As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic.
What command in Wireshark will help you to find this kind of traffic?
- A . request smtp 25
- B . tcp.port eq 25
- C . smtp port
- D . tcp.contains port 25
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to"www.MyPersonalBank.com", that the user is directed to a phishing site.
Which file does the attacker need to modify?
- A . Boot.ini
- B . Sudoers
- C . Networks
- D . Hosts
Which type of security features tops vehicles from crashing through the doors of a building?
- A . Turnstile
- B . Bollards
- C . Man trap
- D . Receptionist
Log monitoring tools performing behavioral analysis have alerted several suspicious login son a Linux server occuring during non-business hours. After further examination of all login activities, it is notices that
none of the logins have occurred during typical work hours. A Linux administrator who is investigating this
problem realized the system time on the Linux server is wrong by more than twelve hours.
What protocol used on Linux serves to synchronize the time has stopped working?
- A . NTP
- B . TimeKeeper
- C . OSPF
- D . PPP
An enterprise recent y moved to a new of ice and the new neighborhood is a littler is risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours.
What is the best option to do this job?
- A . Use fences in the entrance doors.
- B . Install a CCTV with cameras pointing to the entrance doors and the street
- C . Use an IDS in the entrance doors and install some of them near the corners.
- D . Use lights in all the entrance doors and along the company’s perimeter.
Bob, a network administrator at Big University, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network.
What should Bob do to avoid this problem?
- A . Disable unused ports in the switches
- B . Separate students in a different VLAN
- C . Use the 802.1x protocol
- D . Ask students to use the wireless network
Which is the first step followed by Vulnerability Scanners for scanning a network?
- A . TCP/UDP Port scanning
- B . Firewall detection
- C . OS Detection
- D . Checking if the remote host is alive
Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy.
What is the main theme of the sub-policies for Information Technologies?
- A . Availability, Non-repudiation, Confidentiality
- B . Authenticity, Integrity, Non-repudiation
- C . Confidentiality, Integrity, Availability
- D . Authenticity, Confidentiality, Integrity
The "Gray-box testing" methodology enforces what kind of restriction?
- A . Only the internal operation of a system is known to the tester.
- B . The internal operation of a system is completely known to the tester.
- C . The internal operation of a system is only partly accessible to the tester
- D . Only the external operation of a system is accessible to the tester.
Which results will be returned with the following Google search query? site: target.com site: Marketing target.com accounting
- A . Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.
- B . Results matching all words in the query.
- C . Results for matches on target.com and Marketing,target.com that include the word "accounting"
- D . Results matching "accounting" in domain target.com but not on the site Marketing.target.com
How can rainbow tables be defeated?
- A . Password salting
- B . Use of non-dictionary words
- C . All uppercase character passwords
- D . Lockout accounts under brute force password cracking attempts
What is correct about digital signatures?
- A . A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party
- B . Digital signatures maybe used in different documents of the same type.
- C . A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
- D . Digital signatures are issued once for each user and can be used everywhere until they expire.
While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences.
He then decided to conduct: nmap-Pn-p-sl kiosk.adobe.com www.riaa.com kiosk.adobe.com is the host with increment all PID sequence.
What is the purpose of using-sl with Nmap?
- A . Conduct stealth scan
- B . Conduct ICMP scan
- C . Conduct IDLE scan
- D . Conduct silent scan
What type of OS fingerprinting techniques ends specially crafted packets to the remote OS and analyzes the received response?
- A . Passive
- B . Active
- C . Reflective
- D . Distributive
Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best i lust rates an attempt to exploit an insecure direct object reference vulnerability?
- A . “GET/restricted/goldtransfer?to=Rob&from=1or1=1’HTTP/1.1Hostwestbank.com"
- B . “GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com”
- C . “GET/restricted/bank.getaccount(‘Ned’) HTTP/1.1 Host: westbank.com”
- D . “GET/restricted/r
%00account%00Ned%00accessHTTP/1.1Host: westbank.com"
What is the correct process for the TCP three-way handshake connection establishment and connection termination?
- A . Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK
- B . Connection Establishment: ACK, ACK-SYN, SYN Connection Termination: FIN, ACK-FIN, ACK
- C . Connection Establishment: FIN, ACK-FIN, ACK Connection Termination: SYN, SYN-ACK, ACK
- D . Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: ACK, ACK-SYN, SYN
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email.
At what layer of the OSI layer does the encryption and decryption of the message take place?
- A . Application
- B . Transport
- C . Session
- D . Presentation
Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company.
What is the main security risk associated with this scenario?
- A . External script contents could be maliciously modified without the security team knowledge
- B . External scripts have direct access to the company servers and can steal the data from there
- C . There is no risk at all as the marketing services are trustworthy
- D . External scripts increase the outbound company data traffic which leads greater financial losses
The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122.192.168.1.123 and 192.168.1.124.
An attacker is trying to find those servers but he can not see them in his scanning. The command he is using is: nmap192.168.1.64/28
Why he cannot see the servers?
- A . He needs to change the address to 192.168.1.0 with the same mask
- B . He needs to add the command “ip address" just before the IP address.
- C . He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask/ 28 and the servers are not in that range.
- D . The network must be down and then map command and IP address are ok
What is the purpose of a demilitarized zone on a network?
- A . To scan all traffic coming through the DMZ to the internal network
- B . To only provide direct access to the nodes within the DMZ and protect the network behind it
- C . To provide a place to put the honeypot
- D . To contain the network devices you wish to protect
You are doing an internal security audit and intend to find out what ports are open on all the servers.
What is the best way to find out?
- A . Scan servers with Nmap
- B . Scan servers with MBSA
- C . Telnet to every port on each server
- D . Physically go to each server
Alice encrypts her data using her public key PK and stores the encrypted data in the cloud.
Which of the following attack scenarios will compromise the privacy of her data?
- A . None of these scenarios compromise the privacy of Alice’s data
- B . Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew’s attempt to access the stored data
- C . Hacker Harry breaks into the cloud server and steals the encrypted data
- D . Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before
Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?
- A . Command Injection Attacks
- B . File Injection Attack
- C . Cross-Site Request Forgery (CSRF)
- D . Hidden Field Manipulation Attack
Which of the following is not a Bluetooth attack?
- A . Bluesnarfing
- B . Bluedriving
- C . Bluesmacking
- D . Bluejacking
Which service in a PKI will vouch for the identity of an individual or company?
- A . CBC
- B . KDC
- C . CA
- D . CR
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not matchup.
What is the most likely cause?
- A . The network devices are not all synchronized
- B . Proper chain of custody was not observed while collecting the logs.
- C . The attacker altered or erased events from the logs.
- D . The security breach was a false positive.
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email and you send her an email changing the source email to her boss’s email(boss@company). In this email you ask for a pdf with information. She reads your email and sends back a pdf with inks. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.
What testing method did you use?
- A . Social engineering
- B . Piggybacking
- C . Tailgating
- D . Eavesdropping
What is the role of test automation in security testing?
- A . It is an option but it tends to be very expensive.
- B . It should be used exclusively. Manual testing is outdated because of low spend and possible test setup inconsistencies.
- C . Test automation is not usable in security due to the complexity of the tests.
- D . It can accelerate benchmark tests and repeat them with a consistent test setup. But it can not replace manual testing completely.
What is the minimum number of network connections in a multihomed firewall?
- A . 3
- B . 2
- C . 5
- D . 4
A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.
Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?
- A . White Hat
- B . Suicide Hacker
- C . Gray Hat
- D . Black Hat
Your business has decided to add credit card numbers to the data it backs up to tape.
Which of the following represents the best practice your business should observe?
- A . Do not backup either the credit card numbers or their hashes.
- B . Encrypt backup tapes that are sent off-site.
- C . Backup the hashes of the credit card numbers not the actual credit card numbers.
- D . Hire a security consultant to provide direction.
This international organization regulates bi lions of transactions daily and provides security guidelines to protect personally identifiable information (PI). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.
Which of the following organization is being described?
- A . Institute of Electrical and Electronics Engineers (IEEE)
- B . International Security Industry Organization (ISIO)
- C . Center for Disease Control (CDC)
- D . Payment Card Industry (PCI)
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
- A . Use security policies and procedures to define and implement proper security settings.
- B . Use digital certificates to authenticate a server prior to sending data
- C . Validate and escape all information sent to a server.
- D . Verify access right before allowing access to protected information and Ul controls.
Which security strategy requires using several varying methods to protect IT systems against attacks?
- A . Defense in depth
- B . Covert channels
- C . Exponential backoff algorithm
- D . Three-way handshake
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
- A . PKI
- B . SOA
- C . biometrics
- D . single sign on
You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/ 8 and 192.168.0.0/8.
While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.
After further analysis, you find out that this Public I Pisa blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?
- A . Botnet Attack
- B . Spear Phishing Attack
- C . Advanced Persistent Threats
- D . Rootkit Attack
John the Ripper is a technical assessment tool used to test the weakness of which of the following?
- A . Usernames
- B . File permissions
- C . Firewall rulesets
- D . Passwords
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing-Reports https://ibt1.prometric.com/users/custom/reportqueue/rgstr…corporate network.
What tool should the analyst use to perform a Blackjacking attack?
- A . Paros Proxy
- B . BBProxy
- C . Bloover
- D . BBCrack
It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.
Which of the following regulations best matches the description?
- A . FISMA
- B . ISO/IEC 27002
- C . HIPAA
- D . COBIT
A company’s security policy states that all Web browsers must automatically delete their HTTP browser
cookies upon terminating.
What sort of security breach is this policy attempting to mitigate?
- A . Attempts by attackers to access the user and password information stored in the company’s
- B . Attempts by attackers to access Websites that trust the Web browser user by stealing the
- C . Attempts by attackers to access password stored on the user’s computer without the user’s
- D . Attempts by attackers to determine the user’s Web browser usage patterns, including when
Peter is surfing the internet looking for if main about DX Company.
Which hacking process is Peer doing?
- A . Scanning
- B . Footprinting
- C . Enumeration
- D . System Hacking
A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating.
What sort of security breach is this policy attempting to mitigate?
- A . Attempts by attackers to access the user and password information stored in the company’s SQL database.
- B . Attempts by attackers to access Websites that trust the Web browser user by stealing the user’s authentication credentials.
- C . Attempts by attackers to access password stored on the user’s computer without the user’s knowledge
- D . Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.
Peter issuing the internet looking for i format in about DX Company.
Which hacking process is Peer doing?
- A . Scanning
- B . Footprinting
- C . Enumeration
- D . System Hacking
Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system.
If a scanned port is open, what happens?
- A . The port will ignore the packets.
- B . The port will send an RST.
- C . The port will send an ACK.
- D . The port will send a SYN
An LDAP directory can be used to store information similar to a SQL database. LDAP uses a______ database structure instead of SQL’s________ structure.
Because of this, LDAP has difficulty representing many-to-one relationships.
- A . Strict, Abstract
- B . Simple, Complex
- C . Relational, Hierarchical
- D . Hierarchical, Relational
You want to analyze packets on your wireless network.
Which program would you use?
- A . Wireshark with Airpcap
- B . Airsnort with Airpcap
- C . Wireshark with Winpcap
- D . Ethereal with Winpcap
What is not a PCI compliance recommendation?
- A . Use a firewall between the pubic network and the payment card data.
- B . Use encryption to protect all transmission of cardholder data over any public network.
- C . Rotate employees handling credit card transactions on a yearly basis to different departments.
- D . Limit access to cardholder data to as few individuals as possible.
An attacker scans a host with the below command.
Which three flags are set? (Choose three.)
#nmap-sXhost.domain.com
- A . This is ACK scan. ACK flag is set
- B . This is Xmas scan. SYN and ACK flags are set
- C . This is Xmas scan. URG, PUSH and FIN are set
- D . This is SYN scan. SYN flag is set
A hacker has managed to gain access to a Linux host and stolen the password file from/etc/passwd.
How can he use it?
- A . The file reveals the passwords to the root user only.
- B . The password file does not contain the passwords themselves.
- C . He cannot read it because it is encrypted
- D . He can open it and read the user ids and corresponding passwords.
Which of the following parameters describe LM Hash (see exhibit):
- A . II
- B . I
- C . I, II, and III
- D . I and II
You are attempting to man-in-the-middle a session.
Which protocol will allow you to guess a sequence number?
- A . ICMP
- B . TCP
- C . UP X
- D . UPD
Which of the following will perform an Xmas scan using NMAP?
- A . nmap -sA 192.168.1.254
- B . nmap -sP 192.168.1.254
- C . nmap -sX 192.168.1.254
- D . nmap -sV 192.168.1.254
Which command can be used to show the current TCP/IP connections?
- A . Netsh
- B . Net use connection
- C . Netstat
- D . Net use
Which of the following is the least likely physical characteristic to be used in biometric control that supports a large company?
- A . Voice
- B . Fingerprints
- C . Iris patterns
- D . Height and Weight
Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?
- A . [cache:]
- B . [site:]
- C . [inurl:]
- D . [link:]
Jim’s company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes are not stored off-site.
The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?
- A . Encrypt the backup tapes and transport them in a lockbox.
- B . Degauss the backup tapes and transport them in a lockbox.
- C . Hash the backup tapes and transport them in a lockbox.
- D . Encrypt the backup tapes and use a courier to transport them.
Risks=Threats x Vulnerabilities is referred to as the:
- A . BIA equation
- B . Disaster recovery formula
- C . Risk equation
- D . Threat assessment
An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.
In which order should he perform these steps?
- A . The sequence does not matter. Both steps have to be performed against all hosts.
- B . First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.
- C . First the ping sweep to ident fy live hosts and then the ports canon the live hosts. This way he saves time.
- D . The port scan alone is adequate. This way he saves time.
A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?
- A . Place a front-end webserver in a demilitarized zone that only handles external web traffic
- B . Require all employees to change their anti-virus program with a new one
- C . Move the financial data to another server on the same IP subnet
- D . ls sue new certificates to the webservers from the root certificate authority
Which of the following tools can be used for passive OS fingerprinting?
- A . tcpdump
- B . nmap
- C . ping
- D . tracert
Which of the following is considered as one of the most reliable forms of TCP scanning?
- A . TCP Connect/Full Open Scan
- B . Half-open Scan
- C . NULL Scan
- D . Xmas Scan
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated webpages to inject client-side script into webpages viewed by other users.
- A . SQL injection attack
- B . Cross-Site Scripting (XSS)
- C . LDAP Injection attack
- D . Cross-Site Request Forgery (CSRF)
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?
- A . 123
- B . 161
- C . 69
- D . 113
Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?
- A . Heuristic Analysis
- B . Code Emulation
- C . Integrity checking
- D . Scanning
As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?
- A . Service Level Agreement
- B . Project Scope
- C . Rules of Engagement
- D . Non-Disclosure Agreement
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?
- A . AH promiscuous
- B . ESP transport mode
- C . AH Tunnel mode
- D . ESP confidential
A technician is re soling an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24.
Which of the following has occurred?
- A . The computer is not using a private IP address.
- B . The gateway is not routing to a public IP address
- C . The gateway and the computer are not on the same network.
- D . The computer is using an invalid IP address.
You are monitoring the network of your organizations.
You notice that:
– There are huge outbound connections from your Internal Network to External IPs.
– On further investigation, you see that the External IPs are blacklisted.
– Some connections are accepted, and some are dropped.
– You find that it is a CnC communication.
Which of the following solution will you suggest?
- A . Block the Blacklist lP’s @ Firewall
- B . Update the Latest Signatures on your IDS/IPS
- C . Clean the Malware which are trying to Communicate with the External Blacklist IP’s
- D . Block the Blacklist IP’s @ Firewall as well as Clean the Malware which are trying to Communicate with the External Blacklist IP’s.
Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message w thin an or diary message. The technique provides ‘security through obscurity’.
What technique is Ricardo using?
- A . Encryption
- B . Steganography
- C . RSA algorithm
- D . Public-key cryptography
The Heart bleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160.This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised
system very easy?
- A . Public
- B . Private
- C . Shared
- D . Root
A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the lT department had a dial-out modem installed.
Which security policy must the security analyst check to see if dial-out modems are allowed?
- A . Firewall-management policy
- B . Acceptable-use policy
- C . Remote-access policy
- D . Permissive policy
When you are getting information about a webserver, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE) .PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine.
What Nmap script will help you with this task?
- A . http-methods
- B . http enum
- C . http-headers
- D . http-git
What is the Shellshock bash vulnerability attempting to do a vulnerable Linux host?
env x='({:; }; echo exploit’ bash-c ’cat/etc/passwd’
- A . Removes the passwd file
- B . Changes all passwords in passwd
- C . Add new user to the passwd file
- D . Display passwd content to prompt
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball two are shell script files, and the third is a binary file is named "nc." The FTP server’s access logs show that the anonymous user account logged into the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server’s software. The “ps" command shows that the “nc" file is running as process, and the netstat command shows the “nc" process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?
- A . Filesystem permissions
- B . Privilege escalation
- C . Directory traversal
- D . Brute force login
This asymmetry cipher is based on factoring the product of two large prime numbers.
What cipher is described above?
- A . SHA
- B . RSA
- C . MD5
- D . RC5
You want to do an ICMP scan on a remote computer using hping2.
What is the proper syntax?
- A . hping2-1 host.domain.com
- B . hping2-i host.domain.com
- C . hping2-set-lCMP host.domain.com
- D . hping2 host.domain.com
Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?
- A . ICMP Echo scanning
- B . SYN/FIN scanning using IP fragments
- C . ACK flag probe scanning
- D . IPID scanning
Which of the following statements is TRUE?
- A . Sniffers operate on Layer 2 of the OSI model
- B . Sniffers operate on Layer 3 of the OSI model
- C . Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
- D . Sniffers operate on the Layer 1 of the OSI model.
To reach a bank website, the traffic from workstations must passthrough a firewall You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/ 24 can only reach the bank website 10.20.20.1 using https.
Which of the following firewall rules meets this requirement?
- A . If (source matches 10.10.10.0/ 24 and destination matches 10.20.20.1 and port matches 443) then permit
- B . If (source matches 10.10.10.0/ 24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
- C . If (source matches 10.20.20.1 and destination matches 10.10.10.0/ 24 and port matches 443) then permit
- D . If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit
Why is a penetration test considered to be more thorough than vulnerability scan?
- A . Vulnerability scans only do host discovery and port scanning by default.
- B . A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
- C . It is not-a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
- D . The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
Which utility will tell you in real time which ports are listening or in another state?
- A . Netsat
- B . Loki
- C . Nmap
- D . TCP View
What is the least important information when you analyze a public IP address in a security alert?
- A . ARP
- B . Who is
- C . DNS
- D . Geolocation
Emil uses nmap to scan two hosts using this command:
nmap -sS -T 4 -O 192.168.99.1 192.168.99.7
He receives this output:
What is his conclusion?
- A . Host 192.168.99.7isaniPad.
- B . He performed a SYN scan and OSs canon hosts 192.16899.1 and 192.168.99.7
- C . Host 192.168.99.1is the host that he launched the scan from.
- D . Host 192.168.99.7is down.
PGP, SSL, and IKE are all examples of which type of cryptography?
- A . Hash Algorithm
- B . Digest
- C . Secret Key
- D . Public Key
An IT employee got a call from one of our best customers. The caller wanted to know about the company’s network infrastructure, systems, and team. New opportunities of integration are insight for both company and customer.
What should this employee do?
- A . The employees cannot provide any information; but, anyway, he/she will provide the name of the person in charge.
- B . Since the company’s policy is all about Customer Service, he/she will provide information.
- C . Disregarding the call, the employee should hang up.
- D . The employee should not provide any information without previous management authorization
While performing online banking using a Web browser, a user receives an email that contains a link to an
interesting Website. When the user click son the link, another Web browser session starts and displays
a video of cats playing a piano. The next business day, the user receives what looks like an email from
his bank, indicating that his bank account has been accessed from a foreign country. The email asks the
user to call his bank and verify the authorization of a funds transfer that took place.
What Web browser-based security vulnerability was exploited to compromise the user?
- A . Cross-Site Request Forgery
- B . Cross-Site Scripting
- C . Clickjacking
- D . Web form input validation
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use?
- A . nmap -T4 -q 10.10.0.0/ 24
- B . nmap -T4 -F 10.10.0.0/ 24
- C . nmap -T4 -r 10.10.1.0/ 24
- D . nmap -T4 -0 10.10.0.0/ 24
A penetration tester is conducting a ports canon a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed.
Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS?
- A . The host is likely a Linux machine.
- B . The host is likely a printer.
- C . The host is likely a router.
- D . The host is likely a Windows machine.
Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?
- A . Scalability
- B . Speed
- C . Key distribution
- D . Security
Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?
- A . Metasploit
- B . Cain & Abel
- C . Malte go
- D . Wire shark
Code injection is a form of attack in which a malicious user.
- A . Inserts text into a data field that gets interpreted as code
- B . Gets the server to execute arbitrary code using a buffer overflow
- C . Inserts additional code into the JavaScript running in the browser
- D . Gains access to the codebase on the server and inserts new code
Bob, your senior colleague, has sent you a mail regarding a a deal with one of the clients. You are requested to accept the offer and you oblige.
After 2 days, Bob denies that he had ever sent a mail.
What do you want to “know" to prove yourself that it was Bob who had send a mail?
- A . Confidentiality
- B . Integrity
- C . Non-Repudiation
- D . Authentication
To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?
- A . Randomizing
- B . Bounding
- C . Mutating
- D . Fuzzing
You have gained physical access to a Windows 2008R 2 server which has an accessible disc drive.
When you attempt to boot the server and login, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux Live CD.
Which Linux-based tool can change any user’s password or activate disabled Windows accounts?
- A . John the Ripper
- B . SET
- C . CHNTPW
- D . Cain & Abel
Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?
- A . Produces less false positives
- B . Can identify unknown attacks
- C . Requires vendor updates for a new threat
- D . Cannot deal with encrypted network traffic
…..is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been setup to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack maybe used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent website and luring people there.
Fill in the blank with appropriate choice.
- A . Evil Twin Attack
- B . Sinkhole Attack
- C . Collision Attack
- D . Signal Jamming Attack
Which of the following program infects the system boot sector and the executable files at the same time?
- A . Stealth virus
- B . Polymorphic virus
- C . Macro virus
- D . Multipartite Virus
Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
- A . IPsec
- B . SFTP
- C . FTPS
- D . SSL
Why should the security analyst disable/remove unnecessary ISAPI filters?
- A . To defend against social engineering attacks
- B . To defend against webserver attacks
- C . To defend against jail breaking
- D . To defend against wireless attacks
In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?
- A . Keyed Hashing
- B . Key Stretching
- C . Salting
- D . Double Hashing