Computer Security Exam
A city clerk received an email providing details about transferring money to a supplier. The email provides a URL asking for credentials for city bank accounts so payments can be made to the supplier. The email address does not match the one used by the supplier. What may be the issue here? a. Spear phishing b. Theft c. Whaling d. Tradecraft
A
Due to the ILOVEYOU virus, Microsoft implemented a new business practice in its software to prevent such attacks from occurring again. What was it? a. Disabling the macro features in Microsoft Office by default b. Disabling the CD-ROM autorun feature c. Setting user profiles to disabled d. Removing HEKY_LOCAL_MACHINE\USER
A
During an annual security training course you are facilitating, you place a call to another employee picked randomly who is not part of the training class. In this call, you state that you work in the help desk department and request their password in order to reset an account you noticed is locked. What risk are you demonstrating? a. Social engineering b. Weak passwords c. Malware being installed by workers d. Spam emails circulating the office
A
In WPA2, what AAA server can be used in the enterprise configuration? a. RADIUS b. Exchange c. Solaris d. NetWare
A
Software that creates pop-up advertisement messages while visiting websites is known as what? a. Adware b. Malware c. Pop-up blocker d. Freeware
A
What do wireless access points use to advertise their presence? a. Beacon frame b. Homing beacon c. Homing broadcast d. Broadcast frame fore use.
A
What is an advantage of a phone call over a phishing email? a. You are able to go into more detail with pretexting using a conversation. b. Phishing attacks are rarely successful. c. Not everyone has email, but everyone has a phone. d. Pretexting requires the use of a phone.
A
What method is used to send a malicious URL using a text message? a. Smishing b. Vishing c. Phishing d. Whaling
A
What type of attack would the following code be vulnerable to? char[5] attacker; strcpy (attacker, "cat /etc/passwd"); scanf(&attacker); a. Buffer overflow b. SQL injection c. Command injection d. Heap spraying
A
What type of social engineering attack uses SMS (text) messages to communicate with the victim? a. Smishing b. Vishing c. Phishing d. Kishing
A
When you are attacking a web application, what server would you typically need to go through first to get to any programmatic content if the application is designed using a typical n-tier architecture? a. Web server b. Database server c. Logic server d. Application server
A
Which authentication protocol is used in WPA2? a. CCMP b. 3DES c. AES d. LEAP
A
Which method would be targeting the client in a web-based communication? a. Cross-site scripting (XSS) b. SQL injection c. XML external entity d. Command injection
A
Which of the following applications allows you to crack WEP passwords in a wireless network? a. Cain & Abel b. Wireshark c. Traceroute d. John the Ripper
A
Which of the following applications is used to inspect packets? a. Wireshark b. Cain & Abel c. Aircrack d. Nmap
A
Which of the following is an application that does not need a host or human interaction to disrupt and corrupt data? a. Worm b. Virus c. Trojan d. Malware
A
Which of the following is an application that provides ARP spoofing? a. Cain & Abel b. Evercrack c. Kismet d. John the Ripper
A
Which of the following is tcpdump Capturing with Additional Verbosity ? a. Tcpdump -vv -s 0 b. Tcpdump -x c. Tcpdump -la d. Tcpdump -na
A
Which of the following malware achieved a historical first by causing physical damage to a nuclear reactor facility? a. Stuxnet b. Blue's Revenge c. ILOVEYOU virus d. BackOrifice
A
Which of the following tools allows you to create certificates that are not officially signed by a CA? a. Cain & Abel b. Nmap c. Ettercap d. Darkether
A
Which of the following tools can be used to DDoS a target system? a. LOIC b. SIMM c. Cain & Abel d. AOL Punter
A
Which of the following tools uses Metasploit to launch attacks like phishing campaigns? a. Setoolkit b. Ettercap c. Mimikatz d. Netcat
A
Which option describes a server-side attack targeting web applications? a. SQL injection b. Cross-site malware injection c. Cross-site scripting d. SQL site scripting
A
Which option describes the concept of injecting code into a portion of data in memory that allows for arbitrary commands to be executed? a. Buffer overflow b. Crash c. Heap spraying d. Format string
A
You call into the city manager's office claiming to be a part of the help desk team. You ask the clerk for her username and password to install the latest Microsoft Office suite. What type of attack are you conducting? a. Social engineering b. Piggybacking c. Masquerading d. Tailgating
A
Your company has been targeted by a series of phishing emails. In order to deter the attack, you quickly tell your users to verify senders. How do you go about implementing this? a. Ensure that the email is digitally signed. b. Call the sender and verify. c. Ensure that the email was not encrypted. d. Reply to their message and ask for their public key.
A
A user reports that they have downloaded a music file from the Internet. They inform you that when they opened the file, it seemed as though it installed an application, and then the user was prompted to send a payment of $500 to a PayPal account to get the key to decrypt their hard drive. The user no longer has access to their desktop. What could be the issue? a. The user is experiencing a hoax. b. The user downloaded and installed ransomware. c. The user installed malware. d. The user downloaded the wrong music file.
B
An email contains a link with the subject line "Congratulations on your cruise!" and is sent to the finance person at a company. The email instructs the reader to click a hyperlink to claim the cruise. When the link is clicked, the reader is presented with a series of questions within an online form, such as name, Social Security number, and date of birth. What type of attack would this be considered? a. Email phishing b. Spear phishing c. Social engineering d. Identity theft
B
During the course of testing, you identify a WAP that you are going to exploit. You discover that the WAP is using WEP. Which method will you utilize in order to exploit the WAP? a. The encryption algorithm, which is RC4 b. The initialization vector (IV) c. The password d. The username and password
B
How does ARP spoofing work? a. Sending gratuitous ARP requests b. Sending gratuitous ARP responses c. Filling up the ARP cache d. Flooding a switch
B
If you saw the following command line, $ tcpdump -i eth2 host 192.168.10.5 , what would you be capturing? a. Traffic just from 192.168.10.5 b. Traffic to and from 192.168.10.5 c. Traffic just to 192.168.10.5 d. All traffic other than from 192.168.86.5
B
If you wanted to redirect traffic to a particular hostname on the Internet to a server that you had control of, what type of attack could you use? a. ARP spoofing b. DNS spoofing c. Masquerading d. Man-in-the-middle
B
In virus scanning, what is the telltale sign of a virus? a. Hash value b. Signature c. Definition d. Trojan
B
Malware installed at the kernel is very difficult to detect with products such as antivirus and anti-malware programs. What is this type of malware called? a. Ransomware b. Rootkit c. Vampire tap d. Worm
B
To sniff, what mode must your network adapter be configured to in order to pull frames off an Ethernet or wireless network that aren't addressed to you? a. Active b. Promiscuous c. Stealth d. CSMA/CD mode
B
What is a buffer used for? a. Dynamic data storage b. Static data storage c. Data in transit d. Processing power
B
What is a major drawback of most antivirus software? a. It can be extremely slow. b. It must have the latest virus definitions. c. It can take up a lot of host resources. d. It requires a lot of effort to administer.
B
What is the biggest drawback from using anti-malware software? a. It takes up processing resources. b. It must have up-to-date virus definitions. c. Anti-malware software is expensive. d. It can be centrally or independently administered
B
What is the region in memory that is assigned to a process or a program when it is initiated? a. Cluster b. Stack c. Heap d. Pointer
B
What key sizes in bits are used within AES? a. 64 and 128 b. 128, 192, and 256 c. 128 and 256 d. 256
B
What sort of an attack might you suspect if you had found an access point with the same name as an enterprise SSID? a. SSID scanning b. Evil twin c. Deauthentication d. Injection
B
What technique would a malware author use to try to make it past an anti-malware solution? a. Disassembly b. Obfuscation c. Reverse engineering d. Dropper
B
What tool could you safely use to perform dynamic analysis on a malware sample? a. strings b. Cuckoo Sandbox c. Ollydbg d. Cutter
B
What type of attack might you use if you want to collect credentials by calling a user? a. Spam b. Social engineering c. Whaling d. Manipulation
B
Which application exploit type works against dynamic memory allocations? a. Return to libc b. Heap spraying c. Buffer overflow d. Stack smashing
B
Which of the following is associated with security access in a wireless network? a. WPA b. 802.1X c. Radius d. TACACS+
B
Which packet sniffing tool allows you to specify the individual fields you want printed in the output? a. Nmap b. tshark c. tcpdump d. Snoop
B
You are a passenger in an airport terminal. You glance across the terminal and notice a man peering over the shoulder of a young woman as she uses her tablet. What do you think he is doing? a. Wardriving b. Shoulder surfing c. War shouldering d. Shoulder jacking
B
You are a system administrator for a law firm. You are informed that a few users are indicating that they are receiving email messages from the help desk asking for their username and password to confirm ticket creation. They indicate they have not opened any tickets with the help desk. What is likely going on? a. Smishing b. Phishing c. Vishing d. Fishing
B
You are sending messages that are used to force a wireless station to continue to send messages to reconnect to the wireless network. What kind of attack is this? a. Evil twin b. Deauthentication c. KRACK d. Rogue AP
B
You are sitting inside of your office, and you notice a strange person in the parking lot with what appears to be a tall antenna connected to a laptop. What is the stranger most likely doing? a. Brute-forcing their personal electronic device b. Wardriving c. Warflying d. Bluesnarfing
B
____ means sniffing through a hub, on a hub the traffic is sent to all ports. involves only monitoring of the packets sent by others without sending any additional data packets in the network traffic. a. Active sniffing b. Passive sniffing c. Hardware sniffing d. None of the above
B
An attacker is dressed as a postal worker. Holding some large boxes, he follows a group of workers to make his drop-off in the back of the facility. What is the attacker trying to conduct? a. Phishing b. Sliding c. Piggybacking d. Shimming
C
Apache OpenOffice and Microsoft Office have a built-in feature that allows the user to automate a series of specified commands. These commands usually assist with daily routine tasks. This feature can be used in conjunction with launching malware. What feature is this? a. File sharing services b. Object Link c. Macro d. Compression
C
As a black hat, you forge an identification badge and dress in clothes associated with a maintenance worker. You attempt to follow other maintenance personnel as they enter the power grid facility. What are you attempting to do? a. Piggybacking b. Social engineering c. Tailgating d. Impersonating
C
As part of an assessment on an organization you working for, you decide to conduct a social engineering attack to gather credentials that you will use later. What type of attack would be the most efficient if you wanted to get credentials from an administrator? a. Man-in-the-middle b. Pharming c. Spear phishing d. Phishing
C
At which protocol layer does the Berkeley Packet Filter operate? a. Internetwork b. Transport c. Data Link d. Protocol
C
How many stages are used in the handshake to establish credentials in WPA/2/3? a. Two b. Three c. Four d. Five
C
In a SQL injection attack, where does the attack actually execute? a. Web server b. Application server c. Database server d. Browser
C
Spammers want you to: a. Not open any links b. Think first and act later c. Act first and think later d. None of the Above
C
The act of falsifying data is also known as what? a. Boink b. Packet crafting c. Spoofing d. Data diddling
C
The program _________ was developed to grab SSL messages and strip the encryption from them. a. wiretrap b. sshshark c. sslstrip d. None of the above
C
There are some hostnames that are commonly mistyped. Attackers can register these common typos as domain names themselves and wait for people to come visit. The tactic is called ______. a. Techsquatting b. Translatesquatting c. Typosquatting d. None of the above
C
What do you need to provide to Wireshark to allow it to decrypt encrypted packets? a. License b. Password c. Keys d. Hash
C
What is an easy way to gather credentials from wireless users? a. Deauthentication attack b. Man in the middle c. Evil twin d. Rogue AP
C
What is the result of conducting a MAC flood on a switch? a. The switch would fail to respond. b. It would create a DoS. c. The switch would operate as if it were a hub. d. The switch would continue to operate as normal
C
What tool could you use to assist in capturing radio headers on wireless networks? a. Nmap b. Ettercap c. Airmon-ng d. Ophcrack
C
What tool could you use to fully automate a social engineering attack, like sending out a phishing campaign? a. Nmap b. Metasploit c. Setoolkit d. Aircrack
C
When writing a program, what is one of the fundamental tasks that should be done when declaring a variable? a. Assign a random value to it. b. Do not assign a value because it can corrupt data. c. Initialize the variable. d. A variable does not need to be initialized.
C
Which of the following is used for recording key strokes at a terminal or keyboard using malicious software? a. Spyware b. Malware c. Key logger d. Recordware
C
Which of the following tools allows some users to monitor all network activity? a. Nmap b. Metasploit c. Wireshark d. Netcraft
C
Which type of malware is likely the most impactful? a. Worm b. Dropper c. Ransomware d. Virus
C
Which type of network uses a group of zombie computers to carry out the commands of the bot master? a. Zombie net b. Zombie group c. Botnet d. Bot heard
C
Which wireless mode is used when there is a point-to-point connection but no wireless access point involved? a. One to one b. Synchronization setting c. Ad hoc d. Clients must access a WAP
C
You are a CISO for a giant tech company. You are charged with implementing an encryption cipher for your new mobile devices that will be introduced in 2022. What encryption standard will you most likely choose? a. RC4 b. MD5 c. AES d. Skipjack
C
You receive a text message providing a link to a website with a message indicating you have vulnerabilities in your phone that need to be checked. What sort of an attack is this likely to be? a. Spear phishing b. Vishing c. Smishing d. Whaling
C
_______ is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. a. Exploit-db b. DNS c. TShark d. Domainname
C
_________ is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. a. Udpdump b. httpdump c. tcpdump d. None of the above
C
A wireless access point that looks like a known and legitimate wireless network may actually be what? a. Rogue AP b. Man in the middle c. Ad hoc solution d. Evil twin
D
An application that is designed to look like a known legitimate application but is actually malicious in nature is considered what type of malware? a. Spyware b. Rootkit c. Adware d. Trojan
D
Microsoft Office and other office suite applications have a feature that should be turned off to prevent malware from executing or spreading. What feature should be disabled? a. Mail b. FTP client c. Auto-update feature d. Macro feature
D
To sniff wireless traffic at layer 2, what must you have set on your wireless adapter? a. Transport mode b. Promiscuous mode c. Transparency mode d. Monitor mode
D
What are the two types of wireless network? a. Passive, active b. Point-to-point, multicast c. Infrastructure, active d. Ad hoc, infrastructure
D
What is the major vulnerability for an ARP request? a. It sends out an address request to all the hosts on the LAN. b. The address is returned with a username and password in cleartext. c. The address request can cause a DoS. d. The address request can be spoofed with the attacker's MAC address.
D
What might be a quick and easy way to attempt to compromise a mobile device? a. SQL injection b. Buffer overflow c. Remote screen lock d. Smishing
D
What protection characteristics are in use with IPSec transport mode? a. The header is encrypted. b. Both payload and message are encrypted. c. It provides authentication to the sender's data. d. It provides encryption to the payload only.
D
What technique might a malware author use that would be most effective to evade detection by anti-malware software? a. Encryption b. Packing c. Compression d. Polymorphism
D
What tool can be used to spoof a MAC address? a. MAC and Cheese b. Cheesy MAC c. GodSMAC d. arpspoof
D
What type of attack is a Fraggle attack? a. XML entity b. False error c. Fragmentation d. Amplification
D
Which of the following deletes the Clients table within an SQL database? a. UPDATE TABLE Clients b. SELECT * FROM Clients c. INSERT TABLE Clients d. DROP TABLE Clients
D
Which of the following is a good practice that includes the ability to isolate systems and detect attacks and may also include preventive measures? a. Defense in depth b. Security measure c. Baseline configuration d. Defensible network architecture
D
Which of the following is the correct way to search for a specific IP address in Wireshark using a display filter? a. ip.addr = 192.168.1.100 b. ip == 192.168.1.100 c. ip = 192.168.1.199 d. ip.addr == 192.168.1.100
D
Which of these technologies would you use to remove malware in the network before it got to the endpoint? a. Antivirus b. Endpoint detection and response c. Stateful firewall d. Unified threat management device
D
Which type of packet does a Fraggle attack use to create a DoS attack? a. TCP b. IP c. ICMP d. UDP
D
Why might you use a phone call for a social engineering attack over a phishing message? a. Phishing attacks don't guarantee success. b. Pretexting only works over the phone. c. Pretexting is more detailed on the phone. d. More people have phones than email.
D
Why would an attacker use a Trojan? a. To cause a DoS on a computer b. To delete files on a computer c. To encrypt the system d. To get a user to run it
D
You are a security administrator working at a movie production company. One of your daily duties is to check the IDS logs when you are alerted. You notice that you received a lot of incomplete three-way handshakes, your memory performance has been dropping significantly on your web server, and customers are complaining of really slow connections. What could be the actual issue? a. DoS b. DDoS c. Smurf attack d. SYN flood
D
You are an administrator overseeing IT security operations for a local bank. As you review logs from the prior day, you notice a very high rate of UDP packets targeting your web server that are coming from your clients all at the same time. What could be the culprit? a. Smurf attack b. DDoS c. SYN flood attack d. Fraggle attack
D
You are the senior manager in the IT department for your company. What is the most cost-effective way to prevent social engineering attacks? a. Install HIDS. b. Ensure that all patches are up-to-date. c. Monitor and control all email activity. d. Implement security awareness training.
D
Your security team notifies you that they are seeing the same SSID being advertised in your vicinity, but the BSSID is different from ones they are aware of. What type of attack is this? a. Deauthentication attack b. Wardriving c. MAC spoofing d. Evil twin
D
