Ethical Hacking final
Which of the following statements in the C programming language is used to load libraries that hold the commands and functions used in your program?
#include
Which of the following logical operators in the C programming language is evaluated as true if both sides of the operator are true?
&&
Which IEEE standard can achieve a throughput of 54 Mbps?
802.11g
What standard specifically defines the process of authenticating and authorizing users on a network?
802.1X
Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?
ADO
Which of the following is an alternative term used when referring to Application Security?
AppSec
Which of the following refers to verifying the sender or receiver (or both) is who they claim to be?
Authentication
What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date?
BIOS-based rootkit
Which of the following takes you from one area of a program (a function) to another area?
Branching
The print command for Perl is almost identical to the print command used in which of the following programming languages?
C
What programming languages are vulnerable to buffer overflow attacks?
C and C++
Which specific type of tag do All CFML tags begin with?
CF
For a Windows computer to be able to access a *nix resource, which of the following must be enabled on both systems?
CIFS
The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of which OSI model layer?
Data Link layer
Which of the following is a scripting language for Windows and Linux that performs repetitive tasks, such as password cracking?
EXPECT
What specific type of spread spectrum modulation allows data to hop to other frequencies to avoid interference that might occur over a frequency band?
FHSS
A user can view the source code of a PHP file by using their Web browser's tools.
False
CSMA/CD is implemented at the data link layer on wireless networks.
False
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
False
You must always add "//" at the end of comment text when using C language.
False
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
Which type of device monitors a network's hardware so that security administrators can identify attacks in progress and stop them?
IDS
If a Cisco administrator needs to configure a serial or Fast Ethernet port, which configuration mode should they use?
Interface configuration mode
What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?
Java-based
Which of the following is a common Linux rootkit?
Linux Rootkit 5
Which of the following is the act of performing a task over and over?
Looping
To determine whether a system could be vulnerable to an RPC-related issue, which of the following tools can be used?
MBSA
A device that performs more than one function, such as printing and faxing is called which of the following?
MFD
Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
Visual Basic Script (VBScript) is a scripting language developed by which of the following companies?
Microsoft
Which of the following defines how data is placed on a carrier signal?
Modulation
What router feature provides basic security by mapping internal private IP addresses to public external IP addresses, essentially hiding the internal infrastructure from unauthorized personnel?
NAT
What is the current file system that Windows utilizes that has strong security features?
NTFS
Which of the following protocols does NetBios use to access a network resource?
NetBEUI
Which function ensures that a sender and receiver cannot deny sending or receiving a specific message?
Nonrepudiation
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?
OLE DB
Which of the following EAP methods uses TLS to authenticate the server to the client, but not the client to the server?
PEAP
Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?
PHP
If an organization does not want to rely on a wireless device to authenticate users, which of the following is a secure alternative?
RADIUS server
Which of the following is an interprocess communication mechanism that allows a program running on one host to run code on a remote host?
RPC
Which of the following systems should be used when equipment monitoring and automation is critical?
SCADA
What specific type of tools can assist teams by identifying attacks and indicators of compromise by collecting, aggregating, and correlating log and alert data from routers, firewalls, IDS/IPS, endpoint logs, Web filtering devices, and other security tools?
SIEM
Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers?
SQLOLEDB
What is the 1 to 32 character configurable name used to identify a WLAN?
SSID
A large organization that is responsible for sensitive or critical data may elect to create which of the following to do damage assessment, risk remediation, and legal consultation?
Security Operations Center
Which type of Cisco access lists can restrict IP traffic entering or leaving a router's interface based only on the source IP address?
Standard IP
What type of packet filtering records session-specific information about a network connection, including the ports a client uses?
Stateful
SMB is used to share files and usually runs on top of NetBIOS, NetBEUI, or which of the following?
TCP/IP
What protocol improves WPA encryption by adding Message Integrity Checks, Extended Initialization Vectors, Per-packet key mixing, and a Re-keying mechanism to improve encryption?
TKIP
Bugs are worse than syntax errors because a program can run successfully with a bug, but the output might be incorrect or inconsistent
True
ECC is an efficient algorithm requiring few hardware resources, so it's a perfect candidate for wireless devices and cell phones.
True
Embedded OSs are usually designed to be small and efficient so they do not have some of the functions that general-purpose OSs have.
True
Routers operate at the Network layer of the TCP/IP protocol stack.
True
The MSBA tool can quickly identify missing patches and misconfigurations.
True
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
True
When a compiler finds errors, it usually indicates what they are so you can correct the code and compile the program again.
True
Windows Software Update Services (WSUS) is designed to manage patching and updating system software from the network.
True
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access aspecific resource?
User-level security
What is the IEEE 802 standards name for a wireless network that is limited to one person's workspace?
WPAN
Which of the following is a flawed wireless authentication standard created to allow users to easily add devices to a wireless network securely?
WPS
Which of the following is a Window's client/server technology designed to manage patching and updating systems software from the network?
WSUS
Which of the following if often found within an embedded OS that can cause a potential vulnerability to an attack?
Web server
What wireless hacking tool can perform scans for wireless access points and can set up fake APs to social-engineer users or confuse attackers using airbaseng
WiFi Pineapple
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
Which of the following special characters is used with the printf() function in the C programming language to indicate a new line?
\n
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does?
application-aware firewall
NetBios is not available in Windows Vista, Server 2008, and later versions of Windows. However, NetBios should be understood by a security professional because it is used for which of the following?
backward compatibility
In the C programming language, which of the following show where a block of code begins and ends?
braces
What type of attack is being attempted when an attacker uses a passwordcracking program to guess passwords by attempting every possible combination of letters?
brute force
Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?
business logic
Which of the following is contained in a wireless frequency band and breaks up the band into smaller frequency ranges?
channels
Cryptography is the process of converting plaintext, which is readable text, into unreadable or encrypted text called which if the following?
ciphertext
In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data?
ciphertext-only
If a security expert decides to study the process of breaking encryption algorithms, they are performing which of the following?
cryptanalysis
Which of the following is the process of converting ciphertext back into plaintext?
decryption
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
developer tools
What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?
domain controllers
Which of the following is a mathematical function or program that works with a key?
encryption algorithm
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
In HTML, each tag has a matching closing tag that is written with which of the following characters?
forward slash (/)
Which of the following is a mini-program within a main program that carries out a task?
function
Which of the following is a computer placed on the network perimeter with the main goal of distracting hackers from attacking legitimate network resources?
honeypot
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
injection
Which of the following is a range of allowable values that is used to generate an encryption key?
keyspace
What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms?
known plaintext
Which frequency band is used by commercial AM radio stations?
medium frequency (MF)
In object-oriented programming, a function contained in a class is called which of the following?
member function
In a Perl program, to go from one function to another, you simply call the function by entering which of the following in your source code?
name
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?
no ACL support
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
What type of an IDS is being used when it does not take any action to stop or prevent an activity occurring?
passive system
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?
reflected
Which of the following results from poorly configured technologies that a Web application runs on top of?
security misconfigurations
To examine the router's routing table, a Cisco administrator would enter which command?
show ip route
Which type of symmetric algorithm operates on plaintext one bit at a time?
stream ciphers
In the Perl programming language, which of the following keywords is used in front of function names?
sub
What type of cryptography is demonstrated by reversing the alphabet so A becomes Z, B becomes Y, and so on?
substitution cipher
Cryptosystems that have a single key that encrypts and decrypts data are using what type of algorithm?
symmetric
Red Hat and Fedora Linux use what command to update and manage their RPM packages?
yum
