Ethical Pen Testing Practice Final
False
AES uses a 128-bit key and is used in PGP encryption software.
True
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.
False
CSMA/CD is implemented at the data link layer on wireless networks.
RADIUS server
If an organization does not want to rely on a wireless device to authenticate users, which of the following is a secure alternative?
True
It is possible to have a wireless network that does not connect to a wired network.
True
OLE DB relies on connection strings that enable the application to access the data stored on an external device.
Firmware
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
False
Routers are the bridge between wired and wireless networks.
True
Routers operate at the Network layer of the TCP/IP protocol stack.
True
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
L0phtcrack
What application is considered the original password-cracking program and is now used by many government agencies to test for password strength?
SSID
What is the 1 to 32 character configurable name used to identify a WLAN?
AES
What type of encryption is currently used to secure WPA2?
Authentication
Which of the following refers to verifying the sender or receiver (or both) is who they claim to be?
security misconfigurations
Which of the following results from poorly configured technologies that a Web application runs on top of?
Insertion
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
Narrowband
Which type of wireless technology uses microwave radio waves to transmit data?
Maltego
__________ is a visual link analysis tool that, out the box, comes with open source intelligence (OSINT) plugins - called transforms.
False
A user can view the source code of a PHP file by using their Web browser's tools.
Medium Frequency (MF)
Which frequency band is used by commercial AM radio stations?
PEAP
Which of the following EAP methods uses TLS to authenticate the server to the client, but not the client to the server?
802
Which of the following IEEE projects was developed to create LAN and WAN
Dynamic Application Security Testing (DAST)
Which of the following application tests analyzes a running application for vulnerabilities?
Modulation
Which of the following defines how data is placed on a carrier signal?
EAP
Which of the following protocols is an enhancement to PPP, and was designed to allow a company to select its authentication method?
business logic
Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?
True
Embedded OSs are usually designed to be small and efficient so they do not have some of the functions that general-purpose OSs have.
True
Symmetric algorithms support confidentiality, but not authentication and non repudiation.
RSA
What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce?
WPAN
What is the IEEE 802 standards name for a wireless network that is limited to one person's workspace?
Developer Tools
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
C/C++
What programming languages are vulnerable to buffer overflow attacks?
application-aware firewall
What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does?
Stateful
What type of packet filtering records session-specific information about a network connection, including the ports a client uses?
Java-based
What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?
user-level security
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
Anomaly-based IDS
Which IDS system uses a baseline of normal activity and then sends an alert if the activity deviates significantly from this baseline?
802.11g
Which IEEE standard can achieve a throughput of 54 Mbps?
getElementById
Which JavaScript function is a "method" or sequence of statements that perform a routine or task?
stored
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?
X.509
A certificate contains a unique serial number and must follow which standard that describes the creating of a certificate?
Security Operations Center
A large organization that is responsible for sensitive or critical data may elect to create which of the following to do damage assessment, risk remediation, and legal consultation?
True
Asymmetric algorithms are more scalable than symmetric algorithms.
SQLOLEDB
Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers?
True
ECC is an efficient algorithm requiring few hardware resources, so it's a perfect candidate for wireless devices and cell phones.
Cryptanalysis
If a security expert decides to study the process of breaking encryption algorithms, they are performing which of the following?
False
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
False
Symmetric algorithms use two keys that are mathematically related.
True
The 802.11b standard introduced Wired Equivalent Privacy (WEP), which gave many users a false sense of security that data traversing the WLAN was protected.
True
There are measures for preventing radio waves from leaving or entering a building so that wireless technology can be used only by people located in the facility.
input validation
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?
FHSS
What specific type of spread spectrum modulation allows data to hop to other frequencies to avoid interference that might occur over a frequency band?
SIEM
What specific type of tools can assist teams by identifying attacks and indicators of compromise by collecting, aggregating, and correlating log and alert data from routers, firewalls, IDS/IPS, endpoint logs, Web filtering devices, and other security tools?
802.1x
What standard specifically defines the process of authenticating and authorizing users on a network?
Host-based
What type of IDS/IPS is used to protect a critical network server or database server by installing the IDS or IPS software on the system you're attempting to protect?
Known Plaintext
What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms?
Decryption
Which of the following is the process of converting ciphertext back into plaintext?
CFML
Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages?
Interface Configuration Mode
If a Cisco administrator needs to configure a serial or Fast Ethernet port, which configuration mode should they use?
cgi-bin
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?
Authorization
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
SSL/TLS downgrade attack
What type of attack is being performed when an attacker intercepts the initial communications between a Web server and a Web browser while forcing a vulnerable server to insecurely renegotiate the encryption being used down to a weaker cipher?
Chosen Plaintext
What type of attack is being performed when the attacker has access to plaintext and ciphertext, and can choose which messages to encrypt?
Substitution Cipher
What type of cryptography is demonstrated by reversing the alphabet so A becomes Z, B becomes Y, and so on?
Static Application Security Testing (SAST)
Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?
connection strings
Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device?
OLE DB
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
OLE DB
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?
Honeypot
Which of the following is a computer placed on the network perimeter with the main goal of distracting hackers from attacking legitimate network resources?
WPS
Which of the following is a flawed wireless authentication standard created to allow users to easily add devices to a wireless network securely?
ADO
Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?
kismet
Which of the following is a utility that is a wireless network detector, sniffer, and an intrusion detection system?
AppSec
Which of the following is an alternative term used when referring to Application Security?
null SA password
Which of the following is considered to be the most critical SQL vulnerability?
CGI
Which of the following is the interface that determines how a Web server passes data to a Web browser?
