Desktops
Cloud Based File Server
What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation? ISO 26029 Blue Book The Wassenaar Agreement Common Criteria
Common Criteria
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The laptops utilize direct access to automatically connect their machines to the Highlander, Incorporated, network when they are not in the regional offices. The laptops are set up to use IPsec when communicating with the cloud-based file server. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology, which of the main elements of information security has Highlander, Incorporated, NOT addressed in its plans for its laptops? Confidentiality Availability Integrity Authenticity
Confidentiality
Which fundamental element of information security refers to an assurance that the information is accessible only to those authorized to have access? Authenticity Confidentiality Integrity Availability
Confidentiality
Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? Configure IIS Configure web servers TCP/IP and IPSec Implement VPN
Configure IIS
You are performing a port scan with Nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results? Fragmented packet scan Connect scan XMAS scan Stealth scan
Connect scan
What is the correct order for vulnerability management life cycle? Monitor → risk assessment → remediation → verification → creating baseline → vulnerability assessment a. Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor b. Verification → vulnerability assessment → monitor → remediation → creating baseline → risk assessment c. Verification → risk assessment → monitor → remediation → creating baseline → vulnerability assessment
Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor
Which of the following is not a mitigation technique against MAC address spoofing? IP Source Guard DHCP Snooping Binding Table Dynamic ARP Inspection DNS Security (DNSSEC)
DNS Security (DNSSEC)
Which of the following terms refers to gaining access to one network and/or computer and then using the same to gain access to multiple networks and computers that contain desirable information? Social Engineering Doxing Daisy Chaining Kill Chain
Daisy Chaining
Which of the following Trojan construction kits is used to create user-specified Trojans by selecting from the various options available? Win32.Trojan.BAT DarkHorse Trojan Virus Maker Senna Spy Trojan Generator Trojan.Gen
DarkHorse Trojan Virus Maker
Out of the following, which layer is responsible for encoding and decoding data packets into bits? Data Link layer Application layer Session layer Network layer
Data Link layer
Sniffers work at which of the following open systems interconnect (OSI) layers? Data link layer Transport layer Application layer Presentation layer
Data link layer
Which security strategy requires using several, diverse methods to protect IT systems against attacks? Three-way handshake Defense in depth Exponential backoff algorithm Covert channels
Defense in depth
Which of the following tasks DOES NOT fall under the scope of ethical hacking? Pen testing Vulnerability scanning Defense-in-depth implementation Risk assessment
Defense-in-depth implementation
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job? Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack. Define the penetration testing scope. Start by footprinting the network and mapping out a plan of attack. Begin the reconnaissance phase with passive information gathering and then move into active information gathering.
Define the penetration testing scope.
Which type of assessment tools are used to find and identify previously unknown vulnerabilities in a system? Scope assessment tools Application-layer vulnerability assessment tools Depth assessment tools Active Scanning Tools
Depth assessment tools
In the software security development lifecycle, threat modeling occurs in which phase? Implementation Design Requirements Verification
Design
A computer science student needs to fill some information into a password protected Adobe PDF job application that was received from a prospective employer. Instead of requesting the password, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Identify the type of password attack. Man-in-the-middle attack Dictionary attack Session hijacking Brute-force attack
Dictionary attack
Which of the following is an example of two-factor authentication? Username and Password Password and fingerprint PIN Number and Birth Date Digital Certificate and Hardware Token
Digital Certificate and Hardware Token
Which of the following techniques do attackers use to cover the tracks? Steganalysis Scanning Disable auditing Steganography
Disable auditing
Which of the following techniques is used by the attackers to clear online tracks? Disable auditing Disable the user account Disable LAN manager Disable LMNR and NBT-NS services
Disable auditing
Which of the following is NOT an objectives of network scanning? Discover the network's live hosts Discover the services running Discover usernames and passwords Discover the services running
Discover usernames and passwords
Which of the following steganography techniques allows the user to add white spaces and tabs at the end of the lines? Document steganography Folder Steganography Image Steganography Video steganography
Document steganography
Out of the following, which is not an active sniffing technique? Domain snipping Spoofing attack Switch port stealing MAC flooding
Domain snipping
Which of the following backdoors is used by the WannaCry ransomware to perform remote code execution and further propagation on a victim machine? EternalBlue Doublepulsar Kovter satanz
Doublepulsar
James has published personal information about all senior executives of Essential Securities Bank on his blog website. He has collected all this information from multiple social media websites and publicly accessible databases. What is this known as? Doxing Impersonation Social Engineering Phishing
Doxing
Jean Power wants to try and locate passwords from company XYZ. He waits until nightfall and climbs into the paper recycling dumpster behind XYZ, searching for information. What is Jean doing? Password finding Social engineering Paper tracking Dumpster diving
Dumpster diving
Ramon is a security professional for xsecurity. During an analysis process, he has identified a suspicious .exe file. Ramon executed the suspicious malicious file in a sandbox environment where the malware cannot affect other machines in the network. What type of analysis does Ramon conduct? Static Malware Analysis Sheep Dipping Dynamic Malware Analysis Preparing Testbed
Dynamic Malware Analysis
Which of the following SMTP in-built commands tells the actual delivery addresses of aliases and mailing lists? PSINFO RCPT TO EXPN VRFY
EXPN
Which of the following statements are true regarding N-tier architecture? (Choose two.) Each layer must be able to exist on a physically independent system. The N-tier architecture must have at least one logical layer. When a layer is changed or updated, the other layers must also be recompiled or modified. Each layer should exchange information only with the layers above and below it.
Each layer must be able to exist on a physically independent system. Each layer should exchange information only with the layers above and below it.
How do employers protect assets with security policies pertaining to employee surveillance activities? Employers provide employees with written statements that clearly discuss the boundaries of monitoring activities and the consequences. Employers use informal verbal communication channels to explain employee monitoring activities to employees. Employers use network surveillance to monitor employee e-mail traffic and network access, and to record employee keystrokes. Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.
Employers provide employees with written statements that clearly discuss the boundaries of monitoring activities and the consequences.
You are the security administrator of Xtrinity, Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being followed by the employees, you discover that an employee has attached his laptop to his personal 4G Wi-Fi device. He has used this 4G connection to download certain files from the Internet, thereby bypassing your firewall. A security policy breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation? Enforce the corporate security policy. Conduct a needs analysis. Reconfigure the firewall. Install a network-based IDS.
Enforce the corporate security policy.
Jonathan, a solutions architect with a start-up, was asked to redesign the company's web infrastructure to meet the growing customer demands. He proposed the following architecture to the management: What is Jonathan's primary objective? Ensuring high availability Ensuring confidentiality of the data Proper user authentication Ensuring integrity of the application servers
Ensuring high availability
Which of the following Rootkit Trojans performs targeted attacks against various organizations and arrives on the infected system by being downloaded and executed by the Trickler dubbed "DoubleFantasy," covered by TSL20110614-01 (Trojan.Win32.Micstus.A)? EquationDrug rootkit GrayFish rootkit Hardware/firmware rootkit Boot loader level rootkitc
EquationDrug rootkit
Highlander, Incorporated, decides to hire an ethical hacker to identify vulnerabilities at the regional locations and ensure system security. What is the main difference between a hacker and an ethical hacker when they are trying to compromise the regional offices? Hackers don't have any knowledge of the network before they compromise the network. Ethical Hackers have the permission of upper management. Ethical hackers have the permission of the regional server administrators. Hackers have more sophisticated tools.
Ethical Hackers have the permission of upper management.
Why is ethical hacking necessary? (Select two.) Ethical hackers are responsible for incident handling and response in the organization. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched Ethical hackers try to find what an intruder can see on the system under evaluation. Ethical hackers are responsible for selecting security solutions and try to verify the ROI of security systems.
Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched Ethical hackers try to find what an intruder can see on the system under evaluation.
A security policy is more acceptable to employees if it is consistent and has the support of: A supervisor. The security officer. Executive management. Coworkers.
Executive management.
Which of the following enumeration techniques is used by a network administrator to replicate domain name system (DNS) data across many DNS servers, or to backup DNS files? Brute force Active Directory Extract information using DNS Zone Transfer Extract user names using email IDs Extract information using default passwords
Extract information using DNS Zone Transfer
A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? Finding the top-level domains (TLDs) and sub-domains of a target through web services Performing social engineering Performing traceroute analysis Querying published name servers of the target
Finding the top-level domains (TLDs) and sub-domains of a target through web services
A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take? Follow proper legal procedures against the company to request payment. Exploit some of the vulnerabilities found on the company webserver to deface it. Threaten to publish the penetration test results if not paid. Tell other customers of the financial problems with payments from this company.
Follow proper legal procedures against the company to request payment.
What is the correct order of steps in the system hacking cycle? Escalating Privileges -> Gaining Access -> Executing Applications -> Covering Tracks -> Hiding Files Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks Executing Applications -> Gaining Access -> Covering Tracks -> Escalating Privileges -> Hiding Files Covering Tracks -> Hiding Files -> Escalating -> Privileges -> Executing Applications -> Gaining Access
Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks
What is the objective of a reconnaissance phase in a hacking life-cycle? Identifying specific vulnerabilities in the target network. Gaining access to the target system with admin/root level privileges. Gathering as much information as possible about the target. Gaining access to the target system and network
Gathering as much information as possible about the target.
Which of the following techniques is used to create complex search engine queries? Bing Search Yahoo Search Google hacking DuckDuckGo
Google hacking
Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to show the results to his boss. What kind of role is shown in the scenario? Black Hat hacker Annoying employee Gray Hat hacker White Hat hacker
Gray Hat hacker
Which of the following registry entry you will delete to clear Most Recently Used (MRU) list? HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Individuals who promote security awareness or a political agenda by performing hacking are known as: Suicide hackers Hacktivist Script kiddies Cyber terrorists
Hacktivist
To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings? Windowing Harvesting Hardening Stealthing
Hardening
In which of the following techniques does an unauthorized user try to access the resources, functions, and other privileges that belong to the authorized user who has similar access permissions? Vertical Privilege Escalation Rainbow Table Attack Horizontal Privilege Escalation Kerberos Authentication
Horizontal Privilege Escalation
Sohum is carrying out a security check on a system. This security check involves carrying out a configuration-level check through the command line in order to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Which type of assessment is performed by Sohum? External Assessment Internal Assessment Network based Assessment Host based Assessment
Host based Assessment
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The company is concerned about the potential vulnerabilities that could exist on their devices. What would be the best type of vulnerability assessment for the employees' smartphones? Active Assessment. Passive Assessment. Host-Based Assessment. Wireless Network Assessment.
Host-Based Assessment.
Which type of rootkit is created by attackers by exploiting hardware features such as Intel VT and AMD-V? Hypervisor Level Rootkit Hardware/Firmware Rootkit Kernel Level Rootkit Boot Loader Level Rootkit
Hypervisor Level Rootkit
Which of the following are valid types of rootkits? (Choose three.) Hypervisor level Physical level Kernel level Data access level Application level Network level
Hypervisor level Kernel level Application level
Which of the following is a type of network protocol for port-based network access control (PNAC)? SFTP SSH IEEE 802.1X suites SSL
IEEE 802.1X suites
Which of the following is a defense technique for MAC spoofing used in switches that restricts the IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database? Authentication, authorization, and accounting (AAA) DHCP snooping binding table Dynamic ARP inspection IP Source Guard
IP Source Guard
Which of the following protocols is the technology for both gateway-to-gateway (LAN-to-LAN) and host to gateway (remote access) enterprise VPN solutions? NetBios IPSec SNMP SMTP
IPSec
An attacker is sending spoofed router advertisement messages so that all the data packets travel through his system. Then the attacker is trying to sniff the traffic to collect valuable information from the data packets to launch further attacks such as man-in-the-middle, denial-of-service, and passive sniffing attacks on the target network. Which of the following technique is the attacker using in the above scenario? ARP Spoofing MAC Flooding DHCP Starvation Attack IRDP Spoofing
IRDP Spoofing
What method should be incorporated by a network administrator to prevent the organization's network against ARP poisoning? Use SSL for secure traffic Implement dynamic arp inspection (DAI) using the dynamic host configuration protocol (DHCP) snooping binding table Use secure shell (SSH) encryption Resolve all DNS queries to local DNS server
Implement dynamic arp inspection (DAI) using the dynamic host configuration protocol (DHCP) snooping binding table
Roy is a network administrator at an organization. He decided to establish security policies at different levels in the organization. He decided to restrict the installation of USB drives in the organization and decided to disable all the USB ports. Which of the following countermeasure Roy must employ? Adopt documented change management Implement proper access privileges Use multiple layers of antivirus defenses Ensure a regular update of software
Implement proper access privileges
Which of the following is an appropriate defense strategy to prevent attacks such as piggybacking and tailgating? Implement strict badge, token or biometric authentication, employee training, and security guards Educate vendors about social engineering Train technical support executives and system administrators never to reveal passwords or other information by phone or email Employee training, best practices, and checklists for using passwords
Implement strict badge, token or biometric authentication, employee training, and security guards
Which of the following policies provides the guidelines on the processing, storage and transmission of sensitive information? Network Security Policy. Acceptable Use Policy. Server Security Policy. Information Protection Policy.
Information Protection Policy.
Which of the following category of information warfare is a sensor-based technology that directly corrupts technological systems? Command and control warfare (C2 warfare) Economic warfare Intelligence-based warfare Electronic warfare
Intelligence-based warfare
Which of the following DNS poisoning techniques uses ARP poisoning against switches to manipulate routing table? DNS Cache Poisoning Intranet DNS Spoofing Internet DNS Spoofing Proxy Server DNS Poisoning
Intranet DNS Spoofing
NotPetya ransomware targets all the versions of Windows OSs and can infect the entire network, including known server names. Which of the following statement is true for NotPetya? It is a dreadful data encrypting parasite that not only infects the computer system but also has the ability to corrupt data on unmapped network shares. It can spread over the network using WMIC (Windows Management Instrumentation Command-line) by capturing all credentials from the local machine using Mimikatz. It spreads as a malicious Word document named invoice J-[8 random numbers].doc that is attached to spam emails. It spreads through an exposed, vulnerable SMB port instead of phishing or social engineering.
It can spread over the network using WMIC (Windows Management Instrumentation Command-line) by capturing all credentials from the local machine using Mimikatz.
Rita is a security analyst in a firm and wants to check a new antivirus software by creating a virus so as to auto start and shutdown a system. Identify the virus maker tool she should use to check the reliability of new anti-virus software? JPS Virus Maker VirusTotal WannaCry DELmE's Batch Virus Generator
JPS Virus Maker
Which of the following tools can be used to perform LDAP enumeration? SuperScan SoftPerfect Network Scanner JXplorer Nsauditor Network Security Auditor
JXplorer
Fill in the blank _________________ type of rootkit is most difficult to detect. Hardware/Firmware Rootkit Kernel Level Rootkit Hypervisor Rootkit Application Rootkit
Kernel Level Rootkit
Which of the following protocols is responsible for accessing distributed directories and access information such as valid usernames, addresses, departmental details, and so on? DNS NTP LDAP SMTP
LDAP
What are the three types of compliances that the Open-Source Security Testing Methodology Manual (OSSTMM) recognizes? Legal, performance, audit. Contractual, regulatory, industry. Legislative, contractual, standards-based. Audit, standards-based, regulatory.
Legislative, contractual, standards-based.
Least privilege is a security concept, which requires that a user is ... Trusted to keep all data and access to that data under their sole control. Limited to those functions which are required to do the job. Given privileges equal to everyone else in the department. Given root or administrative privileges.
Limited to those functions which are required to do the job.
SecTech Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, SecTech does not have the required resources or capabilities to perform a vulnerability assessment. They decide to purchase a vulnerability assessment tool to test a host or application for vulnerabilities. Which of the following factors should the organization NOT consider while purchasing a vulnerability assessment tool? Test run scheduling Links to patches Types of vulnerabilities being assessed Functionality for writing own tests
Links to patches
Which of the following ransomware is a dreadful data-encrypting parasite that not only infects the computer system but also has the ability to corrupt data on unmapped network shares? Locky Mischa Petya -NotPetya WannaCry
Locky
The implementation of a BYOD policy that prohibits employees from bringing personal computing devices into a facility falls under what type of security controls? Procedural Physical Logical Technical
Logical
A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.) MAC duplication Reverse smurf attack Address Resolution Protocol (ARP) spoofing ARP broadcasting MAC flooding SYN flooding
MAC duplication Address Resolution Protocol (ARP) spoofing MAC flooding
A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could have been used by the hacker to sniff all of the packets in the network? MAC flood attack Fraggle attack Smurf attack Tear drop attack
MAC flood attack
Which of the following DNS record type helps in DNS footprinting to determine domain's mail server? MX A NS CNAME
MX
Which of the following programs is usually targeted at Microsoft Office products? Multipart virus Macro virus Stealth virus Polymorphic virus
Macro virus
Which of the following parameters enables NMAP's operating system detection feature? NMAP -O NMAP -sV NMAP -oS NMAP -sC
NMAP -O
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? NMAP -PN -O -sS -p 1-1024 192.168.0/8 NMAP -P0 -A -sT -p0-65535 192.168.0/16 NMAP -P0 -A -O -p1-65535 192.168.0/24 NMAP -PN -A -O -sS 192.168.2.0/24
NMAP -PN -A -O -sS 192.168.2.0/24
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP? NMAP scripting engine Metasploit scripting engine SAINT scripting engine Nessus scripting engine
NMAP scripting engine
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11? Nessus Clamwin Sub7 Truecrypt
Nessus
Sanya is a security analyst in a multinational company who wants to schedule scans across multiple scanners, use wizards to easily and quickly create policies and wants to send results via email to her boss. Which vulnerability assessment tool should she use to get the best results? FOCA Wireshark Nessus Professional Recon-ng
Nessus Professional
An attacker identified that port 139 on the victim's Windows machine is open and he used that port to identify the resources that can be accessed or viewed on the remote system. What is the protocol that allowed the attacker to perform this enumeration? LDAP SNMP SMTP NetBIOS
NetBIOS
Which tool would be used to collect wireless packet data? NetStumbler Netcat Nessus John the Ripper
NetStumbler
What is the outcome of the command "nc -l -p 2222 | nc 10.1.0.43 1234"? Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43. Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222. Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234. Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222.
Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.
Which of the following toolbars is used to provide an open application program interface (API) for developers and researchers to integrate anti-phishing data into their applications? SET Metasploit Netcraft DroidSheep
Netcraft
Stephany is the leader of an information security team of a global corporation that has several branch offices around the world. In the past six months, the company has suffered several security incidents. The CSIRT explains to Stephany that the incidents have something in common: the source IP addresses of all the incidents are from one of the new branches. A lot of the outsourcing staff come to this office to connect their computers to the LAN. What is the most accurate security control to implement to resolve the primary source of the incidents? Internal Firewall Network access control (NAC) Awareness to employees Antimalware application
Network access control (NAC)
You have been hired to do an ethical hacking (penetration Testing) for a company. Which is the first thing you should do in this process? Perimeter Testing Acquiring Target Escalating Privileges Network information gathering
Network information gathering
Which of the following information is collected using enumeration? Operating systems, location of web servers, users and passwords. Network resources, network shares, and machine names. Email Recipient's system IP address and geolocation. Open ports and services.
Network resources, network shares, and machine names.
An ethical hacker is performing penetration testing on the target organization. He decided to test the organization's network to identify the systems running in promiscuous mode. Identify the tool that the ethical hacker needs to employ? Nmap FOCA FaceNiff Recon-ng
Nmap
Which of the following tool a tester can use to detect a system that runs in promiscuous mode, which in turns helps to detect sniffers installed on the network? shARP Nmap FaceNiff OmniPeek
Nmap
A computer technician is using the latest version of a word-processing software and discovers that a particular sequence of characters is causing the entire computer to crash. The technician researches the bug and discovers that no one else has experienced the problem. What is the appropriate next step? Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix. Create a document that will crash the computer when opened and send it to friends. Ignore the problem completely and let someone else deal with it. Find an underground bulletin board and attempt to sell the bug to the highest bidder.
Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.
Which of the following operating systems allows loading of weak dylibs dynamically that is exploited by attackers to place a malicious dylib in the specified location? Unix OS X Linux Android
OS X
When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is OWASP addresses controls and OSSTMM does not. OWASP is for web applications and OSSTMM does not include web applications. OSSTMM is gray box testing and OWASP is black box testing. OSSTMM addresses controls and OWASP does not.
OWASP is for web applications and OSSTMM does not include web applications.
Which component of the malware conceals the malicious code via various techniques, thus making it hard for security mechanisms to detect or remove it? Downloader Crypter Obfuscator Payload
Obfuscator
Which of the following tools is not a NetBIOS enumeration tool? OpUtils NetScanTools Pro Hyena SuperScan
OpUtils
Which of the following technique is used to gather information about the target without direct interaction with the target? Active Footprinting Passive Footprinting Scanning Enumeration
Passive Footprinting
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? Active information gathering Vulnerability assessment Passive information gathering Information reporting
Passive information gathering
Which of the following technique involves sending no packets and just capturing and monitoring the packets flowing in the network? Passive sniffing Network scanning Port sniffing Active sniffing
Passive sniffing
John the Ripper is a technical assessment tool used to test the weakness of which of the following? Firewall rulesets Passwords File permissions Usernames
Passwords
Which of the following terms refers to an advanced form of phishing in which the attacker redirects the connection between the IP address and its target server? Hacking Pretexting Pharming Skimming
Pharming
Jose sends a link to the employee of a target organization, falsely claiming to be from a legitimate site in an attempt to acquire his account information. Identify the attack performed by Jose? Vishing Phishing Eavesdropping Impersonation
Phishing
Which of the following techniques is used to distribute malicious links via some communication channel such as mails to obtain private information from the victims? Dumpster diving Vishing Piggybacking Phishing
Phishing
Which of the following policies addresses the areas listed below: Issue identification (ID) cards and uniforms, along with other access control measures to the employees of a particular organization. Office security or personnel must escort visitors into visitor rooms or lounges. Restrict access to certain areas of an organization in order to prevent unauthorized users from compromising security of sensitive data. Defense strategy Password security policies Special-access policies Physical security policies
Physical security policies
Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications? TCP hijacking Smurf attack Ping of death SYN flooding
Ping of death
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Highlander, Incorporated, is concerned about their defense in depth. The scope of their concern is especially the users with mobile phones. In order to provide appropriate security, which layer of defense in depth should they focus the most attention on? Internal Network. Perimeter. Policies, Procedures, and Awareness. Physical.
Policies, Procedures, and Awareness.
During malware reverse engineering and analysis, Sheena has identified following characteristics present in the malware:• Self-replicating• Reprograms itself• Cannot be detected by antivirus• Changes the malicious code with each infectionWhat is the type of malware identified by Sheena? Botnet Trojan Polymorphic Virus Metamorphic Virus Covert Channel Trojan
Polymorphic Virus
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Management at Highlander, Incorporated, has agreed to develop an incident management process after discovering laptops were compromised and the situation was not handled in an appropriate manner. What is the first phase that Highlander, Incorporated, needs to implement within their incident management process? Forensic Investigation. Containment. Preparation for Incident Handling and Response. Classification and Prioritization.
Preparation for Incident Handling and Response.
Which security control role does encryption meet? Detective Controls Both detective and corrective controls Preventative Controls Corrective controls
Preventative Controls
Which of the following can be categorized as a host-based threat? Privilege escalation IDS bypass Man-in-the-Middle attack Distributed Denial-of Service
Privilege escalation
Which type of security documents provides specific step-by-step details? Process Procedure Paradigm Policy
Procedure
Which of the following malware types restricts access to the computer system's files and folders, and demands a payment to the malware creator(s) in order to remove the restrictions? Spyware Ransomeware Adware Trojan Horse
Ransomeware
Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting Results for matches on target.com and Marketing.target.com that include the word "accounting" Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting Results matching "accounting" in domain target.com but not on the site Marketing.target.com Results matching all words in the query
Results matching "accounting" in domain target.com but not on the site Marketing.target.com
Which type of scan is used on the eye to measure the layer of blood vessels? Facial recognition scan Iris scan Signature kinetics scan Retinal scan
Retinal scan
Which one of the following software program helps the attackers to gain unauthorized access to a remote system and perform malicious activities? Rootkit Keylogger Anti-spyware Antivirus
Rootkit
Which type of access control is used on a router or firewall to limit network activity? Rule-based. Role-based. Mandatory Discretionary.
Rule-based.
Which of the following windows service vulnerability does the WannaCry ransomware exploit during the attack on any windows machine? SNMP DNS SMTP SMB
SMB
Which protocol enables an attacker to enumerate user accounts and devices on a target system? NetBIOS TCP SNMP SMTP
SNMP
Stephany is worried because in the past six weeks she has received two and three times the amount of e-mails that she usually receives, and most of it is not related to her work. What kind of problem is Stephany facing? Malware External Attack SPAM Phishing
SPAM
You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks or SQL injection techniques? site:Wikipedia.org related:"SQL Injection" SQL injection site:Wikipedia.org allinurl: Wikipedia.org intitle:"SQL Injection" site:Wikipedia.org intitle:"SQL Injection"
SQL injection site:Wikipedia.org
A tester wants to securely encrypt the session to prevent the network against sniffing attack, which of the following protocols should he use as a replacement of Telnet? SSH Load Balancing (LB) Intrusion Prevention System (IPS) Public Key Infrastructure (PKI)
SSH
Which United States legislation mandates that the chief executive officer (CEO) and the chief financial officer (CFO) must sign statements verifying the completeness and accuracy of financial reports? Sarbanes-Oxley Act (SOX) Fair and Accurate Credit Transactions Act (FACTA) Gramm-Leach-Bliley Act (GLBA) Federal Information Security Management Act (FISMA)
Sarbanes-Oxley Act (SOX)
A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response? Say no; the friend is not the owner of the account. Say yes; do the job for free. Say yes; the friend needs help to gather evidence. Say no; make sure that the friend knows the risk she's asking the CEH to take.
Say no; the friend is not the owner of the account.
At a Windows server command prompt, which command could be used to list the running services? Sc query type= running Sc query \\servername Sc config Sc query
Sc query
In which of the following hacking phases does an attacker try to detect listening ports to find information about the nature of services running on the target machine? Gaining access Clearing Tracks Scanning Maintaining access
Scanning
Which of the following is an active reconnaissance technique? Collecting contact information from yellow pages Scanning a system by using tools to detect open ports Collecting information about a target from search engines Performing dumpster diving
Scanning a system by using tools to detect open ports
Which of the following processes evaluates the adherence of an organization to its stated security policy? Vulnerability assessment Penetration testing Security auditing Risk assessment
Security auditing
Which of the following examples best represents a logical or technical control? Corporate security policy. Security tokens. Heating and air conditioning. Smoke and fire alarms.
Security tokens.
Which of the following is a network based threat? Buffer overflow Arbitrary code execution Input validation flaw Session hijacking
Session hijacking
Which of the following is a network threat? Arbitrary code execution Session hijacking Privilege escalation SQL injection
Session hijacking
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? Request type=ns Locate type=ns Set type=ns Transfer type=ns
Set type=ns
Ron, a customer support intern, exploited default configurations and settings of the off-the-shelf libraries and code used in the company's CRM platform. How will you categorize this attack? Mis-configuration attack Operating System attack Application-level attack Shrink-wrap code attack
Shrink-wrap code attack
Which initial procedure should an ethical hacker perform after being brought into an organization? Assess what the organization is trying to protect Begin security testing. Sign a formal contract with a non-disclosure clause or agreement Turn over deliverables
Sign a formal contract with a non-disclosure clause or agreement
Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs. Smith should use WayBackMachine in Archive.org to find the company's internal URLs. Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs. Smith should use online services such as netcraft.com to find the company's internal URLs.
Smith should use online services such as netcraft.com to find the company's internal URLs.
Jack a malicious hacker wants to break into Brown Co.'s computers and obtain their secret information related to Company's quotations. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him "just to double check our records." Jane does not suspect anything amiss, and reveals her password. Jack can now access Brown Co.'s computers with a valid username and password, to steal the confidential company's quotations. Identify the attack performed by Jack? Footprinting Social Engineering Reverse Engineering Scanning
Social Engineering
Jacob Hacker wants to infect the network of a competitor with a worm virus. He sets the worm to autoexecute and loads 50 copies of the worm onto 50 separate USB drives. He drives to the competitor's campus and drops the USB keys at various locations around the campus. He waits for random employees to pick it up and who might check to see what is on them by plugging them into their computer. Once an employee has inserted the key, the worm autoexecutes and the network is infected. What type of attack is described here? Virus attack Brute force attack Social engineering Distributed Denial-of-Service (DDoS) attack
Social engineering
A security consultant decides to scrutinize the information by categorizing information as top secret, proprietary, for internal use only, for public use, etc. Which of the following attack can be mitigated using such countermeasure? Social engineering attack Address Resolution Protocol (ARP) spoofing attack Scanning attack Forensic attack
Social engineering attack
Information gathered from social networking websites such as Facebook, Twitter, and LinkedIn can be used to launch which of the following types of attacks? SQL injection attack Smurf attack Distributed denial of service attack Social engineering attack
Social engineering attack
Which of the following viruses infect only occasionally upon satisfying certain conditions or when the length of the file falls within a narrow range? Sparse infector viruses Encryption viruses Cluster viruses Stealth virus
Sparse infector viruses
Which of the following analysis techniques involves going through the executable binary code without actually executing it to have a better understanding of the malware and its purpose? Dynamic malware analysis Spectrum analysis Static malware analysis System baselining
Static malware analysis
A security engineer is attempting to perform scanning on a company's internal network to verify security policies of their networks. The engineer uses the following NMAP command: nmap -n -sS -P0 -p 80 ***.***.**.** What type of scan is this? Stealth scan Quick scan Comprehensive scan Intense scan
Stealth scan
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run? Stealth virus Polymorphic virus Metamorphic virus Cavity virus
Stealth virus
Which of the following tools can not be used to perform SNMP enumeration? SuperScan SNScan SoftPerfect Network Scanner Nsauditor Network Security Auditor
SuperScan
Which of the following technique is used by the attacker to distribute the payload and to create covert channels? TCP Parameters Clear online tracks Performing steganalysis Covering tracks
TCP Parameters
A consultant is hired to do a physical penetration test at a large financial company. On the first day of his assessment, the consultant goes to the company's building dressed as an electrician and waits in the lobby for an employee to pass through the main access gate, and then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform? Mantrap Tailgating Social engineering Shoulder surfing
Tailgating
In a Windows system, an attacker was found to have run the following command:type C:\SecretFile.txt >C:\LegitFile.txt:SecretFile.txtWhat does the above command indicate? The attacker has used Alternate Data Streams to copy the content of SecretFile.txt file into LegitFile.txt. The attacker was trying to view SecretFile.txt file hidden using an Alternate Data Stream. The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt. The attacker has used Alternate Data Streams to rename SecretFile.txt file to LegitFile.txt.
The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt.
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work, so the consultant prints out several audits that they have performed for previous companies. Which of the following is likely to occur as a result? The consultant will ask for money on the bid because of great work. The consultant may expose vulnerabilities of other companies. The company accepting bids will hire the consultant because of the great work performed. The company accepting bids will want the same type of format of testing.
The consultant may expose vulnerabilities of other companies.
A penetration tester is conducting a port scan on a specific host. The tester found several open ports that were confusing in concluding the operating system (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 7.70 at 2018-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89 The host is likely a Linux machine. The host is likely a printer. The host is likely a Windows machine. The host is likely a router.
The host is likely a printer.
What happens when a switch CAM table becomes full? The CAM overflow table will cause the switch to crash causing denial-of-service (DoS). The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF. Every packet is dropped and the switch sends out simple network management protocol (SNMP) alerts to the intrusion detection system (IDS) port. The switch then acts as a hub by broadcasting packets to all machines on the network.
The switch then acts as a hub by broadcasting packets to all machines on the network.
Which of the following business challenges could be solved by using a vulnerability scanner? Auditors want to discover if all systems are following a standard naming convention. There is an urgent need to remove administrator access from multiple machines for an employee who quit. A web server was compromised and management needs to know if any further systems were compromised. There is a monthly requirement to test corporate compliance with host application usage and security policies.
There is a monthly requirement to test corporate compliance with host application usage and security policies.
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common? They are written in Java. They send alerts to security monitors. They use the same packet analysis engine. They use the same packet capture utility.
They use the same packet capture utility.
A covert channel is a channel that: Transfers information over, within a computer system, or network that is encrypted. Transfers information via a communication path within a computer system, or network for transfer of data. Transfers information over, within a computer system, or network that is within the security policy. Transfers information over, within a computer system, or network that is outside of the security policy.
Transfers information over, within a computer system, or network that is outside of the security policy.
An e-commerce site was put into a live environment and the programmers failed to remove the secret entry point (bits of code embedded in programs) that was used during the application development to quickly gain access at a later time, often during the testing or debugging phase. What is this secret entry point known as? Honey pot Trap door SQL injection SDLC process
Trap door
Tina downloaded and installed a 3D screensaver. She is enjoying watching the 3D screensaver, but whenever the screensaver gets activated, her computer is automatically scanning the network and sending the results to a different IP address on the network. Identify the malware installed along with the 3D screensaver? Virus Beacon Trojan Horse Worm
Trojan Horse
Which of the following problems can be solved by using Wireshark? Tracking version changes of source code Troubleshooting communication resets between two systems Resetting the administrator password on multiple systems Checking creation dates on all webpages on a server
Troubleshooting communication resets between two systems
InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? Trying to attempt social engineering by eavesdropping Trying to attempt social engineering by shoulder surfing Trying to attempt social engineering using phishing Trying to attempt social engineering by dumpster diving
Trying to attempt social engineering by dumpster diving
While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/Type 3 for all the pings you have sent out. What is the most likely cause of this? The host does not respond to ICMP packets. UDP port is closed. UDP port is open The firewall is dropping the packets.
UDP port is closed.
An NMAP scan of a server shows port 69 is open. What risk could this pose? Weak SSL version Cleartext login Web portal data leak Unauthenticated access
Unauthenticated access
An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next? Determine the origin of the attack and launch a counterattack. Perform a system restart on the company's web server. Unplug the network connection on the company's web server. Record as much information as possible from the attack.
Unplug the network connection on the company's web server.
Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? Traceroute tools Metadata extraction tools Web spidering tools WHOIS lookup tools
WHOIS lookup tools
Which of the following techniques allows attackers to inject malicious script on a web server to maintain persistent access and escalate privileges? Scheduled Task Launch daemon Access Token Manipulation Web Shell
Web Shell
By conducting which of the following monitoring techniques can a security professional identify the presence of any malware that manipulates HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services registry keys to hide its processes? Registry monitoring Windows services monitoring Process monitoring Startup programs monitoring
Windows services monitoring
Which of the following is not a remote access Trojan? Theef Wingbird Netwire Kedi RAT
Wingbird
In the options given below; identify the nature of a library-level rootkit? Uses devices or platform firmware to create a persistent malware image in hardware Functions either by replacing or modifying the legitimate bootloader with another one Operates inside the victim's computer by replacing the standard application files Works higher up in the OS and usually patches, hooks, or supplants system calls with backdoor versions
Works higher up in the OS and usually patches, hooks, or supplants system calls with backdoor versions
Which of the following is not a defense technique against malicious NTFS streams? Use up-to-date antivirus software Write critical data to alternate data streams Use File Integrity Monitoring tool like tripwire Move suspected files to FAT partition
Write critical data to alternate data streams
Which of the following Trojans uses port number 1863 to perform attack? Priority Devil XtremeRAT Millennium
XtremeRAT
Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for more than 15 years and has become very successful. One day, Yancey comes into work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years; he just wants the company to pay for what they are doing to him. What would Yancey be considered? Yancey would be considered a suicide hacker. Since he does not care about going to jail, he would be considered a black hat. Because Yancey works for the company currently, he would be a white hat. Yancey is a hacktivist hacker since he is standing up to a company that is downsizing.
Yancey would be considered a suicide hacker.
Which of the following insider threat is caused due to the employee's laxity toward security measures, policies, and practices? a. Malicious insider b. Professional insider d. Compromised insider c. Negligent insider
c. Negligent insider
Which of the following commands is used to disable the BASH shell from saving the history? history -w history -c shred ~/.bash_history export HISTSIZE=0
export HISTSIZE=0
Which command lets a tester enumerate live systems in a class C network via ICMP using native Windows tools? ping 192.168.2.255 ping 192.168.2. for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply" for %V in (1 1 255) do PING 192.168.2.%V
for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"
ngineer is learning to write exploits in C++ and is using Kali Linux. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this? g++ hackersExploit.py -o calc.exe g++ --compile -i hackersExploit.cpp -o calc.exe g++ -i hackersExploit.pl -o calc.exe g++ hackersExploit.cpp -o calc.exe
g++ hackersExploit.cpp -o calc.exe
Which of the following hping command performs UDP scan on port 80? hping3 -F -P -U <IP Address> -p 80 hping3 -A <IP Address> -p 80 hping3 -1 <IP Address> -p 80 hping3 -2 <IP Address> -p 80
hping3 -2 <IP Address> -p 80
Which of the following Hping3 command is used to perform ACK scan? hping3 -A <IP Address> -p 80 hping3 -2 <IP Address> -p 80 hping3 -8 50-60 -S <IP Address> -V hping3 -1 <IP Address> -p 80
hping3 -A <IP Address> -p 80
Which of the following vulnerability repositories is available online and allows attackers access to information about various software vulnerabilities? http://project-rainbowcrack.com https://www.tarasco.org http://www.securityfocus.com http://foofus.net
http://www.securityfocus.com
Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? inurl:"ccmuser/logon.asp" intitle:"D-Link VoIP Router" "Welcome" inurl:"NetworkConfiguration" cisco inurl:/voice/advanced/ intitle:Linksys SPA configuration
inurl:"NetworkConfiguration" cisco
Which of the following Cisco IOS global commands is used to enable or disable DHCP snooping on one or more VLANs? switchport port-security mac-address sticky ip dhcp snooping no ip dhcp snooping information option ip dhcp snooping vlan 4,104
ip dhcp snooping vlan 4,104
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? nessus & nessus *s nessus -d nessus +
nessus &
Which of the following command is used by the attackers to query the ntpd daemon about its current state? ntptrace ntpdate ntpq ntpdc
ntpdc
Which Google search query will search for any configuration files a target certifiedhacker.com may have? site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp | intext:cfg | intext:txt | intext:ora | intext:ini site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext:reg || ext:inf || ext:rdp || ext:cfg || ext:txt || ext:ora || ext:ini allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini
site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini
Which Google search query can you use to find mail lists dumped on pastebin.com? allinurl: pastebin.com intitle:"mail lists" allinurl: pastebin.com intitle:*@*.com:* site:pastebin.com intext:*@*.com:* cache: pastebin.com intitle:*@*.com:*
site:pastebin.com intext:*@*.com:*
A network administrator wants to configure port security on a Cisco switch. Which of the following command helps the administrator to enable port security on an interface? switchport port-security maximum 1 switchport port-security switchport port-security aging type inactivity switchport port-security aging time 2
switchport port-security
Which of the following command is used to set the maximum number of secure MAC addresses for the interface on a Cisco switch? switchport port-security aging time 2 switchport port-security violation restrict switchport port-security maximum 1 vlan access snmp-server enable traps port-security trap-rate 5
switchport port-security maximum 1 vlan access
What is the correct pcap filter to capture all transmission control protocol (TCP)traffic going to or from host 192.168.0.125 on port 25? port 25 and host 192.168.0.125 tcp.src == 25 and ip.host == 192.168.0.125 tcp.port == 25 and ip.addr == 192.168.0.125 host 192.168.0.125:25
tcp.port == 25 and ip.addr == 192.168.0.125