Ethical Hacking
Social engineers are master manipulators. Which of the following are tactics they might use? - Eavesdropping, ignorance, and threatening - Shoulder surfing, eavesdropping, and keylogging - Keylogging, shoulder surfing, and moral obligation - Moral obligation, ignorance, and threatening
Moral obligation, ignorance, and threatening
Whois, Nslookup, and ARIN are all examples of: - IoT hacking tools - Internet research tools - Google hacking tools - Network footprinting tools
Network footprinting tools
Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize? - OWASP - OSSTMM - ISO/IEC 27001 - NIST SP 800-115
OWASP
Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card? - PCI DSS - HIPAA - DMCA - FISMA
PCI DSS
Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this? - Whitelisting - Blacklisting - Black box - White box
Whitelisting
Which of the following is a consideration when scheduling a penetration test? - Are there any security exceptions? - What risks are acceptable? - Which systems are being tested? - Who is aware of the test?
Who is aware of the test?
Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful? - beSTORM - Whois - Nslookup - ARIN
Whois
Which of the following best describes a non-disclosure agreement? - A very detailed document that defines exactly what is going to be included in the penetration test. - A common legal contract outlining confidential material that will be shared during the assessment. - A document that defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. - A contract where parties agree to most of the terms that will govern future actions
A common legal contract outlining confidential material that will be shared during the assessment.
What are the rules and regulations defined and put in place by an organization called? - Master service agreement - Scope of work - Rules of engagement - Corporate policies
Corporate policies
Which of the following best describes a supply chain? - A company stores their product at a distribution center. - A company provides materials to another company to manufacture a product. - A company stocks their product at a store. - A company sells their products on Amazon and has Amazon ship the product.
A company sells their products on Amazon and has Amazon ship the product.
Which of the following services is most targeted during the reconnaissance phase of a hacking attack? - TLS - DNS - DoS - DHCP
DNS
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack? - Social networking - DNS cache poisoning - Feigning ignorance - Host file modification
DNS cache poisoning
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term? - Network scanning - Blue teaming - Red teaming - Ethical hacking
Ethical hacking
Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing? - Internal - Black box - External - White box
External
The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose? - NVD - JPCERT - NIST - CAPEC
NIST
Which of the following best describes a master service agreement? - A very detailed document that defines exactly what is going to be included in the penetration test. - Used as a last resort if the penetration tester is caught in the scope of their work. - Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. - A contract where parties agree to the terms that will govern future actions.
A contract where parties agree to the terms that will govern future actions.
Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras? - A bullet camera - A c-mount camera - A Pan Tilt Zoom camera - A dome camera
A dome camera
Which of the following best describes a script kiddie? - A hacker willing to take more risks because the payoff is a lot - higher. - A hacker who uses scripts written by much more talented individuals. - A hacker who helps companies see the vulnerabilities in their security. - A hacker whose main purpose is to draw attention to their political views.
A hacker who uses scripts written by much more talented individuals
Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to? - Heather will adhere to Florida's laws, and the client will adhere to Utah's laws. - A lawyer should be consulted on which laws to adhere to and both parties agree. - Both companies will need to adhere to Utah's laws. - Both companies will need to adhere to Florida's laws.
A lawyer should be consulted on which laws to adhere to and both parties agree.
Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather? - A black hat hacker. - A member of the red team. - A gray hat hacker. - A member of the purple team.
A member of the purple team
Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials? - A printed materials policy - An internet policy - An employee social media policy - A company social media policy
A printed materials policy
Which of the following best describes a lock shim? - A cut to the number nine position. - A thin, stiff piece of metal. - A small, angled, and pointed tool. - When the pins are scraped quickly.
A thin, stiff piece of metal
The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk _________ - Acceptance - Mitigation - Avoidance - Transference
Acceptance
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do? - Get a non-disclosure agreement. - Tell the client she can't perform the test. - Not worry about this fact and test the servers. - Add the cloud host to the scope of work.
Add the cloud host to the scope of work
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet? - Logic bomb - Trojan horse - Virus - APT
Advanced Persistent Threat (APT)
Which of the following best describes the Wassenaar Arrangement? - A law that defines the security standards for any organization that handles cardholder information. - An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software. - A law that defines how federal government data, operations, and assets are handled. - Standards that ensure medical information is kept safe and is only shared with the patient and medical professionals.
An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software.
Which of the following is the difference between an ethical hacker and a criminal hacker? - An ethical hacker is nice, clean, and polite, but a criminal hacker isn't. - A criminal hacker is easily detected, but an ethical hacker isn't. - An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission. - A criminal hacker is all-knowing, but an ethical hacker isn't.
An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.
Which of the following best describes an inside attacker? - An agent who uses their technical knowledge to bypass security. - An attacker with lots of resources and money at their disposal. - A good guy who tries to help a company see their vulnerabilities. - An unintentional threat actor; the most common threat.
An unintentional threat actor; the most common threat
During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using? - Avoidance - Acceptance - Mitigation - Transference
Avoidance
Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action? - Update policy - Password policy - Corporate policy - BYOD policy
BYOD policy
You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing? - Black hat - Black box - White hat - White box
Black box
Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task? - Scope of work - Permission to test - Rules of engagement - Change order
Change order
ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work? - Email policies - Company culture - Employee IDs - Password policies
Company culture
Which type of penetration test is required to ensure an organization is following federal laws and regulations? - Compliance-based - Objective-based - Goal-based - White box
Compliance-based
Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe's workstation? - Apply multifactor authentication on his computer. - Configure the screen saver to require a password. - Change the default account names and passwords. - Set a strong password, that require special characters.
Configure the screen saver to require a password
A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees? - Geographical information, entry control systems, employee routines, and vendor traffic - Operating systems, applications, security policies, and network mapping - Contact names, phone numbers, email addresses, fax numbers, and addresses - Intellectual property, critical business functions, and management hierarchy
Contact names, phone numbers, email addresses, fax numbers, and addresses
Which of the following best describes what SOX does? - Defines standards that ensure medical information is kept safe. - Defines the security standards for any organization that handles cardholder information. - Implements accounting and disclosure requirements that increase transparency. - Defines how federal government data, operations, and assets are handled.
Defines how federal government data, operations, and assets are handled.
Which of the following best describes the rules of engagement document? - A very detailed document that defines exactly what is going to be included in the penetration test. - A contract where parties agree to most of the terms that will govern future actions. - Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. - Used as a last resort if the penetration tester is caught in the scope of their work.
Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data.
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in? - Development phase - Elicitation phase - Exploitation phase - Research phase
Development phase
avier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool? - Google Maps - Maltego - Echosec - Wayback Machine
Echosec
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique? - Preloading - Impersonation - Elictitation - Interrogation
Elicitation
Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control? - Employee and visitor safety - Physical access logs - Perimeter barriers - Physical access controls
Employee and visitor safety
Which of the following best describes a goal-based penetration test? - Focuses on the overall security of the organization and its data security. - Ensures the organization follows federal laws and regulations. - The hacker has been given full information about the target. - Focuses on the end results. The hacker determines the methods.
Focuses on the end results. The hacker determines the methods.
United States Code Title 18, Chapter 47, Section 1029 deals with which of the following? - Fraud and related activity involving electronic mail. - Fraud and related activity involving access devices. - Fraud and related activity regarding identity theft. - Fraud and related activity involving computers.
Fraud and related activity involving access devices
Which of the following is the third step in the ethical hacking methodology? - Reconnaissance - Scanning and enumeration - Gain access - Clear your tracks
Gain access
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario? - State-sponsored - White hat - Gray hat - Script kiddie
Gray hat
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows? - FISMA - PCI DSS - DMCA - HIPAA
HIPAA
You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future? - How to prevent piggybacking and tailgating. - Why employees should never share their ID badge with anyone. - Why employees should wear their badge at all times. - What to do if you encounter a person without a badge.
How to prevent piggybacking and tailgating.
Which of the following elements is generally considered the weakest link in an organization's security? - Human - Servers - Network - Physical
Human
During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?I - Ignore the records and move on. - Continue digging and look for illegal activity. - Sell the records to a competitor. - Make a backup of the records for the client.
Ignore the records and move on
During a penetration test, Mitch discovers child pornography on a client's computer. Which of the following actions should he take? - Stop the test, inform the client, and let them handle it. - Delete the files and continue with the penetration test. - Ignore the files and continue with the penetration test. - Immediately stop the test and report the finding to the authorities.
Immediately stop the test and report the finding to the authorities
Which of the following is considered a mission-critical application? - Video player - Customer database - Medical database - Support log
Medical database
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking? - Information types - Maintaining access - Information gathering techniques - Permission and documentation
Information gathering techniques
Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take? - Review company websites to see what type of sensitive information is being shared. - Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups. - Implement policies that restrict the sharing of sensitive company information on employees' personal social media pages. - Limit the sharing of critical information in press releases, annual reports, product catalogs, or marketing materials.
Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups
You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed? - Gray Box - External - Black Box - Internal
Internal
Which of the following best describes a physical barrier used to deter an aggressive intruder? - Double-entry doors - Anti-passback system - Alarmed carrier PDS - Large flowerpots
Large flowerpots
What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information? - Wayback Machine - Echosec - Maltego - Google Earth
Maltego
On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company? - Man-made threat - Environmental threat - External threat - Cloud threat
Man-made threat
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future? - Mantraps - Cable locks - Scrubbing - Anti-passback
Mantraps
Which of the following is a common corporate policy that would be reviewed during a penetration test? - Parking policy - Purchasing policy - Password policy - Meeting policy
Password policy
Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team? - Performs offensive security tasks to test the network's security. - Is responsible for establishing and implementing policies. - Acts as a pipeline between teams and can work on any side. - Is a team of specialists that focus on the organization's defensive security.
Performs offensive security tasks to test the network's security.
During a penetration test, Dylan is caught testing the physical security. Which document should Dylan have on his person to avoid being arrested? - Master service agreement - Permission to test - Rules of engagement - Scope of work
Permission to test
Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system? - Environmental attack - Opportunistic attack - Physical attack - Man-made attack
Physical attack
Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called: - Footprinting - Impersonation - Pretexting - Preloading
Pretexting
Important aspects of physical security include which of the following? - Influencing the target's thoughts, opinions, and emotions before something happens. - Preventing interruptions of computer services caused by problems such as fire. - Implementing adequate lighting in parking lots and around employee entrances. - Identifying what was broken into, what is missing, and the extent of the damage.
Preventing interruptions of computer services caused by problems such as fire.
During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do? - Talk with her friend and do what they suggest. - Trust her instincts and do what she feels is right. - Ignore the situation and just move on. - Reach out to an attorney for legal advice.
Reach out to an attorney for legal advice
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in? - Scanning - Reconnaissance - Covering tracks - Gaining access
Reconnaissance
The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies? - Reconnaissance - Maintain access - Gain access - Reporting
Reporting
What does an organization do to identify areas of vulnerability within their network and security systems? - External test - Scanning - Internal test - Risk assessment
Risk assessment
Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing? - Reconnaissance - Scanning and enumeration - Maintain access - Gain access
Scanning and enumeration
A client asking for small deviations from the scope of work is called: - Security exception - Scope creep - Rules of engagement - Change order
Scope creep
Which of the following documents details exactly what can be tested during a penetration test? - Master Service Agreement - Scope of Work - Non-Disclosure Agreement - Rules of Engagement
Scope of Work
Which document explains the details of an objective-based test? - Rules of engagement - Change order - Permission to test - Scope of work
Scope of work
Which of the following is a deviation from standard operating security protocols? - Whitelisting - MAC filtering - Blacklisting - Security exception
Security Exception
A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in? - Security sequence - Physical control - Layered defense - Security factors
Security sequence
Which of the following policies would cover what you should do in case of a data breach? - Update frequency policy - Password policy - Sensitive data handling policy - Corporate data policy
Sensitive data handling policy
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to? - Eavesdropping - Shoulder surfing - Keyloggers - Spam and spim
Shoulder surfing
What does the Google Search operator allinurl:keywords do? - Displays web sites similar to the one listed. - Shows results in pages that contain all of the listed keywords. - Shows results in pages that contain the keyword in the title. - Displays websites where directory browsing has been enabled.
Shows results in pages that contain all of the listed keywords.
You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data? - Shred the discs. - Delete the data on the discs. - Write junk data on the discs. - Degauss the discs.
Shred the discs.
Any attack involving human interaction of some kind is referred to as: - An opportunistic attack - A white hat hacker - Social engineering - Attacker manipulation
Social engineering
MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using? - Dumpster diving - Social engineering - Web surfing - Social networking
Social engineering
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for? - Specific/Measurable/Attainable/Relevant/Timely - Steps/Maintainable/Affordable/Results/Tuned - Steps/Measurable/Affordable/Results/Tuned - Specific/Maintainable/Attainable/Relevant/Timely
Specific/Measurable/Attainable/Relevant/Timely
Julie configures two DNS servers, one internal and one external, with authoritative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing? - DNS propagation - Information sharing policy - Proxy server - Split DNS
Split DNS
Which of the following best describes social engineering? - A stealthy computer network attack in which a person or group gains unauthorized access for an extended period. - Sending an email that appears to be from a bank to trick the target into entering their credentials on a malicious website. - The process of analyzing an organization's security and locating security holes. - The art of deceiving and manipulating others into doing what you want.
The art of deceiving and manipulating others into doing what you want.
Which of the following is a limitation of relying on regulations? - They are regularly updated. - They rely heavily on password policies. - They allow interpretation. - The industry standards take precedence.
They rely heavily on password policies.
Which statement best describes a suicide hacker? - This hacker's main purpose is to protest an event and draw attention to their views and opinions. - This hacker may cross the line of what is ethical, but usually has good intentions and isn't being malicious. - This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught. - This hacker is motivated by religious or political beliefs and wants to create severe disruption or widespread fear.
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught
The process of analyzing an organization's security and determining its security holes is known as: - Penetration testing - Threat modeling - Enumeration - Ethical hacking
Threat modeling
After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process? - Mitigation - Tolerance - Transference - Avoidance
Tolerance
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization? - Move the receptionist's desk into the secured area. - Replace the biometric locks with smart cards. - Require users to use workstation screensaver passwords. - Train the receptionist to keep her iPad in a locked drawer.
Train the receptionist to keep her iPad in a locked drawer.
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option? - Use differential backups and store them in a locked room. - Use incremental backups and store them in a drawer in your office. - Use incremental backups and store them in a locked fireproof safe. - Use differential backups and store them on a shelf next to the backup device.
Use incremental backups and store them in a locked fireproof safe.
An attack that targets senior executives and high-profile victims is referred to as: - Vishing - Pharming - Scrubbing - Whaling
Whaling
Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work? - PCI DSS - HIPAA - FISMA - DMCA
DMCA
What are the three factors to keep in mind with physical security? - Detection, prevention, and implementation - Detection, implementation, and prevention - Prevention, detection, and recovery - Implementation, detection, and recovery
Prevention, detection, and recovery
Which type of threat actor only uses skills and knowledge for defensive purposes? - Hacktivist - Gray hat - White hat - Script kiddie
White hat
You have just captured the following packet using Wireshark and the filter shown. Which of the following is the captured password? - watson-p - p@ssw0rd - watson - St@y0ut!@
- St@y0ut!@
A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ascii output only. Which of the following tcpdump options will achieve this output? src port 443 -SXX port 443 -SA port 443 -SX port 443
-SX port 443
The ping command is designed to test connectivity between two computers. There are several command options available to customize ping, making it a useful tool for network administrators. On Windows, the default number of ping requests is set is four. Which of the following command options will change the default number of ping requests? -a -f -n -l
-n
Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in? /etc/shadow /etc/passwd /etc/group /etc/services
/etc/shadow
Which of the following ports are used by null sessions on your network? - 135 and 445 - 137 and 443 - 139 and 445 - 139 and 444
139 and 445
Which of the following HTTP response messages would you receive if additional action needs to be taken to complete the request? 3xx: Redirection 2xx: Success 4xx: Client Error 1xx: Informational
3xx: Redirection
Who would be most likely to erase only parts of the system logs file? - A penetration tester - An everyday user - A black hat hacker - The network admin
A black hat hacker
Which of the following best describes an anti-virus sensor system? - Software that is used to protect a system from malware infections. - Analyzing malware by running and observing its behavior and effects. - A collection of software that detects and analyzes malware. - Analyzing the code of malware to understand its purpose without running it.
A collection of software that detects and analyzes malware
Which of the following describes Mobile Device Management software? - The policy that specifies the acceptable use of mobile devices supplied by an organization and bring-your-own-devices (BYOD). - The policies and procedures used by an organization to maintain security and permissions on mobile devices. - An application that allows a mobile device to be used for both professional and personal needs. - A combination of an on-device application or agent that communicates with a backend server to receive policies and settings.
A combination of an on-device application or agent that communicates with a backend server to receive policies and settings.
The program shown is a crypter. Which of the following best defines what this program does? - A crypter compresses the malware to reduce its size and help hide it from anti-malware software. - A crypter takes advantage of a bug or vulnerability to execute the malware's payload. - A crypter is the main piece of the malware, the part of the program that performs the malware's intended activity. - A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
Which of the following best describes the Security Account Manager (SAM)? - The attribute that stores passwords in a Group Policy preference item in Windows. - A database that stores user passwords in Windows as an LM hash or a NTLM hash. - A file in the directory that performs the system's security protocol. - A protocol that allows authentication over an unsecure network through tickets or service principal names.
A database that stores user passwords in a Windows as a LM hash or a NTLM hash.
Which of the following best describes a DoS attack? - A hacker attempts to impersonate an authorized user by stealing the user's token. - A hacker penetrates a system by using every character, word, or letter to gain access. - A hacker intercepts traffic between two systems to gain access to a system. - A hacker overwhelms or damages a system and prevents users from accessing a service.
A hacker overwhelms or damages a system and prevents users from accessing a service
An attacker conducts a normal port scan on a host and detects protocols used by a Windows operating system and protocols used by a Linux operating system. Which of the following might this indicate? - Protocol anomalies - A honeypot - A legitimate host - Cache poisoning
A honeypot
Which of the following best describes a honeypot? - A honeypot's purpose is to look like a legitimate network resource. - A honeypot is a server/client-based application that manipulates packets. - A honeypot is a substitute for an IDS or firewall and protects a system. - Virtual honeypots can only simulate one entity on a single device.
A honeypot's purpose is to look like a legitimate network resource
There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site? - A list of standardized identifiers for known software vulnerabilities and exposures. - A list searchable by mechanisms of attack or domains of attack. - A community-developed list of common software security weaknesses. - A mailing list that often shows the newest vulnerabilities before other sources.
A mailing list that often shows the newest vulnerabilities before other sources.
As the cybersecurity specialist for your company, you have used Wireshark to check for man-in-the-middle DHCP spoofing attacks using the bootp filter. After examining the results, what is your best assessment? - A man-in-the-middle spoofing attack is possible due to the DHCP Offer packet captured from the hacker. - A man-in-the-middle spoofing attack is possible due to two DHCP ACK packets. - Two man-in-the-middle spoofing attacks were captured. - No man-in-the-middle spoofing attacks are currently present.
A man-in-the-middle spoofing attack is possible due to two DHCP ACK packets
Which of the following best describes the Bluediving hacking tool? - An Android phone application that can be used to view the files on another Bluetooth-connected Android phone. - A small utility that lists discoverable Bluetooth devices with information such as the device name, Bluetooth address, major device type, and minor device type. - A complete framework to perform man-in-the-middle attacks on Bluetooth smart devices that is composed of an interception core, an interception proxy, and a dedicated web interface. - A penetration suite that runs on Linux that can implement several attacks, including bluebug, bluesnarf, and bluesmack, and also performs Bluetooth address spoofing.
A penetration suite that runs on Linux that can implement several attacks, including bluebug, bluesnarf, and bluesmack, and also performs Bluetooth address spoofing.
Which of the following best describes active scanning? - A scanner tries to find vulnerabilities without directly interacting with the target network. - A scanner allows the ethical hacker to scrutinize completed applications when the source code is unknown. - A scanner is limited to the moment in time that it is running and may not catch vulnerabilities that only occur at other times. - A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.
A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.
Which of the following describes a PKI? - An algorithm for encrypting and decrypting data. - A security architecture that ensures data connections between entities are validated and secure. - Software that manages an organization's certificates. - A protocol that defines secure key exchange.
A security architecture that ensures data connections between entities are validated and secure.
Which of the following best describes CCleaner? - A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines. - A software that can clear cookies, stored data like passwords, browser history, and temporary cached files. It can clear the recycling bin, clipboard data, and recent documents lists as well. - A program that searches for carrier files through statistical analysis techniques, scans for data hiding tools, and can crack password-protected data to extract the payload. - A command line tool in Windows 2000 that will dump a remote or local event log into a tab-separated text file. It can also be used to filter specific types of events.
A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines
Which of the following best describes the SQL Power Injector tool? - An injection tool that be can used for retrieving user and password hashes, fingerprinting, accessing a file system, and executing commands. - A tool used for heavy queries to complete time-based blind SQL injection attacks. - An injection framework that can exploit SQL injection vulnerabilities on most databases. - A tool used to find SQL injections on a web page.
A tool used to find SQL injections on a web page.
Which of the following describes a session ID? - A unique token that a server assigns for the duration of a client's communications with the server. - The source IP address of an encrypted packet sent from a server to a client. - The symmetric key used to encrypt and decrypt communications between a client and a server. - The destination IP address of an encrypted packet sent from a server to a client.
A unique token that a server assigns for the duration of a client's communications with the server.
Which of the following best describes a phishing attack? - An attacker alters the XSS to run a Trojan horse with the victim's web browser. - A user is tricked into believing that a legitimate website is requesting their login information. - This attack is used to intercept communications between an authorized user and the web server. - In this attack, attackers use various weaknesses to hack into seemingly secure passwords.
A user is tricked into believing that a legitimate website is requesting their login information.
Frank, an attacker, has gained access to your network. He decides to cause an illegal instruction. He watches the timing to handle an illegal instruction. Which of the following is he testing for? - A Fake AP - A Snort inline - A Tarpit - A virtual machine
A virtual machine
Which of the following best describes a web application? - Web applications need to be developed for every operating system. - Web applications require special administration because they involve updates on client computers. - A web application is software that has been installed on a web server. - A web application taxes the client's processor and storage space. Mark this question for review
A web application is software that has been installed on a web server.
Which of the following best describes Microsoft Internet Information Services (IIS)? - An email server technology - A web server technology - A name server technology - A database server technology
A web server technology
Which of the following best describes what FISMA does? - Defines the security standards for any organization that handles cardholder information - Defines standards that ensure medical information is kept safe. - Implements accounting and disclosure requirements that increase transparency. - Defines how federal government data, operations, and assets are handled.
Defines how federal government data, operations, and assets are handled.
Which of the following best describes a gray box penetration test? - The ethical hacker is given strict guidelines about what can be targeted. - The ethical hacker has no information regarding the target or network. - The ethical hacker has partial information about the target or network. - The ethical hacker is given full knowledge of the target or network.
The ethical hacker has partial information about the target or network
You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do? - You should not provide any information except your manager's name and number. - You should not provide any information and forward the call to the help desk. - You should provide the information as part of quality customer service. - You should put the caller on hold and then hang up.
You should not provide any information and forward the call to the help desk.
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the name of the company requesting payment? - ACME, Inc - The Home Depot - Wood Specialist - Lowes
ACME, Inc
As part of your penetration test, you are using Ettercap in an attempt to spoof DNS. You have configured the target and have selected the dns_spoof option (see image). To complete the configuration of this test, which of the following MITM options should you select? - ARP poisoning - Port stealing - DHCP spoofing - NDP poisoning
ARP poisoning
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network? - Port mirroring - MAC spoofing - MAC flooding - ARP poisoning
ARP poisoning
s the cybersecurity specialist for your company, you believe a hacker is using ARP poisoning to infiltrate your network. To test your hypothesis, you have used Wireshark to capture packets and then filtered the results. After examining the results, which of the following is your best assessment regarding ARP poisoning? - ARP poisoning is occurring, as indicated by the short time interval between ARP packets. - ARP poisoning is occurring, as indicated by the duplicate response IP address. - ARP poisoning is occurring, as indicated by the multiple Who Has packets being sent. - No ARP poisoning is occurring.
ARP poisoning is occuring, as indicated by the duplicate response IP address.
Which of the following policies best governs the use of bring-your-own-device (BYOD) that connect with an organization's private network? - Remote wipe policy - Cloud usage policy - Acceptable use policy - Remote management policy
Acceptable use policy
Which key area in the mobile device security model is supported by device designers requiring passwords, biometrics, and two-factor authentication methods? - Digital signing - Access controls - Encryption - Isolation
Access controls
Jason, an attacker, has manipulated a client's connection to disconnect the real client and allow the server to think that he is the authenticated user. Which of the following describes what he has done? - Active hijacking - Passive hijacking - Cross-site scripting - Session sniffing
Active Hijacking
Which of the following cryptography attacks is characterized by the attacker making a series of interactive queries and choosing subsequent plain texts based on the information from the previous encryption? - Adaptive chosen plain text - Chosen ciphertext - Chosen plain text - Known plain text
Adaptive chosen plain text
Which of the following best describes Bluetooth MAC spoofing? - An attacker performs a denial-of-service attack where the L2CAP layer of the Bluetooth protocol stack is used to transfer an oversized packet, causing the L2CAP layer to crash. - An attacker sends unwanted data, such as annoying messages, to Bluetooth devices that are enabled and discoverable. - An attacker changes the Bluetooth address of his own device to match the address of a target device so that the data meant for the victim device reaches the attacker's device first. - An attacker exploits a Bluetooth device by installing a backdoor that bypasses normal authentication, giving the attacker full access.
An attacker changes the Bluetooth address of his own device to match the address of a target device so that the data meant for the victim device reaches the attacker's device first.
You are using BlazeMeter to test cloud security. Which of the following best describes BlazeMeter? - A load-testing tool for web and mobile applications that checks performance while the application is under a lot of traffic. - An end-to-end performance and load testing tool that can simulate up to 1 million users and makes realistic load tests easier. - An end-to-end security solution that assesses continually and is able to see all of your assets, no matter where they reside. - A vulnerability scanner that can be used to detect viruses, malware, backdoors, and web services linking to malicious content.
An end-to-end performance and load testing tool that can simulate up to 1 million users and makes realistic load tests easier.
Which of the following best describes a certificate authority (CA)? - An entity that issues digital certificates. - An entity in a PKI that verifies user requests for a digital certificate. - An entity that provides a service used to verify the validity of a digital certificate. - An electronic password that allows a person or organization to exchange data securely over the Internet
An entity that issues digital certificates.
John, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated? - An internet policy - A company social media policy - A printed materials policy - An employee social media policy
An internet policy
Which of the following operating systems is the most prevalent in the smartphone market? - Android - Windows - iOS - Blackberry
Android
Which of the following IDS detection types compare behavior to baseline profiles or network behavior baselines? - Protocol-based - Signature-based - Cloud-based - Anomaly-based
Anomaly-based
An attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. This malware provides an access point to the attacker, which he can use to control the device. Which of the following devices can the attacker use? - Any device that can communicate over the intranet can be hacked. - Only routers and switches on the Internet can be hacked. - Only servers and workstations on the intranet can be hacked. - Only servers and routers on the Internet can be hacked.
Any device that can communicate over the intranet can be hacked
Which of the following is an open-source web server technology? - Apache Web Server - Microsoft Internet Information Services (IIS) - LightSpeed Web Server - Nginx
Apache Web Server
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model? - Session Layer - Application Layer - Transport Layer - Network Layer
Application Layer
[ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~] are the possible values in which of the following hash types? - Ascii-32-95 - Alpha-numeric-symbol32-space - Ascii-32-65-123-4 - Mix alpha-numeric
Ascii-32-95
User-Mode-Linux (UML) is an open-source tool used to create virtual machines. It's efficient for deploying honeypots. One of the big issues with UML is that it doesn't use a real hard disk, but a fake IDE device called /dev/ubd*. How can an attacker find a UML system? - Attackers need to take a look at the /etc/fstab file or execute the mount command. - Attackers look for specific video cards, display adapters, and network cards. - Attackers cause an illegal instruction, then watch how it is handled. - Attackers detect a honeypot by measuring the execution time of the read() system call.
Attackers need to take a look at the /etc/fstab file or execute the mount command
Which of the following best describes the key difference between DoS and DDoS? - Results in the server being inaccessible to users. - Attackers use numerous computers and connections. - Sends a large number of legitimate-looking requests. - The target server cannot manage the capacity.
Attackers use numerous computers and connections
Which of the following is a short-range wireless personal area network that supports low-power, long-use IoT needs? - BLE - Wi-Fi - Li-Fi - IoE
BLE
Which of the following do hackers install in systems to allow them to have continued admittance, gather sensitive information, or establish access to resources and operations within the system? - Kerberos - Crackers - cPassword - Backdoors
Backdoors
Which of the following are the three metrics used to determine a CVSS score? - Risk, change, and severity - Base, change, and environmental - Base, temporal, and environmental - Risk, temporal, and severity
Base, temporal, and environmental
Alan wants to implement a security tool that protects the entire contents of a hard drive and prevents access even if the drive is moved to another system. Which of the following tools should he choose? - EFS - BitLocker - IPsec - VPN
BitLocker
Creating an area of the network where offending traffic is forwarded and dropped is known as _________? - Black hole filtering - Anti-spoofing measures - Reverse proxy - Enable router throttling
Black hole filtering
You work for a company that is implementing symmetric cryptography to process payment applications such as card transactions where personally identifiable information (PII) needs to be protected to prevent identity theft or fraudulent charges. Which of the following algorithm types would be best for transmitting large amounts of data? - Cryptanalysis - Stream - Block - Steganography
Block
Jim, a smartphone user, receives a bill from his provider that contains fees for calling international numbers he is sure he hasn't called. Which of the following forms of Bluetooth hacking was most likely used to attack his phone? - Bluebugging - Bluesniffing - Bluesmacking - Bluejacking
Bluebugging
Which of the following types of Bluetooth hacking is a denial-of-service attack? - Bluesnarfing - Bluebugging - Bluesmacking - Bluejacking
Bluesmacking
Which enumeration process tries different combinations of usernames and passwords until it finds something that works? - Default passwords - Brute force - Zone transfers - Exploiting SMTP
Brute force
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using? - Pass the hash - Brute force - Keylogger - Password sniffing
Brute force
Which of the following is a password cracking tool that can make over 50 simultaneous target connections? - Metasploit - TCH-Hydra - Wfetch - Brutus
Brutus
Which of the following Bluetooth hacking tools is a complete framework to perform man-in-the-middle attacks on Bluetooth smart devices? - BluetoothView - Btlejuice - BTScanner - Bluediving
Btlejuice
HTTP headers can contain hidden parameters such as user-agent, host headers, accept, and referrer. Which of the following tool could you use to discover hidden parameters? - Wikto - Burp Suite - WinDump - Hackalert
Burp Suite
Which of the following laws is designed to regulate emails? - CFAA - CAN-SPAM Act - HIPAA - USA Patriot Act
CAN-SPAM Act
Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers? - CVE - CAPEC - CWE - CISA
CAPEC
Which of the following is used to remove files and clear the internet browsing history? - cPassword - CCleaner - User Account Control - Steganography
CCleaner
he list of cybersecurity resources below are provided by which of the following government sites? 1. Information exchange 2. Training and exercises 3. Risk and vulnerability assessments 4. Data synthesis and analysis 5. Operational planning and coordination 6. Watch operations 7. Incident response and recovery - CISA - CWE - CVE - CAPEC
CISA
Frank wants to do a penetration test. He is looking for a tool that checks for vulnerabilities in web applications, network systems, wireless networks, mobile devices, and defense systems such as IDS or IPS. Which of the following tools would you recommend to him? - Syhunt Dynamic - Immunity CANVAS - Arachni - COREImpact Pro
COREImpact Pro
As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use? - CVE - CISA - CVSS - CAPEC
CVSS
This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described? - NVD - CVE - CISA - CWE
CWE
Which of the following are network sniffing tools? - Ufasoft snif, TCPDump, and Shark - Ettercap, Ufasoft snif, and Shark - WinDump, KFSensor, and Wireshark - Cain and Abel, Ettercap, and TCPDump
Cain and Abel, Ettercap, and TCPDump
Which of the following best describes a rootkit? Scans the system and compares the current scan to the clean database. - Allows each file an unlimited number of data streams with unlimited size. - Can modify the operating system and the utilities of the target system. - Allows the user to create a password to make the hidden file more secure. - Scans the system and compares the current scan to the clean database.
Can modify the operating system and the utilities of the target system
In 2011, Sony was targeted by an SQL injection attack that compromised over a million emails, usernames, and passwords. Which of the following could have prevented the attack? - Careful configuration and penetration testing on the front end. - Using VPN technology to protect client data when connecting from a remote system. - Scanning the operating system and application coding regularly for bugs and errors. - Blocking, or at least monitoring, activity on ports 161 and 162.
Careful configuration and penetration testing on the front end.
Which of the following includes all possible characters or values for plaintext? - Chain_num - Chain_len - Table_index - Charset
Charset
Which of the following steps in an Android penetration test checks for a vulnerability hackers use to break down the browser's sandbox using infected JavaScript code? - Detect capability leaks - Check for a cross-application-scripting error - Exploit the Android Intents system - Check for unencrypted email passwords
Check for a cross-application-scripting error
Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting ciphertext. Which of the following cryptographic attacks is being used? - Brute force - Chosen ciphertext - Chosen plain text - Known plain text
Chosen plain text
Daphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use? - Avira - Kaspersky - ClamAV - Bitdefender
ClamAV
The results section of an assessment report contains four sub-topics. Which of the following sub-sections contains the origin of the scan? - Target - Assessment - Classification - Services
Classification
Which type of web application requires a separate application to be installed before you can use the app? - Browser-based web app - Mobile apps - Server-based web app - Client-based web app
Client-based web app
Which of the following packet crafting software programs can be used to modify flags and adjust other packet content? - Currports - ping - IP Tools - Colasoft
Colasoft
Which of the following best describes the process of using prediction to gain session tokens in an Application level hijacking attack? - Obtain a user's HTTP cookies to collect session IDs embedded within the file to gain access to a session. - Convince the victim system that you are the server so you can hijack a session and collect sensitive information. - Review a user's browsing history to enter a previously used URL to gain access to an open session. - Collect several session IDs that have been used before and then analyze them to determine a pattern.
Collect several session IDs that have been used before and then analyze them to determine a pattern.
A hacker has used an SQL injection to deface a web page by inserting malicious content and altering the contents of the database. Which of the following did the hacker accomplish? - Bypass authentication - Information disclosure - Compromise data integrity - Compromise data availability
Compromise data integrity
Which of the following cloud security controls includes backups, space availability, and continuity of services? - Administrative tasks - Trusted computing - Computation and storage - Protecting information
Computation and storage
Firewalls, whether hardware or software, are only as effective as their __________? - Location - Footprint - Configuration - Organization
Configuration
Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following is the best option for preventing this from happening? - Install a locator application on the device so that it can be traced. - Configure the device for multifactor authentication. - Configure the device to remotely wipe as soon as it is reported lost. - Configure the device to wipe after a number of failed login attempts.
Configure the device to remotely wipe as soon as it is reported lost.
Web applications use sessions to establish a connection and transfer sensitive information between a client and a server. Attacking an application's session management mechanisms can help you get around some of the authentication controls and allow you to use the permissions of more privileged application users. Which of the following type of attacks could you use to accomplish this? - Hash stealing - Cookie parameter tampering - Buffer overflow - Web script injection
Cookie parameter tampering
Which of the following is considered an out-of-band distribution method for private key encryption? - Using a key distribution algorithm. - Copying the key to a USB drive. - Using a private fiber network. - Sending a secured email.
Copying the key to a USB drive.
An attacker is attempting to determine whether a system is a honeypot. Which of the following actions should the attacker take? - Simulate echo, FTP, Telnet, SMTP, HTTP, POP3, and Radmin. - Capture raw packet-level data, including the keystrokes. - Craft a malicious probe packet to scan for services. - Attempt to exploit or upload a rootkit or Trojan to a serv
Craft a malicious probe packet to scan for services.
Kathy doesn't want to purchase a digital certificate from a public certificate authority, but needs to establish a PKI in her local network. Which of the follow actions should she take? - Enable synchronous encryption in her network. - Create a local CA and generate a self-signed certificate. - Ensure all HTTP traffic uses port 443. - Request a certificate from GoDaddy.
Create a local CA and generate a self-signed certificate.
You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use? - IP tools - Angry IP scanner - Hping3 - Currports
Currports
An attacker installed a malicious file in the application directory. When the victim starts installing the application, Windows searches in the application directory and selects the malicious file instead of the correct file. The malicious file gives the attacker remote access to the system. Which of the following escalation methods best describes this scenario? - Kerberoasting - Clear text credentials in LDAP - DLL hijacking - Unattended installation
DLL hijacking
As a penetration tester, you have found there is no data validation being completed at the server, which could leave the web applications vulnerable to SQL injection attacks. Which of the following could you use to help defend against this vulnerability? - Decline any entry that includes binary input, comment characters, or escape sequences. - Always use default error messaging. - Use a higher privileged account for database connectivity. - Be sure that the database server account is being run with maximum rights.
Decline any entry that includes binary input, comment characters, or escape sequences.
Joelle, an app developer, created an app using two-factor authentication (2FA) and requires strong user passwords. Which of the following IoT security challenges is she trying to overcome? - Cleartext protocols and open ports - Difficulty updating firmware and OS - Default, weak, and hardcoded credentials - Lack of security and privacy
Default, weak, and hardcoded credentials
Robin, an IT technician, has implemented identification and detection techniques based on the ability to distinguish legitimate traffic from illegitimate traffic over the network. Which of the following is he trying to achieve? - Defend the network from attacks. - Defend the network against natural disasters. - Defend the network against WPA/WPA2 cracking. - Defend the network against IDS evasions.
Defend the network against IDS evasions.
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do? - Define the effectiveness of the current security policies and procedures. - Decide the best times to test to limit the risk of having shutdowns -during peak business hours. - Create reports that clearly identify the problem areas to present to management. - Choose the best security assessment tools for the systems you choose to test.
Define the effectiveness of the current security policies and procedures.
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model? - Delivers everything a developer needs to build an application on the cloud infrastructure. - Delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. - Stores and provides data from a centralized location, omitting the need for local collection and storage. - Delivers software applications to the client either over the Internet or on a local area network.
Delivers everything a developer needs to build an application on the cloud infrastructure.
Which of the following best describes a stateful inspection? - Designed to sit between a host and a web server and communicate with the server on behalf of the host. - Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing. - Allows all internal traffic to share a single public IP when connecting to an outside entity. - Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Anabel purchased a smart speaker. She connected it to all the smart devices in her home. Which of the following communication models is she using? - Back-end data-sharing - Device-to-device - Device-to-gateway - Device-to-cloud
Device-to-device
What are the four primary systems of IoT technology? - Devices, gateway, sensors, and apps - Devices, data storage, remote control, and internet - Devices, sensors, apps, and internet - Devices, gateway, data storage, and remote control
Devices, gateway, data storage, and remote control
Which of the following cryptographic algorithms is used in asymmetric encryption? - Diffie-Hellman - Blowfish - Twofish - AES
Diffie-Hellman
Ping of death, teardrop, SYN flood, Smurf, and fraggle are all examples of which of the following? - DoS attack prevention - DoS attack categories - DoS attack types - DoS attack tools
DoS attack types
The following are countermeasures you would take against a web application attack: Secure remote administration and connectivity testing. Perform extensive input validation. Configure the firewall to deny ICMP traffic. Stop data processed by the attacker from being executed. Which of the following attacks would these countermeasures prevent? - Directory traversal - DoS attacks - XSS attacks - Web services attack
DoS attacks
Which of the following mobile security best practices for users is concerned with geotags? - Don't install too many applications. - Configure a passcode to access the mobile device. - Don't root or jailbreak the mobile device. - Don't auto-upload photos to social networks.
Don't auto-upload photos to social networks.
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine? - Server - Wrapper - Dropper - Construction kit
Dropper
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? - Password guessing - Social engineering - Dumpster diving - Shoulder surfing
Dumpster Diving
Which of the following encryption tools would prevent a user from reading a file that they did not create and does not require you to encrypt an entire drive? - VPN - EFS - SSL - IPsec
EFS
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services? - Scanning - Reconnaissance - Enumeration - Sniffing
Enumeration
As part of your penetration test, you have captured an FTP session, as shown below. Which of the following concerns or recommendations will you include in your report? - FTP uses clear-text passwords. - FTP response type 230 should be blocked. - FTP request type A allows ASCII files to be downloaded. - FTP ports 192 & 168 should be hidden.
FTP uses clear-text passwords
Which of the following is the best defense against cloud account and service traffic hijacking? - Use design and runtime protection for data, cloud data encryption, and strong key generation. - Find and fix software flaws continuously, use strong passwords, and use encryption. - Use physical security programs and have pre-installed standby hardware devices. - Research risks, perform CSP due diligence, and use capable resources.
Find and fix software flaws continuously, use strong passwords, and use encryption.
Which of the following is the process of determining the configuration of ACLs by sending a firewall TCP and UDP packets? - Port scanning - Firewalking - Banner grabbing - Packet filtering
Firewalking
You are working on firewall evasion countermeasures and are specifically looking for a tool to expose TTL vulnerabilities. Which of the following tools would you use? - Tunneling - Firewalking - KFSensor - Traffic IQ Professional
Firewalking
Gathering information about a system, its components, and how they work together is known as ________? - Spoofing - Attacking - Footprinting - Analyzing
Footprinting
James, a penetration tester, uses nmap to locate mobile devices attached to a network. Which of the following mobile device penetration testing stages is being implemented? - Exploitation - Scanning - Post-exploitation - Footprinting
Footprinting
Jin, a penetration tester, was hired to perform a black box penetration test. He decides to test their firewall. Which of the following techniques should he use first? - DoS attack - Firewalking - Footprinting - Hoaxing
Footprinting
A hacker has discovered UDP protocol weaknesses on a target system. The hacker attempts to send large numbers of UDP packets from a system with a spoofed IP address, which broadcasts out to the network in an attempt to flood the target system with an overwhelming amount of UDP responses. Which of the following DoS attacks is the hacker attempting to use? - Fraggle attack - Smurf attack - Teardrop attack - SYN flood
Fraggle attack
What are the two types of Intrusion Detection Systems (IDSs)? - HIP and NIP - HIS and NIS - HIDS and NIDS - HID and NID
HIDS and NIDS
You are looking for a web server security tool that will detect hidden malware in websites and advertisements. Which of the following security tools would you most likely use? - Wikto - Hackalert - MBSA - Syhunt Dynamic
Hackalert
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand? - The risks associated with enforcing security procedures and what threats may have been overlooked. - How to define the effectiveness of the current security policies and procedures. - They need a plan of action to control weaknesses and harden systems. - Hackers have time on their side, and there will always be new threats to security.
Hackers have time on their side, and there will always be new threats to security.
Which of the following motivates attackers to use DoS and DDoS attacks? - Hacktivism, profit, and damage reputation - Hacktivism, turf wars, and profit - Distraction, extortion, and theft - Distraction, turf wars, and fun
Hacktivism, profit, and damage reputation
Jessica needs to set up a firewall to protect her internal network from the Internet. Which of the following would be the best type of firewall for her to use? - Hardware - Software - Tunneling - Stateful
Hardware
Robert, an IT administrator, is working for a newly formed company. He needs a digital certificate to send and receive data securely in a Public Key Infrastructure (PKI). Which of the following requests should he submit? - He must send identifying data and a private key request to a validation authority (VA). - He must send the MAC and IP addresses with his certificate to a root certificate authority (CA). - He must send identifying data and the encryption algorithm he will use with his certificate request to a certificate authority (CA). - He must send identifying data with his certificate request to a registration authority (RA).
He must send identifying data with his certificate request to a registration authority (RA).
Which of the following best describes the scan with ACK evasion method? - Returns feedback to the fake IP address and ensures there is no record of the IP address sending the requests. - Helps determine whether the firewall is stateful or stateless and whether or not the ports are open. - Sends packets and breaks them apart so intrusion detection systems don't know what they are. - Filters incoming and outgoing traffic, provides you with anonymity, and shields you from possible detection.
Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
Which of the following could a hacker use Alternate Data Streams (ADS) for? - Erasing evidence - Hiding evidence - Modifying evidence - Tracking evidence
Hiding Evidence
Which of the following honeypot interaction levels simulate all service and applications and can be completely compromised by attackers to get full access to the system in a controlled area? - Medium-level - Low-level - High-level - Critical-level
High-level
An attacker is attempting to connect to a database using a web application system account instead of user-provided credentials. Which of the following methods is the attacker attempting to use? - Password attacks - Cookie parameter tampering - Cookie exploitation - Hijacking web credentials
Hijacking web credentials
Lorena, the CIO, wants to ensure that the company's security practices and policies match well with their firewall security configuration for maximum protection against hacking. Which of the following actions should Lorena take? - Do nothing. The company's data is safe. - Hire a penetration tester. - Purchase a different firewall. - Implement new security practices and policies.
Hire a penetration tester
Mark, an ethical hacker, is looking for a honeypot tool that will simulate a mischievous protocol such as devil or mydoom. Which of the following honeypot tools should he use? - HoneyBOT - HoneyDrive - KFSensor - Honeyd
HoneyBOT
Ports that show a particular service running but deny a three-way handshake connection indicate the potential presence of which of the following? - Trojan - Zombie - Cavity - Honeypot
Honeypot
Which of the following is a physical or virtual network device set up to masquerade as a legitimate network resource? - Firewall - Honeypot - Switch - Server
Honeypot
Rudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any changes. Which of the following processes is he using? - Static analysis - Sheep dipping - Host integrity monitoring - Malware disassembly
Host integrity monitoring
You are on a Windows system. You receive an alert that a file named MyFile.txt.exe had been found. Which of the following could this indicate? - Cloud-based IDS - Host-based IDS - Compliance-based IDS - Network-based IDS
Host-based IDS
Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators? - Host-based assessment - External assessment - Wireless network assessment - Passive assessment
Host-based assessment
Which of the following are protocols included in the IPsec architecture? - SIP, AH, and ESP - IKE, AH, and ACK - IKE, AH, and ESP - SIP, AH, and ACK
IKE, AH, and ESP
Which of the following protocols is one of the most common methods used to protect packet information and defend against network attacks in VPNs? - SYN - BLE - IPsec - ECC
IPsec
You are employed by a small start-up company. The company is in a small office and has several remote employees. You must find a business service that will accommodate the current size of the company and scale up as the company grows. The service needs to provide adequate storage as well as additional computing power. Which of the following cloud service models should you use? - SaaS - DaaS - PaaS - IaaS
IaaS
Which of the following is the most basic way to counteract SMTP exploitations? - Review and implement the security settings and services available with your server software. - Restrict zones to ensure where zones are copied, use digital signatures, and split zones. - Ignore messages to unknown recipients instead of sending back error messages. - Monitor ports, remove agents, update systems, and change default passwords.
Ignore messages to unknown recipients instead of sending back error messages.
Which of the following firewall limitations is a critical vulnerability because it means that packet filters cannot tell whether a connection was started inside or outside the organization? - Inability to inspect the packet's payload. - Inability to prevent spoofing. - Inability to detect the keep the state status. - Inability to protect from internal attacks.
Inability to detect the keep the state status.
Which of the following functions does a single quote (') perform in an SQL injection? - Indicates that data has ended and a command is beginning. - Indicates that the comment has ended and data is being entered. - Indicates that code is ending and a comment is being entered. - Indicates that everything after the single quote is a comment.
Indicates that data has ended and a command is beginning
Which of the following is the correct order for a hacker to launch an attack? - Gain remote access, maintain access, vulnerability scanning, information gathering, launch attack - Launch attack, information gathering, vulnerability scanning, gain remote access, maintain access - Vulnerability scanning, information gathering, gain remote access, launch attack, maintain access - Information gathering, vulnerability scanning, launch attack, gain remote access, maintain access
Information gathering, vulnerability scanning, launch attack, gain remote access, maintain access
Which of the following web server countermeasures is implemented to fix known vulnerabilities, eliminate bugs, and improve performance? - Remove inactive accounts. - Disable the directory listing option. - Perform a vulnerability scan. - Install patches and updates.
Install patches and updates
Roger, a security analyst, wants to tighten up privileges to make sure each user has only the privileges they need to do their work. Which of the following additional countermeasure could he take to help protect privelige? - Create plain text storage for passwords. - Instigate multi-factor authentication and authorization. - Allow unrestricted interactive logon privileges. - Restrict the interactive logon privileges.
Instigate multi-factor authentication and authorization
Which type of cryptanalysis method is based on substitution-permutation networks? - Differential - Integral - Dictionary - Linear
Integral
Jerry runs a tool to scan a clean system to create a database. The tool then scans the system again and compares the second scan to the clean database. Which of the following detection methods is Jerry using? Behavior-based Signature-based Cross view-based Integrity-based
Integrity Based
YuJin drove his smart car to the beach to fly his drone in search of ocean animal activity. Which of the following operation systems are most likely being used by his car and drone? - Integrity RTOS and snappy - Contiki and integrity RTOS - RIOT OS and brillo - ARM mbed OS and snappy
Integrity RTOS and snappy
Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern? - Product-based - Inference-based - Service-based - Tree-based
Interference-basesd
An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: 1. Inspecting physical security 2. Checking open ports on network devices and router configurations 3. Scanning for Trojans, spyware, viruses, and malware 4. Evaluating remote management processes 5. Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed? - External assessment - Passive assessment - Active assessment - Internal assessment
Internal Assessment
Which of the following has five layers of structure that include Edge technology, Access gateway, Internet, Middleware, and Application? - IoT architecture - IoT structure - IoT application areas and devices - IoT systems
IoT architecture
There are several types of signature evasion techniques. Which of the following best describes the obfuscated codes technique? - Uses the CHAR function to represent a character. - Is an SQL statement that is hard to read and understand. - Inserts in-line comments between SQL keywords. - Code can be used to represent an SQL query.
Is an SQL statement that is hard to read and understand.
Which of the follow is a characteristic of Elliptic Curve Cryptography (ECC)? - Uses multiplication of large prime numbers. - Is suitable for small amounts of data and small devices, such as smartphones. - Is used to sign a certificate using a private key and to verify a certificate using a public key. - Uses symmetric encryption.
Is suitable for small amounts of data and small devices, such as smartphones.
Part of a penetration test is checking for malware vulnerabilities. During this process, the penetration tester will need to manually check many different areas of the system. After these checks have been completed, which of the following is the next step? - Isolate system from network - Run anti-malware scans - Document all findings - Sanitize the system
Isolate system from network
Which of the following is the first step you should take if malware is found on a system? - Check for suspicious or unknown registry entries. - Isolate the system from the network immediately. - Sanitize the system using updated anti-malware software. - Look through the event log for suspicious events.
Isolate the system from the network immediately.
Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked? - As long as you are not bombarding the system, the packet segments float by without concern. - It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection. - This scan will help you to determine whether the firewall is stateful or stateless and whether or not the ports are open. - The scan is sent to the recipient, the feedback is returned to the fake - IP address, and then there is no record of your IP address sending the requests
It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.
Which of the following best describes Qualys Vulnerability Management assessment tool? - It has more than 50,000 vulnerability tests with daily updates. - It scans for more than 6,000 files and programs that can be exploited. - It is a cloud-based service that keeps all your data in a private virtual database. - It scans for known vulnerabilities, malware, and misconfigurations.
It is a cloud-based service that keeps all your data in a private virtual database
Patrick is planning a penetration test for a client. As part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus? - ProRat -JPS -TCPView - Webroot
JPS
Which of the following is a protocol that allows authentication over a non-secure network by using tickets or service principal names (SPNs)? - DLL hijacking - Credentials in LSASS - Kerberoasting - Unattended installation
Kerberoasting
Which of the following cryptography attacks is characterized by the attacker having access to both the plain text and the resulting ciphertext, but does not allow the attacker to choose the plain text? - Brute force - Chosen plain text - Known plain text - Chosen ciphertext
Known plain text
After the enumeration stage, you have are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked? - DNS - SMTP - SNMP - LDAP
LDAP
A virus has replicated itself throughout the infected systems and is executing its payload. Which of the following phases of the virus lifecycle is the virus in? - Replication - Incorporation - Launch - Design
Launch
The SQL injection methodology has four parts. Which of the following parts is similar to playing the game 20 questions? - Launch a SQL attack - Information gathering - Advanced SQL injection - Test for SQL injection vulnerabilities
Launch a SQL attack.
Which of the following best describes the countermeasures you would take against a cross-site request forgery attack? - Set the secure flag on all sensitive cookies. Ensure that certificates are valid and are not expired. All non-SSL web page requests should be directed to the SSL page. - Avoid using redirects and forwards. If you must use them, be sure that the supplies values are valid and the user has appropriate authorization. - Log off immediately after using a web application. Clear the history after using a web application, and don't allow your browser to save your login details. - Use SSL for all authenticated parts of an application. Verify whether user information is stored in a hashed format. Do not submit session data as part of a GET or POST.
Log off immediately after using a web application. Clear the history after using a web application and don't allow your browser to save your login details.
Which of the following virus types is shown in the code below? - Direct action - Cavity - Logic bomb - Metamorphic
Logic Bomb
Which of the following honeypot interaction levels can't be compromised completely and is generally set to collect information about attacks like network probes and worms? - Medium-level - Low-level - High-level - Critical-level
Low-level
Ann has a corner office that looks out on a patio that is frequently occupied by tourists. She likes the convenience of her Bluetooth headset paired to her smartphone, but is concerned that her conversations could be intercepted by an attacker sitting on the patio. Which of the following countermeasures would be the most effective for protecting her conversations? - Disable the headset when it is not being used. - Use a non-regular pattern when pairing the headset. - Add a Bluetooth firewall to the smartphone. - Lower the Bluetooth power setting on the smartphone and headset.
Lower the Bluetooth power setting on the smartphone and headset.
Mark is moving files from a device that is formatted using NTFS to a device that is formatted using FAT. Which of the following is he trying to get rid of? - Software programs that hackers use. - Antivirus and anti-spyware programs. - Malicious alternate data streams. - Encrypted steganographic information.
Malicious alternate data streams
Strict supply chain management, comprehensive supplier assessment, HR resource requirements, transparent information security and management, compliance reporting, and a security breach notification process are defenses against which of the following cloud computing threats? - Denial-of-service - Multi-tenancy - Data breach or loss - Malicious insiders
Malicious insiders
Which of the following mobile security concerns is characterized by malicious code that specifically targets mobile devices? - Malicious websites - Unsecure applications - Phishing attacks - Lost and stolen devices
Malicious websites
Which term describes the process of sniffing traffic between a user and server, then re-directing the traffic to the attacker's machine, where malicious traffic can be forwarded to either the user or server? - Session hijacking - DNS spoofing - Man-in-the-middle - Cross-site scripting
Man-in-the-middle
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which of the following cryptographic keys would Mary use to create the digital signature? - Sam's public key - Mary's private key - Mary's public key - Sam's private key
Mary's Private Key
A hacker finds a system that has a poorly design and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor? - AuditPol - Metasploit - Timestomp - CCleaner
Metasploit
Which of the following steps in the web server hacking methodology involves setting up a web server sandbox to gain hands-on experience attacking a web server? - Vulnerability scanning - Session hijacking - Mirroring - Footprinting
Mirroring
Which of the following is another name for the signature-based detection method? - Digital signature - Misuse detection - Identity detection - Obfuscation
Misuse detection
Which of the following bring-your-own-device (BYOD) risks is both a security issue for an organization and a privacy issue for a BYOD user? - Mixing personal and corporate data - Work flexibility - Lower cost - Confidential data exposure
Mixing personal and corporate data
Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question? - NVD - CWE - CVE - CVSS
NVD
A company has implemented the following defenses: 1. The data center is located in safe geographical area. 2. Backups are in different locations. 3. Mitigation measures are in place. 4. A disaster recovery plan is in place. Which of the following cloud computing threats has the customer implemented countermeasures against? - Malicious insiders - Natural disasters - Data breach or loss - Denial-of-service
Natural disasters
Google Cloud, Amazon Web Services, and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompts companies to take advantage of cloud storage? - Need to bring costs down and growing demand for storage. - Need for a storage provider to manage access control. - Need for a platform as a service for developing applications. - Need for a software as a service to manage enterprise applications.
Need to bring costs down and growing demand for storage.
Clive, a penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple iOS. Which of the following tools should he use? - NetScan - Nikto - Retina CS - Nessus
Nessus
You are looking for a web application security tool that runs automated scans looking for vulnerabilities susceptible to SQL injection, cross-site scripting, and remote code injection. Which of the following web application security tools would you most likely use? - dotDefender - Netsparker - VampireScan - N-Stalker
Netsparker
Which of the following is a sign of a network-based intrusion? - Unknown files, altered file attributes, and/or alteration of the files themselves. - New or unusual protocols and services running. - Suspect, unrecognized file extensions, or double extensions. - Missing logs or logs with incorrect permissions/ownership.
New or unusual protocols and services running.
Which of the following would be the best open-source tool to use if you are looking for a web server scanner? - Nikto - NetScan - OpenVAS - Nessus
Nikto
An older technique for defeating honeypots is to use tarpits, which sometimes operate at different levels of the OSI model, depending on their function. Which of the following layers of the OSI model do tarpits work at? - OSI layers 1 (Physical), 4 (Transport), and 6 (Presentation) - OSI layers 2 (DataLink), 4 (Transport), and 7 (Application) - OSI layers 1 (Physical), 3(Network), and 5 (Session) - OSI layers 2 (Data Link), 3 (Network), and 4 (Transport)
OSI layers 2 (DataLink), 4 (Transport), and 7 (Application)
Which of the following is a nonprofit organization that provides tools and resources for web app security and is made up of software developers, engineers, and freelancers? - OWASP - KillerBee - beSTORM - HaLow
OWASP
Sam has used malware to access Sally's computer on the network. He has found information that will allow him to use the underlying NTLM to escalate his privileges without needing the plaintext password. Which of the following types of attacks did he use? - Dictionary attack - Pass the hash - Rainbow attack - Password sniffing
Pass the hash
Which of the following assessment types can monitor and alert on attacks but cannot stop them? - Vulnerability - Host-based - External - Passive
Passive
Which of the following is characterized by an attacker using a sniffer to monitor traffic between a victim and a host? - Passive hijacking - Active hijacking - Session ID - Session key
Passive hijacking
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash? - Password sniffing - Keylogging - Pass the hash - Password salting
Password salting
While performing a penetration test, you captured a few HTTP POST packets using Wireshark. After examining the selected packet, which of the following concerns or recommendations will you include in your report? - The checksum is unverified. - The urgent pointer flag is set to 0. - Passwords are being sent in clear text. - Keep-alive connections are being used.
Passwords are being sent in clear text
Which of the following system exploitation methods happens by adding a malicious file to a file path that is missing quotation marks and has spaces in it? - Unsecure file and folder permissions - Spyware - Writable services - Path interception
Path Interception
First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities. These are the three basic steps in which of the following types of testing? - Penetration - Baseline - Stress - Patch level
Penetration
Which of the following best describes the HTTP Request/Response TRACE? - Establishes a communication tunnel to the server. - Only transfers the status line and the header section. - Performs a loopback test to a target resource. - Stores web pages and distributes them to clients.
Performs a loopback test to a target resource
Above all else, which of the following must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates? - Public keys - Private keys - Cryptographic algorithm - Hash values
Private keys
Which of the following best describes the verification phase of the vulnerability management life cycle? - Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective. - Communicate clearly to management what your findings and recommendations are for locking down the systems and patching problems. - Protect the organization from its most vulnerable areas first and then focus on less likely and less impactful areas. - Is critical to ensure that organizations have monitoring tools in place and have regularly scheduled vulnerability maintenance testing.
Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed? - FIN - URG - RST - ACK
RST
Jack is tasked with testing the password strength for the users of an organization. He has limited time and storage space. Which of the following would be the best password attack for him to choose? - Brute force attack - Keylogger attack - Dictionary attack - Rainbow attack
Rainbow attack
Which of the following attacks utilizes encryption to deny a user access to a device? - DoS - DDoS attack - Ransomware attack - HVAC attack
Ransomware attack
A company has subscribed to a cloud service that offers cloud applications and storage space. Through acquisition, the number of company employees quickly doubled. The cloud service vendor was able to add cloud services for these additional employees without requiring hardware changes. Which of the following cloud concepts does this represent? - Measured service - On-demand service - Resource pooling - Rapid elasticity
Rapid elasticity
Which of the following best describes a reverse proxy method for protecting a system from a DoS attack? - Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact. - Adds extra services so that there are too many platforms for the attacker to be able to flood. - Limits the potential impact of a DoS attack by providing additional response time. - Creates an area of the network where offending traffic is forwarded and dropped.
Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact.
Which of the following is an entity that accepts and validates information contained within a request for a certificate? - Registration authority - Certificate management system - Validation authority - Certificate authority
Registration authority
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in? - Create a baseline - Verification - Risk assessment - Remediation
Risk Assessment
Which of the following is the most frequently used symmetric key stream cipher? - Blowfish - Advanced Encryption Standard (AES) - Ron's Cipher v4 (RC4) - Ron's Cipher v5 (RC5)
Ron's Cipher v4 (RC4)
Linda, an Android user, wants to remove unwanted applications (bloatware) that are pre-installed on her device. Which of the following actions must she take? - Sideload the unwanted applications. - Root the Android device. - Run a Settings application with administrative privileges. - Jailbreak the Android device.
Root the Android device
Which of the following can void a mobile device's warranty, cause poor performance, or brick a mobile device (making it impossible to turn on or repair)? - Permissions-based access controls - Rooting or jailbreaking - Third-party applications - Digital signing
Rooting or jailbreaking
Which of the following types of injections can be injected into conversations between an application and a server to generate excessive amounts of spam email? - SQL injection - XPath injection - LDAP injection - SMTP injection
SMTP injection
Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks? - Scany - SNscan - Currport - Colasoft
SNscan
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back? - ACK - SYN/RST - SYN/ACK - RST
SYN/ACK
Which of the following cloud computing service models delivers software applications to a client either over the Internet or on a local area network? - DaaS - PaaS - IaaS - SaaS
SaaS
Mary is using asymmetric cryptography to send a message to Sam so that only Sam can read it. Which of the following keys should she use to encrypt the message? - Sam's public key - Sam's private key - Mary's public key - Mary's private key
Sam's public key
Anti-malware software utilizes different methods to detect malware. One of these methods is scanning. Which of the following best describes scanning? - Scanning establishes a baseline and keeps an eye on any system changes that shouldn't happen. The program will alert the user that there is possible malware on the system. - Scanning aids in detecting new or unknown malware that is based on another known malware. Every malware has a fingerprint, or signature. If a piece of code contains similar code, the scan should mark it as malware and alert the user. - Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs. - Scanning is when the anti-malware software opens a virtual environment to mimic CPU and RAM activity. Malware code is executed in this environment instead of the physical processor.
Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware program
You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use? - Colasoft - Scany - NetAuditor - Network Topology Manager
Scany
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action? - Spyware - Adware - Ransomware - Scareware
Scareware
Upload bombing and poison null byte attacks are designed to target which of the following web application vulnerabilities? - Scripting errors - Input validation - Flawed web design - Buffer overflow
Scripting errors
Which of the following best describes the heuristic or behavior-based detection method? - Scans a system's processes and executable files, looking for byte sequences of known malicious rootkit programs. - Searches for execution path hooking, which allows a function value in an accessible environment to be changed. - Uses an algorithm as it goes through the system files, processes, and registry keys to create a baseline that is compared to the data returned by the operating system's APIs. - Runs a tool to scan a clean system and create a database, then scans the system and compares the current scan to the clean database.
Searches for execution path hooking, which allows a function value in an accessible environment to be changed
Which of the following includes a list of resolved vulnerabilities? - Statistical vulnerability summary - Statistical vulnerability report - Security vulnerability summary - Security vulnerability report
Security vulnerability summary
You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use? - Nessus Professional - Retina CS for Mobile - SecurityMetrics Mobile - Network Scanner
SecurityMetrics Mobile
Which of the following footprinting methods would you use to scan a web server to find ports that the web server is using for various services? - Port scanning - Detect proxy servers - Detect firewalls - Service discovery
Service discovery
If an attacker's intent is to discover and then use sensitive data like passwords, session cookies, and other security configurations such as UDDI, SOAP, and WSDL, which of the following cloud computing attacks is he using? - Session hijacking through session riding. - Service hijacking through social engineering. - Session hijacking through XSS attack. - Service hijacking through network sniffing.
Service hijacking through network sniffing
Which of the following solutions creates the risk that a hacker might gain access to the system? - Inference-based - Tree-based - Service-based - Product-based
Service-based
It is important to be prepared for a DoS attack. These attacks are becoming more common. Which of the following best describes the response you should take for a service degradation? - Services can be set to throttle or even shut down. - Include a checklist of all threat assessment tools. - Have more than one upstream connection to use as a failover. - Add extra services, such as load balancing and excess bandwidth.
Services can be set to throttle or even shut down.
Your network administrator has set up training for all the users regarding clicking on links in emails or instant messages. Which of the following is your network administrator attempting to prevent? - Session fixation - Packet filtering - DNS spoofing - Packet sniffing
Session fixation
A penetration tester discovers a vulnerable application and is able to hijack a website's URL hyperlink session ID. The penetration tester is able to intercept the session ID; when the vulnerable application sends the URL hyperlink to the website, the session IDs are embedded in the hyperlink. Which of the following types of session hijacking countermeasures is the penetration tester using? - Session fixation attack - TCP/IP session hijacking - Man-in-the-middle attack - UDP session hijacking
Session fixation attack
Which of the following tasks is being described? 1. Sniff the traffic between the target computer and the server. 2. Monitor traffic with the goal of predicting the packet sequence numbers. 3. Desynchronize the current session. 4. Predict the session ID and take over the session. 5. Inject commands to target the server. - Session hijacking - Passive hijacking - Cookie hijacking - Application hijacking
Session hijacking
Which of the following tools can be used to create botnets? - Jolt2, PlugBot, and Shark - Shark, PlugBot, and Poison Ivy - Poison Ivy, Targa, and LOIC - Trin00, Targa, and Jolt2
Shark, PlugBot, and Poison Ivy
Analyzing emails, suspect files, and systems for malware is known as which of the following? - Integrity checking - Static analysis - Sheep dipping - Dynamic analysis
Sheep dipping
Which of the following is also known as ZeroAccess and has virus, Trojan horse, and rootkit components? - Touch - GrayFish - DeepSound - Sirefef
Sirefef
Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against? - Sniffing - Spoofing - Filtering - Hijacking
Sniffing
Allen, the network administrator, needs a tool that can do network intrusion prevention and intrusion detection, capture packets, and monitor information. Which of the following tools would he most likely select? - Nmap - Nessus - Snort - Cain & Abel
Snort
Julie is looking for a honeypot detection tool that is capable of packet manipulation. Which of the following tools should she use? - Snort inline - Honeyd - Sebek - Bait and switch
Snort inline
Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred? - Password guessing - Social engineering - Dumpster diving - Shoulder surfing
Social Engineering
Which of the following best describes shoulder surfing? - Finding someone's password in the trash can and using it to access their account. - Guessing someone's password because it is so common or simple. - Someone nearby watches you enter your password on your computer and records it. - Giving someone you trust your username and account password.
Someone nearby watches you enter your password on your computer and records it
Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used? - DNS zone transfer - Digital signatures - Split DNS - DNS zone restriction
Split DNS
ARP, DNS, and IP are all examples of which of the following? - Session hijacking methods - Spoofing methods - Malware detection methods - IDS detection methods
Spoofing methods
Which of the following is malware that works by stealth to capture information and then sends it to a hacker to gain remote access? - Spyware - ERD Commander - Writable services - Crackers
Spyware
Which of the following describes the risks of spyware that are particular to mobile devices? - Spyware can exploit applications that have not been patched. - Spyware can root or jailbreak a mobile device. - Spyware can crack weak passwords. - Spyware can monitor and log call histories, GPS locations, and text messages.
Spyware can monitor and log call histories, GPS locations, and text messages.
Cameron wants to send secret messages to his friend Brandon, who works at a competitor's company. To secure these messages, he uses a technique to hide a secret message within a video. Which of the following techniques is he using? - RSA algorithm - Encryption - Steganography - Public-key cryptograph
Steganography
The method of embedding data into legitimate files like graphics to hide it and then extracting the data once it reaches its destination is called: - Steganography - NTFS data streaming - Rootkits - Execution path profiling
Steganography
Bob encrypts a message using a key and sends it to Alice. Alice decrypts the message using the same key. Which of the following types of encryption keys is being used? - Digital signature - Block cipher - Symmetric - Asymmetric
Symmetric
Which of the following forms of cryptography is best suited for bulk encryption because of its speed? - Asymmetric cryptography - Symmetric cryptography - Public key cryptography - Hashing cryptography
Symmetric cryptography
You believe your system has been hacked. Which of the following is the first thing you should check? - Modified timestamps - Hidden files - System log files - Browser history
System log files
What port does a DNS zone transfer use? - TCP 139 - TCP 53 - TCP 445 - TCP 23
TCP 53
IP address spoofing, fragmentation attacks, using proxy servers, ICMP tunneling, and ACK tunneling are all examples of which of the following firewall penetration testing techniques? - Footprinting - Firewalking - TCP packet filtering - Banner grabbing
TCP packet filtering
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use? - TCP/UDP 389 - TCP/UDP 53 - TCP/UDP 3268 - TCP/UDP 445
TCP/UDP 389
Donna is configuring the encryption settings on her email server. She is given a choice of encryption protocols and has been instructed to use the protocol that has the most improvements. Which of the following cryptographic protocols should she choose? - VeraCrypt - SSL - TLS - OpenSSL
TLS
Which of the following Bluetooth threats has increased due to the availability of software that can be used to activate Bluetooth cameras and microphones? - Phone calls made through compromised smartphones to numbers that charge fees. - The creation of Bluetooth bugging and eavesdropping devices. - The leaking of calendars and address books through the Bluetooth protocol. - Smartphone worms that replicate by exploiting Bluetooth connections.
The creation of Bluetooth bugging and eavesdropping devices.
Which of the following best describes a cybersquatting cloud computing attack? - The hacker sends the user to a fake website by poisoning the DNS server or cache on the user's system. - The hacker discovers and uses sensitive data like passwords, session cookies, and other security configurations. - The hacker runs a virtual machine on the physical host of a user's virtual machine in order to share physical resources. - The hacker uses phishing scams by making a domain name that is almost the same as the cloud service provider.
The hacker uses phishing scams by making a domain name that is almost the same as the cloud service provider.
Which of the following best describes this image? - The Android Application Programming Interfaces (APIs). - The operating system layers that can be overcome by rooting or jailbreaking. - The iOS operating system stack. - The Mobile Security Model.
The iOS operating system stack.
Alan, an ethical hacker, roots or jailbreaks a mobile device. He checks the inventory information reported by the mobile device management (MDM) software that manages the mobile device. - Which of the following describes what he expects to see in the inventory? - The inventory will show that a password is no longer needed to access the device. - The inventory will show that all data has been removed from the device. - The inventory will show that a device lockout has occurred, preventing anyone from using the device. - The inventory will show the device as vulnerable.
The inventory will show the device is vulnerable.
Which of the following best describes source routing? - The packet's sender investigates the route that a packet takes through the network. - The packet's sender eliminates the route that a packet should take through the network. - The packet's sender has no control over the route that a packet takes through the network. - The packet's sender designates the route that a packet should take through the network.
The packet's sender designates the route that a packet should take through the network.
You are using software as a service (SaaS) in your office. Who is responsible for the security of the data stored in the cloud? - The provider and the customer have no responsibility. - The provider and the customer split responsibility. - The provider is responsible for all the security. - The customer is responsible for all the security.
The provider is responsible for all the security.
Which of the following best describes telnet? - The tool of choice for banner grabbing that operates on port 23. - A Linux tool that analyzes network traffic and returns information about operating systems. - An online tool that is used to obtain server and web server information. - A tool that connects to an open TCP port and returns anything sent in a five-second period.
The tool of choice for banner grabbing that operates on port 23.
Which of the following describes the exploitation stage of the mobile device penetration testing process? - The use of man-in-the-middle attacks, spoofing, and other attacks to take advantage of client-side vulnerabilities. - The inspection of data areas on the mobile device for sensitive information. - The use of scanning tools to determine which wireless networks the mobile device is looking for. - The use of scanning tools to locate mobile devices attached to your network.
The use of man-in-the-middle attacks, spoofing, and other attacks to take advantage of client-side vulnerabilities.
You are using Wireshark to try and determine if a denial-of-service (DDoS) attack is happening on your network (128.28.1.1). You previously captured packets using the tcp.flags.syn==1 and tcp.flags.ack==1 filter, but only saw a few SYN-ACK packets. You have now changed the filter to tcp.flags.syn==1 and tcp.flags.ack==0. After examining the Wireshark results shown in the image, which of the following is the best reason to conclude that a DDoS attack is happening? - are multiple SYN packets with different source addresses destined for 128.28.1.1. - The Transmission Control Protocol shows the hex value of the SYN flag is 0x002. - The source address for all SYN packets is 198.28.1.1. - There was a flood of SYN packets without a matching SYN-ACK packet.
There are multiple SYN packets with different source addresses destined for 128.28.1.1.
Which of the following best explains why brute force attacks are always successful? - They are platform-independent. - They can be performed in a distributed parallel processing environment. - They test every possible valid combination. - They are fast.
They test every valid combination.
Which of the following statements is true regarding cookies? - They load tons of files onto a server, hoping to fill up the server's drives and crash the system. - They will overflow when an application or process tries to send more data than they are able to hold. - They assign session IDs, encryption, and permissions to a specific client for a period of time. - They were created to store information about user preferences and web activities.
They were created to store information about user preferences and web activities.
Hackers can maintain access to a system in several ways. Which of the following best describes the unsecure file and folder method? - Services with weak permissions allow anyone to alter the execution of the service. - The hacker will have rights to do whatever the admin account can do. - There is no problem if the path is written within quotation marks and has no spaces. - This can lead to DLL hijacking and malicious file installations on a non-admin targeted user.
This can lead to DLL hijacking and malicious file installations on a non-admin targeted user.
An IDS can perform many types of intrusion detections. Three common detection methods are signature-based, anomaly-based, and protocol-based. Which of the following best describes protocol-based detection? - This detection compares behavior to baseline profiles or network behavior baselines. - This detection method analyzes network traffic for common patterns referred to as signatures. - This detection method can include malformed messages and sequencing errors. - This detection method notices when behavior goes outside an acceptable range.
This detection method can include malformed messages and sequencing errors.
Diana, a penetration tester, executed the following command. Which answer describes what you learn from the information displayed? - DNS translation is being used. - Split DNS is being used. - There are DNS restrictions in place. - This is a DNS zone transfer.
This is a DNS zone transfer
You have just run the John the Ripper command shown in the image. Which of the following was this command used for? - To extract the password and save it in the secure.txt file. - To extract the password hashes and save them in the secure.txt file. - To extract the password from a rainbow hash and save it in the secure.txt file. - To extract the password and save it in a rainbow table named secure.txt.
To extract the password hashes and save them in the secure.txt file.
James, a hacker, has hacked into a Unix system and wants to change the timestamps on some files to hide his tracks. Which of the following timestamp tools would he most likely use? - Touch - Timestomp - Meterpreter - ctime
Touch
Which of the following tools enables security professionals to audit and validate the behavior of security devices? - MTU offset - Fragment Packets - TCP ACK Scan - Traffic IQ Professional
Traffic IQ Professional
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using? - Virus - Spyware - Trojan horse - Worm
Trojan Horse
An IT technician receives an IDS alert on the company network she manages. A seemingly random user now has administration privileges in the system, some files are missing, and other files seem to have just been created. Which of the following alerts did this technician receive? - True positive - False negative - True negative - False positive
True Positive
Which of the following is the number of keys used in asymmetric (public key) encryption? - One - Two - Three - Four
Two
A hacker has gained physical access to a system and has changed an administrator's account password. Which of the following tools did the hacker most likely use to accomplish this? - CCleaner - Timestomp - StegoStick - Ultimate Boot CD
Ultimate Boot CD
Which of the following privilege escalation risks happens when a program is being installed without the constant supervision of the IT employee and fails to clean up after? - Gaining credentials in LSASS - DLL hijacking - Unattended installation - Kerberoasting
Unattended installation
Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the best countermeasure for securing the captured network traffic? - Use encryption for all sensitive traffic. - Implement acceptable use policies. - Use intrusion detection countermeasures. - Eliminate unnecessary system applications.
Use encryption for all sensitive traffic.
Which of the following Bluetooth attack countermeasures would help prevent other devices from finding your Bluetooth device that is in continuous operation? - Raise the power setting on Bluetooth devices. - Use hidden mode when your Bluetooth device is enabled. - Ensure the Bluetooth device is operating in a lower security mode. - Use a regular pattern when pairing your device.
Use hidden mode when your Bluetooth device is enabled.
A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file? - Usernames, but no passwords - The root username and password - No usernames or passwords - Usernames and passwords
Usernames, but no passwords
Which of the following best describes IPsec enumeration? - Is used to manage devices such as routers, hubs, and switches. - Is used by most email servers and clients to send email messages. - Uses SIP to enable voice and video calls over an IP network. - Uses ESP, AH, and IKE to secure communication between VPN endpoints.
Uses ESP, AH, and IKE to secure communication between VPN endpoints. Which of the following
Which of the following is a characteristic of Triple DES (3DES)? - Uses the Rijndael block cipher - Uses a 168-bit key - Uses 64-bit blocks with 128-bit keys - Is easy to break
Uses a 168-bit key
Which of the following best describes a feature of symmetric encryption? - Uses only one key to encrypt and decrypt data. - Does not require the exchange of the shared secret key. - Uses only one algorithm type. - Does not work well for bulk encryption of less sensitive data.
Uses only one key to encrypt and decrypt data.
Which of the following is a characteristic of the Advanced Encryption Standard (AES) symmetric block cipher? - Is used by Pretty Good Privacy (PGP) email encryption. - Uses up to 16 rounds of substitution and transposition. - Is easy to break. - Uses the Rijndael block cipher.
Uses the Rijndael block cipher
Which of the following uses on-the-fly encryption, meaning the data is automatically encrypted immediately before it is saved and decrypted immediately after it is loaded? - BitLocker - Secure Sockets Layer (SSL) - Transport Layer Security (TSL) - VeraCrypt
VeraCrypt
Which of the following is an attack where all traffic is blocked by taking up all available bandwidth between the target computer and the Internet? - Volumetric attack - Amplification attack - Phlashing attack - Fragmentation attack
Volumetric attack
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses? - Vulnerability assessment - Passive assessment - External assessment - Host-based assessment
Vulnerability Assessment
Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing? - Vulnerability assessment - Vulnerability research - Vulnerability management - Vulnerability scanning
Vulnerability research
SQL injections are a result of which of the following flaws? - The web server - The file system - Web applications - The database
Web applications
Which of the following explains why web servers are often targeted by attackers? - Web servers are simple devices with few complex features, making their attack surfaces easy to exploit. - Web servers provide an easily found, publicly accessible entrance to a network that users are encouraged to enter into and browse. - Web servers are placed behind firewalls to make them less accessible to users. - Web servers are standalone servers that seldom interact with other network resources.
Web servers provide an easily found, publicly accessible entrance to a network that users are encouraged to enter into and browse
You are analyzing the web applications in your company and have newly discovered vulnerabilities. You want to launch a denial-of-service (DoS) attack against the web server. Which of the following tools would you most likely use? - WebScarab - WebInspect - Wireshark - Burp Suite
WebInspect
Which of the following types of web server attacks is characterized by altering or vandalizing a website's appearance in an attempt to humiliate, discredit, or annoy the victim? - Website defacement - Footprinting - Cross-site scripting - Directory traversal
Website defacement
You suspect that an ICMP flood attack is taking place from time to time, so you have used Wireshark to capture packets using the tcp.flags.syn==1 filter. Initially, you saw an occasional SYN or ACK packet. After a short while, however, you started seeing packets as shown in the image. Using the information shown, which of the following explains the difference between normal ICMP (ping) requests and an ICMP flood? - With the flood, all packets come from the same source IP address in quick succession. - The only difference is the number of packets that are sent. - The normal ICMP ping request only has one source address. - With the ICMP flood, ICMP packets are sent and received at a quicker rate than normal ICMP packets.
With the flood, all packets come from the same source IP address in quick succession
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using? - Trojan horse - Spyware - Worm - Virus
Worm
Which of the following actions was performed using the WinDump command line sniffer? - Read packet capture files from interface 1 in mycap.pcap file. - Requested that hexadecimal strings be included from interface 1 to mycap.pcap. - Requested that asci strings are included from interface 1 to mycap.pcap. - Wrote packet capture files from interface 1 into mycap.pcap.
Wrote packet capture files from interface 1 into mycap.pcap.
This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done? - Buffer overflows - Open services - Default settings - Application flaws
application flaws
Phil, a hacker, has found his way into a secure system. He is looking for a Windows utility he can use to retrieve, set, back up, and restore logging policies. Which of the following utilities should he consider? - gpedit - poledit - secedit - auditpol
auditpol
Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system? - Wardriving - Wardialing - Firewalking - Banner grabbing
banner grabbing
During a penetration test, Omar found unpredicted responses from an application. Which of the following tools was he most likely using while assessing the network? - Shodan - Zniffer - beSTORM - Censys
beSTORM
Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find? - The built-in guest - The domain admins - The domain guests - The built-in administrator
built-in guest
Which of the following is the name of the attribute that stores passwords in a Group Policy preference item in Windows? - cPasswords - LSASS - SAM - SPNs
cPasswords
Which of the following terms is the encrypted form of a message that is unreadable except to its intended recipient? - steganography - encryption algorithm - ciphertext - plain text
ciphertext
Which of the following enumeration tools provides information about users on a Linux machine? - SuperScan - PsTools - Null session - finger
finger
Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using? - Fingerprinting - Wardialing - Ping sweep - Beyond Trust
fingerprinting
Which of the following Bluetooth discovery tool commands will show the Bluetooth MAC address, clock offset, and class of each discovered device? hcitool scan hciconfig hci0 up hcitool inq l2ping scan
hcitool inq
A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used? - NULL scan - Xmas tree scan - Full open scan - Idle scan
idle scan
Using Wireshark filtering, you want to see all traffic except IP address 192.168.142.3. Which of the following is the best command to filter a specific source IP address? ip.src && 192.168.142.3 ip.src ne 192.168.142.3 ip.src eq 192.168.142.3 ip.src == 192.168.142.3
ip.src ne 192.168.142.3
A user is having trouble connecting to a newly purchased Bluetooth device. An administrator troubleshoots the device using a Linux computer with BlueZ installed. The administrator sends an echo request to the device's Bluetooth MAC address to determine whether the device responds. Which of the following commands was used? l2ping sdptool hcitool hciconfig
l2ping
Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers? - nc -l -p 2222 (manager's computer) and nc -sv 192.168.34.91 2222 (Shawn's machine) - nc -n -s 2222 (manager's computer) and nc -lp 192.168.34.91 2222 (Shawn's machine) - nc -l -s 2222 (manager's computer) and nc -pv 192.168.34.91 2222 (Shawn's machine) - nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)
nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)
Which of the following is an online tool that is used to obtain server and web server information? - Netcraft - nmap - P0f - Telnet
netcraft
Daphne suspects a Trojan horse is installed on her system. She wants to check all active network connections to see which programs are making connections and the FQDN of where those programs are connecting to. Which command will allow her to do this? netstat -a -b netstat -f -b netstat -f -a -b netstat -f -a
netstat -f -b
A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used? - Vulnerability scan - Network scan - Port scan - Decoy scan
network scan
On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run? - nmap -sC vulners -sV 10.10.10195 - nmap --script vulners -sV 10.10.10.195 - nmap -sC nmap-vulners -sV 10.10.10.195 - nmap --script nmap-vulners -sV 10.10.10.195
nmap --script nmap-vulners -sV 10.10.10.195
When it comes to obfuscation mechanisms, nmap has the ability to generate decoys, meaning that detection of the actual scanning system becomes much more difficult. Which of the following is the proper nmap command? nmap -S RND:11 target_IP_address nmap -S RND:20 target_IP_address nmap -D RND:10 target_IP_address nmap -D RND:01 target_IP_address
nmap -D RND:10 target_IP_address
Nmap provides many commands and scripts that are used to evade firewalls and intrusion detection systems. Which of the following is the proper nmap command to use the decoy option? nmap -sA 10.10.10.1 nmap -P0 -sI 1.1.1.1:1234 10.10.10.1 nmap -f 10.10.10.1 nmap -D RND:25 10.10.10.1
nmap -D RND:25 10.10.10.1
Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command? - nmap -sV --script=banner ip_address - nmap -sT --script=banner ip_address - nmap -sN --script=banner ip_address - nmap -sX --script=banner ip_address
nmap -sV --script=banner ip_address
Which of the following scans is used to actively engage a target in an attempt to gather information about it? - Port scan - Vulnerability scan - Network scan - TCP scan
port scan
You have created and sorted an md5 rainbow crack table. You want to crack the password. Which of the following commands would you use to crack a single hash? - rtgen sha1 ascii-32-95 1 20 0 1000 1000 0 - rtgen md5 ascii-32-95 1 20 0 1000 1000 0 - rcrack . -l /root/hashes.txt - rcrack . -h 202cb962ac59075b964b07152d234b70
rcrack . -h 202cb962ac59075b964b07152d234b70
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the account manager's email address? - [email protected] - [email protected] - [email protected] - [email protected]
Which of the following Bluetooth configuration and discovery tools can be used to check which services are made available by a specific device and can work when the device is not discoverable, but is still nearby? l2ping hcitool hciconfig sdptool
sdptool
Which of the following Bluetooth discovery tools will produce the output shown below? hciconfig hcitool l2ping sdptool
sdptool
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this? - Spam - Hoax - Spim - Surf
spim
Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses? - The remediation phase - The verification phase - The risk assessment phase - The monitoring phase
the remediation phase
What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats? - Decoy scan - Port scan - Vulnerability scan - Network scan
vulnerability scan
Karen received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report? - A port scanner - An antivirus scanner - A malware scanner - A vulnerability scanner
vulnerability scanner
A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used? - Stealth - Fingerprinting - Ping sweep - Wardialing
wardialing
You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use? - nmap -sT xyzcompany.com - nmap -sS xyzcompany.com - nmap -sA xyzcompany.com - nmap -sV xyzcompany.com
nmap -sS xyzcompany.com
You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep? nmap -sM 172.125.68. 1-255 nmap -sU 172.125.68. 1-255 nmap -sn 172.125.68. 1-255 nmap -sS 172.125.68. 1-255
nmap -sn 172.125.68.1-255
Penetration testing is a practice conducted by an ethical hacker to see how an organization's security policies and security practices measure up to the organization's actual overall successful system security. When can an ethical hacker start the penetration test? - Once you have had the project planning meterm-274etings and all the legal contracts are signed. - Once all the legal contracts are signed and you scope out the penetration testing project. - Once you have established an extensive plan, formalities are settled, and permissions are given. - Once all the legal contracts are signed, formalities are settled, and permissions are given.
Once all the legal contracts are signed, formalities are settled, and permissions are given.
Which of the following is the number of keys used in symmetric encryption? - One - Two - Four - Five
One
Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the host 192.168.0.34 filter? - Only packets with 192.168.0.34 in either the source or destination address are captured. - Only packets with 192.168.0.34 in the source address are captured. - Only packets on the 192.168.0.34 network are captured. - Only packets with 192.168.0.34 in the destination address are captured.
Only packets with 192.168.0.34 in either the source or destination address are captured.
Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the net 192.168.0.0 filter? - Only packets with a destination address on the 192.168.0.0 network are captured. - Only packets with a source address on the 192.168.0.0 network are captured. - Only packets with either a source or destination address on the 192.168.0.0 network are captured. - Only packets with a source address of 192.168.0.0 are captured.
Only packets with either a source or destination address on the 192.168.0.0 network are captured.
Which of the following is an open-source cryptography toolkit that implements SSL and TLS network protocols and the related cryptography standards required by them? - OpenSSL - EFS - Symantec Drive Encryption - BitLocker
OpenSSL
Which of the following best describes a proxy server? - Operates at Layers 3 (Network) and 4 (Transport) of the OSI model. - Operates at Layers 5 (Session) and 7 (Application) of the OSI model. - Operates at Level 5 (Session) of the OSI model. - Operates at Layer 7 (Application) of the OSI model.
Operates at Layer 7 (Application) of the OSI model.
Which of the following is a tool for cracking Windows login passwords using rainbow tables? - GreyFish - Ophcrack - ERD Commander - Trinity Rescue Kit
Ophcrack
oe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use? - Shodan - P0f - Telnet - Netcraft
P0f
Which of the following flags is used by a TCP scan to direct the sending system to send buffered data? - SYN - PSH - FIN - URG
PSH
Which of the following firewall technologies operates at Layers 3 (Network) and 4 (Transport) of the OSI model? - Application level - Packet filtering - Circuit level gateway - VPN
Packet filtering
