Ch 2-15 ETHICAH HACKING PRO

Ace your homework & exams now with Quizwiz!

Information gathering techniques

Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking?

Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?

Elictitation

Which of the following best describes a goal-based penetration test? Focuses on the overall security of the organization and its data security Te hacker has been given full information about the target Ensures the organization follows federal laws and regulations Focuses on the end results. The hacker determines the methods

Focuses on the end results. The hacker determines the methods

United States Code Title 18, Chapter 47, Section 1029 deals with which of the following? Fraud and related activity involving electronic mail Fraud and related activity involving computers Fraud and related activity involving access devices Fraud and related activity regarding identity theft

Fraud and related activity involving access devices

Which of the following is the third step in the ethical hacking methodology? Clear your tracks Reconnaissance Scanning and enumeration Gain access

Gain access

Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario? White hat State-sponsored Script kiddie Gray hat

Gray hat

Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows? HIPAA FISMA DMCA PCI DSS

HIPAA

Shred the discs.

You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data?

nmap -sn 172.125.68. 1-255

You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep?

Whois

Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful?

During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do? Sell the records to a competitor Make a backup of the records for the client Continue digging an look for illegal activity Ignore the records and move on

Ignore the records and move on

Split DNS

Julie configures two DNS servers, one internal and one external, with authoritative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing?

Which of the following documents details exactly what can be tested during a penetration test? Master Service Agreement Scope of Work Rules of Engagement Non-Disclosure Agreement

Scope of Work

Which of the following best describes an inside attacker?

An unintentional threat actor; the most common threat.

You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing? White hat Black box Black hat White box

Black box

What are the rules and regulations defined and put in place by an organization called? Scope of work Corporate policies Rules of engagement Master service agreement

Corporate policies

Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups.

Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take?

Preventing interruptions of computer services caused by problems such as fire.

Important aspects of physical security include which of the following?

Gray hat

Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?

Social engineers are master manipulators. Which of the following are tactics they might use?

Moral obligation, ignorance, and threatening

Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card? HIPAA PCI DSS DMCS FISMA

PCI DSS

During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do? Reach out to an attorney for legal advice Ignore the situation and just move on Talk with her friend and do what they suggest Trust her instincts and do what she feels is right

Reach out to an attorney for legal advice

What does an organization do to identify areas of vulnerability within their network and security systems? Scanning External test Risk assessment Internal test

Risk assessment

Which document explains the details of an objective-based test? Permission to test Change order Scope of work Rules of engagement

Scope of work

Which of the following is a deviation from standard operating security protocols? Whitelisting Security exception MAC filtering Blacklisting

Security exception

Which of the following policies would cover what you should do in case of a data breach? Corporate data policy Password policy Sensitive data handling policy Update frequency policy

Sensitive data handling policy

Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?

Shoulder surfing

A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for? Specific/Maintainable/Attainable/Relevant/Timely Steps/Maintainable/Affordable/Results/Tuned Specific/Measurable/Attainable/Relevant/Timely Steps/Measurable/Affordable/Results/Tuned

Specific/Measurable/Attainable/Relevant/Timely

You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?

Spim

Threat modeling

The process of analyzing an organization's security and determining its security holes is known as:

An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.

Which of the following is the difference between an ethical hacker and a criminal hacker?

DNS

Which of the following services is most targeted during the reconnaissance phase of a hacking attack?

What type of threat actor only uses skills and knowledge for defensive purposes? Gray hat Script kiddie White hat Hacktivist

White hat

The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet? Virus Trojan horse APT Logic bomb

APT

Which of the following is a consideration when scheduling a penetration test? Who is aware of the test? What risks are acceptable? Which systems are being tested? Are there any security exceptions?

Who is aware of the test?

Network foot printing tools

Whois, Nslookup, and ARIN are all examples of:

Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather? A member of the red team A gray hat hacker A member of the purple team A black hat hacker

A member of the purple team

ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work? Company culture Email policies Employee IDs Password policies

Company culture

Which type of penetration test is required to ensure an organization is following federal laws and regulations? Goal-based Objective-based Compliance-based White box

Compliance-based

Which of the following best describes what FISMA does? Defines standards that ensure medical information is kept safe Implements accounting and disclosure requirements that increase transparency Defines the security standards for any organization that handles cardholder information Defines how federal government data, operations, and assets are handled

Defines how federal government data, operations, and assets are handled

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?

Development phase

Which of the following elements is generally considered the weakest link in an organization's security? Physical Servers Network Human

Human

Employee and visitor safety

Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control?

Which of the following is considered a mission-critical application? Customer database Video player Support log Medical database

Medical database

A client asking for small deviations from the scope of work is called: Rules of engagement Change order Scope creep Security exception

Scope creep

Which of the following best describes social engineering? The art of deceiving and manipulating others into doing what you want The process of analyzing an organization's security and locating security holes Sending an email that appears to be from a bank to trick the target into entering their credentials on a malicious website A stealthy computer network attack in which a person or group gains unauthorized access for an extended period

The art of deceiving and manipulating others into doing what you want

Which of the following best describes a gray box penetration test? The ethical hacker is given strict guidelines about what can be targeted The ethical hacker has partial information about the target or network The ethical hacker is given full knowledge of the target or network The ethical hacker has no information regarding the target or network

The ethical hacker has partial information about the target or network

Which of the following is a limitation of relying on regulations? They rely heavily on password policies They allow interpretation They are regularly updated The industry standards take precedence

They rely heavily on password policies

Which statement best describes a suicide hacker? This hacker may cross the line of what is ethical, but usually has good intentions and isn't being malicious This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught This hacker is motivated by religious or political beliefs and wants to create severe disruption or widespread fear This hacker's main purpose is to protest an even and draw attention to their views and opinions

This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught

After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process? Transference Avoidance Tolerance Mitigation

Tolerance

A printed materials policy

Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials?

Mantraps

While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?

Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this? Whitelisting White box Black box Blacklisting

Whitelisting

Train the receptionist to keep her iPad in a locked drawer.

You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?

How to prevent piggybacking and tailgating.

You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future?

Which of the following functions does a single quote (') perform in an SQL injection?

Indicates that data has ended and a command is beginning

Which of the following is the correct order for a hacker to launch an attack.

Information gathering, vulnerability scanning, launch attack, gain remote access, maintain access.

Which of the following web server countermeasures is implemented to fix known vulnerabilities, eliminate bugs, and improve performance?

Install patches and updates

Roger, a security analyst, wants to tighten up privileges to make sure each user has only the privileges they need to do their work. Which of the following additional countermeasure could he take to help protect privelige?

Instigate multi-factor authentication and authorization.

Which type of cryptanalysis method is based on substitution-permutation networks?

Integral

YuJin drove his smart car to the beach to fly his drone in search of ocean and animal activity. Which of the following operating systems are most likely being used by his car and drone?

Integrity RTOS and snappy

Jerry runs a tool to scan a clean system to create a database. The tool then scans the system again and compares the second scan to the clean database. Which of the following detection methods is Jerry using?

Integrity-based

You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed? Internal External Gray Box Black Box

Internal

Which of the following has five layers of structure that include Edge technology, Access gateway, Internet, Middleware, and Application

IoT architecture

There are several types of signature evasion techniques. Which of the following best describes the obfuscated codes techniques?

Is an SQL statement that is hard to read and understand.

Which of the following is a characteristic of Elliptic Curve Cryptography (ECC)?

Is suitable for small amounts of data and small devices such as smartphones.

Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked?

It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.

Vulnerability research

Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing?

Which of the following is a protocol that allows authentication over a non-secure network by using tickets or service principal names (SPNs)?

Kerberoasting

Which of the following cryptography attacks is characterized by the attacker having access to both the plain text and the resulting ciphertext, but does not allow the attacker to choose the plain text?

Known plain text

After the enumeration stage, you have are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked?

LDAP

The SQL injection methodology has four parts. Which of the following parts is similar to playing the game 20 questions?

Launch a SQL attack.

Which of the following best describes the countermeasures you would take against a cross-site request forgery attack?

Log off immediately after using a web application. Clear the history after using a web application and don't allow your browser to save your login details.

Ann has a corner office that looks out to a patio that is frequently occupied by tourists. She likes the convenience of her Bluetooth headset paired to her smartphone, but is concerned that her conversations could be intercepted by an attacker siting on her patio. Which of the following countermeasures would be the most effective for protecting her conversations?

Lower the Bluetooth power setting on the smartphone and headset.

Mark is moving files from a device that is formatted using NTFS to a device that is formatted using FAT. Which of the following is he trying to get rid of?

Malicious alternate data streams.

Strict supply chain management, comprehensive supplier assessment, HR resource requirements, transparent information security and management, compliance reporting, and a security breach notification process are defense against which of the following cloud computing threats?

Malicious insiders

Which of the following mobile security concerns is characterized by malicious code that specifically targets mobile devices?

Malicious websites

Which term describes the process of sniffing traffic between a user and server, then re-directing the traffic to the attacker's machine, where malicious traffic can be forwarded to either the user or server?

Man-in-the-middle

Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which of the following cryptographic keys would Mary use to create the digital signature?

Mary's private key.

A hacker finds a system that has a poorly design and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor?

Metasploit

Social engineering

MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using?

Which of the following steps in the web server hacking methodology involves setting up a web server sandbox to gain hands-on experience attacking a web server?

Mirroring

Which of the following bring your own device (BYOD) risks is both a security issue for an organization and a privacy issue for a BYOD user?

Mixing personal and corporate data

A company has implemented the following defenses: - The data center is located in a safe geographical area - Backups are in different locations - Mitigation measures are in place - A disaster recovery plan is in place. Which of the following cloud computing threats has the customer implemented countermeasures against?

Natural disasters

Google Cloud, Amazon Web Services, and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompts companies to take advantage of cloud storage?

Need to bring costs down and growing demand for storage.

Which of the following is an online tool that is used to obtain server and web server information?

Netcraft

You are looking for a web application security tool that runs automated scans looking for vulnerabilities susceptible to SQL injection, cross-site scripting, and remote code injection. Which of the following web application security tools would you most likely use?

Netsparker

A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?

Network scan

Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize? OSSTMM OWASP NIST SP 800-115 ISO/IEC 27001

OWASP

Which of the following is a nonprofit organization that provides tools and resources for web app security and is made up of software developers, engineers, and freelancers.

OWASP

Man-made threat

On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company?

nmap --script nmap-vulners -sV 10.10.10.195

On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run?

Which of the following is the number of keys used in symmetric encryption?

One

Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the host 192.168.0.34 filter?

Only packets with 192.168.0.34 in either the source or destination address are captured.

Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the net 192.168.0.0 filter?

Only packets with either a source or destination address on the 192.168.0.0 network are captured.

Which of the following is an open-source cryptography toolkit that implements SSL and TLS network protocols and the related cryptography standards required by them?

OpenSSL

Which of the following is a tool for cracking Windows login passwords using rainbow tables?

Ophcrack

Joe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use?

P0f

Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?

PSH

Which of the following types of wireless antenna is shown in the image?

Parabolic

Sam has used malware to access Sally's computer on the network. He has found information that will allow him to use the underlying NTLM to escalate his privileges without needing the plaintext password. Which of the following types of attacks did he use?

Pass the hash

Which of the following is characterized by an attacker using a sniffer to monitor traffic between a victim and a host?

Passive hijacking

Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?

Password salting

While performing a penetration test, you captured a few HTTP POST packets using Wireshark. After examining the selected packet, which of the following concerns or recommendations will you include in your report?

Passwords are being sent in clear text.

Which of the following system exploitation methods happens by adding a malicious file to a file path that is missing quotation marks and has spaces in it?

Path interception

Which of the following best describes the HTTP Request/Response TRACE?

Performs a loopback test to a target resource

During a penetration test, Dylan is caught testing the physical security. Which document should Dylan have on his person to avoid being arrested? Master service agreement Scope of work Rules of engagement Permission to test

Permission to test

Which of the following scans is used to actively engage a target in an attempt to gather information about it?

Port scan

Above all else, which of the following must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?

Private keys

Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed?

RST

Jack is tasked with testing the password strength for the users of an organization. He has limited time and storage space. Which of the following would be the best password attack for him to choose?

Rainbow attack

Which of the following attacks utilizes encryption to deny a user access to a device?

Ransomware attack

A company has subscribed to a cloud service that offers cloud applications and storage space. Through acquisition, the number of company employees quickly doubled. The cloud service vendor was able to add cloud services for these additional employees without requiring hardware changes. Which of the following cloud concepts does this represent?

Rapid elasticity

Which of the following best describes a reverse proxy method for protecting a system from a DoS attack?

Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact.

Which of the following is an entity that accepts and validates information contained within a request for a certificate?

Registration authority

The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. which of the following is the key difference between these methodologies? Reporting Gain access Maintain access Reconnaissance

Reporting

Which of the following is the most frequently used symmetric key stream cipher?

Ron's Cipher v4 (RC4)

Linda, an android user, wants to remove unwanted applications (bloatware) that are pre-installed on her device. Which of the following actions must she take?

Root the android device.

Which of the following can void a mobile device's warranty, cause poor performance, or brick a mobile device (making it impossible to turn on or repair)?

Rooting or jailbreaking.

Which of the following types of injections can be injected into conversations between an application and a server to generate excessive amounts of spam email?

SMTP injection

Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks?

SNscan

TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back?

SYN/ACK

Which of the following cloud computing service models deliver software applications to a client either over the Internet or on a local area network?

SaaS

Mary is using asymmetric cryptography to send a message to Sam so that only Sam can read it. Which of the following keys should she use to encrypt the message?

Sam's public key

Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing? Reconnaissance Gain access Scanning and enumeration Maintain access

Scanning and enumeration

You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use?

Scany

Upload bombing and poison null byte attacks are designed to target which of the following web application vulnerabilities?

Scripting errors

Which of the following best describes the heuristic or behavior-based detection method?

Searches for execution path hooking, which allows a function value in an accessible environment to be changed.

Which of the following footprinting methods would you use to scan a web server to find ports that the web server is using for various services?

Service discovery

It is important to be prepared for a DoS attack. These attacks are becoming more common. Which of the following best describes the response you should take for a service degradation?

Services can be set to throttle or even shut down.

Your network administrator has set up training for all the users regarding clicking on links in emails or instant messages. Which of the following is your network administrator attempting to prevent?

Session fixation

A penetration tester discovers a vulnerable application and is able to hijack a website's URL hyperlink session ID. The penetration tester is able to intercept the session ID; when the vulnerable application sends the URL hyperlink to the website, the session IDs are embedded in the hyperlink. Which of the following types of session hijacking countermeasures is the penetration tester using?

Session fixation attack

Inject commands to target the server.

Session hijacking

If an attacker's intent is to discover and then use sensitive data like passwords, session cookies and other security configurations such as UDDI, SOAP, and WSDL, which of the following cloud computing attacks is he using?

Session hijacking through network sniffing

Which of the following tools can be used to create botnets?

Shark, PlugBot, and Poison Ivy

Which of the following is also known as ZeroAccess and has virus, Trojan horse, and rootkit components?

Sirefef

Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against?

Sniffing

Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occured?

Social engineering

Which of the following best describes shoulder surfing?

Someone nearby watches you enter your password on your computer and records it.

Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used?

Split DNS

Which of the following is malware that works by stealth to capture information and then sends it to a hacker to gain remote access?

Spyware

Which of the following describes the risks of spyware that are particular to mobile devices?

Spyware can monitor and log call histories, GPS locations and text messages.

You have just captured the following packet using Wireshark and the filter shown. Which of the following is the captured password?

St@y0ut!@

Cameron wants to send secret messages to his friend Brandon, who works at a competitor's company. To secure these messages, he uses a technique to hide a secret message within a video. Which of the following techniques is he using?

Steganography

The method of embedding data into legitimate files like graphics to hide it and then extracting the data once it reaches its destination is called:

Steganography

Bob encrypts a message using a key and sends it to Alice. Alice decrypts the message using the same key. Which of the following types of encryption keys is being used?

Symmetric

Which of the following forms of cryptography is best suited for bulk encryption because of its speed?

Symmetric cryptography

You believe your system has been hacked. Which of the following is the first thing you should check?

System log files

What port does a DNS zone transfer use?

TCP 53

LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use?

TCP/UDP 389

Donna is configuring the encryption settings on her email server. She is given a choice of encryption protocols and has been instructed to use the protocol that has the most improvements. Which of the following cryptographic protocols should she choose?

TLS

You are configuring a wireless access point and are presented with the image shown below. Which of the following is the most correct statement regarding the access point's configuration?

The Host Name is what the users see in the list of available networks when they connect to the access point.

You are configuring several wireless access points for your network. Knowing that each access point will have a service set identifier (SSID), you want to ensure that is configured correctly. Which of the following SSID statements are true?

The SSID is a unique name, separate from the access point name.

Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find?

The built-in guest

Which of the following Bluetooth threats has increased due to the availability of software that can be used to activate Bluetooth cameras and microphones?

The creation of Bluetooth bugging and eavesdropping devices.

Which of the following best describes a cybersquatting cloud computing attack?

The hacker uses phishing scams by making a domain name that is almost the same as the cloud service provider.

Which of the following best describes this image?

The iOS operating system stack

Alan, an ethical hacker, roots or jailbreaks a mobile device. He checks the inventory information reported by the mobile device management (MDM) software that manages the mobile device. Which of the following describes what he expects to see in the inventory?

The inventory will show the device as vulnerable.

CISA

The list of cybersecurity resources below are provided by which of the following government sites?

You are using software as a service (SaaS) in your office. Who is responsible for the security of the data stored in the cloud?

The provider is responsible for all security.

Which of the following best describes telnet?

The tool of choice for banner grabbing that operates on port 23.

Which of the following best describes the exploitation stage of the mobile device penetration testing process?

The use of man-in-the-middle attacks, spoofing, and other attacks to take advantage of client-side vulnerabilities.

You are using Wireshark to try and determine if a denial-of-service (DDoS) attack is happening on your network (128.28.1.1). You previously captured packets using the tcp.flags.syn==1 and tcp.flags.ack==1 filter, but only saw a few SYN-ACK packets. You have now changed the filter to tcp.flags.syn==1 and tcp.flags.ack==0. After examining the Wireshark results shown in the image, which of the following is the best reason to conclude that a DDoS attack is happening?

There are multiple SYN packets with different source addresses destined for 128.28.1.1.

A mailing list that often shows the newest vulnerabilities before other sources.

There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site?

Which of the following best explains why brute force attacks are always sucessful?

They test every possible valid combination.

Which of the following statements is true regarding cookies?

They were created to store information about user preferences and web activities.

Hackers can maintain access to a system in several ways. Which of the following best describes the unsecure file and folder method?

This can lead to DLL hijacking and malicious file installations on a non-admin targeted user.

CWE

This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described?

Diana, a penetration tester, executed the following command. Which answer describes what you learn from the information displayed?

This is a DNS zone transfer.

Application flaws

This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done?

You have just run the John the Ripper command shown in the image. Which of the following was this command used for?

To extract the password hashes and save them in the secure.txt file.

Which of the following best describes the purpose of the wireless attack type known as wardriving?

To find information that will help breach a victim's wireless network.

James, a hacker, has hacked into a Unix system and wants to change the timestamps on some files to hide his tracks. Which of the following timestamp tools would he most likely use?

Touch

Which of the following is the number of keys used in asymmetric (public key) encryption?

Two

A hacker has gained physical access to a system and has changed an administrator's account password. Which of the following tools did the hacker most likely use to accomplish this?

Ultimate Boot CD

Which of the following privilege escalation risks happens when a program is being installed without the constant supervision of the IT employee and fails to clean up after?

Unattended installation

The ACME company has decided to implement wireless technology to help improve the productivity of their employees. As the cybersecurity specialist for this company, you have the responsibility of seeing that the wireless network is as secure as possible. Which of the following best describes one of the first countermeasures that should be used to ensure wireless security?

Use a Wi-Fi predictive planning tool to determine where to place your access points.

Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the best countermeasure for securing the captured network traffic?

Use encryption for all sensitive traffic.

Which of the following Bluetooth attack countermeasures would help prevent other devices from finding your Bluetooth device that is in continuous operation?

Use hidden mode when your Bluetooth device is enabled.

A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file?

Usernames, but no passwords

Which of the following best describes IPsec enumeration?

Uses ESP, AH, and IKE to secure communication between VPN endpoints.

Which of the following is a characteristic of Triple DES (3DES)?

Uses a 168 bit key

Which of the following best describes a feature of symmetric encryption?

Uses only one key to encrypt and decrypt data.

Which of the following is a characteristic of the Advanced Encryption Standard (AES) symmetric block cipher?

Uses the Rijndael block cipher

Which of the following uses on the fly encryption, meaning the data is automatically encrypted immediately before it is saved and decrypted immediately after it is loaded?

VeraCrypt

Which of the following is an attack where all traffic is blocked by taking up all available bandwidth between the target computer and the Internet?

Volumetric attack

What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats?

Vulnerability scan

A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used?

Wardialing

SQL injections are a result of which of the following flaws?

Web applications

Which of the following explains why web servers are often targeted by attackers?

Web servers provide an easily found, publicly accessible entrance to a network that users are encourages to enter into and browser.

You are analyzing the web applications in your company and have newly discovered vulnerabilities. You want to launch a denial-of-service (DoS) attack against the web server. Which of the following tools would you most likely use?

WebInspect

Which of the following types of web server attacks is characterized by altering or vandalizing a website's appearance in an attempt to humiliate, discredit, or annoy the victim?

Website defacement

An attack that targets senior executives and high-profile victims is referred to as:

Whaling

Prevention, detection, and recovery

What are the three factors to keep in mind with physical security?

Shows results in pages that contain all of the listed keywords.

What does the Google Search operator allinurl:keywords do?

Passive

Which of the following assessment types can monitor and alert on attacks but cannot stop them?

Host-based assessment

Which of the following assessment types focus on all types of users risks, including threats from malicious users, ignorant users, vendors, and administrators?

Large flowerpots

Which of the following best describes a physical barrier used to deter an aggressive intruder?

A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.

Which of the following best describes active scanning?

CAPEC

Which of the following government resources is a directory of known patterns of cyberattacks used by hackers?

Using the information shown, which of the following explains the difference between normal ICMP (ping) requests and an ICMP flood?

With the flood, all packets come from the same source IP address in quick succession.

Which of the following actions was performed using the WinDump command line sniffer?

Wrote packet capture files from interface 1 into mycap.pcap.

Echosec

Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media postings that were made using location services. What is the name of this tool?

Which of the following types of antenna is shown?

Yagi

You are a cybersecurity consultant. The company hiring you suspects that employees are connecting to a rogue access point (AP). You need to find the name of the hidden rogue AP so it can be deauthorized. Which of the following commands would help you locate the rouge access point from the wlp1s0 interface and produce the results shown?

airodump-ng wlp1s0mon

Phil, a hacker, has found his way into a secure system. He is looking for a Windows utility he can use to retrieve, set, back up, and restore logging policies. Which of the following utilities should he consider?

auditpol

During a penetration tester, Omar found unpredicted responses from an application. Which of the following tools was he most likely using while accessing the network?

beSTORM

Which of the following is the name of the attribute that stores passwords in a Group Policy preference item in Windows?

cPasswords

Which of the following enumeration tools provides information about users on a Linux machine?

finger

Which of the following Bluetooth discovery tool commands will show the Bluetooth MAC address, clock offset, and class of each discovered device?

hcitool

Using Wireshark filtering, you want to see all traffic except IP address 192.168.142.3. Which of the following is the best command to filter a specific source IP address?

ip.src ne 192.168.142.3

A user is having trouble connecting to a newly purchased Bluetooth device. An administrator troubleshoots the device using a Linux computer with BlueZ installed. The administrator sends an echo request to the device's Bluetooth MAC address to determine whether the device responds. Which of the following commands was used/

l2ping

Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers?

nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)

Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command?

nmap -sV --script=banner ip_address

You have created and sorted an md5 rainbow crack table. You want to crack the password. Which of the following commands would you use to crack a single hash?

rcrack . -h 202cb962ac59075b964b07152d234b70

You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the account manager's email address?

[email protected]

Which of the following Bluetooth configuration and discovery tools can be used to check which services are made available by a specific device and can work when the device is not discoverable, but is still nearby?

sdptool

Which of the following Bluetooth discovery tools will produce the output shown below?

sdptool

A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ascii output only. Which of the following tcpdump options will achieve this output?

-SX port 443

The ping command is designed to test connectivity between two computers. There are several command options available to customize ping, making it a useful tool for network administrators. On Windows, the default number of ping requests is set is four. Which of the following command options will change the default number of ping requests?

-n

Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in?

/etc/shadow

Which of the following ports are used by null sessions on your network?

139 and 445

Which of the following HTTP response messages would you receive if additional action needs to be taken to complete the request?

3xx Redirection

Who would be most likely to erase only parts of the system logs file?

A black hat hacker

Which of the following best describes Mobile Device Management software?

A combination of an on-device application or agent that communicates with a backend server to receive policies and settings.

Which of the following best describes a non-disclosure agreement? A common legal contract outlining confidential material that will be shared during the assessment A contract where parties agree to most of the terms that will govern future actions A document that defines if the test will be a white box, gray box, or black box test and how to handle sensitive data A very detailed document that defines exactly what is going to be included in the penetration test

A common legal contract outlining confidential material that will be shared during the assessment

Which of the following best describes a master service agreement? Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data A very detailed document that defines exactly what is going to be included in the penetration test Used as a last resort if the penetration tester is caught in the scope of their work A contract where parties agree to the terms that will govern future actions

A contract where parties agree to the terms that will govern future actions

Which of the following best describes the Security Account Manager (SAM)?

A database that stores user passwords in Windows as an LM hash or a NTLM hash.

Which of the following best describes a rogue access point attack?

A hacker installing an unauthorized access point within a company.

Which of the following best describes a DoS attack?

A hacker overwhelms or damages a system and prevents users from accessing a service.

Which of the following best describes a script kiddie?

A hacker who uses scripts written by much more talented individuals.

Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to? Hether will adhere to Florida's laws, and the client will adhere to Utah's laws Both companies will need to adhere to Utah's laws A lawyer should be consulted on which laws to adhere to and both parties agree Both companies will need to adhere to Florida's laws

A lawyer should be consulted on which laws to adhere to and both parties agree

As the cybersecurity specialist for your company, you have used Wireshark to check for man-in-the-middle DHCP spoofing attacks using the bootp filter. After examining the results, what is your best assessment?

A man-in-the-middle spoofing attack is possible due to two DHCP ACK packets.

Which of the following best describes a wireless access point?

A networking hardware device that allows other Wi-Fi devices to connect to a wired network.

Which of the following best describes the Bluediving hacking tool?

A penetration suite that runs on Linux that can implement several attacks, including bluebug, bluesnarf, and bluesmack, and also performs Bluetooth address spoofing.

Which of the following best describes a wireless hotspot?

A physical location where people may obtain free internet access using Wi-Fi

Which of the following best describes a PKI?

A security architecture that ensures data connections between entities are validated and secure.

You work for a very small company that has 12 employees. You have been asked to configure wireless access for them. Knowing that you have a very limited budget to work with, which of the following technologies should you use?

A software based access point

Which of the following best describes CCleaner?

A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.

Which of the following best describes the SQL Power Injector tool?

A tool used to find SQL injections on a web page.

Which of the following describes a session ID?

A unique token that a server assigns for the duration of a client's communications with the server.

Which of the following best describes a phishing attack?

A user is tricked into believing that a legitimate website is requesting their login information.

Which of the following best describes a web application?

A web application is software that has been installed on a web server.

Which of the following best describes Microsoft Internet Information Services (IIS)?

A web server technology

You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the name of the company requesting payment?

ACME, Inc

As part of your penetration test, you are using Ettercap in an attempt to spoof DNS. You have configured the target and have selected the dns_spoof option (see image).To complete the configuration of this test, which of the following MITM options should you select?

ARP poisoning

Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network?

ARP poisoning

As the cybersecurity specialist for your company, you believe a hacker is using ARP poisoning to infiltrate your network. To test your hypothesis, you have used Wireshark to capture packets and then filtered the results. After examining the results, which of the following is your best assessment regarding ARP poisoning?

ARP poisoning is occurring, as indicated by the duplicate response IP address.

Which of the following policies best governs the use of bring your own device (BYOD) that connect with an organization's private network?

Acceptable use policy

Which key area in the mobile device security model is supported by device designers requiring passwords, biometrics, and two-factor authentication methods?

Access controls

Jason, an attacker, has manipulated a client's connection to disconnect the real client and allow the server to think that he is the authenticated user. Which of the following describes what he has done?

Active hijacking

Which of the following cryptography attacks is characterized by the attacker making a series of interactive queries and choosing subsequent plain texts based on the information from the previous encryption?

Adaptive chosen plain text

Which of the following best describes the Wassenaar Arrangement? An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software Standards that ensure medical information is kept safe and is only shared with the patient and medical professionals A law that defines the security standards for any organization that handles cardholder information A law that defines how federal government data, operations, and assets are handled

An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software

Which of the following best describes Bluetooth MAC spoofing?

An attacker changes the Bluetooth address of his own device to match the address of a target device so that the data meant for the victim device reaches the attacker's device first.

You are using BlazeMeter to test cloud security. Which of the following best describes BlazeMeter?

An end-to-end performance and load testing tool that can simulate up to 1 million users and make realistic load tests easier.

Which of the following best describes a certificate authority (CA)?

An entity that issues digital certificates.

Internal assessment

An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: - Inspecting physical security - Checking open ports on network devices and router configurations - Scanning for Trojans, spyware, viruses, and malware - Evaluating remote management processes - Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed?

Which of the following operating systems is the most prevalent in the smartphone marrket?

Android

An attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. This malware provides an access point to the attacker, which he can use to control the device. Which of the following devices can the attacker use?

Any device that can communicate over the intranet can be hacked.

Which of the following is an open-source web server technology?

Apache Web Server

The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model?

Application Layer

CVSS

As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use?

[ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~] are the possible values in which of the following hash types?

Ascii-32-95

Which of the following best describes the key difference between DoS and DDoS?

Attackers use numerous computers and connections.

Which of the following is a short range wireless personal area network that supports low-power, long use IoT needs?

BLE

Which of the following do hackers install in systems to allow them to have continued admittance, gather sensitive information, or establish access to resources and operations within the system?

Backdoors

Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system?

Banner grabbing

Alan wants to implement a security tool that protects the entire contents of a hard drive and prevents access even if the drive is moved to anther system. Which of the following tools should he choose?

Bitlocker

Creating an area of the network where offending traffic is forwarded and dropped is known as _________?

Black hole filtering

You work for a company that is implementing symmetric cryptography to process payment applications such as card transactions where personally identifiable (PII) needs to be protected to prevent identity theft or fraudulent charges. Which of the following algorithm types would be best for transmitting large amounts of data?

Block

Jim, a smartphone user, receives a bill from his provider that contains fees for calling international numbers he is sure he hasn't called. Which of the following forms of Bluetooth hacking was most likely used to attack his phone.

Bluebugging

Which of the following types of Bluetooth hacking is a denial-of-service attack?

Bluesmacking

Which enumeration process tries different combinations of usernames and passwords until it finds something that works?

Brute force

You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?

Brute force

Which of the following is a password cracking tool that can make over 50 simultaneous target connections?

Brutus

Which of the following Bluetooth hacking tools is a complete framework to perform man-in-the-middle attacks on Bluetooth smart devices?

Btlejuice

HTTP headers can contain hidden parameters such as user-agent, host headers, accept and referrer. Which of the following tool could you use to discover hidden parameters.

Burp Suite

You are a cybersecurity specialist. ACME, Inc. has hired you to install and configure their wireless network. As part of your installation, you have decided to use Wi-Fi Protected Access 2 (WPA2) security on all of your wireless access points. You want to ensure that the highest level of security is used. Which of the following encryption protocols should you use to provide the highest level of security?

CCMP

Which of the following is used to remove files and clear the internet browsing history?

CCleaner

Frank wants to do a penetration test. He is looking for a tool that checks for vulnerabilities in web applications, network systems, wireless networks, mobile devices, and defense systems such as IDS or IPS. Which of the following tools would you recommend to him?

COREImpact Pro

Which of the following are network sniffing tools?

Cain and Abel, Ettercap, and TCPDump

Which of the following best describes a rootkit?

Can modify the operating system and the utilities of the target system.

In 2011, Sony was targeted by an SQL injection attack that compromised over a million emails, usernames, and passwords. Which of the following could have prevented the attack?

Careful configuration and penetration testing on the front end.

You have just discovered that a hacker is trying to penetrate your network using MAC spoofing. Which of the following best describes MAC spoofing?

Changing a hacker's network card to match a legitimate address being used on a network.

Which of the following includes all possible characters or values for plaintext?

Charset

Which of the following steps in an Android penetration test checks for vulnerability hackers to use to break down the browser's sandbox using infected JavaScript code?

Check for cross-application-scripting error

Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting cipher text. What type of attack is this?

Chosen plain text

Which of the following terms is the encrypted form of a message that is unreadable except to its intended recipient?

Ciphertext

You are a cybersecurity specialist for your company and have been hired to perform a penetration test. You have been using Wireshark to capture and analyze packets. Knowing that HTTP POST data can sometimes be easy prey for hackers, you have used the http.request.method==POST Wireshark filter. The results of that filter are shown in the image. After analyzing the captured information, which of the following would be your biggest concern?

Clear text passwords are shown

Which type of web application requires a separate application to be installed before you can use the app?

Client-based web app

From you Kali Linux computer, you have used a terminal and the airdump-ng command to scan for wireless access points. From the results shown, which of the following is most likely a rogue access point?

CoffeeShop

Which of the following packet crafting software programs can be used to modify flags and adjust other packet content?

Colasoft

Which of the following best describes the process of using prediction to gain session tokens in an Application level hijacking attack?

Collect several session IDs that have been used before and then analyze them to determine a pattern.

A hacker has used an SQL injection to deface a web page by inserting a malicious content and altering the contents of the database. Which of the following did the hacker accomplish?

Compromise data integrity

Which of the following cloud security protocols includes backups, space availability and continuity of services?

Computation and storage

Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following is the best option for preventing this from happening?

Configure the device to remotely wipe as soon as it is reported lost.

Web application use sessions to establish a connection and transfer sensitive information between a client and a server. Attacking an application's session management mechanisms can help you get around some of the authentication controls and allow you to use the permissions of more privileged application users. Which of the following type of attack could you use to accomplish this?

Cookie parameter tampering

Which of the following is considered an out of band distribution method for private key encryption?

Copying the key to a USB drive

Kathy doesn't want to purchase a digital certificate from a public certificate authority, but needs to establish a PKI in her local network. Which of the following actions should she take?

Create a local CA and generate a self-signed certificate.

You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use?

Currports

An attacker installed a malicious file in the application directory. When the victim starts installing the application, Windows searches in the application directory and selects the malicious file instead of the correct file. The malicious file gives the attacker remote access to the system. Which of the following escalation methods best describes this scenario?

DLL hijacking

Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack?

DNS cache poisoning

As a penetration tester, you have found there is no data validation being completed at the server, which could leave the web applications vulnerable to SQL injection attacks. Which of the following could you use to help defend against this vulnerability?

Decline any entry that includes binary input, comment characters, or escape sequences.

Joelle, an app developer, created an app using two factor authentication (2FA) and requires strong user passwords. Which of the following IoT security challenges is she trying to overcome?

Default, weak, and hardcoded credentials.

Which of the following best describes the rules of engagement document? Used as a last resort if the penetration tester is caught in the scope of their work Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data A contract where parties agree to most of the terms that will govern future actions A very detailed document that defines exactly what is going to be included in the penetration test

Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data

Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?

Delivers everything a developer needs to build an application on the cloud infrastructure.

Anabel purchased a smart speaker. She connected it to all the smart devices in her home. Which of the following communication models is she using?

Device-to-device

What are the four primary systems of IoT technology?

Devices, gateway, data storage, and remote control.

Which of the following cryptographic algorithms is used in asymmetric encryption?

Diffie-Hellman

Which of the following attacks would these countermeasures prevent?

DoS attacks

Which of the following mobile security practices for users who are concerned with geotags?

Don't auto-upload photos to social networks.

You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?

Dumpster diving

Which of the following encryption tools would prevent a user from reading a file that they did not create and does not require you to encrypt an entire drive?

EFS

In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services?

Enumeration

As part of your penetration test, you have captured an FTP session as shown below. Which of the following concerns or recommendations will you include in your report?

FTP uses clear-text passwords

Which of the following is the best defense against cloud account and service traffic hijacking?

Find and fix software flaws continuously, use strong passwords, and use encryption.

Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using?

Fingerprinting

Gathering information about a system, its components and how they work together is known as?

Footprinting

James, a penetration tester, uses nmap to locate mobile devices attached to a network. Which of the following mobile device penetration testing stages is being implemented?

Footprinting

A hacker has discovered UDP protocol weaknesses on a target system. The hacker attempts to send large numbers of UDP packets from a system with a spoofed IP address, which broadcasts out to the network in an attempt to flood the target system with an overwhelming amount of UDP responses. Which of the following DoS attacks is the hacker attempting to use?

Fraggle attack

You are looking for a web server security tool that will detect hidden malware in websites and advertisements. Which of the following security tools would you most likely use?

Hackalert

Which of the following motivates attackers to use DoS and DDoS attacks?

Hacktivism, profit, and damage reputation

Robert, an IT administrator, is working for a newly formed company. He needs a digital certificate to send an receive data securely in a Public Key Infrastructure (PKI). Which of the following requests should he submit?

He must send identifying data with his certificate request to a registration authority (RA).

Which of the following best describes the scan with ACK evasion method?

Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.

Which of the following could a hacker use Alternate Data Streams (ADS) for?

Hiding evidence

An attack is attempting to connect to a database using a web application system account instead of user-provided credentials. Which of the following methods is the attacker attempting to use?

Hijacking web credentials

Which of the following are protocols included in the IPsec architecture?

IKE, AH, and ESP

Which of the following protocols is one of the most common methods used to protect packet information and defend against network attacks in VPNs?

IPsec

You are employed by a small start up company. The company is in a small office and has several remote employees. You must find a business service that will accommodate the current size of the company and scale up as the company grows. The service needs to provide adequate storage as well as additional computing power. Which of the following cloud service models should yo use?

IaaS

A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used?

Idle scan

Which of the following is the most basic way to counteract SMTP exploitations?

Ignore messages to unknown recipients instead of sending back error messages.

Vulnerability assessment

In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses?

Maltego

What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information?

Contact names, Phone numbers, email addresses, fax numbers, and addresses

A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees?

Security sequence

A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in?

Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do? Not worry about this fact and test the servers Add the cloud host to the scope of work Tell the client she can't perform the test Get a non-disclosure agreement

Add the cloud host to the scope of work

Reconnaissance

When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in?

A thin, stiff piece of metal

Which of the following best describes a lock shim?

Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called:

Pretexting

APT

The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?

White hat

Which type of threat actor only uses skills and knowledge for defensive purposes?

Which of the following is a common corporate policy that would be reviewed during a penetration test? Purchasing policy Meeting policy Parking policy Password policy

Password policy

Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team? Is a team of specialists that focus on the organization's defensive security. Is responsible for establishing and implementing policies Performs offensive security tasks to test the network's security Acts as a pipeline between teams and can work on any side

Performs offensive security tasks to test the network's security

You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do?

You should not provide any information and forward the call to the help desk.

The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk ______ Acceptance Mitigation Transference Avoidance

Acceptance

During a penetration test, Mitch discovers child pornography on a client's computer. Which of the following actions should he take? Ignore the files and continue with the penetration test Delete the files and continue with the penetration test Immediately stop the test and report the finding to the authorities Stop the test, inform the client, and let them handle it

Immediately stop the test and report the finding to the authorities

Which of the following best describes what SOX does? Implements accounting and disclosure requirements that increase transparency Defines standards that ensure medical information is kept safe Defines how federal government data, operations, and assets are handled Defines the security standards for any organization that handles cardholder information

Implements accounting and disclosure requirements that increase transparency

Which of the following best describes a supply chain? A company sells their products on Amazon and has Amazon ship the product A company provides materials to another company to manufacture a product A company stocks their product at a store A company stores their product at a distribution center

A company provides materials to another company to manufacture a product

During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using? Avoidance Transference Mitigation Acceptance

Avoidance

Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task? Scope of work Rules of engagement Permission to test Change order

Change order

The process of analyzing an organization's security and determining its security holes is known as: Ethical hacking Enumeration Penetration testing Threat modeling

Threat modeling

Physical attack

Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system?

nmap -sS xyzcompany.com

You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use?

A dome camera

Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant that other cameras?

Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work? HIPAA DMCA PCI DSS FISMA

DMCA

Any attack involving human interaction of some kind is referred to as:

Social engineering

NIST

The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose?

Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action? Corporate policy BYOD policy Update policy Password policy

BYOD policy

Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term? Ethical hacking Blue teaming Red teaming Network scanning

Ethical hacking

Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing? Internal Black box White box External

External

Use incremental backups and store them in a locked fireproof safe.

You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?

Configure the screen saver to require a password.

Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe's workstation?

An internet policy

John, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated?

This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.

Which statement best describes a suicide hacker?


Related study sets

Sociology final chapter 8: Race and ethnicity

View Set

Intermediate Accounting I Chapter 2

View Set

Real Estate Principles (Quiz 1-15)

View Set

Project Management exam 2 Chapter 9, 10, 11

View Set

Mastering Biochemistry Chapter 2 Post-Lecture Hydrogen Bonding/ Acid Base

View Set

Chapter 2: Policies, Provisions, Options, & Riders

View Set

Marketing Research Midterm Study

View Set

nutrition science chapter 17 Dairy

View Set

Performance Management Grote Text

View Set