N° Questions answers

1 TCP-three handshake process and termination is: B : connection etablishment : SYN,

SYN-ACK, ACK
Connection termination : FIN, ACK-
FIN, ACK
2 which of the following will perform a Xmas Scan D : nmap –sx 192.168.1.254
using NMAP ?
3 By analysing an IDS log, an alert was log when an B: False purpose
external router were access by an legitimate
adminstrator. Which type of alert is it ?
4 A well intentioned researches discovers a D : notify the web server own so that
vulnerability on the web site of major corporation. corrective actions be takenas soon as
What should you do possible to patch vulnerability
5 ………………………………………. B : report immediately to the
administrator
6 Jessie receives an email … “ court-notice- B : trojans
21206.zip” …disguised … as a wrong document
7 graig recieved a report of all the computers on the B : A vulnerability scanner
8 Which protocol is used Secured Channels D: IPSEC
9 There is a RAT in a host. When this host attempt to C : hosts
go to a web site, it isredirected. In order to make
this attack, which file must be modify ?
10 What is not pc complaince recommandation A : Rotate employees handling
credits cards transactions on a yearly
basis to different department
11 __________ is a set of extensions to DNS that C : DNSSEC
provides to DNS client (resolvers) …
authentification of DNS data …
12 Which of the following incident handling process C: preparation phase
phases is responsible for defining rules
collaborating, human workforce, creating a back-up
plan and testing the plan for the organisation ?
13 Which Tier the N-tier application……… C : logic tier
14 A compagny is A :Cross-site scripting vulnerability
15 What's the difference between the AES and RSA B : RSA et AES
algorithms ?
16 which system consist on a publicly available set of A : whois
databases that contain domain name
registrationcontact information ?
17 An administrator observe a slow down of normal B : not informing the employees that
network operation, he decide to monitor internet they are going to be monitored could
traffic. From legal standard point, what would be be an invasion of privacy
trouble some this kind of action?
18 What is the code written for ? A : buffer overflow
Buffer
Counter
Which len (buffer) <= 100 ……..
19 In many state… spam … user at a time … C : mail relaying which is a
spammer … to hide the origin of… technique of bourcing email from
 internal to external mail servers
continuously
20 A: Noting but suggest to him to
change the network's SSID and
password
21 What's mecanism in Windows prevent the use of D : data execution prevention (DEP)
accidentally executing malware batch or or
powershell scripts ? A : user acess control (UAC)
22 the company ABC recently discover that their new C: Dumpster diving
produc twas released by the opposition before their
premiere ; they contract an investigator discover
that …paper in the rubbish which kind of attack
happened ?
23 Wich of the following viruses C : stealth virus
24 shellshock had the potentiel for an unauthorised A : windows
user to gain access to a server … it affected many
internet facing services, which OS did not directly
affected ?
25 which of the following is capable of searching and A : WIPS
locating rogue acces point ?
26 In 2007 … security algorithm … passekey … Tj C : Wired equivalent privacy (WEP)
Maxx … wardriving

27 John the ripper is to crack what ? C : passwords

28 When purchasing biometric system C : the amount of time it takes to be
either accepted or rejected from
when an individual provides
identification and authenfication
informations
29 A bank which has never been audited, want to D : determine the impact of enabling
make it. What should be the first step in order to the audit feature
audit ?
30 How can rainbow be defeat ? C : password salting
31 you have successfully compromise a machine on C: ICMP could be disable on the
the network and find a server that is alive on the target serveur
same network ; you tried to ping it but you did’nt
get any response back what is happening ?
32 An attacker is trying to redirect the traffic of a B : DNS Spoofing
small office … DNS servers and NTP… gain
access to the DNS … Google
33 The heartbleed bug was discovered … MITRE … A : private
CVE-2014-0160. This bug affects the open ssl
implementation. What type of a key does this bug
leave exposed to the Internet making…
34 Ricardo wants to send secret messages to be C: steganography
secured, he uses to hide behind ordinary message,
that is
35 A security analyst is performing an audit on the C : remote access policy
network to determine if there are many security
policies in the place…
36 ABC company use network address 192.168.1.64 D : he is scanning from 192.168.1.64
with mask 255.255.255.12 in the network the to 192.168.1.78 because the mask/28
servers are in the adress 192.168.1.122 ; 192 ? and the server are nor inthat range
168.1.123 and 192.168.1.24 an attacker is trying to
find that server but he can not see them in his
scanning the command is using is nmap
192.168.1.64/28 why he can not see the server
37 A pentest discovery show open ports results B : the host is likely a printer
resulting from nmap scan for OS fingerprinting: 21
is opened, 23 is opened, 80 is opened, 139 is
opened, 515 is opened, 63 is opened,
What should be the device of the host
38 Website and web portail that provide webservice B : only compatible with the
commonly use the simple object access protocol application protocol http
SOAP , which of the following is an incorrect
definition or the characteristic in the protocol ?
39 An enterprise recently moved to a new office and B : install a CCTV with camera
the new neighborhood … is a little risky … the pointing to the entrence doors and
CEO wants to monitor the physical perimeter … the street
40
41 A technician notices an issue, a computer which is C :The gateway is not routing to a
connected through wireless, it locally access the ublic ip adressp
other hosts which are on the same subnet, but don’t
reach internet. What is the issue ?
42 A pen tester was done A : possibility of SQL injection
attack is eliminated
43 Which IDS is best applicable for large D : NIDS
environnement where critical asset is locate ?
44 An attacker tries to do banner grabbing on a remote A : the hacker should have used
web server and extract the file nmap –O host.domain.com
NMAP –sV host.domain.com –p80
What will happen ?
45 ……..attack….. rogue WIFI appears to be C: Evil twin attack
 legitimate ….eavedrop on wireless
communication… mobile phone snooping or
fishing ; fill with the appropriate.
46 An attacker has infected an internet-facing server. A : botnet trojan
He then want to send a junk mail to on coordinate
attack or host junk email. Which sort of trojan
infect the server ?
47 Eve stole a file secret.txt with a command John C : she is using John the ripper to
secret.txt crack in the secret .txl file
48 Joseph received a message on his mobile phone. D : this is a scan of everybody can
This message contentan an url and he is invite to get a yahoo@, not yahoo customer
click on it to provide some information needed. services employees
Which statement below is true ?
49 you are doing an internal security audit and you D :scan serveur with Nmap
want to find out what ports are open on all the
servers. What is the best way to find out ?
50 IN order to proceed to OS fingerprinting, send A : active
packets matches with
51 An attacker with access in the inside network, launch a A : He will repeat this action so that it
STP manipulation attack. What should be the next escalates to do a DoD attack
step ?
52 D : 0 day vulnerability
53 what two conditions must digital signature meet ? D : must be unique and have specials
characters
54 The security admin needs to permit traffic and B : the first ACL is denying all TCP
UDP, also permit all FTP traffic and other are traffic and the others ACL are been
ignored. Rules of configuration have be given? ignored by the router
What is happening ?
55 In IPv6, what's the difference concerning application C : vulnerabilities in the application are
layer vulnerabilities compared to IPv4 ? independants of the network layer.
Attacks and mitigation techniques are
almost identical.
56 The Company ABC … financial statement … CFO and D : the CFO can used a hash algorithm
they will be… in the doc one he approved the financial
57 jimmy is standing outside a secure entrance to a C : tailgating
facility ; he is pretending having a tense conversation on
his cellphone as an authorised employee and ask to
enter claimed he has forgot his badge which kind of
attack is happened ?
59 an attacker is using nmap to do a ping sweep and a D: First the ping sweep to identify
port scanning of 254 address in which order should live host
be perform these steps ?
60 Packets from untrusted network go inside a D: FireWalking
protection network area, what is the process in plac
?
61 A Network Admin discover files in root of a Linux C : privilege escalation
FTP server, one of them is tarbal, shell script files
and binary named nc FTP show that there is
anonymous account logged on server which upload
files and extract content from a ps command which
show processing.
 What is to do to take access to that server ?
62 Ipsec does everything except : D : work at the data link
63 There is a log file of the machine 192.168.1.106 : Src C: port scan targeting 192.168.1.106
192.168.1.103 destination 192.168.1.106 port 25 Src
192.168.1.103 destination 192.168.1.106 port 53…
What type of activity has been log ?
64 It has been reported about information spillage. A: containtment
You disconnect everything, what is that phase in a
perspective of incident handling ?
65 Which phase imply Google Hacking tools D : reconnaissance
66 In the three handshake process, what is the first B :SYN
packet ?
67 env x=’(){ ;;} ; echo exploit ‘ bash –c’cat D: display password content to
/etc/password’ what is the shellshock bash prompt
vulnerability attempting to do on a vulnerable linux
host ?
68 Which of the following is targeted at Microsoft A : Macrovirus
Corporation ?

69 in order to have anonymous internet surf which of the A : use tor network with multi mode
following is the best choice
70 When conducting a pentest, which document give D : rules of engagement
description of the tasks, the permissions,… ?
71 You want to analyze packets on wireless, which of C : Wireshark with airaircap
the following utility is the most appropriate ?
72 What proxy tool will help you to find web D : Burpsuite
vulnerabilities
73 Todd has been asked by security officer to purchase a An authenfication system that createon
counter-based authentification system. Which of the time passwords that are encrypt with
following best describe this system? secret keys
74 As an Ethical Hacker, you are capturing from your C : tcp.port eq 25
customer network … SMTP traffic … WIRESHARK
75 The term describes when 2 pieces have the same value C: collision
after encrypting is :
76 A wireless client on a 802.11 network, who use the B : the wap does not recognize the
same software and hardware than other, can see the client MAC adresses
network but can't connect. A wi-fi packet sniffer show
that the WAP response to a request from him. What's a
possible source of the problem ?
77 ….if there is intrusion detection system (IDS) in B : Tcp SYN
intranet, which scanning…..?
78
79
80 A large mobile telephony and data network has a C: Network element must be
data center that houses network elements these are hardness with use IDS and strong
essentially large computer running on linux the password
perimeter of the datacenter is secure ; what’s the
best security policy ?
81 An incident investigator ask to receive a copy of A: proper chain of curiosity was not
the event log from all firewalls, proxy server … observe while collecting the logs
possible breach of security ; the sequence of many
 of the logged events do not match up what’s the
most likely cause ?
82 A company want to perform a web application security C : single quote
test. It's a dynamic site and it use a back end database.
In order to perform an sql injection, what is the first
caracter in the request ?
83 What is therole of test automation B : it i scan accelerate benchmark tests
and repeat with a consistent test setup.
But il cannot replace manually
84 Crypto is the best practice for secure D : public key cryptography, also know
communication. Modern crypto implies which of as asymetric cryptography., public
the following ? decryp and private encrypt
85 Which type of security features stop vehicule in the B : bollards
physical security ?
86 Sid is a judge in a test team, she tests for accepting A : sandboxing the code
a source code in another OS, What is the middle
step ?
87 what is the…………. B : encrypt the data on the hard drive
what is the most secure way to mitigate
88 an attacker attaches a rogue router in network ; he A: Disable all routing protocols and
wants to redirect traffic to a LAN attached to his only userogue router
router as part of a man in the middle …what
measure on behalf…. Can mitigate this attack ?
89 What is correct about digital signature? D : digital signatures cannot cannot be
moved from one signed doc to another
one
90 What firewall check on packet to prevent particulars A : transport layer ports numbers and
port and application from getting inside ? applications layers headers
91 A security Engineer at a medium sized accounting D: Banner grabbing
…tasked with discovery…information facing web
server accept range …bit…..wed 28 dec 2010
which of the following is an example… ?
92 A computer science student need to fill some C: Dictionnary attack
information into secured adobe pdf job application
that was received from perspective employer …a
list of password …with cryptography attack the
student is attempt
93 C : defense in deph
94 An IT employee got a call of someone who was C : the employees should not provide
asking information about internal computer and any information without previous
infrastructure, what should he do ? management autoritization
95 Pharming and Phishing, differences ? A : in a phishing attack is redirect to
take website
96
97 There is a regulation for medical electronic hardware. A :HIPAA 
It's define a guideline stipulate that all measures must be
savely. (je ne suis pas sur de la description, check chez
divine stp) Which of the following best match the
description ?
98 julie is afraid by stolen of his computer during one of D :Full disk description
her travel. She want to protect his data from leakage in
case it's appears. What's the best way to protect this data
 ?
99 Which of yhe following is a passive wifi packet C :KISMET
analyser that works on linux-based system ?
100 An attacker want to launch a ICMP Scan using hping2. D : Hping2 -1host.domain.com
What's the syntax of the command ?
101 The use of vpn for gaining access to an internal B : remote access policy
corporate network
102 Seth is starting a penetration test from inside the A : internal blackbox
network. He hasn’t been given any information about
the network. What type of test is conducted?
103 A tester wants to ping a server but no response that B : hping
states unreachable ICMP may be disabled. Which
option is the best ?
104 B : metasploit
105 Resultat de la commande DIG : DIG 9.7 -P1 axfr D : the hacker successfuly transfered the
domain.com@192.168.1.105 global option: +cmd zone and enumerated the hosts
(plusieurs ligne avec les enregistrements DNS). What
did a hacker complete ?
106 A hacker gain access of a Linux host and has stolen C : the password file does not content
password for etc/pwd How can he use it ? password
107 id executive are found liable for not properly protecting C : civil
their company’s assets and information system what
type of lawwould apply in this situation ?
108 …Attemptind an injection attack on a webserver based A : blind Sql
on response to true false questions is called which of
the followings ?
109 Which of the following is considered a strength of A: speed
symmetric algorithm when compared with asymmetric
algorithm ?
110 … Nmap –sS –T4 -0 192.168.99.1 … B : he permoed SYN scan and OS scan
email
111 Access control through one Central Point matches A : single sign on
with
112 What attack based on precomputed table B : Rainbow table attack
113 Which service in PKI will vouch A : CA
114 Port scanning can be used as part of a technical B : the hosts will ignore packets
assessment to determine network vulnerability. The Tcp
XMAS is used to identify listening ports on the targeted
system. If a scanned port is open, what happens?
115 An attacker change the profile of a victim using A:Cross site request forgery (CSRF)
code below:
Iframe src= http vulnerweb …….
………………
Which attack using HTTP Get and Post
116 Rebecca comonly sees an error on her windwows B : malicious code is attempting to
system that states that a data execution prevention(DEP) execute instructions a in a non
error has taken place which of the following is most like executable memory
taking place ?
117 By using a smart card and pin you are using two B : something you have
factorauthentification …
118 in an internal security audit the white hacker gain D : privilege escalation
control over a user account and attempt acces another
account information what kind of technique is used ?
119 There is one scenario : - Victim open attacker website ; A :Clickjacking attack
- Attacker make an attractive site with fake gift for the
victim ; - Victim click on the link of the gift ; - Attacker
create 'iframe'… What's name of the attack ?
120 Bob learns that his credentials are compromised: C : a fingerprint scanner and his
He contacts for resetting and they suggested dual username and passwords
factor authentication, which is the best ?
121 You're an ethical hacker who audit a company. When D : both static routes indicates that the
you verify the NOC, one of the machine has 2 traffic is external with different gateway
connexions, one wired and other wireless. When you
check the configuration route, you have : route add
10.0.0.0 Mask 255.0.0.0 10.0.0.1 route add 0.0.0.0 mask
255.0.0.0 192.168.0.1 (j'ai pas noté la question, essaie
de voir avec divine stp)
122 Firewalk complete the second phase of his scan. The C : the filewall itsel is blocking port 21
output of the scan is sent to a technician. What can be throug 23 and service is listening on port
the conclusion after readint the report ? Tcp 21 no 23 of the target
response tcp 22 no response tcp 23 TTL
123 A company want to make a security assesment after a C : place a front-end web server in DMZ
breach, where the attacker has steal financial data using that only handles external web traffic
only one server. What can be one key of your
recommandations ?
124 Which metasploit frame work tool can help pentest D : Msfencode
125 What's the meaning of this google search query : C : results matching « accountling » in
site:target.com -site:marketing.target.com accounting ? domain target.com but not on the site

Pas de numeros pour ces questions de Brice, vous trouverez certainement !

A newly discovered flaw in a software in a software application would be considered which kind of
security vulnerability?
Which of the following is considered an exploit framework and has the ability to perform an automated
attack on services, port, application, unpatched security flaw in computer system
You are performing a penetration test, you archived access via a buffer overfload exploit and you
proceed to find interesting data such files…
Your next door neighbor that you do not get alone with is having issue with their network, so he yells to
his spouse he network’s SSID and password and you hear them both cleary. What do you do with this
information
A large company intends to use blackberry for corporate mobile phone and a security… will use the
blackjacking attack method to demonstrate how an attacker … prometric online testing …
?? A penetration test was done at a company after the test a repport was writen …a section of the
report is shown below :

report is shown below :

 Access list should be written between Vlan ;

 Port Security should be enabled for the intranet
 A security solution…
 A WAF should be used in front of the web application.
 ?? graig receives a repport of all computer s on the network that showed all the missing
patches and weak paswords what type of sftware generate thi s repport ?
 ?? what is the role of test automation ?