CEH

Ace your homework & exams now with Quizwiz!

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintext's based on the information from the previous encryptions? A. Chosen-plaintext attack B. Ciphertext-only attack C. Adaptive chosen-plaintext attack D. Known-plaintext attack

A. Chosen-plaintext attack

Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting? A. Internal, blackbox B. External, blackbox C. Internal, whitebox D. External, whitebox

A. Internal, blackbox

Which component of IPSec performs protocol-level functions that are required to encrypt and decrypt the packets? A. Internet Key Exchange (IKE) B. Oakley C. IPSec Policy Agent D. IPSec driver

A. Internet Key Exchange (IKE)

Which of the following statements is true? A. Sniffers operate on Layer 2 of the OSI model B. Sniffers operate on Layer 3 of the OSI model C. Sniffers operate on both Layer 2 and Layer 3 of the OSI model D. Sniffers operate on the Layer 1 of the OSI model

A. Sniffers operate on Layer 2 of the OSI model

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select? A. Snort B. Nmap C. Cain & Abel D. Nessus

A. Snort

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run? A. Stealth/Tunneling virus B. Macro virus C. Cavity virus D. Polymorphic virus

A. Stealth/Tunneling virus

Which of the following is considered as one of the most reliable forms of TCP scanning? A. TCP Connect/Full Open Scan B. Half-open Scan C. NULL Scan D. Xmas Scan

A. TCP Connect/Full Open Scan

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS? A. Produces less false positives B. Can identify unknown attacks C. Requires vendor updates for a new threat D. Cannot deal with encrypted network traffic

B. Can identify unknown attacks

A virus that attempts to install itself inside the file it's infecting is called? A. Tunneling virus B. Cavity virus C. Polymorphic virus D. Stealth virus

B. Cavity virus

As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic? A. Request smtp 25 B. tcp port eq 25 C. smtp port D. tcp.contains port 25

B. tcp port eq 25

You are a penetration tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use? A. ACK flag scanning B. TCP Scanning C. IP Fragment Scanning D. Inverse TCP flag scanning

C. IP Fragment Scanning

Which of the following programs is usually targeted at Microsoft Office products? A. Polymorphic virus B. Multipart virus C. Macro virus D. Stealth virus

C. Macro virus

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis? A. Metas polir B. Cain & Abel C. Maltego D. Wireshark

C. Maltego

You perform a scan of your company's network and discover that TCP port 123 is open. What services by default run on TCP port 123? A. Telnet B. POP3 C. Network Time Protocol D. DNS

C. Network Time Protocol

Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments? A. Honeypots B. Firewalls C. Network-based intrusion detection system (NIDS) D. Host-based intrusion detection system (HIDS)

C. Network-based intrusion detection system

Bob, your senior colleague, has sent you an email regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bob denies that he had ever sent an email. What do you want to know to prove to yourself that it was Bob who sent the email? A. Confidentiality B. Integrity C. Non-Repudiation D. Authentication

C. Non-Repudiation

A regional bank hires your company to perform a security assessment on their network after recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank? A. Place a front-end web server in a demilitarized zone that only handles external web traffic B. Require all employees to change their anti-virus program with a new one C. Move the financial data to another server on the same IP subnet D. Issue new certificates to the web servers from the root certificate authority

A. Place a front-end web server in a demilitarized zone that only handles external web traffic

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization? A. Preparation phase B. Containment phase C. Identification phase D. Recovery phase

A. Preparation phase

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this? A. Privilege Escalation B. Shoulder-surfing C. Hacking Active Directory D. Port Scanning

A. Privilege Escalation

An intrusion detection system (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a web server in the networks external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive? A. Protocol Analyzer B. Network sniffer C. Intrusion Prevention System (IPS) D. Vulnerability scanner

A. Protocol analyzer

You are doing an internal security audit and intend to find out what ports are open on all the servers. What is the best way to find out? A. Scan servers with Nmap B. Scan servers with MBSA C. Telnet to every port on each server D. Physically go to each server

A. Scan servers with Nmap

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems? A. Single sign-on B. Windows authentication C. Role Based Access Control (RBAC) D. Discretionary Access Control (DAC)

A. Single sign-on

Which of the following tools can be used for passive OS fingerprinting? A. tcpdump B. nmap C. ping D. tracert

A. tcpdump

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek? A. tcptrace B. Nessus C. OpenVAS D. tcptraceroute

A. tcptrace

Which is the first step followed by Vulnerability Scanners for scanning a network? A. TCP/UDP Port scanning B. Firewall detection C. OS Detection D. Checking if the remote host is alive

D. Checking if the remote host is alive

Identify the UDP port that Network Time Protocol (NTP) uses its primary means of communication? A. 123 B. 161 C. 69 D. 113

A. 123

Which of the following Linux commands will resolve a domain name into IP address? A. >host-t a hackeddomain.com B. >host-t ns hackedeomain.com C. >host -t soa hackeddomain.com D. >host -t AXFR hackeddomain.com

A. >host-t a hackeddomain.com

What is correct about digital signatures? A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party B. Digital signatures may be used in different documents of the same type C. A digital signature cannot be moved because it is the plain hash of the document content D. Digital signatures are issued once for each user and can be used everywhere until they expire

A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party

Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication, which option below offers that? A. A fingerprint scanner and his username and password B. His username and a stronger password C. A new username and password D. Disable his username and just use a fingerprint scanner

A. A fingerprint scanner and his username and password

What is the least important information when you analyze a public address in a security alert? A. ARP B. Whois C. DNS D. Geolocation

A. ARP

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implementing the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit? A. Accept the risk B. Introduce more controls to bring the risk to 0% C. Mitigate the risk D. Avoid the risk

A. Accept the risk

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing? A. At least once a year and after any significant upgrade or modification B. At least once every three years or after any significant upgrade or modification C. At least twice a year or after any significant upgrade or modification D. At least once every two years and after any significant upgrade or modification

A. At least once a year and after any significant upgrade or modification

A hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of the computer to launch further attacks. What process would help him? A. Banner Grabbing B. IDLE/PID Scanning C. SSDP Scanning D. UDP Scanning

A. Banner Grabbing

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that the IP's owned by XYZ (Internal) and private IP's are communicating to a single Public IP. Therefore, the Internal ISO's are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict? A. Botnet Attack B. Spear Phishing Attack C. Advanced Persistent Threats D. Rootkit Attack

A. Botnet Attack

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server? A. Botnet Trojan B. Turtle Trojan C. Banking Trojan D. Ransomware Trojan

A. Botnet Trojan

When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners. What proxy tool will help you find web vulnerabilities? A. Burpsuite B. Maskgen C. Dimitri D. Proxychains

A. Burpsuite

How can rainbow tables be defeated? A. Password salting B. Use of non-dictionary words C. All uppercase character passwords D. Lockout accounts under brute force password cracking attempts

A. Password salting

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database. <iframe src="http://www.vulnweb.com/updateif.php" style="display:none"></iframe> What is this type of attack (that can use either HTTP GET or HTTP POST) called? A. Cross-Site Request Forgery B. SQL Injection C. Browser Hijacking D. Cross-Site Scripting

A. Cross-Site Request Forgery

What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server? A. Cross-site request forgery B. Cross-site scripting C. Session hijacking D. Server side request forgery

A. Cross-site request forgery

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of Web application vulnerability likely exists in their software? A. Cross-site scripting vulnerability B. Web site defacement vulnerability C. SQL injection vulnerability D. Cross-site Request Forgery vulnerability

A. Cross-site scripting vulnerability

_________ is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks. A. DNSSEC B. Resource records C. Resource transfer D. Zone transfer

A. DNSSEC

If an attacker uses the command SELECT*FROM user WHERE name = 'x' AND user if IS NULL; -'; which type of SQL injection attack is the attacker performing? A. End of Line Comment B. UNION SQL Injection C. Illegal/Logical Incorrect Query D. Tautology

A. End of Line Comment

______ is an attack type for a rogue WiFi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent website and luring people there. Fill in the blank with appropriate choice A. Evil Twin Attack B. Sinkhole attack C. Collision Attack D. Signal Jamming Attack

A. Evil Twin Attack

Assume a business critical website of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the website developers decided to add some third-party marketing tools on it. The tools are written in JavaScript and can track the customers activity on the site. These tools are located on the servers of the marketing company. What is the main security risk associated with this scenario? A. External script contents could be maliciously modified without the security team knowledge B. External scripts have direct access to the company servers and can steal the data from there C. There is no risk at all as the marketing services are trustworthy D. External scripts increase the outbound company due to traffic which leads to greater financial losses

A. External script contents could be maliciously modified without the security team knowledge

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "NC." the FTP servers access logs show that the anonymous user account logged into the server, uploaded the files, and extracted the contents of the tar ball and ran the script using a function provided by the FTP server software. The "PS" command shows a "nc" file is running as process, and the netstat command shows the "NC" process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible? A. File system permissions B. Privilege escalation C. Directory traversal D. Brute force login

A. File system permissions

Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her? A. Full Disk encryption B. BIOS Password C. Hidden folders D. Password protected files

A. Full Disk encryption

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next? A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer B. He will activate OSPF on the spoofed root bridge C. He will repeat this action so that it escalates to a DoS attack D. He will repeat the same attack against all L2 switches of the network

A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? A. Hping B. Traceroute C. TCP ping D. Broadcast ping

A. Hping

You have successfully compromised a machine on the network and found a server that is alive on the same network. You try to ping it but you didn't get any response back. What is happening? A. ICMP could be disabled on the target server B. The ARP is disabled on the target server C. TCP/IP doesn't support ICMP D. You need to run the ping command with root privileges

A. ICMP could be disabled on the target server

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection? A. IPSec B. SFTP C. FTPS D. SSL

A. IPSec

To reach a bank website, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement? A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit B. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit C. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit D. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

Code injection is a form of attack in which a malicious user: A. Inserts text into a data field that gets interpreted as code B. Gets the server to execute arbitrary code using a buffer overflow C. Inserts additional code into the JavaScript running in the browser D. Gains access to the codebase on the server and inserts new code

A. Inserts text into a data field that gets interpreted as code

Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends many IP packets, based on the average number of packets sent by all origins in using some threshold. In concept, the solution developed by Bob is actually: A. Just a network monitoring tool B. A signature-based IDS C. A hybrid IDS D. A behavior-based IDS

A. Just a network monitoring tool

Which of the following tools is used to detect wireless LANs using the 802.11 a/b/g/n WLAN standards on a Linux platform? A. Kismet B. Netstumbler C. Nessus D. Abel

A. Kismet

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup? A. Network elements must be hardened with user IDs and strong passwords. Regular security tests and audits B. As long as the physical access to the network elements is restricted, there is no need for additional measures C. There is no need for specific security measures on the network elements as long as the firewalls and IPS systems exist D. The operator knows that attacks and down time are inevitable and should have a backup site

A. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits

The collection of potentially actionable, overt, and publicly available information is known as A. Open-source intelligence B. Human intelligence C. Social intelligence D. Real intelligence

A. Open-source intelligence

The company ABC recently contract a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can we useful to ensure the integrity of the data? A. The CFO can use a hash algorithm in the document once he approved the financial statements B. The CFO can use an Excel file with a password C. The financial statements can be sent twice, one by email and the other delivered and USB any accountant can compare both to be sure it is the same document D. The document can be sent to the accountant using an exclusive USB for that document

A. The CFO can use a hash algorithm in the document once he approved the financial statements

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows the wireless access point (WAP) is not responding to the association request being sent by the wireless client. What is a possible source of this problem? A. The WAP doesn't recognize the clients MAC address B. The client cannot see the SSID of the wireless network C. Client is configured for the wrong channel D. The wireless client is not configured to use DHCP

A. The WAP doesn't recognize the clients MAC address

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause? A. The network devices are not all synchronized B. Proper chain of custody was not observed while collecting the logs C. The attacker altered or erased events from the logs D. The security breach was a false positive

A. The network devices are not all synchronized

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a scanned port is open, what happens? A. The port will ignore the packets B. The port will send an RST C. The port will send an ACK D. The port will send a SYN

A. The port will ignore the packets

Bob received this text message on his mobile phone: "hello, this is Scott smellby from the yahoo bank. Kindly contact me for a vital transaction on: [email protected]". Which statement below is true? A. This is a scam as everybody can get a yahoo address, not the customer service employees B. This is a scam because Bob does not know Scott C. Bob should probably write to [email protected] to verify the identity of Scott. D. This is probably a legitimate message as it comes from a respectable organization

A. This is a scam as everyone can get a @yahoo address, not the a yahoo customer service employees

You are a network admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem? A. Traffic is blocked on UDP port 53 B. Traffic is blocked on TCP port 80 C. Traffic is blocked on TCP port 54 D. Traffic is blocked on UDP port 80

A. Traffic is blocked on UDP port 53

When tuning security alerts, what is the best approach? A. Tune to avoid False positives and False Negatives B. Rise False positives Rise False negatives C. Decrease the false positives D. Decrease the false negatives

A. Tune to avoid False positives and False negatives

In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the pass key in a matter of seconds. The security flaw that we network invasion of T.J. Maxx in David that through a technique known as war driving. Which algorithm is this referring to? A. WEP B. WiFi Protected Access (WPA) C. Wi-Fi Protected Access 2 (WPA2) D. Temporal Key Integrity Protocol

A. WEP

You want to analyze packets on your wireless network. Which program would you use? A. Wireshark with Aircap B. Air snort with Aircap C. Wireshark with Wincap D. Ethereal with Wincap

A. Wireshark with Aircap

Internet Security (IPSec) is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except: A. Work the Data Link Layer B. Protect the payload and the headers C. Encrypt D. Authenticate

A. Work at the Data Link Layer

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax? A. hping2 -1 host.domain.com B. hping2-I host.domain.com C. hping2 —set-ICMP host.domain.com D. hping2 host.domain.com

A. hping2 -1 host.domain.com

When you are getting information about a web server, it is very important to know the HTTP methods (get, host, head, put, delete, trace) that are available because there are two critical methods (put and delete). Put can upload a file to the server and delete can delete the file from the server. You can detect all these methods (get, post, head, delete, put, trace) using NMAP script engine. What NMAP script will help you with this task? A. http-methods B. http enum C. http-headers D. http-git

A. http-methods

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems? A. msfencode B. msfpayload C. msfcli D. msfd

A. msfencode

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the amount of a benign user Ned. Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability? A. "GET/restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com" B. "GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com" C. "GET/restricted/bank.getaccount('Ned') HTTP/1.1 Host: westbank.com" D. "GET/restricted/\r\n\%00Ned%00access HTTP/1.1 Host: westbank.com"

B. "GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com"

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan? A. -T0 B. -T5 C. -O D. -A

B. -T5

Why is penetration test considered to be more thorough than vulnerability scan? A. Vulnerability scans only do host discovery and port scanning by default B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation C. It is not- a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases

B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the internet. What is the recommended architecture in terms of server placement? A. All three servers need to be placed internally B. A web server facing the Internet, an application server on the internal network, a database server on the internal network C. A web server and the database facing the Internet, an application server on the internal network D. All three servers need to face the Internet so that they can communicate between themselves

B. A web server facing the Internet, an application server on the internal network, a database server on the internal network

What type of OS footprint if technique sends specifically crafted packets to the remote OS and analyzes the received response? A. Passive B. Active C. Reflective D. Distributive

B. Active

A large company intensities blackberry for corporate mobile phones and the security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defense and gain access to the prometric online testing -Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str...corporate network. What tool should the analyst use to perform a Blackjacking attack? A. Paros Proxy B. BBProxy C. Bloover D. BBCrack

B. BBProxy

A security engineer at A medium sized accounting firm has been tasked with discovering how much information can be obtained from the firms public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed? A. Cross-site scripting B. Banner grabbing C. SQL Injection D. Who is database query

B. Banner grabbing

Which type of security feature stops vehicles from crashing through doors of buildings? A. Turnstiles B. Bollards C. Mantrap D. Receptionist

B. Bollards

Which method of password cracking takes the most time and effort? A. Shoulder surfing B. Brute force C. Dictionary attack D. Rainbow tables

B. Brute force

Chandler works as a pen tester in an IT from New York. As a part of detecting viruses in the systems, he uses the detection method where the antivirus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method to chandler use in this context? A. HeuristicAnalysis B. Code Emulation C. Integrity checking D. Scanning

B. Code Emulation

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users. A. SQL injection attack B. Cross-Site Scripting (XSS) C. LDAP Injection attack D. Cross-Site Request Forgery (CSRF)

B. Cross-Site Scripting

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or Powershell (.ps1) script? A. User Access Control (UAC) B. Data Execution Prevention (DEP) C. Address Space Layout Randomization (ASLR) D. Windows firewall

B. Data Execution Prevention (DEP)

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature? A. Perform a vulnerability scan of the system. B. Determine the impact of enabling the audit feature. C. Perform a cost/benefit analysis of the audit feature. D. Allocate funds for staffing of audit log review.

B. Determine the impact of enabling the audit feature

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks? A. Spanning tree B. Dynamic ARP Inspection (DAÍ) C. Port Security D. Layer 2 Attack Prevention Protocol (LAPP)

B. Dynamic ARP Inspection (DAÍ)

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room? A. Set a BIOS password B. Encrypt the data on the hard drive C. Use a strong logon password to the operating system D. Back up everything on the laptop and store the backup in a safe place

B. Encrypt the data on the hard drive

An attacker, using your rogue wireless AP, performed an MITM attack and inject an HTML code to embed a malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code? A. Wireshark B. Ettercap C. Aircrack-ng D. Tcpdump

B. Ettercap

Sam is working as a pen tester in an organization in Houston. He performs penetration testing on IDS in order to find the different ways an attacker uses to evade the IDS. Sam sends a large amount of packets to the target IDS the journey generates alerts, which enable Sam to hide the real traffic. What type of method is Sam using to evade IDS? A. Denial-of-Service B. False Positive Generation C. Insertion Attack D. Obfuscating

B. False Positive Generation

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall? A. Session hijacking B. Firewalking C. Man-in-the-middle attack D. Network sniffing

B. Firewalking

Which of the following act requires employer's standard national numbers to identify them on standard transactions? A. SOX B.HIPAA C. DMCA D. PCI-DSS

B. HIPAA

What two conditions must a digital signature meet? A. Has to be legible and neat. B. Has to be unforgeable, and has to be authentic C. Must be unique and have special characters D. Has to be the same number of characters as a physical signature and must be unique

B. Has to be unforgeable, and has to be authentic

Which protocol is used for setting up secure channels between two devices, typically in VPNs? A. PPP B. IPSEC C. PEM D. SET

B. IPSEC

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks? A. Both pharming and phishing attacks are identical B. In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack and attacker provides the victim with a URL that is either misspelled or looks similar to the actual website domain name C. In a phishing attack a victim is redirected to a fake website by modifying their host configurations file or by exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual website domain name. D. Both pharming and phishing attacks are purely technical and are not considered forms of social engineering

B. In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack and attacker provides the victim with a URL that is either misspelled or looks similar to the actual website domain name

An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job? A. Use fences in the entrance doors B. Install a CCTV with cameras pointing to the entrance doors and streets C. Use an IDS in the entrance doors and install some of them near the corners D. Use lights in all the entrance doors and along the company perimeter

B. Install a CCTV with cameras pointing to the entrance doors and the street

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze? A. Event logs on the PC B. Internet firewall/Proxy logs C. IDS log D. Event logs on domain controller

B. Internet Firewall/Proxy logs

How does the Address Resolution Protocol (ARP) work? A. It sends a request packet to all the network elements, asking for the domain name from a specific IP. B. It sends a request packet to all the network elements, asking for the MAC address from a specific IP. C. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP. D. It sends a reply packet for a specific IP, asking for the MAC address.

B. It sends a request packet to all the network elements, asking for the MAC address from a specific IP

Which of the following is the best countermeasure to encrypting ransomwares? A. Use multiple antivirus softwares B. Keep some generation of off-line backup C. Analyze the ransom ware to get decryption key of encrypted data D. Pay a ransom

B. Keep some generation of off-line backup

In risk management, how is the term "likelihood" related to the concept of "threat"? A. Likelihood is the likely source of a threat that could exploit a vulnerability B. Likelihood is the probability that a threat-source will exploit a vulnerability C. Likelihood is a possible threat-source that may exploit a vulnerability D. Likelihood is the probability that a vulnerability is a threat-source

B. Likelihood is the probability that a threat-source will exploit a vulnerability

In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes which spammers use to hide the origin of these types of emails? A. A blacklist of companies that have their mail server relays configured to allow traffic only on their specific domain name B. Mail relaying, which is a technique of bouncing email from internal to external mail servers continuously C. A blacklist of companies that have their mail server relays configured to be wide open D. Tools that will reconfigure a mail server's relay component to send the email back to the spammers occasionally

B. Mail relaying, which is a technique of bouncing email from internal to external mail servers continuously

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications, and unpatched security flaws in a computer system? A. Nessus B. Metasploit C. Maltego D. Wireshark

B. Metasploit

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing? A. Identifying operating systems, services, protocols, and devices B. Modifying and replaying captured network traffic C. Collecting unencrypted information about usernames and passwords D. Capturing a network traffic for further analysis

B. Modifying and replaying captured network traffic

Websites and web portals that provide web services commonly use the Simple Object Access Protocol(SOAP). Which of the following is an incorrect definition or characteristics of the protocol? A. Based on XML B. Only compatible with the application protocol HTTP C. Exchanges data between web services D. Provides a structured model for messaging

B. Only compatible with the application protocol HTTP

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described? A. Multicast mode B. Promiscuous mode C. WEM D. Port forwarding

B. Promiscuous mode

Internet service provider (ISP) has a need to authenticate users connecting via analog modems, Digital subscriber lines (DSL), wireless data services, and virtual private networks (VPN) over a Frame Relay network. Which AAA protocol is the most likely able to handle this requirement? A. Diameter B. RADIUS C. TACACS+ D. Kerberos

B. RADIUS

This asymmetry cipher is based on factoring the product of two large prime numbers. What cipher is described above? A. SHA B. RSA C. MD5 D. RC5

B. RSA

What attack is used to crack passwords by using a precomputed table of hashed passwords? A. Brute Force Attack B. Rainbow Table Attack C. Dictionary Attack D. Hybrid Attack

B. Rainbow Table Attack

The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation? A. ACK B. SYN C. RST D. SYN-ACK

B. SYN

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet? A. ICMP Echo scanning B. SYN/FIN scanning using IP fragments C. ACK flag probe scanning D. IPID scanning

B. SYN/FIN scanning using IP fragments

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request? A. Semicolon B. Single quote C. Exclamation mark D. Double quote

B. Single quote

By using a smart card and pin, you are using a two-factor authentication that satisfies A. Something you know and something you are B. Something you have and something you know C. Something you ha e and something you are D. Something you are and something you remember

B. Something you have and something you know

Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms? A. Scalability B. Speed C. Key distribution D. Security

B. Speed

If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used? A. Spoof scan B. TCP SYN C. TCP Connect scan D. Idle scan

B. TCP SYN

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed? A. Reverse Social Engineering B. Tailgating C. Piggybacking D. Announced

B. Tailgating

Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close. What just happened? A. Masquerading B. Tailgating C. Phishing D. Whaling

B. Tailgating

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.10/24. Which of the following has occurred? A. The computer is not using a private IP address B. The gateway is not routing to a public IP address C. The gateway and the computer are not on the same network D. The computer is using an invalid IP address

B. The gateway is not routing to a public IP address

Penetration tester is conducting a port scan on a specific host. The tester found several ports open that were confusing in concluding the operating system version installed. Considering that NMAP results below, which of the following is likely to be installed on the Target machine by the OS? Starting in NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address:00:00:48:0D:EE:8 A. The host is likely a Linux machine B. The host is likely a printer C. The host is likely a router D. The host is likely a Windows machine

B. The host is likely a printer

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you will use? A. nmap -T4 -q 10.10.0.0/24 B. nmap -T4 -F 10.10.0.0/24 C. nmap -T4 -r 10.10.1.0/24 D. nmap -T4 -O 10.10.0.0/24

B. nmap -T4 -F 10.10.0.0/24

What would you enter, if you wanted to perform a stealth scan using Nmap? A. nmap -sU B. nmap -sS C. nmap -sM D. nmap -sT

B. nmap -sS

The "white box testing" methodology enforces what kind of restriction? A. Only the internal operational a system is known to the tester. B. The internal operation of a system is completely known to the tester. C. The internal operation of a system is only partly accessible to the tester. D. Only the external operation of a system is accessible to the tester.

B. The internal operation of a system is completely known to the tester

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it? A. The file reveals the passwords to the root user only B. The password file does not contain the passwords themselves C. He cannot read it because it is encrypted D. He can open it and read the user ids and corresponding passwords

B. The password file does not contain the passwords themselves

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve's approach. After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say: A. Although the approach has two phases, it actually implements just one authentication factor B. The solution implements the two authentication factors: physical object and physical characteristic C. The solution will have a high level of false positives D. Biological motion cannot be used to identify people

B. The solution implements the two authentication factors: physical object and physical characteristic

Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS cache Poisoning. What should Bob recommend to deal with such a threat? A. The use of security agents in clients computers B. The use of DNSSEC C. The use of double-factor authentication D. Client awareness

B. The use of DNSSEC

Why should the security analyst disable/remove unnecessary ISAPI filters? A. To defend against social engineering attacks B. To defend against web server attacks C. To defend against jailbreaking D. To defend against wireless attacks

B. To defend against web server attacks

What is the purpose of a demilitarized zone on a network? A. To scan all traffic coming through the DMZ to the internal network B. To only provide direct access to the nodes within the DMZ and protect the network behind it C. To provide a place to put the honeypot D. To contain the network devices you wish to protect

B. To only provide direct access to the nodes within the DMZ and protect the network behind it

In order to have anonymous Internet surfing, which of the following is the best choice? A. Use SSL sites when entering personal information B. Use Tor network with multi-node C. Use shared WiFi D. Use public VPN

B. Use Tor network with multi-node

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain? A. [cache:] B. [site:] C. [inurl:] D. [link:]

B. [site:]

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line. What command would you use A. c:/gpedit B: c:/compmgmt.msc C. c:\ncpa.cp D: c:\services.msc

B. c:\ compmgmt.mac

Cross-site request forgery involves: A. A request sent by a malicious user from a browser to a server B. Modification of a request by a proxy between client and server C. A browser making a request to a server without the user's knowledge D. A server making a request to another server without the users knowledge

C. A browser making a request to a server without the user's knowledge

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system? A. A biometric system that bases authentication decisions on behavioral attributes B. A biometric system that bases authentication decisions on physical attributes C. An authentication system that creates one-time passwords that are encrypted with secret keys D. An authentication system that uses pass phrases that are converted into virtual passwords

C. An authentication system that creates one-time passwords that are encrypted with secret keys

Based on the below log which of the following sentences are true Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip A. SSH communications are encrypted it's impossible to know who is the client or the server B. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server C. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server D. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the server

C. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server

Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend? A. Command Injection Attacks B. File Injection Attack C. Cross-Site Request Forgery (CSRF) D. Hidden Field Manipulation Attack

C. Cross-Site request Forgery

What is attempting an injection attack on a web server based on responses to True/False questions called? A. DMS-specific SQLi B. Compound SQLi C. Blind SQLi D. Classic SQLi

C. Blind SQLi

Bob, assessment ministry at her at TPNQN SA, including one day that the DMZ is not needed if you properly configured the firewall to allow access just to servers/ports, which can have direct Internet access, and block the access to workstations. Bob also concluded the DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA. In this context, what can you say? A. Bob can't be right since DMZ does not make sense when combined with stateless firewalls B. Bob is partially right. He does not need to separate networks if you can create rules by destination IP's, one by one C. Bob is totally wrong. DMZis always relevant when the company has Internet servers and workstations D. Bob is partially right. DMZ does not make sense when a stateless firewall is available

C. Bob is totally wrong. DMZ is always relevant when the company has Internet servers and workstations

Which service in a PKI will vouch for the identity of an individual or company? A. CBC B. KDC C. CA D. CR

C. CA

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts? A. John the Ripper B. SET C. CHNTPW D. Cain & Abel

C. CHNTPW

If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation? A. Common B. Criminal C. Civil D. International

C. Civil

Security policy is a definition of what it means to be secure for a system, organization, or other entity. For information technologies, there are sub-policies like security policy, information protection policy, information security policy, network security policy, physical security policy, remote access policy, and user account policy. What is the main theme of the sub policies for information technologies? A. Availability, Non-repudiation, confidentiality B. Authenticity, integrity, non-repudiation C. Confidentiality, integrity, availability D. Authenticity, confidentiality, integrity

C. Confidentiality, integrity, availability

It has been reported to you that someone has caused an information spillage on their computer. Can you go to the computer, disconnected from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete? A. Discovery B. Recovery C. Containment D. Eradication

C. Containment

What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities? A. Host-Based Intrusion Detection System B. Security through obscurity C. Defense in depth D. Network-based Intrusion Detection System

C. Defense-in-depth

You have successfully gained access to a Linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by Network-Based Intrusion Detection Systems (NIDS). What is the best way to evade the NIDS? A. Out of band signaling B. Protocol Isolation C. Encryption D. Alternate Data Streams

C. Encryption

In the field of cryptanalysis, what is meant by a "rubber-hose" attack? A. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC B. A backdoor placed into a cryptographic algorithm by its creator C. Extraction of cryptographic secrets through coercion or torture D. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext

C. Extraction of cryptographic secrets through coercion or torture

An attacker is using nmap to do a ping sweep and a port scanning on a subnet of 254 addresses. In which order should he perform these steps? A. The sequence does not matter. Both steps have to be performed against all hosts B. First the port scan to identify interesting services and then the ping sweep to find hosts responding to ICMP echo requests C. First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time D. The port scan alone is adequate. This way he saves time

C. First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time

A hacker is an intelligent with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who works both offensively and defensively at various times? A. White Hat B. Suicide Hacker C. Gray Hat D. Black Hat

C. Gray Hat

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123, and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28 Why he cannot see the servers? A. He needs to change the address to 192.168.1.0 with the same mask B. He needs to add the command "IP address" just before the IP address C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not on that range D. The network must be down and the nmap command and IP address are ok

C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not on that range

Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. A. SSL/TLS Renegotiation Vulnerability B. Shellsgock C. Heartless Bug D. POODLE

C. Heartbleed Bug

The following is part of a log file take. From the machine on the network with the IP address of 192.168.0.110: Time:June 16 17:30:15 Port:20 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:17 Port:21 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:19 Port:22 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:21 Port:23 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP What type of activity has been logged? A. Teardrop attack targeting 192.168.0.110 B. Denial of service attack targeting 192.168.0.105 C. Port scan targeting 192.168.0.110 D. Port scan targeting 192.168.0.105

C. Port scan targeting 192.168.0.110

During the process of encryption and decryption, what keys are shared? A. Private keys B. User passwords C. Public keys D. Public and private keys

C. Public keys

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the Target company. The phishing message will often use the name of the company CEO, president, or managers. The time a hacker spends performing research to locate this information about a company is known as? A. Exploration B. Investigation C. Reconnaissance D. Enumeration

C. Reconnaissance

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Example: allintitle: root passwd A. Maintaining access B. Gaining access C. Reconnaissance D. Scanning and Enumeration

C. Reconnaissance

A security analyst is performing an audit on the network to determine if there is any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed? A. Firewall-management policy B. Acceptable-use policy C. Remote-access policy D. Permissive policy

C. Remote-access policy

What is not a PCI compliance recommendation? A. Use a firewall between the public network and the payment card data B. Use encryption to protect all transmission of card holder data over any public network. C. Rotate employees handling credit card transactions on a yearly basis to different departments. D. Limit access to card holder data to as few individuals as possible

C. Rotate employees handling credit card transactions on a yearly basis to different departments.

Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm? A. SHA-2 B. SHA-3 C. SHA-1 D. SHA-0

C. SHA-1

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes? A. Keyed Hashing B. Key Stretching C. Salting D. Double Hashing

C. Salting

Cryptography is the practice in study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries that are related to various aspects in information security such as data confidentially, did integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic-commerce. Basic concept to understand how cryptography works is given below: SECURE (plain text) +1 (+1 next letter.for example , the letter ""T"" is used for ""S"" to encrypt.) TFDVSF (encrypted text) +=logic=>Algorithm 1=Factor=>Key Which of the following choices are true about cryptography? A. Algorithm is not the secret; key is the secret. B. Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt C. Secure Sockets Layer(SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way D. Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext

C. Secure Sockets Layer (SSL) use the asymmetric encryption both (private/public key pair) to deliver the shares session key and to achieve a communication way

Which of the following is a low-tech way of gaining unauthorized access to systems? A. Scanning B. Sniffing C. Social Engineering D. Enumeration

C. Social Engineering

Which of the following is a command line packet analyzer similar to GUI-based Wireshark? A. Nessus B. Jack the ripper C. Tcpdump D. Ethereal

C. Tcpdump

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what is meant by processing? A. The amount of time and resources that are necessary to maintain a biometric system B. How long it takes to setup individual accounts C. The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information D. The amount of time it takes to convert biometric data into a template on a smart card

C. The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information

Firewall has just completed the second phase (the scanning phase) and a technician received the output shown below. What conclusions can be drawn based on these scan results? TCP port 21 - no response TCP port 22 - no response TCP port 23 - time to live exceeded A. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error B. The lack of response from ports 21 and 22 indicate that those services are not running on the destination C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall D. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host

C. The scan on port 23 passed through the filtering device. This indicates that port 23 is not blocked at the firewall

An attacker scans a host with the below command. Which three flags are set? (Choose three.) #nmap -sX host.domain.com A. This is ACK scan. ACK flag is set B. This is Xmas scan. SYN and ACK flags are set C. This is Xmas scan. URG, PUSH, and FIN are set D. This is SYN scan. SYN flag is set.

C. This is Xmas scan. URG, PUSH, and FIN are set

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when IDS alerted for malware activities in the network. What should Bob do to avoid this problem? A. Disable unused ports in the switches B. Separate students in a different VLAN C. Use the 802.1x protocol D. Ask students to use the wireless network

C. Use the 802.1x protocol

Which of the following is the BEST way to defend against network sniffing? A. Restrict Physical Access to Server Rooms hosting Critical Servers B. Use Static IP Address C. Using encryption protocols to secure network communications D. Register all machines MAC Address in a Centralized Database

C. Using encryption protocols to secure network communications

Which of the following antennas is commonly used in communications for a frequency band of 10MHz to VHF and UHF? A. Omnidirectional antenna B. Dipole antenna C. Yagi antenna D. Parabolic grid antenna

C. Yagi antenna

ping_* 6 192.168.0.101 output pinging 192.168.0.101 with 32 bytes of data: Reply from 192.168.0.101: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.0.101: Packets:Sent=6, Received=6, Lost=0 (0% loss), Approximate round trip times in milli-seconds: Minimum=0ms, Maximum=0ms, Average=0ms What does the option *indicate? A. s B. t C. n D. a

C. n

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS? A. nmap -A -Pn B. nmap -sP -p-65535 -T5 C. nmap -sT -O -T0 D. nmap -A -host-timeout 99 -T1

C. nmap -sT -O -T0

Which of the following will perform an Xmas scan using NMAP? A. nmap -sA 192.168.1.254 B. nmap -sP 192.168.1.254 C. nmap -sX 192.168.1.254 D. nmap -sV 192.168.1.254

C. nmap -sX 192.168.1.254

DNS cache snooping is a process of deterministic the specified resource address is present in the DNS cache records. It may be useful during examination of the network to determine what software update resources are used, thus discovering what software is installed. What command is used to determine if the entry is present in the DNS cache? A. nslookup -fullrecursive update.antivírus.com B. dnsnooping -RT update.antivírus.com C. nslookup -norecursive update.antivírus.com D. dns —snoop update.antivirus.com

C. nslookup -norecursive update.antivírus.com

If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use? A. -sP B. -P C. -r D. -F

D. -F

From the following table, identify the wrong answer in terms of Range (ft). Standard Range 802.11a. 150-150 802.11b 150-150 802.11g 150-150 802.16(WiMAX) 30 miles A. 802.11b B. 802.11g C. 802.16(WiMAX) D. 802.11a

D. 802.11a

This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. Which of the following tools is being described? A. wificracker B. Airguard C. WLAN-crack D. Aircrack-ng

D. Aircrack-ng

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data? A. None of these scenarios compromise the privacy of Alice's data B. Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew's attempt to access the stored data C. Hacker Harry breaks into the cloud server and steals the encrypted data D. Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

D. Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS? A. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail C. Symmetric encryption allows the server to securely transmit the session keys out-of-band D. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography

D. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming? A. Bluesmacking B. Bluesniffing C. Bluesnarfing D. Bluejacking

D. Bluejacking

You are monitoring the network of your organizations. You notice that: 1. There are huge outbound connections from your Internal Network to External IPs 2. On further investigation, you see that the external IPs are blacklisted 3. Some connections are accepted and some are dropped 4. You find that it is a CnC connection Which of the following solution will you suggest? A. Block the Blacklist IP's @ Firewall B. Update the Latest Signatures on your IDS/IPS C. Clean the Malware which are trying to communicate with the external Blacklist IP's D. Both B and C

D. Both B and C

When performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupted service. What is the name of the process by which you can determine those critical business? A. Risk Mitigation B. Emergency Plan Response (EPR) C. Disaster Recovery Paln (DRP) D. Business Impact Analysis (BIA)

D. Business Impact Analysis (BIA)

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built in bounds checking mechanism? Code: #include <string.h> int main(){ chair buffer{8}; strcpy(buffer, ""11111111111111111111""); } Output: Segmentation fault A. C# B. Python C. Java D. C++

D. C++

Scenario: 1. Victim opens the attacker's web site. 2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'. 3. Victim clicks to the interesting and attractive content url. 4. Attacker creates a transparent 'iframe' in front of the url which victim attempt to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content or url that exists in the transparent 'iframe' which is setup by the attacker. What is the name of the attack which is mentioned in the scenario? A. Session Fixation B. HTML Injection C. HTTP Parameter Pollution D. Click jacking Attack

D. Clickjacking Attack

There are several ways to gain insight on how a crypto system works with the goal of reverse engineering the process. A term describes when two pieces of data result in the value is? A. Polymorphism B. Escrow C. Collusion D. Collision

D. Collision

Which of the following steps for risk assessment methodology refers to vulnerability identification? A. Assigns values to risk probabilities; Impact values B. Determines risk probability that vulnerability will be exploited (High, Medium, Low) C. Identifies sources of harm to an IT system (Natural, Human, Environmental) D. Determines if any flaws exist in systems, policies, or procedures

D. Determines if any flaws exist in systems, policies, or procedures

Computer science student needs to fill some information into a secured Adobe PDF job application was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script the polls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting? A. Man-in-the-middle attack B. Session hijacking C. Brute force attack D. Dictionary-attack

D. Dictionary-attack

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN? A. AH promiscuous B. ESP confidential C. AH Tunnel mode D. ESP transport mode

D. ESP transport mode

Which of the following is a low-tech way of gaining unauthorized access to systems? A. Scanning B. Sniffing C. Social Engineering D. Eavesdropping

D. Eavesdropping

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this: From: [email protected] To: [email protected] Subject: Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message. This proves that CompanyXYZ's email gateway doesn't prevent what? A. Email Masquerading B. Email Harvesting C. Email Phishing D. Email Spoofing

D. Email Spoofing

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program. What term is commonly used when referring to this type of testing? A. Randomizing B. Bounding C. Mutating D. Fuzzing

D. Fuzzing

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by imputing massive amounts of random data and observing the changes in the output? A. Function Testing B. Dynamic Testing C. Static Testing D. Fuzzing Testing

D. Fuzzing Testing

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application? A. Black-box B. Announced C. White-box D. Grey-box

D. Grey-box

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application? A. Black-box B. Announced C. White-box D. Grey-box

D. Grey-box

In Wireshark, the packet bytes panes show the data in which format? A. Decimal B. ASC_2 only C. Binary D. Hexadecimal

D. Hexadecimal

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe? A. Do not back up either the credit card numbers or their hashes B. Encrypt backup tapes that are sent off-site C. Back up the hashes of the credit card numbers not the actual credit card numbers D. Hire a security consultant to provide direction

D. Hire a security consultant to provide direction

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", that the user is directed to a phishing site. Which file does the attacker need to modify? A. Boot.ini B. Sudoers C. Networks D. Hosts

D. Hosts

Your company performs penetration tests and security assessments for small and medium size businesses in the local area. During a routine security system, you discover information that suggests your client is involved with human trafficking. What should you do? A. Confront the client in a respectful manner and ask her about the data. B. Copy the data to removable media in case you need it. C. Ignore the data and continue the assessment until completed as agreed. D. Immediately stop work and contact the proper legal authorities

D. Immediately stop work and contact the proper legal authorities

What is the role of test automaton in security testing? A. It is an option but it tends to be very expensive B. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies C. Test automation is not usable in security due to the complexity of the tests D. It can accelerate benchmark tests and repeat them with consistent test setup. But it cannot replace manual testing completely

D. It can accelerate benchmark tests and repeat the with consistent test setup. But it cannot replace manual testing completely

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. What is this type of DNS configuration commonly called? A. DynDNS B. DNS Scheme C. DNSSEC D. Split DNS

D. Split DNS

Which of the following is a passive wireless packet analyzer that works on Linux-based systems? A. OpenVAS B. Burp Suite C. tshark D. Kismet

D. Kismet

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers? A. Application Layer B. Data tier C. Presentation tier D. Logic tier

D. Logic tier

Which of the following program infects the system boot sector and the executable files at the same time? A. Stealth virus B. Polymorphic virus C. Macro virus D. Multipartite vírus

D. Multipartite virus

Which regulation defines security and privacy controls for Federal information systems and organizations? A. HIPAA B. EU Safe Harbor C. PCI-DSS D. NIST-800-53

D. NIST-800-53

John the Ripper is a technical assessment tool used to test the weakness of which of the following? A. Usernames B. File permissions C. Firewall rulesets D. Passwords

D. Passwords

The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106: Time:Mar 13 17:30:15 Port:20 Source: 192.168.1.103 Destination: 192.168.1.106 Protocol: TCP Time: Mar 13 17:30:17 Port:21 Source: 192.168.1.103 Destination: 19.168.1.106 Protocol: TCP Time: Mar 13 17:30:19 Port:23 Source: 192.168.1.103 Destination: 192.168.1.106 Protocol: TCP What type of activity has been logged? A. Port scan targeting 192.168.1.103 B. Teardrop attack targeting 192.168.1.106 C. Denial of service attack targeting 192.168.1.103 D. Port scanning targeting 192.168.1.106

D. Port scanning targeting 192.168.1.106

Which of the following provides a security professional with most information about the system's security posture? A. Wardriving, warchalking, social engineering B. Social engineering, company site browsing, tailgating C. Phishing, spamming, sending Trojans D. Port scanning, banner grabbing, service identification

D. Port scanning, banner grabbing, service identification

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place? A. Application B. Transport C. Session D. Presentation

D. Presentation

PGP, SSL, and IKE are all examples of which type of cryptography? A. Hash Algorithm B. Digest C. Secret Key D. Public Key

D. Public Key

What is the difference between AES and RSA algorithms? A. Both are symmetric algorithms, but AES uses 256-bit keys B. AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data C. Both are asymmetric algorithms, but RSA uses 1024-bit keys D. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data

D. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data

Which of the following security policies defines the use of VPN for gaining access to an internal corporate network? A. Network security policy B. Information protection policy C. Access control policy D. Remote access policy

D. Remote access policy

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed? A. Deferred risk B. Impact risk C. Inherent risk D. Residual risk

D. Residual risk

Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture? A. Chosen-Cipher text Attack B. Cipher text-only Attack C. Timing Attack D. Rubber Hose Attack

D. Rubber Hose Attack

Email is transmitted across the Internet using the simple mail transport protocol. SMTP does not encrypted email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade the connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS? A. OPPORTUNISTICTLS B. UPGRADETLS C. FORCETLS D. STARTTLS

D. STARTTLS

You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation? A. Double quotation B. Backslash C. Semicolon D. Single quotation

D. Single quotation

An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do? A. The employee cannot provide any information; but anyway, he/she will provide the name of the person in charge B. Since the company's policy is all about Customer Service, he/she will provide information C. Disregarding the call, the employee should hang up. D. The employee should not provide any information without previous management authorization

D. The employee should not provide any information without previous management authorization

The security administrator of ABC NEEDS TO PERMIT internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and dentally all other traffic. After he applied his ACL configuration in the router, nobody can access to the ftp, and the permitted hosts cannot access the Internet. According to the next configuration, what is happening in the network? access-list 102 deny tcp any any access list 104 permit udp host 10.0.0.3 any access-list 110 permit tcp host 10.0.0.2 eq www any access-list 108 permit tcp any eq ftp any A. The ACL 104 needs to be first because is UDP B. The ACL 110 needs to be changed to port 80 C. The ACL for FTP must be before the ACL 110 D. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

D. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

You are an ethical hacker who is auditing the ABC company. When you verify the NOC one of the machines has two connections, one wired and the other wireless. When you verify the configuration of this window system you find two static routes. route add 10.0.0.0 mask 255.0.0.0 10.0.0.1 route add 0.0.0.0 mask 255..0.0.0 199.168.0.1 What is the main purpose of those static routes? A. Both static routes indicate that the traffic is external with different gateway B. The first static route indicates that the internal traffic will use an external gateway and the second static route indicates that the traffic will be rerouted C. Both static routes indicate that the traffic is internal with different gateway D. The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to an external gateway

D. The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to an external gateway

What is the most common method to exploit the Bash Bug or shell shock vulnerability? A. Manipulate format strings in text fields B. SSH C. SYN Flood D. Through web servers utilizing CGI (common gateway interface) to send a malformed environment variable to a vulnerable web server

D. Through web servers utilizing CGI common Gateway interface to send a malformed environment variable to vulnerable web server

Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access? A. Bottom Exploit B. iBoot Exploit C. Sandbox Exploit D. Userland Exploit

D. Userland Exploit

Which of these is capable of searching for and locating rogue access points? A. HIDS B. NIDS C. WISS D. WIPS

D. WIPS

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks? A. Data-driven firewall B. Stateful firewall C. Packet firewall D. Web application firewall

D. Web application firewall

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform sessions splicing attacks? A. tcpsplice B. Burp C. Hydra D. Whisker

D. Whisker

Shellshock allowed an unauthorized user gain access to a server. It affected many Internet-facing services, which OS did it not directly affect? A. Linux B. Unix C. OS X D. Windows

D. Windows

You are a network security officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a SYN scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wire shark in the snort machine to check if the messages are going to the Keewee syslog machine. What wire shark filter will show the connections from the snort machine to kiwi syslog machine? A. tcp.srcport==514&& up.src== 192.168.0.99 B. tcp.srcport==514&& ip.src== 192.168.1.150 C. tcp.dstport==514&& ip.dst== 192.168.0.99 D. tcp.dstport==514&& ip.dst== 192.168.0.150

D. tcp.dstport==514&& ip.dst== 192.168.0.150

In cryptoanalysis in computer security, pass the hash is a hacking technique that allows an attacker to authenticate to remote server/service by using the underlying NTLM and/or LanMan hash of a users password, instead of requiring the associated plaintext password as is normally the case. Metasploit framework has a module for this technique: PSEXEC. PSEXEC module is often used by penetration tester's to obtain access to a given system whose credential's are known. It was written by sysinternals and has been integrated within the framework. The penetration testers successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values. Which of the following is true hash type and sort order that is used in the psexec modules's smbpass option? A. LM:NT B. NTLM:LM C. NT:LM D. LM:NTLM

LM:NT

Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. Form a legal standpoint, what would be troublesome to take this kind of measure? A. All of the employees would stop normal work activities. B. IT department would be telling employees who the boss is C. Not informing the employees that they are going to be monitored could be an invasion of privacy D. The network could still experience traffic slow down

Not that informing the employees that they are going to be monitored could be an invasion of privacy


Related study sets

Unit 1 - The Foundations of American Democracy

View Set

Security Fundamentals Exam Study Guide (CIST 1601)

View Set

MHR 422 - Chapter 4 Prototyping + lean startup

View Set

Chapter 23: Statement of Cash Flows

View Set

Unit 4: World History Renaissance and Reformation Q/A

View Set