Ethical Hacker Pro Final

Which of the following best describes a non-disclosure agreement? -A common legal contract outlining confidential material that will be shared during the assessment. -A document that defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. -A contract where parties agree to most of the terms that will govern future actions. -A very detailed document that defines exactly what is going to be included in the penetration test.

-A common legal contract outlining confidential material that will be shared during the assessment.

Which of the following best describes a supply chain? -A company stocks their product at a store. -A company sells their products on Amazon and has Amazon ship the product. -A company stores their product at a distribution center. -A company provides materials to another company to manufacture a product.

-A company provides materials to another company to manufacture a product.

Which of the following best describes a master service agreement? -A contract where parties agree to the terms that will govern future actions. -A very detailed document that defines exactly what is going to be included in the penetration test. -Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. -Used as a last resort if the penetration tester is caught in the scope of their work.

-A contract where parties agree to the terms that will govern future actions.

Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras? -A dome camera -A Pan Tilt Zoom camera -A c-mount camera -A bullet camera

-A dome camera

Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to? -Heather will adhere to Florida's laws, and the client will adhere to Utah's laws. -Both companies will need to adhere to Florida's laws. -A lawyer should be consulted on which laws to adhere to and both parties agree. -Both companies will need to adhere to Utah's laws.

-A lawyer should be consulted on which laws to adhere to and both parties agree.

Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather? -A black hat hacker. -A member of the purple team. -A gray hat hacker. -A member of the red team.

-A member of the purple team.

Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials? -An employee social media policy -An internet policy -A company social media policy -A printed materials policy

-A printed materials policy

Which of the following best describes active scanning? -A scanner is limited to the moment in time that it is running and may not catch vulnerabilities that only occur at other times. -A scanner allows the ethical hacker to scrutinize completed applications when the source code is unknown. -A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws. -A scanner tries to find vulnerabilities without directly interacting with the target network.

-A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.

Which of the following best describes a lock shim? -A small, angled, and pointed tool. -When the pins are scraped quickly. -A cut to the number nine position. -A thin, stiff piece of metal.

-A thin, stiff piece of metal.

The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet? -Logic bomb -APT -Trojan horse -Virus

-APT

The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk _________ -Transference -Mitigation -Acceptance -Avoidance

-Acceptance

Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do? -Not worry about this fact and test the servers. -Add the cloud host to the scope of work. -Tell the client she can't perform the test. -Get a non-disclosure agreement.

-Add the cloud host to the scope of work.

Which of the following best describes the Wassenaar Arrangement? -A law that defines the security standards for any organization that handles cardholder information. -Standards that ensure medical information is kept safe and is only shared with the patient and medical professionals. -A law that defines how federal government data, operations, and assets are handled. -An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software.

-An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software.

Which of the following is the difference between an ethical hacker and a criminal hacker? -An ethical hacker is nice, clean, and polite, but a criminal hacker isn't. -A criminal hacker is all-knowing, but an ethical hacker isn't. -A criminal hacker is easily detected, but an ethical hacker isn't. -An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.

-An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.

John, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated? -A printed materials policy -An internet policy -An employee social media policy -A company social media policy

-An internet policy

Which of the following best describes an inside attacker? -An attacker with lots of resources and money at their disposal. -An unintentional threat actor; the most common threat. -A good guy who tries to help a company see their vulnerabilities. -An agent who uses their technical knowledge to bypass security.

-An unintentional threat actor; the most common threat.

This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done? -Buffer overflows -Application flaws -Open services -Default settings

-Application flaws

During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using? -Transference -Acceptance -Mitigation -Avoidance

-Avoidance

Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action? -Password policy -BYOD policy -Update policy -Corporate policy

-BYOD policy

Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task? -Permission to test -Rules of engagement -Scope of work -Change order

-Change order

ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work? -Employee IDs -Company culture -Password policies -Email policies

-Company culture

Which type of penetration test is required to ensure an organization is following federal laws and regulations? -Goal-based -Compliance-based -White box -Objective-based

-Compliance-based

A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees? -Geographical information, entry control systems, employee routines, and vendor traffic -Operating systems, applications, security policies, and network mapping -Intellectual property, critical business functions, and management hierarchy -Contact names, phone numbers, email addresses, fax numbers, and addresses

-Contact names, phone numbers, email addresses, fax numbers, and addresses

What are the rules and regulations defined and put in place by an organization called? -Master service agreement -Scope of work -Corporate policies -Rules of engagement

-Corporate policies

Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work? -HIPAA -FISMA -DMCA -PCI DSS

-DMCA

Which of the following services is most targeted during the reconnaissance phase of a hacking attack? -DHCP -DoS -TLS -DNS

-DNS

Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack? -DNS cache poisoning -Social networking -Host file modification -Feigning ignorance

-DNS cache poisoning

Which of the following best describes what FISMA does? -Defines the security standards for any organization that handles cardholder information -Defines how federal government data, operations, and assets are handled. -Implements accounting and disclosure requirements that increase transparency. -Defines standards that ensure medical information is kept safe.

-Defines how federal government data, operations, and assets are handled.

Which of the following best describes the rules of engagement document? -Used as a last resort if the penetration tester is caught in the scope of their work. -A contract where parties agree to most of the terms that will govern future actions. -Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. -A very detailed document that defines exactly what is going to be included in the penetration test.

-Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data.

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in? -Exploitation phase -Elicitation phase -Research phase -Development phase

-Development phase

Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool? -Wayback Machine -Google Maps -Echosec -Maltego

-Echosec

Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique? -Impersonation -Interrogation -Elictitation -Preloading

-Elictitation

Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control? -Perimeter barriers -Physical access logs -Physical access controls -Employee and visitor safety

-Employee and visitor safety

Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing? -Black box -Internal -White box -External

-External

Which of the following best describes a goal-based penetration test? -Focuses on the end results. The hacker determines the methods. -The hacker has been given full information about the target. -Ensures the organization follows federal laws and regulations. -Focuses on the overall security of the organization and its data security.

-Focuses on the end results. The hacker determines the methods.

United States Code Title 18, Chapter 47, Section 1029 deals with which of the following? -Fraud and related activity regarding identity theft. -Fraud and related activity involving computers. -Fraud and related activity involving access devices. -Fraud and related activity involving electronic mail.

-Fraud and related activity involving access devices.

Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario? -Gray hat -Script kiddie -White hat -State-sponsored

-Gray hat

Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows? -DMCA -FISMA -HIPAA -PCI DSS

-HIPAA

Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators? -Wireless network assessment -Passive assessment -Host-based assessment -External assessment

-Host-based assessment

You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future? -How to prevent piggybacking and tailgating. -Why employees should never share their ID badge with anyone. -What to do if you encounter a person without a badge. -Why employees should wear their badge at all times.

-How to prevent piggybacking and tailgating.

Which of the following elements is generally considered the weakest link in an organization's security? -Network -Human -Physical -Servers

-Human

During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do? -Sell the records to a competitor. -Make a backup of the records for the client. -Continue digging and look for illegal activity. -Ignore the records and move on.

-Ignore the records and move on.

During a penetration test, Mitch discovers child pornography on a client's computer. Which of the following actions should he take? -Ignore the files and continue with the penetration test. -Immediately stop the test and report the finding to the authorities. -Stop the test, inform the client, and let them handle it. -Delete the files and continue with the penetration test.

-Immediately stop the test and report the finding to the authorities.

Which of the following best describes what SOX does? -Defines standards that ensure medical information is kept safe. -Defines the security standards for any organization that handles cardholder information. -Defines how federal government data, operations, and assets are handled. -Implements accounting and disclosure requirements that increase transparency.

-Implements accounting and disclosure requirements that increase transparency.

Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking? -Permission and documentation -Information gathering techniques -Information types -Maintaining access

-Information gathering techniques

Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take? -Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups. -Limit the sharing of critical information in press releases, annual reports, product catalogs, or marketing materials. -Review company websites to see what type of sensitive information is being shared. -Implement policies that restrict the sharing of sensitive company information on employees' personal social media pages.

-Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups.

You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed? -Black Box -External -Gray Box -Internal

-Internal

An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: *Inspecting physical security *Checking open ports on network devices and router configurations *Scanning for Trojans, spyware, viruses, and malware *Evaluating remote management processes *Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed? -Passive assessment -Internal assessment -External assessment -Active assessment

-Internal assessment

Which of the following best describes a physical barrier used to deter an aggressive intruder? -Double-entry doors -Large flowerpots -Alarmed carrier PDS -Anti-passback system

-Large flowerpots

What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information? -Echosec -Maltego -Wayback Machine -Google Earth

-Maltego

On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company? -Environmental threat -Man-made threat -External threat -Cloud threat

-Man-made threat

While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future? -Cable locks -Anti-passback -Mantraps -Scrubbing

-Mantraps

Which of the following is considered a mission-critical application? -Medical database -Video player -Support log -Customer database

-Medical database

Social engineers are master manipulators. Which of the following are tactics they might use? -Shoulder surfing, eavesdropping, and keylogging -Eavesdropping, ignorance, and threatening -Moral obligation, ignorance, and threatening -Keylogging, shoulder surfing, and moral obligation

-Moral obligation, ignorance, and threatening

The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose? -NIST -CAPEC -JPCERT -NVD

-NIST

Whois, Nslookup, and ARIN are all examples of: -Internet research tools -Network footprinting tools -IoT hacking tools -Google hacking tools

-Network footprinting tools

Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card? -HIPAA -DMCA -PCI DSS -FISMA

-PCI DSS

Which of the following assessment types can monitor and alert on attacks but cannot stop them? -Vulnerability -External -Passive -Host-based

-Passive

During a penetration test, Dylan is caught testing the physical security. Which document should Dylan have on his person to avoid being arrested? -Permission to test -Master service agreement -Rules of engagement -Scope of work

-Permission to test

Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system? -Opportunistic attack -Environmental attack -Physical attack -Man-made attack

-Physical attack

Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called: -Pretexting -Footprinting -Impersonation -Preloading

-Pretexting

Important aspects of physical security include which of the following? -Identifying what was broken into, what is missing, and the extent of the damage. -Preventing interruptions of computer services caused by problems such as fire. -Influencing the target's thoughts, opinions, and emotions before something happens. -Implementing adequate lighting in parking lots and around employee entrances.

-Preventing interruptions of computer services caused by problems such as fire.

What are the three factors to keep in mind with physical security? -Prevention, detection, and recovery -Detection, implementation, and prevention -Implementation, detection, and recovery -Detection, prevention, and implementation

-Prevention, detection, and recovery

During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do? -Ignore the situation and just move on. -Trust her instincts and do what she feels is right. -Reach out to an attorney for legal advice. -Talk with her friend and do what they suggest.

-Reach out to an attorney for legal advice.

When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in? -Gaining access -Scanning -Reconnaissance -Covering tracks

-Reconnaissance

What does an organization do to identify areas of vulnerability within their network and security systems? -External test -Scanning -Internal test -Risk assessment

-Risk assessment

A client asking for small deviations from the scope of work is called: -Rules of engagement -Security exception -Change order -Scope creep

-Scope creep

Which of the following documents details exactly what can be tested during a penetration test? -Master Service Agreement -Non-Disclosure Agreement -Scope of Work -Rules of Engagement

-Scope of Work

Which document explains the details of an objective-based test? -Permission to test -Scope of work -Change order -Rules of engagement

-Scope of work

Which of the following is a deviation from standard operating security protocols? -Security exception -MAC filtering -Whitelisting -Blacklisting

-Security exception

A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in? -Physical control -Security sequence -Security factors -Layered defense

-Security sequence

Which of the following policies would cover what you should do in case of a data breach? -Update frequency policy -Corporate data policy -Password policy -Sensitive data handling policy

-Sensitive data handling policy

Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to? -Eavesdropping -Spam and spim -Shoulder surfing -Keyloggers

-Shoulder surfing

What does the Google Search operator allinurl:keywords do? -Shows results in pages that contain all of the listed keywords. -Displays web sites similar to the one listed. -Displays websites where directory browsing has been enabled. -Shows results in pages that contain the keyword in the title.

-Shows results in pages that contain all of the listed keywords.

You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data? -Delete the data on the discs. -Degauss the discs. -Write junk data on the discs. -Shred the discs.

-Shred the discs.

Any attack involving human interaction of some kind is referred to as: -An opportunistic attack -Attacker manipulation -A white hat hacker -Social engineering

-Social engineering

MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using? -Social networking -Web surfing -Social engineering -Dumpster diving

-Social engineering

A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for? -Steps/Maintainable/Affordable/Results/Tuned -Steps/Measurable/Affordable/Results/Tuned -Specific/Maintainable/Attainable/Relevant/Timely -Specific/Measurable/Attainable/Relevant/Timely

-Specific/Measurable/Attainable/Relevant/Timely

You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this? -Hoax -Spim -Surf -Spam

-Spim

Julie configures two DNS servers, one internal and one external, with authoritative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing? -DNS propagation -Information sharing policy -Split DNS -Proxy server

-Split DNS

Which of the following best describes social engineering? -A stealthy computer network attack in which a person or group gains unauthorized access for an extended period. -The art of deceiving and manipulating others into doing what you want. -The process of analyzing an organization's security and locating security holes. -Sending an email that appears to be from a bank to trick the target into entering their credentials on a malicious website.

-The art of deceiving and manipulating others into doing what you want.

Which of the following is a limitation of relying on regulations? -The industry standards take precedence. -They are regularly updated. -They rely heavily on password policies. -They allow interpretation

-They rely heavily on password policies.

Which statement best describes a suicide hacker? -This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught. -This hacker's main purpose is to protest an event and draw attention to their views and opinions. -This hacker may cross the line of what is ethical, but usually has good intentions and isn't being malicious. -This hacker is motivated by religious or political beliefs and wants to create severe disruption or widespread fear.

-This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.

The process of analyzing an organization's security and determining its security holes is known as: -Ethical hacking -Enumeration -Penetration testing -Threat modeling

-Threat modeling

After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process? -Transference -Avoidance -Mitigation -Tolerance

-Tolerance

You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization? -Move the receptionist's desk into the secured area. -Train the receptionist to keep her iPad in a locked drawer. -Require users to use workstation screensaver passwords. -Replace the biometric locks with smart cards.

-Train the receptionist to keep her iPad in a locked drawer.

You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option? -Use incremental backups and store them in a drawer in your office. -Use incremental backups and store them in a locked fireproof safe. -Use differential backups and store them in a locked room. -Use differential backups and store them on a shelf next to the backup device.

-Use incremental backups and store them in a locked fireproof safe.

In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weeknesses? -External assessment -Vulnerability assessment -Host-based assessment -Passive assessment

-Vulnerability assessment

Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing? -Vulnerability scanning -Vulnerability research -Vulnerability management -Vulnerability assessment

-Vulnerability research

An attack that targets senior executives and high-profile victims is referred to as: -Vishing -Whaling -Scrubbing -Pharming

-Whaling

Which type of threat actor only uses skills and knowledge for defensive purposes? -White hat -Hacktivist -Script kiddie -Gray hat

-White hat

Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this? -Whitelisting -White box -Blacklisting -Black box

-Whitelisting

Which of the following is a consideration when scheduling a penetration test? -Who is aware of the test? -Are there any security exceptions? -Which systems are being tested? -What risks are acceptable?

-Who is aware of the test?

Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful? -beSTORM -Nslookup -Whois -ARIN

-Whois

You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do? -You should not provide any information and forward the call to the help desk. -You should provide the information as part of quality customer service. -You should not provide any information except your manager's name and number. -You should put the caller on hold and then hang up.

-You should not provide any information and forward the call to the help desk.

On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run? -nmap -sC vulners -sV 10.10.10195 -nmap --script nmap-vulners -sV 10.10.10.195 -nmap --script vulners -sV 10.10.10.195 -nmap -sC nmap-vulners -sV 10.10.10.195

-nmap --script nmap-vulners -sV 10.10.10.195

You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use? -nmap -sS xyzcompany.com -nmap -sT xyzcompany.com -nmap -sV xyzcompany.com -nmap -sA xyzcompany.com

-nmap -sS xyzcompany.com

You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep? -nmap -sS 172.125.68. 1-255 -nmap -sn 172.125.68. 1-255 -nmap -sU 172.125.68. 1-255 -nmap -sM 172.125.68. 1-255

-nmap -sn 172.125.68. 1-255

Which of the following best describes a script kiddie? A hacker willing to take more risks because the payoff is a lot higher. A hacker who uses scripts written by much more talented individuals. A hacker who helps companies see the vulnerabilities in their security. A hacker whose main purpose is to draw attention to their political views.

A hacker who uses scripts written by much more talented individuals.

Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe's workstation? -Set a strong password, that require special characters. -Configure the screen saver to require a password. -Apply multifactor authentication on his computer. -Change the default account names and passwords.

Configure the screen saver to require a password.