CEH - Part 1

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Scanning

A Certified Ethical Hacker (CEH) follows a specific methodology for testing a system. Which step comes after footprinting in the CEH methodology?

A multihomed firewall

A DMZ is created with which of the following?

Synchronize server information

A DNS zone transfer is used to do which of the following?

SSL

A POODLE attack targets what exactly?

RAT

A Trojan can include which of the following?

Social engineering

A Trojan relies on __________ to be activated.

Capture the WPA2 authentication traffic and crack the key.

A WPA2 wireless network is discovered during a pen test. Which of the following methods is the best way to crack the network key?

SAM

A __________ is a file used to store passwords.

Rainbow attack

A __________ is a type of offline attack.

NULL session

A __________ is used to connect to a remote system using NetBIOS.

Hash

A __________ is used to represent a password.

Bollard

A ____________ is used to prevent cars from ramming a building.

Identify a service

A banner can do what?

Error messages are not available.

A blind SQL injection attack is used when which of the following is true?

Private network

A closed network is typically which of the following?

LaaS

A cloud environment can be in which of the following configurations except?

Networks

A cloud-based firewall is used to separate which of the following?

Buffer overflow

A common attack against web servers and web applications is __________.

Gives proof

A contract is important because it does what?

An SDK

A covert channel or backdoor may be detected using all of the following except __________.

LOIC

A denial of service application for Android is __________.

Networks

A firewall is used to separate which of the following?

A half-open does not include the final ACK.

A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan?

Complex passwords

A good defense against password guessing is __________.

Collision

A hacker feeds plain-text files into a hash, eventually finding two or more that create the same fixed-value hash result. This anomaly is known as what?

Attract victims to connect to it.

A honeyspot is designed to do what?

Two

A logic bomb has how many parts, typically?

Time and date Actions Events

A logic bomb is activated by which of the following?

An external threat can take advantage of the misconfigured X-server vulnerability. An internal threat can take advantage of the misconfigured X-server vulnerability.

A machine in your environment uses an open X-server to allow remote access. The X-server access control is disabled, allowing connections from almost anywhere and with little to no authentication measures. Which of the following are true statements regarding this situation? (Choose all that apply.)

Smishing

A man receives a text message on his phone purporting to be from Technical Services. The text advises of a security breach and provides a web link and phone number to follow up on. When the man calls the number, he turns over sensitive information. Which social engineering attack was this?

Anti-virus

A man-in-the-browser attack delivered by a piece of malware can be prevented by which of the following?

Trojans

A man-in-the-browser attack is typically enabled by using which mechanism?

Insert themselves into an active session

A man-in-the-middle attack is an attack where the attacking party does which of the following?

nmap -A IPAddress

A member of your team enters the following command: nmap -sV -sC -O -traceroute IPAddress Which of the following nmap commands performs the same task?

Hashing

A message digest is a product of which kind of algorithm?

Insertion

A method for overwhelming an IDS using packets with incorrect TTL values or flags is known as what?

winpcap

A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what driver and library are required to allow the NIC to work in promiscuous mode?

Gaining access

A penetration test usually has three phases: preparation, conducting, and conclusion. The most crucial phase of a penetration test, the phase in which you conduct the test, consists of five stages. What is the third stage?

Evades detection through rewriting itself

A polymorphic virus __________.

URL embedding

A public use workstation contains the browsing history of multiple users who logged in during the last seven days. While digging through the history, a user runs across the following web address: www.snaz22enu.com/&w25/session=22525. What kind of embedding are you seeing?

Security examination

A quantitative risk analysis involves the measurement and statistical evaluation of all the elements of risk analysis. What step is usually performed before conducting a quantitative risk analysis? Choose the best option(s) from those listed below.

Sniff traffic

A remote access Trojan would be used to do all of the following except __________.

The attacker is attempting LDAP injection.

A security administrator monitoring logs comes across a user login attempt that reads UserJoe)(&). What can you infer from this username login attempt?

XSS

A security administrator sets the HttpOnly flag in cookies. Which of the following is he most likely attempting to mitigate against?

Tailgating

A security camera picks up someone who doesn't work at the company following closely behind an employee while they enter the building. What type of attack is taking place?

The attacker took advantage of a zero-day vulnerability on the machine.

A security peer is confused about a recent incident. An attacker successfully accessed a machine in the organization and made off with some sensitive data. A full vulnerability scan was run immediately following the theft, and nothing was discovered. Which of the following best describes what may have happened?

Social engineering

A security staff is preparing for a security audit and wants to know if additional security training for the end user would be beneficial. Which of the following methods would be the best option for testing the effectiveness of user training in the environment?

Ensure that any remaining risk is residual or low and accept the risk.

A security team is implementing various security controls across the organization. After several configurations and applications, a final agreed-on set of security controls are put into place; however, not all risks are mitigated by the controls. Of the following, which is the next best step?

Cookies and devices

A session hijack can be initiated from all of the following except which one?

Worms

A session hijack can be used against a mobile device using all of the following except?

Networks and applications

A session hijack can happen with which of the following?

Infects files selectively

A sparse infector virus __________.

Two-factor authentication

A user on Joe's network does not need to remember a long password. Users on Joe's network log in using a token and a four-digit PIN. Which authentication measure best describes this?

WPScan

A utility for auditing WordPress from Android is __________.

Display pop-ups

A virus does not do which of the following?

Find open ports Find weaknesses

A vulnerability scan is a good way to do what?

Complete knowledge

A white-box test means the tester has which of the following?

NTFS

ADS requires what to be present?

Mandatory access control

Access control models are used as part of the overall security model to specify how users access objects. Each access control model is designed to be used in a specific environment and is administered based on the needs of that environment. Which access control model is designed to be used by organizations that work with highly classified data?

Push and pop

Adding to and removing from a program stack are known as what?

Assist in the sniffing of wireless traffic.

AirPcap is used to do which of the following?

Evade an NIDS

Altering a checksum of a packet can be used to do what?

Evade an NIDS.

Altering a checksum of a packet can be used to do what?

NTFS

Alternate Data Streams are supported in which file systems?

IaaS

Amazon's EC2 provides virtual machines that can be controlled through a service API. Which of the following best defines this service?

Host

An HIDS is used to monitor activity on which of the following?

Anomaly based

An IDS installed on the network perimeter sees a spike in traffic during off-duty hours and begins logging and alerting. Which type of IDS is in place?

Packet sniffing

An NIDS is based on technology similar to which of the following?

Identify a network.

An SSID is used to do which of the following?

IDS

An administrator has just been notified of irregular network activity; what appliance functions in this manner?

Deviations from known traffic patterns

An anomaly-based NIDS is designed to look for what?

PaaS

An application would be developed on what type of cloud service?

Inserting oneself into an active session

An attack that can be performed using FaceNiff is __________.

NetBIOS

An attacker can use __________ to enumerate users on a system.

Backdoor

An attacker can use a(n) __________ to return to a system.

Name-dropping

An attacker can use which technique to influence a victim?

Tailgating

An attacker creates a fake ID badge and waits next to an entry door to a secured facility. An authorized user swipes a key card and opens the door. Jim follows the user inside. Which social engineering attack is in play here?

start readme.txt:badfile.exe

An attacker has hidden badfile.exe in the readme.txt file. Which of the following is the correct command to execute the file?

Shoulder surfing

An attacker has physical access to a building and wants to attain access credentials to the network using nontechnical means. Which of the following social engineering attacks is the best option?

The packet capture will provide the MAC addresses of other machines connected to the switch. The packet capture will display all traffic intended for the laptop.

An attacker has successfully connected a laptop to a switch port and turned on a sniffer. The NIC is running in promiscuous mode, and the laptop is left alone for a few hours to capture traffic. Which of the following statements are true? (Choose all that apply.)

Spear phishing

An attacker performs a Whois search against a target organization and discovers the technical point of contact (POC) and site ownership e-mail addresses. He then crafts an e-mail to the owner from the technical POC, with instructions to click a link to see web statistics for the site. Instead, the link goes to a fake site where credentials are stolen. Which attack has taken place?

Heartbleed

An attacker uses a Metasploit auxiliary exploit to send a series of small messages to a server at regular intervals. The server responds with 64 bytes of data from its memory. Which of the following best describes the attack being used?

The port is filtered at the firewall.

An ethical hacker is ACK-scanning against a network segment he knows is sitting behind a stateful firewall. If a scan packet receives no response, what does that indicate?

A white hat is attempting a black-box test.

An ethical hacker is given no prior knowledge of the network and has a specific framework in which to work. The agreement specifies boundaries, nondisclosure agreements, and a completion date definition. Which of the following statements is true?

A white hat is attempting a black-box test.

An ethical hacker is hired to test the security of a business network. The CEH is given no prior knowledge of the network and has a specific framework in which to work, defining boundaries, nondisclosure agreements, and the completion date. Which of the following is a true statement?

Stealth

An ethical hacker is sending TCP packets to a machine with the SYN flag set. None of the SYN/ACK responses on open ports is being answered. Which type of port scan is this?

Source routing

An ethical hacker sends a packet with a deliberate and specific path to its destination. What technique is the hacker using?

It uses a shared key for encryption.

An organization has decided upon AES with a 256-bit key to secure data exchange. What is the primary consideration for this?

An obvious method of using a system

An overt channel is __________.

Linux

Android is based on which operating system?

Passive

As a pen test team member, you begin searching for IP ranges owned by the target organization and discover their network range. You also read job postings and news articles and visit the organization's website. Throughout the first week of the test, you also observe when employees come to and leave work, and you rummage through the trash outside the building for useful information. Which type of footprinting are you accomplishing?

Ensure the company specifies what areas you are required to test. Do not reveal any company information to a third party.

As an ethical hacker, you are required to breach a system's security and attempt to access sensitive data. Although these actions are performed with a company's knowledge, you need to ensure that you will not be held liable for any actions you perform as part of your duties. This would also include any consequences, such as damage to a system, that result from testing. In which ways can you protect yourself when performing ethical hacking?

Privacy Act

As part of a pen test on a U.S. government system, you discover files containing Social Security numbers and other sensitive personally identifiable information (PII) information. You are asked about controls placed on the dissemination of this information. Which of the following acts should you check?

Gray box

As part of the preparation phase for a pen test you are participating in, the client relays their intent to discover security flaws and possible remediation. They seem particularly concerned about internal threats from the user base. Which of the following best describes the test type the client is looking for?

Layer 3

At which layer of the OSI model does a packet-filtering firewall work?

Application

At which layer of the OSI model does a proxy operate?

Layer 3 Layer 4

At which layer of the OSI model would you expect a cloud based solution to operate at?

operational

Background checks on employees, risk assessments on devices, and policies regarding key management and storage are examples of __________ measures within physical security.

Sending unsolicited messages

Bluejacking is a means of which of the following?

Read information from a device.

Bluesnarfing is used to perform what type of attack?

Reverse social engineering

Bob decides to employ social engineering during part of his pen test. He sends an unsolicited e-mail to several users on the network advising them of potential network problems and provides a phone number to call. Later that day, Bob performs a DoS on a network segment and then receives phone calls from users asking for assistance. Which social engineering practice is in play here?

MAC flooding

Bob is attempting to sniff a wired network in his first pen test contract. He sees only traffic from the segment he is connected to. What can Bob do to gather all switch traffic?

$207.50

Brad has done some research and determined a certain set of systems on his network fail once every ten years. The purchase price for each of these systems is $1200. Additionally, Brad discovers the administrators on staff, who earn $50 an hour, estimate five hours to replace a machine. Five employees, earning $25 an hour, depend on each system and will be completely unproductive while it is down. If you were to ask Brad for an ALE on these devices, what should he answer with?

Hidden fields

Browsers do not display __________.

They are effective risk management tools.

Business intelligence tools can be used to collect and analyze data and present information in a way that allows business to easily process information and data. This enables a more informed decision-making capability within the organization. How can business intelligence tools be used to enhance an organization's information security?

Application firewall

Choosing a protective network appliance, you want a device that will inspect packets at the most granular level possible while providing improved traffic efficiency. What appliance would satisfy these requirements?

Increase management options Offload operations onto a third party Cut costs

Cloud technologies are used to accomplish which of the following?

Legal reasons Regulatory reasons To perform an audit

Companies may require a penetration test for which of the following reasons?

Chosen plaintext attack

Consider an attack in which the attacker already has access to the encryption algorithm. Using the algorithm, they encrypt plaintext and then examine the resulting ciphertext to see how it was encrypted. This is an example of which type of cryptanalytic attack?

Integrity Authentication

Cryptography is the conversion of data into a scrambled code that can be decrypted by the intended recipient. This allows data to remain confidential when sent across a private or public network. Cryptography can be used to protect confidential data such as email messages, chat sessions, web transactions, personal data, and corporate data. In addition to confidentiality, what other objectives can cryptography meet?

Configuration

Databases can be a victim of code exploits depending on which of the following?

Employ robust key management Deploy IPS

Defense in depth is a philosophy that is used to help protect information systems in complex environments. Which of the following are defense in depth principles? Choose the best option(s) from those listed below.

102 through 104

During a TCP data exchange, the client has offered a sequence number of 100, and the server has offered 500. During acknowledgments, the packet shows 101 and 501, respectively, as the agreed-upon sequence numbers. With a window size of 5, which sequence numbers would the server willingly accept as part of this session?

RST

During a Xmas tree scan what indicates a port is closed?

RST

During an FIN scan, what indicates that a port is closed?

The phone number is publicly available.

During an assessment you discovered that the target company was using a fax machine. Which of the following is the least important?

Cease testing immediately and contact authorities.

During an assessment, your pen test team discovers child porn on a system. Which of the following is the appropriate response?

Hashing

Elements of security include confidentiality, integrity, and availability. Which technique provides for integrity?

FISMA

Enacted in 2002, this U.S. law requires every Federal agency to implement information security programs, including significant reporting on compliance and accreditation. Which of the following is the best choice for this definition?

Ports

Enumeration does not uncover which of the following pieces of information?

Passwords Usernames

Enumeration is useful to system hacking because it provides __________.

Usernames

Enumeration is useful to system hacking because it provides which of the following?

The server was compromised by an attacker.

Examining a database server during routine maintenance you discover an hour of time missing from the log file, during what would otherwise be normal operating hours. Further investigation reveals no user complaints on accessibility. Which of the following is the most likely explanation?

Analyze a firewall.

Firewalking is done to accomplish which of the following?

Distribution and number of personnel

Footprinting can determine all of the following except __________?

Active and passive

Footprinting has two phases. What are they?

8

For a fence to deter a determined intruder, it should be at least how many feet tall?

EAL

Four terms make up the Common Criteria process. Which of the following contains seven levels used to rate the target?

False rejection rate

Frequency of type 2 errors is also known as what?

SaaS

Google Docs and Salesforce CRM are two examples of which cloud computing model?

Hacktivists

Groups and individuals who hack systems based on principle or personal beliefs are known as ___________.

Hacktivists

Groups and individuals who may hack a web server or web application based on principle or personal beliefs are known as __________.

80

HTTP is typically open on which port in a firewall?

443

HTTPS is typically open on which port in a cloud based firewall?

Tripwire is a file-integrity-checking application that notifies you when a system file has been altered, potentially indicating malware.

How does Tripwire (and programs like it) help against Trojan attacks?

By exhausting memory by caching the fragments

How does a fragmentation attack, which takes a packet, breaks it into fragments, and sends only some of the fragments to the target, cause a DoS?

By trying all possible combinations of characters

How is a brute-force attack performed?

With no knowledge

How is black-box testing performed?

nc -l -p 192.168.1.1

How would you use Netcat to set up a server on a system?

Layer 1

Hubs operate at what layer of the OSI model?

Habits

Human beings tend to follow set patterns and behaviors known as __________.

Anti-replay

IPSec is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers. IPSec provides encryption and authentication services while creating VPN services through an IP network. Why does IPSec read packet sequence numbers?

AH/ESP

IPsec uses which two modes?

Layer 2

If a device is using node MAC addresses to funnel traffic, what layer of the OSI model is this device working in?

NTLMv2

If a domain controller is not present, what can be used instead?

Competitive analysis

If you can't gain enough information directly from a target, what is another option?

White hat

If you have been contracted to perform an attack against a target system, you are what type of hacker?

Separation of duties

Implementing cloud computing provides many benefits. Which of the following is the best choice of a security principle applicable to implementing cloud security?

Level 3

In IPsec, encryption and other processes happen at which layer of the OSI model?

Authentication services

In IPsec, what does Authentication Header (AH) provide?

Data security

In IPsec, what does Encapsulating Security Payload (ESP) provide?

Internet Relay Chat (IRC)

In a DDoS attack, what communications channel is commonly used to orchestrate the attack?

Hierarchical

In addition to relational databases, there is also what kind of database?

As a duplicate of a real system

In practice a honeypot will be configured how?

Keep an attacker's origin hidden

In social engineering a proxy is used to __________.

Cloud consumer

In the NIST Cloud Computing Reference Architecture, which component acquires and uses cloud products and services?

Cloud broker

In the NIST Cloud Computing Reference Architecture, which component acts to manage use, performance, and delivery of cloud services, as well as the relationships between providers and subscribers?

Cloud carrier

In the NIST Cloud Computing Reference Architecture, which of the following has the responsibility of transmitting the data?

To provide better protection

In the field of IT security, the concept of defense in depth is layering more than one control on another. Why would this be helpful in the defense of a system of session-hijacking?

To provide better protection

In the field of IT security, the concept of defense in depth is the layering of more than one control on another. Why is this?

You want to filter Internet traffic for internal systems.

In what situation would you employ a proxy server? (Choose the best answer.)

Executive summary A list of findings from the test The names of all the participants

In which of the following would you find in a final report from a full penetration test? (Choose all that apply.)

Pre-attack

In which phase of a penetration test is scanning performed?

Maintaining access

In which phase of the attack would a hacker set up and configure "zombie" machines?

Scanning and enumeration

In which phase of the ethical hacking methodology would a hacker be expected to discover available targets on a network?

Scanning and enumeration

In which stage of an ethical hack would the attacker actively apply tools and techniques to gather more in-depth information on the targets?

Bad input SQL injection

Input validation is used to prevent which of the following?

/sbin

It is important to understand the directory structure for the Linux operating system. This information will provide some insight as to where important files are stored. Which directory in the Linux file system would most likely contain executable files that run at root-level?

Acquiring root access on a device

Jailbreaking a phone refers to what?

Phishing

Janet receives an email enticing her to click a link. But when she clicks this link she is taken to a website for her bank, asking her to reset her account info. However, Janet noticed that the bank is not hers and the website is not for her bank. What type of attack is this?

Implement ingress filtering.

Jason is the local network administrator who has been tasked with securing the network from possible DoS attacks. Within the last few weeks, some traffic logs appear to have internal clients making requests from outside the internal LAN. Based on the traffic Jason has been seeing, what action should he take?

Identity theft

Jason notices that he is receiving mail, phone calls, and other requests for information. He has also noticed some problems with his credit checks such as bad debts and loans he did not participate in. What type of attack did Jason become a victim of?

Identity theft

Jason receives notices that he has unauthorized charges on his credit card account. What type of attack is Jason a victim of?

Passive

Jennifer has been working with sniffing and session-hijacking tools on her company network. Since she wants to stay white hat—that is, ethical—she has gotten permission to undertake these activities. What would Jennifer's activities be categorized as?

DroidSheep

Jennifer has captured the following URL: www.snaz22enu.com/&w25/session=22525. She realizes that she can perform a session hijack. Which utility would she use?

ARP poisoning

Jennifer is a junior system administrator for a small firm of 50 employees. For the last week a few users have been complaining of losing connectivity intermittently with no suspect behavior on their part such as large downloads or intensive processes. Jennifer runs Wireshark on Monday morning to investigate. She sees a large amount of ARP broadcasts being sent at a fairly constant rate. What is Jennifer most likely seeing?

SSH

Jennifer is a system administrator who is researching a technology that will secure network traffic from potential sniffing by unauthorized machines. Jennifer is not concerned with the future impact on legitimate troubleshooting. What technology can Jennifer implement?

SandroProxy

Jennifer is concerned about her scans being tracked back to her tablet. What could she use to hide the source of the scans?

tcpdump -r capture.log

Jennifer is using tcpdump to capture traffic on her network. She would like to review a capture log gathered previously. What command can Jennifer use?

tcpdump -w capture.log

Jennifer is using tcpdump to capture traffic on her network. She would like to save the capture for later review. What command can Jennifer use?

Phishing

Jennifer receives an email claiming that her bank account information has been lost and that she needs to click a link to update the bank's database. However, she doesn't recognize the bank, because it is not one she does business with. What type of attack is she being presented with?

Known plain text

Joe and Bob are both ethical hackers and have gained access to a folder. Joe has several encrypted files from the folder, and Bob has found one of them unencrypted. Which of the following is the best attack vector for them to follow?

Suicide hacker

Joe is a security engineer for a firm. His company downsizes, and Joe discovers he will be laid off within a short amount of time. Joe plants viruses and sets about destroying data and settings throughout the network, with no regard to being caught. Which type of hacker is Joe considered to be?

internal, black box

Joe is part of a penetration test team and is starting a test. The client has provided him a system on one of their subnets but did not provide any authentication information, network diagrams, or other notable data concerning the systems. Which type of test is Joe performing?

Blind hijacking

Julie has sniffed an ample amount of traffic between the targeted victim and an authenticated resource. She has been able to correctly guess the packet sequence numbers and inject packets, but she is unable to receive any of the responses. What does this scenario define?

Query a database

LDAP is used to perform which function?

physical

Lighting, locks, fences, and guards are all examples of __________ measures within physical security.

A pick and a tension wrench

Lock-pick sets typically contain which of the following at a minimum?

A reverse ARP request maps to two hosts.

MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?

The ARP cache of Machine B would need to be poisoned, changing the entry for the default gateway to 00-01-02-AA-BB-CC.

Machine A (with MAC address 00-01-02-AA-BB-CC) and Machine B (00-01-02-BB-CC-DD) are on the same subnet. Machine C, with address 00-01-02-CC-DD-EE, is on a different subnet. While the attacker is sniffing on the fully switched network, Machine B sends a message to Machine C. If an attacker on Machine A wanted to receive a copy of this message, which of the following circumstances would be necessary?

Capture information about wireless networks.

Monitor mode is used by wireless cards to do what?

Three

Multihomed firewall has a minimum of how many network connections?

Security

NTLM provides what benefit versus LM?

Test firewalls. Craft packets.

NetCut is used to do what? (Choose two.)

Stealing session IDs

Network-level hijacking focuses on the mechanics of a connection such as the manipulation of packet sequencing. What is the main focus of web app session hijacking?

Collision domain

On a switch, each switchport represents a ____________.

LM

On newer Windows systems, what hashing mechanism is disabled?

Risk mitigation

Once a risk analysis has been completed, the organization must decide how to handle the risk. Total and residual risk may be handled in one of four ways. Which response is a company taking if it uses strong access controls to protect its trade secrets? Choose the best option(s) from those listed below.

Passive OS fingerprinting

One of your team members is analyzing TTL fields and TCP window sizes in order to fingerprint the OS of a target. Which of the following is most likely being attempted?

Implement MDM.

Operations promotes the use of mobile devices in the enterprise. Security disagrees, noting multiple risks involved in adding mobile devices to the network. Which of the following provides some protections against the risks security is concerned about?

They are mitigating the risk.

Organization leadership is concerned about social engineering and hires a company to provide training for all employees. How is the organization handling the risk associated with social engineering?

Deadman doors

Organizations should have proper physical controls in place to safeguard against physical access exposures. One such exposure is the entry point to the information processing facility. Which physical controls would provide the best protection against piggybacking? Choose the best option(s) from those listed below.

Footprinting

Penetration testing entails scanning, footprinting, enumerating, and fingerprinting. Each of these activities focuses on obtaining different information that can be used to attack a target. What is considered to be a passive activity that hackers employ to gather as much information about a target network as possible, including locating the IP address range in use?

Spam filtering Education

Phishing can be mitigated through the use of __________.

Ensure e-mail is from a trusted, legitimate e-mail address source. Verify spelling and grammar is correct. Verify all links before clicking them.

Phishing e-mail attacks have caused severe harm to a company. The security office decides to provide training to all users in phishing prevention. Which of the following are true statements regarding identification of phishing attempts? (Choose all that apply.)

Email

Phishing takes place using __________.

Computer based

Phishing, pop-ups, and IRC channel use are all examples of which type of social engineering attack?

Tailgating

Physical security can prevent which of the following?

53 TCP

Port number __________ is used by DNS for zone transfers.

25

Port number __________ is used for SMTP

Operating system exploits

Proper input validation can prevent what from occurring?

RC4 uses block encryption.

RC4 is a simple, fast encryption cipher. Which of the following is not true regarding RC4?

RC4

RSA is a widely used Internet encryption and authentication system that is considered one of the de-facto encryption standards. It provides encryption by using modular arithmetic and elementary number theories to perform computations using two large prime numbers. Which encryption algorithm used by RSA uses a variable key-size stream cipher to accomplish this?

Wipe all data off a device. Remove sensitive information such as contacts from a remote system.

Remote wipes do what? (Choose two.)

Send email messages

SMTP is used to perform which function?

Monitor network devices

SNMP is used to do which of the following?

Trap messages

SNMP is used to perform which function in relation to hardware?

SMNP

SNScan is used to access information for which protocol?

XML

SOAP is used to package and exchange information for web services. What does SOAP use to format this information?

Enable communication between applications

SOAP is used to perform what function?

Databases

SQL injection attacks are aimed at which of the following?

Securing transmitted data

SSL is a mechanism for which of the following?

Software hosting

SaaS is a cloud hosting environment that offers what?

Assessment

Sally is a member of a pen test team newly hired to test a bank's security. She begins searching for IP addresses the bank may own by searching public records on the Internet. She also looks up news articles and job postings to discover information that may be valuable. What phase of the pen test is Sally working?

Web applications

Session fixation is a vulnerability in which of the following?

IPsec

Session hijacking can be performed on all of the following protocols except which one?

Authentication

Session hijacking can be thwarted with which of the following?

Psiphon

Session hijacking can be thwarted with which of the following?

Place a cookie on a server

Session hijacking can do all of the following except which one?

SSL

Several cryptography techniques are available to help protect information that is being sent across an unsecure network, such as the Internet. Many of the techniques available provide different security functions, and therefore, they are best suited for certain aspects of protecting information. Which cryptography technique is designed to provide a means of transmitting individual messages securely across the Internet?

Biometrics Smartcards

Several methods can be used to guess user passwords, such as dictionary, hybrid, and brute-force attacks. Therefore, it is important to put measures in place to prevent password guessing attacks from allowing an attacker to access user accounts. This helps prevent attackers from compromising user accounts and accessing sensitive data. What technical access control methods can be added to defend against password guessing?

Graham-Denning model

Several security models have been created over the years to address the different security needs of organizations. While there are some similarities within the models, each of them focuses on different aspects of protecting resources. Which security model focuses on controlling how a subject can access and manipulate objects, such as how they can create and delete an object?

Technical Administrative Physical

Social engineering can be thwarted using what kinds of controls?

Phishing

Social engineering can be used to carry out email campaigns known as __________.

Viruses

Social engineering can use all the following except __________.

Manipulate human behavior

Social engineering is designed to __________.

Technology People Human nature Physical

Social engineering preys on many weaknesses, including __________.

14

Subnetting is used to logically divide an IP network range into multiple smaller networks. It is important to know how many hosts are contained within subnets when creating a network map. How many hosts can be contained in the 192.168.0.0/28 subnet?

Shared key cryptography

Symmetric cryptography is also known as __________.

Number of keys

Symmetric key systems have key distribution problems due to __________.

SOA

The Domain Name Service (DNS) is used to resolve domain names to IP addresses. An attacker can gather DNS information to determine key information about network hosts. For example, this information can be used to identify the location and type of servers in use. Which DNS resource record type can be used by a hacker to identify the primary name server for the DNS zone?

A medical record containing a patient's Social Security Number. A birth date, requested verbally from a patient, to confirm the individual's identity. Medical record numbers used in place of patient names on treatment histories

The Health Insurance Portability and Accountability Act (HIPAA) impose strict standards related to the privacy of individually identifiable health information. Specifically, these standards are contained in the HIPAA Privacy Rule. Under the HIPAA Privacy Rule, which examples of information would be considered protected health information (PHI)? Choose the best option(s) from those listed below.

View archived versions of websites

The Wayback Machine is used to do which of the following?

Archived versions of websites

The Wayback Machine would be useful in viewing what type of information relating to a web application?

The attacker has copied the source code to his machine and altered hidden fields to modify the purchase price of the items.

The accounting department of a business notices several orders that seem to have been made erroneously. In researching the concern, you discover it appears the prices of items on several web orders do not match the listed prices on the public site. You verify the web server and the ordering database do not seem to have been compromised. Additionally, no alerts have displayed in the Snort logs concerning a possible attack on the web application. Which of the following might explain the attack in play?

Tcpdump

The command-line equivalent of WinDump is known as what?

OCTAVE

The first step in performing a risk assessment is to identify vulnerabilities. Several methods have been developed to be used as the basis for assessing an organization's security posture. Which information security risk assessment methodology is made up of a suite of tools and focuses on the principle of self-direction? Choose the best option(s) from those listed below.

Keys are automatically destroyed when subject to forcible disclosure Key integrity can be protected by the integrity of the storage mechanism

The keys in a public key infrastructure (PKI) need to be protected to maintain the authenticity of data. The keys can be modified, corrupted, or given away to unauthorized people. For this reason, PKI has to address various security issues related to confidentiality, integrity, authentication, and nonrepudiation. In which ways can storage mechanisms safeguard key integrity?

LIFO

The stack operates on _______ a basis.

Locating wireless networks

The wardriving process involves which of the following?

Three

There are how many different types of cloud hosting environments?

To contain the incident and repair the damage as quickly as possible

There are many types of threats that face a computer network and a variety of different ways to deal with each threat. One method of handling threats is to implement and define an incident handling process. What is the primary goal of the incident handling process? Choose the best option(s) from those listed below.

Nmap

There are several tools available that can be used to help test network security. Scanning the network to identify unnecessary open ports is essential to ensure hackers are not able to use them to their advantage. Which tool can be used for port scanning?

Vulnerability assessment Security audit

There are various types of tests that you can use to assess an information system's security. Which tests are least likely to disrupt business operations?

139

Tiffany is analyzing a capture from a client's network. She is particularly interested in NetBIOS traffic. What port does Tiffany filter for?

Phishing Tailgating/piggybacking

Training and education of end users can be used to prevent __________.

Cross-certification

Two different organizations have their own public key infrastructure up and running. When the two companies merged, security personnel wanted both PKIs to validate certificates from each other. What must the CAs for both companies establish to accomplish this?

The ethical hacker always obtains written permission before testing.

Two hackers attempt to crack a company's network resource security. One is considered an ethical hacker, whereas the other is not. What distinguishes the ethical hacker from the "cracker"?

Validate an email address

VRFY is used to do which of the following?

Retina

Vulnerabilities are weaknesses in operating systems, and applications running on them, that make them susceptible to attacks. As such, locating vulnerabilities on devices attached to the network is a very important part of securing the network environment. Which tool can be used to scan the hosts on a network for vulnerabilities?

Passively uncovering vulnerabilities

Vulnerability research deals with which of the following?

Wired networks

WEP is designed to offer security comparable to which of the following?

Make others aware of a wireless network.

Warchalking is used to do which of the following?

Provide dynamic content

Web applications are used to __________.

Rapid replication

What are worms typically known for?

Success of an attack Failure of an attack Structure of a database

What can an error message tell an attacker?

IP address

What can be used instead of a URL to evade some firewalls used to protect a cloud based web application?

IP address

What can be used instead of a URL to evade some firewalls?

netstat -an

What command is used to listen to open ports with netstat?

hping3

What command-line utility can you use to craft custom packets with specific flags set?

Cain & Abel

What common tool can be used for launching an ARP poisoning attack?

Passwords Encryption Remote wipe

What could a company do to protect itself from a loss of data when a phone is stolen? (Choose all that apply.)

Logs

What could be used to monitor application errors and violations on a web server or application?

Hub

What device will neither limit the flow of traffic nor have an impact on the effectiveness of sniffing?

Target of evaluation

What does TOE stand for?

Integrity

What does hashing preserve in relation to data?

Provides root-level access to a user on a system

What does rooting a device do?

Ports

What does the enumeration phase not discover?

SYN/ACK

What flag or flags are sent in the segment during the second step of the TCP three-way handshake?

Network SSID MAC address of the AP

What information is required in order to attempt to crack a WEP AP? (Choose two.)

Check financial filings

What is EDGAR used to do?

To hide the process of scanning

What is Tor used for?

A key entered into each client

What is a PSK?

Ad hoc

What is a client-to-client wireless connection called?

A backdoor

What is a covert channel?

A false ceiling

What is a drop ceiling?

An access point not managed by a company

What is a rogue access point?

LOIC

What is a single-button DDoS tool suspected to be used by groups such as Anonymous?

Bastion host

What is a system used as a chokepoint for traffic?

Cipher lock

What is a type of combination lock?

A way to reveal vulnerabilities

What is a vulnerability scan designed to provide to those executing it?

Identify a user

What is an SID used to do?

Targa

What is an eight-in-one DoS tool that can launch such attacks as land and teardrop?

Mantraps

What is another word for portals?

Difficult to install

What is not a benefit of hardware keyloggers?

Protection of data on lost or stolen devices

What is the benefit of encryption on mobile devices?

Training

What is the best option for thwarting social-engineering attacks?

telnet <website name> 80

What is the command to retrieve header information from a web server using Telnet?

Fences

What is the first defense that a physical intruder typically encounters?

protocol.field operator value

What is the generic syntax of a Wireshark filter?

0x90

What is the hexadecimal value of a NOP instruction in an Intel system?

TCP vs. UDP

What is the key difference between a smurf and a fraggle attack?

Number of attackers

What is the main difference between DoS and DDoS?

Slow performance

What is the most common sign of a DoS attack?

Heap

What is the name for the dynamic memory space that, unlike the stack, doesn't rely on sequential ordering or organization?

Cookie

What is used to store session information?

The predefined scope and agreement made with the system owner.

What marks the major difference between a hacker and an ethical hacker (pen test team member)?

Encryption

What may be helpful in protecting the content on a web server from being viewed by unauthorized personnel?

Encryption

What mechanism is intended to deter theft of hard drives?

Promiscuous mode

What mode must be configured to allow an NIC to capture all traffic on the wire?

False negative

What occurs when an IDS does not properly identify a malicious packet entering the network?

Install from unknown sources.

What option would you use to install software that's not from the Google Play store?

UDP

What protocol is used to carry out a fraggle attack?

ACK

What response is missing in a SYN flood attack?

Bastion host

What system is used as a choke point for traffic and could be offered through IaaS?

ARP poisoning

What technique funnels all traffic back to a single client, allowing sniffing from all connected hosts?

SaaS

What type of cloud service would provide email hosting and associated security services?

Distributed

What type of database has its information spread across many disparate systems?

Relational

What type of database uses multiple tables linked together in complex relationships?

Stateful inspection

What type of firewall analyzes the status of traffic and would be part of a IaaS solution?

Stateful inspection

What type of firewall analyzes the status of traffic?

Psiphon

What utility could be used to avoid sniffing of traffic?

Auditpol

What utility may be used to stop auditing or logging of events?

Lowered

When a device is rooted, what is the effect on security?

Infrastructure

When a wireless client is attached to an access point, it is known as which of the following?

Hactivism

When an attack by a hacker is politically motivated, the hacker is said to be participating in which of the following?

Keywords

When talking to a victim, using __________ can make an attack easier.

C:\Windows\System32\Config\

Where is the SAM file stored on a Windows 7 system?

A

Which DNS record type maps an IP address to a hostname and is used most often for DNS lookups?

Land

Which DoS attack sends traffic to the target with a spoofed IP of the target itself?

allintitle:SQL version

Which Google hack would display all pages that have the words SQL and Version in their titles?

Type 11

Which ICMP message type/code indicates the packet could not arrive at the recipient due to exceeding its time to live?

ip.addr == 192.168.1.1

Which Wireshark filter displays only traffic from 192.168.1.1?

MitM

Which attack alters data in transit within the cloud?

Session hijacking

Which attack can be used to take over a previous session?

Single quote

Which character is the best choice to start a SQL injection attempt?

PaaS

Which cloud computing model is geared toward software development?

xp_cmdshell

Which command can be used to access the command prompt in SQL Server?

nbtstat

Which command can be used to view NetBIOS information?

WHERE SELECT from

Which command is used to query data in SQL Server?

drop table

Which command is used to remove a table from a database?

tshark

Which command launches a CLI version of Wireshark?

nc 192.168.10.27 80

Which command would retrieve banner information from a website at port 80?

tcp contains facebook

Which display filter for Wireshark shows all packets containing the word facebook?

DES

Which encryption standard is used by LM?

WPS support

Which feature makes WPA easy to defeat?

RST

Which flag forces a termination of communications in both directions?

whois

Which footprinting tool or technique can be used to find the names and addresses of employees or technical points of contact?

gets() strcpy() scanf() strcat()

Which function(s) are considered dangerous because they don't check memory bounds? (Choose all that apply.)

SHA-1

Which hash algorithm produces a 160-bit output value?

Bollards

Which intrusion prevention system can be used in conjunction with fences?

A virus is malware. A virus replicates with user interaction.

Which is/are a characteristic of a virus?

Null

Which kind of values is injected into a connection to the host machine in an effort to increment the sequence number in a predictable fashion?

Means of dress or appearance

Which mechanism can be used to influence a targeted individual?

Switch

Which network device can block sniffing to a single network collision domain, create VLANs, and make use of SPAN ports and port mirroring?

TOE

Which of the following Common Criteria processes refers to the system or product being tested?

Volumetric attacks

Which of the following DoS categories consume all available bandwidth for the system or service?

ip.addr == 172.17.15.0/24 ip.src == 172.17.15.0/24 or ip.dst == 172.17.15.0/24

Which of the following Wireshark filters would display all traffic sent from, or destined to, systems on the 172.17.15.0/24 subnet? (Choose all that apply.)

ARP poisoning MAC flooding

Which of the following are appropriate active sniffing techniques against a switched network? (Choose all that apply.)

POODLE

Which of the following attacks acts as a man-in-the-middle, exploiting fallback mechanisms in TLS clients?

Session hijacking

Which of the following attacks an already-authenticated connection?

The attack uses a dictionary list, substituting letters, numbers, and characters in the words until the password is cracked.

Which of the following best defines a hybrid attack?

Security tokens

Which of the following best defines a logical or technical control?

Steganography is used to hide information within existing files.

Which of the following best defines steganography?

The attacker sends thousands upon thousands of SYN packets to the machine with a false source IP address.

Which of the following best describes a DRDoS?

Security team members defending a network

Which of the following best describes a blue team?

It is used to gather information about potential network attackers.

Which of the following best describes a honeypot?

Security team members attacking a network

Which of the following best describes a red team?

The attacker sends several overlapping, extremely large IP fragments.

Which of the following best describes a teardrop attack?

Code designed to be run on the server

Which of the following best describes a web application?

A SOAP message is intercepted, data in the envelope is changed, and then the data is sent/replayed.

Which of the following best describes a wrapping attack?

Active sniffing is usually required when switches are in place. Active sniffing is easier to detect than passive sniffing.

Which of the following best describes active sniffing? (Choose all that apply.)

BIA

Which of the following best describes an effort to identify systems that are critical for continuation of operation for the organization?

It has few heavy security restrictions.

Which of the following best describes an intranet zone?

A reliable and consistent point of contact for all incident response services for associates of the Department of Homeland Security

Which of the following best describes the role that the U.S. Computer Security Incident Response Team (CSIRT) provides?

An API that allows different components to communicate

Which of the following best represents SOA?

Encryption

Which of the following can be used to evade an IDS?

Port scanning

Which of the following can be used to identify a firewall?

Drive encryption

Which of the following can be used to protect data stored in the cloud?

Hypervisor-level rootkit

Which of the following can migrate the machine's actual operating system into a virtual machine?

Input validation

Which of the following can prevent bad input from being presented to an application through a form?

Protection against scanning

Which of the following challenges can be solved by firewalls?

Session riding

Which of the following cloud computing attacks can be best described as a CSRF attack?

nmap -sn 172.17.24.0/24 nmap -PI 172.17.24.0/24

Which of the following commands would you use to quickly identify live targets on a subnet? (Choose all that apply.)

A visual alerting method An audio alerting method

Which of the following could be considered required components of an alarm system?

Blue team

Which of the following describes security personnel who act in defense of the network during attack simulations?

Overt channel

Which of the following doesn't define a method of transmitting data that violates a security policy?

SYN flood Peer to peer

Which of the following don't use ICMP in the attack? (Choose two.)

Easily hidden

Which of the following is a characteristic of USB flash drives that makes security a problem?

Alarms

Which of the following is a detective control when not used in real time?

Audit trail

Which of the following is a detective control?

Wi-Fi jammer

Which of the following is a device used to perform a DoS on a wireless network?

Mantraps

Which of the following is a good defense against tailgating and piggybacking?

Checking DNS replies for network mapping purposes Collecting information through publicly accessible sources

Which of the following is a passive footprinting method? (Choose all that apply.)

Use unpredictable sequence numbers Implement ICMP throughout the environment.

Which of the following is a recommendation to protect against session hijacking? (Choose two.)

CGI

Which of the following is a scripting language?

PGP

Which of the following is a software application used to asymmetrically encrypt and digitally sign e-mail?

Block

Which of the following is a symmetric encryption method that transforms a fixed-length amount of plain text into an encrypted version of the same length?

Configuring the web server to send random challenge tokens is the best mitigation for CSRF attacks.

Which of the following is a true statement?

TRK

Which of the following is a utility used to reset passwords?

False wall

Which of the following is a wall that is less than full height?

Secure HttpOnly Domain

Which of the following is an attribute used to secure a cookie?

PHP

Which of the following is an example of a server-side scripting language?

Row

Which of the following is another name for a record in a database?

Incident management

Which of the following is best defined as a set of processes used to identify, analyze, prioritize, and resolve security incidents?

Netcat

Which of the following is capable of port redirection?

Mandatory access control

Which of the following is defined as ensuring the enforcement of organizational security policy does not rely on voluntary user compliance by assigning sensitivity labels on information and comparing this to the level of security a user is operating at?

Site survey

Which of the following is designed to locate wireless access points?

TCPTROJAN

Which of the following is not a Trojan?

Positive pressure

Which of the following is not a method used to control or mitigate against static electricity in a computer room?

Back up the hard drive.

Which of the following is not a recommended step in recovering from a malware infection?

Anonymous login

Which of the following is not a source of session IDs?

Blooover

Which of the following is the best choice for performing a bluebugging attack?

nc -L 56 -t -e cmd.exe

Which of the following is the proper syntax on Windows systems for spawning a command shell on port 56 using Netcat?

N-tier allows each tier to be configured and modified independently.

Which of the following is true regarding n-tier architecture?

Directory traversal

Which of the following is used to access content outside the root of a website?

Digital certificate

Which of the following is used to distribute a public key within the PKI system, verifying the user's identity to the recipient?

ACL

Which of the following is used to set permissions on content in a website?

A worm is malware. A worm replicates on its own.

Which of the following is/are true of a worm?

Reduced costs Improved performance Increased redundancy

Which of the following issues would be a good reason for moving to a cloud based environment?

Untethered

Which of the following jailbreaking techniques will leave the phone in a jailbroken state even after a reboot?

802.11a

Which of the following operates at 5 GHz?

WPA2, WPA, WEP, Open

Which of the following options shows the protocols in order from strongest to weakest?

IP DHCP Snooping

Which of the following prevents ARP poisoning?

Worm

Which of the following propagates without human interaction?

MIC

Which of the following protects against man-in-the-middle attacks in WPA?

CCMP

Which of the following provides for integrity in WPA2?

Technical details and procedures

Which of the following should not be included in a security policy?

802.11i

Which of the following specifies security standards for wireless?

Symmetric algorithms are faster, are good for bulk encryption, but have scalability problems.

Which of the following statements is true regarding encryption algorithms?

Port scanning is used to identify potential vulnerabilities on a target system.

Which of the following statements is true regarding port scanning?

When accepting the communications request, the recipient responds with an acknowledgement and a randomly generated sequence number in the second step.

Which of the following statements is true regarding the TCP three-way handshake?

Automatic

Which of the following tests is generally faster and costs less but is susceptible to more false reporting and contract violation?

Signature file

Which of the following uses a database of known attacks?

PCI DSS

Which of the following was created to protect credit card data at rest and in transit in an effort to reduce fraud?

SOX

Which of the following was created to protect shareholders and the general public from corporate accounting errors and fraudulent practices, and to improve the accuracy of corporate disclosures?

Circuit-level firewall

Which of the following works at Layer 5 of the OSI model?

Core Impact CANVAS

Which of the following would be a good choice for an automated penetration test? (Choose all that apply.)

Sniffing subnet traffic to intercept a password

Which of the following would be considered a passive online password attack?

Email

Which of the following would be hosted as SaaS?

Netcraft

Which of the following would be the best choice for footprinting restricted URLs and OS information from a target?

A guard posted outside the door

Which of the following would be the best example of a deterrent control?

Configure input validation on your systems.

Which of the following would be the best protection against XSS attacks?

vrfy chell

Which of the following would confirm a user named chell in SMTP?

EIP

Which pointer in a program stack gets shifted or overwritten during a successful overflow attack?

514

Which port number is used by default for syslog?

443

Which port uses SSL to secure web traffic?

161 and 162

Which ports does SNMP use to function?

Security audit

Which security assessment is designed to check policies and procedures within an organization?

Session hijacking is an attack that aims at stealing a legitimate session and posing as that user while communicating with the web resource or host machine.

Which statement defines session hijacking most accurately?

WHERE

Which statement is used to limit data in SQL Server?

Trojans are malware. Malware covers all malicious software.

Which statement(s) defines malware most accurately?

RC

Which symmetric algorithm uses variable block sizes (from 32 to 128 bits)?

Kerberos

Which system should be used instead of LM or NTLM?

NAT

Which technology allows the use of a single public address to support many internal clients while also preventing exposure of internal IP addresses to the outside world?

IPsec

Which technology can provide protection against session hijacking?

A disgruntled employee

Which threat presents the highest risk to a target network or resource?

Netcraft

Which tool can be used to view web server information?

Tracert

Which tool can trace the path of a packet?

Mesh

Which topology has built-in redundancy because of its many client connections?

White box

Which type of attack is generally conducted as an inside attacker with elevated privileges on the resources?

Fingerprint

Which type of biometric system is frequently found on laptops but can be used on entryways as well?

Vulnerability assessment

Which type of security assessment notifies the customer of vulnerabilities but does not actively or intentionally exploit them?

TCPView

Which utility will tell you in real time which ports are listening or in another state?

Sparse infector

Which virus type is only executed when a specific condition is met?

WPA

Which wireless encryption technology makes use of temporal keys?

WEP

Which wireless technology uses RC4 for encryption?

MX

While footprinting a network, you successfully perform a zone transfer. Which DNS record in the zone transfer indicates the company's e-mail server?

Liability

While guards and dogs are both good for physical security, which of the following is a concern with dogs?

No, the hash reveals a seven-character-or-less password has been used.

While pen-testing a client, you discover that LM hashing, with no salting, is still engaged for backward compatibility on most systems. One stolen password hash reads 9FAF6B755DC38E12AAD3B435B51404EE. Is this user following good password procedures?

Operating system

While performing a pen test, you find success in exploiting a machine. Your attack vector took advantage of a common mistake—the Windows 7 installer script used to load the machine left the administrative account with a default password. Which attack did you successfully execute?

The client

Who has legal responsibility for data hosted in the cloud?

To reduce costs

Why wouldn't someone create a private cloud?

Hub

Wireless access points function as a ____________.

Promiscuous mode

Wireshark requires a network card to be able to enter which mode to sniff all network traffic?

Bob's private key

Within a PKI system, Joe encrypts a message for Bob and sends it. Bob receives the message and decrypts the message using what?

Registration authority

Within a PKI, which of the following verifies the applicant?

Web browsers

XSS is typically targeted toward which of the following?

Performing a qualitative risk analysis

You are conducting risk assessment in your organization because there have been incidents of information loss. You are currently estimating the dollar value associated with implementing security controls to protect the organization's information assets. What best describes what you are doing? Choose the best option(s) from those listed below.

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:″Attempted FTP″)

You are configuring rules for your Snort installation and want to have an alert message of "Attempted FTP" on any FTP packet coming from an outside address intended for one of your internal hosts. Which of the following rules are correct for this situation?

An attacker could sniff an existing MAC address and spoof it.

You are discussing wireless security with your client. He tells you he feels safe with his network as he has implemented MAC filtering on all access points, allowing only MAC addresses from clients he personally configures in each list. You explain this step will not prevent a determined attacker from connecting to his network. Which of the following explains why the APs are still vulnerable?

Unauthorized users will still be able to connect because the SSID is still sent in all packets, and a sniffer can easily discern the string.

You are discussing wireless security with your client. He tells you he feels safe with his network because he has turned off SSID broadcasting. Which of the following is a true statement regarding his attempt at security?

Due care

You are drawing up a security policy document for your company and have included a section on identifying and assessing security risks to client information. Which section of the security policy is used to identify and assign security risks to client information? Choose the best option(s) from those listed below.

52.93.31.255

You are examining a host with an IP address of 52.93.24.42/20 and want to determine the broadcast address for the subnet. Which of the following is the correct broadcast address for the subnet?

The response indicates an open port.

You are port scanning a system and begin sending TCP packets with the ACK flag set. Examining the return packets, you see a return packet for one port has the RST flag set and the TTL is less than 64. Which of the following is true?

Full disk encryption

You are reviewing security plans and policies, and you wish to provide protection to organization laptops. Which effort listed protects system folders, files, and MBR until valid credentials are provided at pre-boot?

CNAME

You have an FTP service and an HTTP site on a single server. Which DNS record allows you to alias both services to the same record (IP address)?

Mantrap

You need to ensure that only authorized individuals are able to gain access to a restricted section of your facility. You need to implement an automated system that makes sure that every person is individually identified and authorized before they are permitted to enter. Which authentication method would best suit your needs?

Telnet 168.15.22.4 80 nc -v -n 168.15.22.4 80

You want to perform banner grabbing against a machine (168.15.22.4) you suspect as being a web server. Assuming you have the correct tools installed, which of the following command-line entries will successfully perform a banner grab? (Choose all that apply.)

SuperOneClick

You wish to gain administrative privileges over your Android device. Which of the following tools is the best option for rooting the device?

Closed

You're running an IDLE scan and send the first packet to the target machine. Next, the SYN/ACK packet is sent to the zombie. The IPID on the return packet from the zombie is 36754. If the starting IPID was 36753, in what state is the port on the target machine?

Gray box

You've been hired as part of a pen test team. During the brief, you learn the client wants the pen test attack to simulate a normal user who finds ways to elevate privileges and create attacks. Which test type does the client want?

Fragmenting

You've decided to begin scanning against a target organization but want to keep your efforts as quiet as possible. Which IDS evasion technique splits the TCP header among multiple packets?

The attacker is sending messages over an SSL tunnel.

Your client tells you they know beyond a doubt an attacker is sending messages back and forth from their network, yet the IDS doesn't appear to be alerting on the traffic. Which of the following is most likely true?

Information Security Policy

Your company has a document that spells out exactly what employees are allowed to do on their computer systems. It also defines what is prohibited and what consequences await those who break the rules. A copy of this document is signed by all employees prior to their network access. Which of the following best describes this policy?

0.20

Your network contains certain servers that typically fail once every five years. The total cost of one of these servers is $1000. Server technicians are paid $40 per hour, and a typical replacement requires two hours. Ten employees, earning an average of $20 per hour, rely on these servers, and even one of them going down puts the whole group in a wait state until it's brought back up. Which of the following represents the ARO for a server?

Tailgating

Your organization installs mantraps in the entranceway. Which of the following attacks is it attempting to protect against?

BIA

Your organization is planning for the future and is identifying the systems and processes critical for their continued operation. Which of the following best describes this effort?

Reverse proxy

Zombies Inc. is looking for ways to better protect their web servers from potential DoS attacks. Their web admin proposes the use of a network appliance that receives all incoming web requests and forwards them to the web server. He says it will prevent direct customer contact with the server and reduce the risk of DoS attacks. What appliance is he proposing?

SQL injection

__________ can be used to attack databases.

Banner grab

__________ can be used to identify a web server.

Zone transfer

__________ involves grabbing a copy of a zone file.

JavaScript

__________ is a client-side scripting language.

LM

__________ is a hash used to store passwords in older Windows systems.

EXPN

__________ is a method for expanding an email list.

System hacking

__________ is the process of exploiting services on a system.

SQLPing

__________ is used to audit databases.

SYSKEY

__________ is used to partially encrypt the SAM.

NTP

__________ is used to synchronize clocks on a network.

OS X

iOS is based on which operating system?

Port scan

nmap is required to perform what type of scan?

Telnet

A scan of a network client shows that port 23 is open; what protocol is this aligned with?

TCP

An SYN attack uses which protocol?

Public key

Asymmetric encryption is also referred to as which of the following?

During transmission

At what point can SSL be used to protect data?

Alerts

What can be configured in most search engines to monitor and alert you of changes to content?

Proxy

What device acts as an intermediary between an internal client and a web resource?

A description of expected behavior

What is a code of ethics?

A ping sweep

What is an ICMP echo scan?

ACK

What is missing from a half-open scan?

SYN, SYN-ACK, ACK

What is the proper sequence of the TCP three-way-handshake?

To keep a scan hidden

What is the purpose of a proxy?

Gain information from a human being through face-to-face or electronic means

What is the purpose of social engineering?

To gain information from human beings

What is the role of social engineering?

SYN, SYN-ACK, ACK

What is the sequence of the three-way handshake?

The opening sequence of a TCP connection

What is the three-way handshake?

Collision domain

What kind of domain resides on a single switchport?

Low

What level of knowledge about hacking does a script kiddie have?

IPS

What network appliance senses irregularities and plays an active role in stopping that irregular activity from continuing?

Scanning

What phase comes after footprinting?

49152 to 65535

What port range is an obscure third-party application most likely to use?

A lack of fear of being caught

What separates a suicide hacker from other attackers?

Get permission

What should a pentester do prior to initiating a new penetration test?

All nodes attached to the same port

When scanning a network via a hardline connection to a wired-switch NIC in promiscuous mode, what would be the extent of network traffic you would expect to see?

Windows

Which OS holds 90 percent of the desktop market and is one of our largest attack surfaces?

A way to automate the discovery of vulnerabilities

Which best describes a vulnerability scan?

Packet

Which category of firewall filters is based on packet header data only?

Ring

Which network topology uses a token-based access methodology?

A way of encrypting data in a reversible method

Which of the following best describes PGP?

A weakness

Which of the following best describes a vulnerability?

Investigation of a target

Which of the following best describes footprinting?

Nonreversible

Which of the following best describes hashing?

Hacks for political reasons

Which of the following best describes what a hacktivist does?

Hacks without stealth

Which of the following best describes what a suicide hacker does?

Job boards

Which of the following can an attacker use to determine the technology and structure within an organization?

Street views

Which of the following can be used to assess physical security?

Operators

Which of the following can be used to tweak or fine-tune search results?

Social engineering

Which of the following can help you determine business processes of your target through human interaction?

Suicide hacker

Which of the following describes a hacker who attacks without regard for being caught or punished?

Hacktivist

Which of the following describes an attacker who goes after a target to draw attention to a cause?

PKI

Which of the following does IPsec use?

Permission

Which of the following does an ethical hacker require to start evaluating a system?

MD5

Which of the following is a common hashing protocol?

END

Which of the following is not a flag on a packet?

Port scanning

Which of the following is not typically used during footprinting?

Telnet

Which of the following is used for banner grabbing?

Netcraft

Which of the following is used for identifying a web server OS?

nmap

Which of the following is used to perform customized network scans?

Certificate authority

Which of the following manages digital certificates?

NULL

Which of the following types of attack has no flags set?

Social networking

Which of the following would be a very effective source of information as it relates to social engineering?

White hat

Which of the following would most likely engage in the pursuit of vulnerability research?

TCP

Which of these protocols is a connection-oriented protocol?

MX

Which record will reveal information about a mail server for a domain?

PKI

Which system does SSL use to function?

Gray hat

Which type of hacker may use their skills for both benign and malicious goals at different times?

Netscape

Who first developed SSL?

To fine-tune search results

Why use Google hacking?

To enhance anonymity

Why would you need to use a proxy to perform scanning?

Two keys

A public and private key system differs from symmetric because it uses which of the following?

PKI system

A public key is stored on the local computer by its owner in a __________.

Hacktivists

The group Anonymous is an example of what?

SMTP

You have selected the option in your IDS to notify you via email if it senses any network irregularities. Checking the logs, you notice a few incidents but you didn't receive any alerts. What protocol needs to be configured on the IDS?


Set pelajaran terkait

Honors Anatomy & Physiology - Chapter 2

View Set

Missouri Statutes, Rules, and Regulations Pertinent to Life Only / Health Only

View Set

Intro to IT Fundamentals FC0-U61

View Set

Biology - Chapter 24 - Sustainability

View Set