Tests

N° QUESTION ANSWERS
1 TCP-three handshake process and termination is: B : connection etablishment : SYN, SYN-ACK, ACK
Connection termination : FIN, ACK-FIN, ACK
2 which of the following will perform a Xmas Scan D : nmap –sx 192.168.1.254
using NMAP ?

3 By analysing an IDS log, an alert was log when an False positive

external router were access by an legitimate
adminstrator. Which type of alert is it ?
4 A well intentioned researches discovers a D : notify the web server own so that corrective actions be
vulnerability on the web site of major corporation. takenas soon as possible to patch vulnerability
What should you do?
5 B : report immediatly to the administrator
6 Jessie receives an email … “ court-notice-21206.zip” B : trojans
…disguised … as a wrong document
7 B : A vulnerability scanner
8 Secured Channels D : ipsec
9 There is a RAT in a host. When this host attempt to C : hosts
go to a web site, it isredirected. In order to make this
attack, which file must be modify ?
10 What is not pc complaince recommandation A : Rotate employees handling credits cards transactions
on a yearly basis to different department
11 __________ is a set of extensions to DNS that DNSSEC
provides to DNS client (resolvers) … authentification
of DNS data …
12 Which of the following incident handling process C : preparation phase
phases is responsible for defining rules
collaborating ,human workforce, creating a back-up
plan and testing the plan for the organisation ?
13 C : logic tier
14 A compagny is A :Cross-site scripting vulnerability
15 What's the difference between the AES and RSA B : RSA et AES
algorithms ?
16 which system consist on a publicly available set of A : whois
databases that contain domain name
registrationcontact information ?
17 An administrator observe a slow down of normal B : not informing the employees that they are going to be
network operation, he decide to monitor internet monitored could be an invasion of privacy
traffic. From legal standard point, what would be
trouble some this kind of action?
18 What is the code written for ? A : buffer overflow
Buffer
Counter
Which len (buffer) <= 100 ……..
……………………
19 In many state… spam … user at a time … spammer C : mail relaying which is a technique of bourcing email
… to hide the origin of… from internal to external mail servers continuously
20 A : Nothing, but suggest to him to change the network
SSID and passwords
21 What's mecanism in Windows prevent the use of D : data execution prevention (DEP) or
 accidentally executing malware batch or powershell A : user acess control (UAC)
scripts ?
22 the company ABC recently discover that their new Dumpster diving
produc twas released by the opposition before their
premiere ; they contract an investigator discover that
…paper in the rubbish which kind of attack
happened ?
23 C : stealth virus
24 shellshock had the potentiel for an unauthorised user A : windows
to gain access to a server … it affected many internet
facing services, which OS did not directly affected ?
25 which of the following is capable of searching and A : WIPS
locating rogue acces point ?
26 In 2007 … security algorithm … passekey … Tj C : WEP
Maxx … wardriving …
27 John the ripper is to crack what ? C : passwords
28 When purchasing biometric system C : the amount of time it takes to be either accepted or
rejected from when an individual provides identification
and authenfication informations
29 A bank which has never been audited, want to make D : determine the impact of enabling the audit feature
it. What should be the first step in order to audit ?
30 How can rainbow be defeat ? C : password salting
31 you have successfully compromise a machine on the C : ICMP could be disable on the target server
network and find a server that is alive on the same
network ; you tried to ping it but you did’nt get any
response back what is happening ?

32 An attacker is trying to redirect the traffic of a small B : DNS Spoofing

office … DNS servers and NTP… gain access to the
DNS … Google
33 The heartbleed bug was discovered … MITRE … A : private
CVE-2014-0160. This bug affects the open ssl
implementation. What type of a key does this bug
leave exposed to the Internet making…
34 Ricardo wants to send secret messages to be Steganography
secured, he uses to hide behind ordinary
message, that is
35 A security analyst is performing an audit on the C : remote access policy
network to determine if there are many security
policies in the place…
36 ABC company use network address 192.168.1.64 D : he is scanning from 192.168.1.64 to 192.168.1.78
with mask 255.255.255.12 in the network the because the mask/28 and the server are nor inthat range
servers are in the adress 192.168.1.122 ; 192 ?
168.1.123 and 192.168.1.24 an attacker is trying to
find that server but he can not see them in his
scanning the command is using is nmap
192.168.1.64/28 why he can not see the server ?
37 A pentest discovery show open ports results B : the host is likely a printer
resulting from nmap scan for OS fingerprinting:
21 is opened, 23 is opened, 80 is opened, 139 is
opened, 515 is opened, 63 is opened,
What should be the device of the host
38 Website and web portail that provide webservice B : only compatible with the application protocol http
 commonly use the simple object access protocol
SOAP , which of the following is an incorrect
definition or the characteristic in the protocol ?
39 An enterprise recently moved to a new office and the B : install a CCTV with camera pointing to the entrence
new neighborhood … is a little risky … the CEO doors and the street
wants to monitor the physical perimeter …
40
41 A technician notices an issue, a computer which C :The gateway is not routing to a ublic ip adressp
is connected through wireless, it locally access
the other hosts which are on the same subnet, but
don’t reach internet. What is the issue ?
42 A pen tester was done A : possibility of SQL injection attack is eliminated
43 Which IDS is best applicable for large D : NIDS
environnement where critical asset is locate ?
44 An attacker tries to do banner grabbing on a remote A : the hacker should have used nmap –O
web server and extract the file host.domain.com
NMAP –sV host.domain.com –p80
What will happen ?
45 ……..attack….. rogue WIFI appears to be legitimate Evil twin attack
….eavedrop on wireless communication… mobile
phone snooping or fishing ; fill with the appropriate.
46 An attacker has infected an internet-facing server. He A : botnet trojan
then want to send a junk mail to on coordinate attack
or host junk email. Which sort of trojan infect the
server ?
47 Eve stole a file secret.txt with a command John C : she is using John the ripper to crack in the secret .txl
secret.txt file
48 Joseph received a message on his mobile phone. This D : this is a scan of everybody can get a yahoo@, not
message contentan an url and he is invite to click on yahoo customer services employees
it to provide some information needed. Which
statement below is true ?
49 you are doing an internal security audit and you want Scan servers with nmap
to find out what ports are open on all the servers.
What is the best way to find out ?

50 IN order to proceed to OS fingerprinting, send A : active

packets matches with
51 An attacker with access in the inside network, launch A : He will repeat this action so that it escalates to do a
a STP manipulation attack. What should be the next DoD attack
step ?
52 D : 0 day vulnerability
53 what two conditions must digital signature meet ? D : must be unique and have specials characters
54 The security admin needs to permit traffic and B : the first ACL is denying all TCP traffic and the others
UDP, also permit all FTP traffic and other are ACL are been ignored by the router
ignored. Rules of configuration have be given?
What is happening ?
55 In IPv6, what's the difference concerning application C : vulnerabilities in the application are independants of
layer vulnerabilities compared to IPv4 ? the network layer. Attacks and mitigation techniques are
almost identical.
56 The Company ABC … financial statement … CFO D : the CFO can used a hash algorithm in the doc one he
and they will be… approved the financial
57 jimmy is standing outside a secure entrance to a C : tailgating
facility ; he is pretending having a tense conversation
 on his cellphone as an authorised employee and ask
to enter claimed he has forgot his badge which kind
of attack is happened ?
58 A large compagny intends to use blackberry D :bbproxy
59 an attacker is using nmap to do a ping sweep and a D : first the ping sweep to identify live host and then the
port scanning of 254 address in which order should port scan on the live hosts.
be perform these steps ?
60 Packets from untrusted network go inside a Firewalking
protection network area, what is the process in
plac ?
61 A Network Admin discover files in root of a C : privilege escalation
Linux FTP server, one of them is tarbal, shell
script files and binary named nc FTP show that
there is anonymous account logged on server
which upload files and extract content from a ps
command which show processing.
What is to do to take access to that server ?
62 Ipsec does everything except : D : work at the data link
63 There is a log file of the machine 192.168.1.106 : Src Port scan targetting 192.168.1.106
192.168.1.103 destination 192.168.1.106 port 25 Src
192.168.1.103 destination 192.168.1.106 port 53…
What type of activity has been log ?
64 It has been reported about information spillage. Containment
You disconnect everything, what is that phase in
a perspective of incident handling ?
65 Which phase imply Google Hacking tools D : reconnaissance
66 In the three handshake process, what is the first B :SYN
packet ?
67 env x=’(){ ;;} ; echo exploit ‘ bash –c’cat D : display password content to prompt
/etc/password’ what is the shellshock bash
vulnerability attempting to do on a vulnerable linux
host ?

68 Which of the following is targeted at Microsoft A : Macrovirus

Corporation ?

69 in order to have anonymous internet surf which of the A : use tor network with multi mode
following is the best choice
70 When conducting a pentest, which document give D : rules of engagement
description of the tasks, the permissions,… ?
71 You want to analyze packets on wireless, which C : Wireshark with airaircap
of the following utility is the most appropriate ?
72 What proxy tool will help you to find web D : Burpsuite
vulnerabilities
73 Todd has been asked by security officer to purchase a An authenfication system that createon time passwords
counter-based authentification system. Which of the that are encrypt with secret keys
following best describe this system?
74 As an Ethical Hacker, you are capturing from your C : tcp.port eq 25
customer network … SMTP traffic … WIRESHARK
75 The term describes when 2 pieces have the same Collision
value after encrypting is :
76 A wireless client on a 802.11 network, who use the B : the wap does not recognize the client MAC adresses
 same software and hardware than other, can see the
network but can't connect. A wi-fi packet sniffer
show that the WAP response to a request from him.
What's a possible source of the problem ?
77 In a network, if there is an IDS, which port scanning B : TCP SYN
can't be used ?
78
79
80 A large mobile telephony and data network has a data C : networks elements must be hardened with users IDS
center that houses nework elements these are and stongs passwords. Regular security test and audits
essentially large computer running on linux the should be performed
perimeter of the datacenter is secure ; what’s the best
security policy ?
81 An incident investigator ask to receive a copy of the B : the attacker altered or erased event from the log
event log from all firewalls, proxy server …possible A : proper chain of custody
breach of security ; the sequence of many of the
logged events do not match up what’s the most likely
cause ?
82 A company want to perform a web application C : single quote
security test. It's a dynamic site and it use a back end
database. In order to perform an sql injection, what is
the first caracter in the request ?
83 B : it i scan accelerate benchmark tests and repeat with a
consistent test setup. But il cannot replace manually
84 Crypto is the best practice for secure D : public key cryptography, also know as asymetric
communication. Modern crypto implies which of cryptography., public decryp and private encrypt
the following ?
85 Which type of security features stop vehicule in the B : bollards
physical security ?
86 Sid is a judge in a test team, she tests for A : sandboxing the code
accepting a source code in another OS, What is
the middle step ?
87 B : encrypt the data on the hard drive what is the most
secure way to mitigate
88 an attacker attaches a rogue router in network ; he A : disable all routing protocols and only use static route
wants to redirect traffic to a LAN attached to his
router as part of a man in the middle …what measure
on behalf…. Can mitigate this attack ?
89 What is correct about digital signature? D : digital signatures cannot cannot be moved from one
signed doc to another one
90 What firewall check on packet to prevent particulars A : transport layer ports numbers and applications layers
port and application from getting inside ? headers
91 A security Engineer at a medium sized accounting … D : banner grabbing
tasked with discovery…information facing web
server accept range …bit…..wed 28 dec 2010 which
of the following is an example… ?
92 A computer science student need to fill some C : dictionnary attack
information into secured adobe pdf job application
that was received from perspective employer …a list
of password …with cryptography attack the student
is attempt
93 C : defense in deph
94 An IT employee got a call of someone who was C : the employees should not provide any information
without previous management autoritization
 asking information about internal computer and
infrastructure, what should he do ?
95 Pharming and Phishing, differences ? A : in a phishing attack is redirect to take website
96
97 There is a regulation for medical electronic hardware. HIPAA 
It's define a guideline stipulate that all measures must
be savely. (je ne suis pas sur de la description, check
chez divine stp) Which of the following best match
the description ?
98 julie is afraid by stolen of his computer during one of Full disk description
her travel. She want to protect his data from leakage
in case it's appears. What's the best way to protect
this data ?
99 Which of yhe following is a passive wifi packet KISMET
analyser that works on linux-based system ?
100 An attacker want to launch a ICMP Scan using D : Hping2 -1host.domain.com
hping2. What's the syntax of the command ?
101 The use of vpn for gaining access to an internal B : remote access policy
corporate network
102 Seth is starting a penetration test from inside the A : internal blackbox
network. He hasn’t been given any information about
the network. What type of test is conducted?
103 A tester wants to ping a server but no response B : hping
that states unreachable ICMP may be disabled.
Which option is the best ?
104 B : metasploit
105 Resultat de la commande DIG : DIG 9.7 -P1 axfr D : the hacker successfuly transfered the zone and
domain.com@192.168.1.105 global option: +cmd enumerated the hosts
(plusieurs ligne avec les enregistrements DNS). What
did a hacker complete ?
106 A hacker gain access of a Linux host and has C : the password file does not content password
stolen password for etc/pwd How can he use it ?
107 id executive are found liable for not properly C : civil
protecting their company’s assets and information
system what type of lawwould apply in this
situation ?
108 …Attemptind an injection attack on a webserver A : blind Sql
based on response to true false questions is called
which of the followings ?
109 Which of the following is considered a strength of A: speed
symmetric algorithm when compared with
asymmetric algorithm ?
110 … Nmap –sS –T4 -0 192.168.99.1 … B : he permoed SYN scan and OS scan email
111 Access control through one Central Point A : single sign on
matches with
112 What attack based on precomputed table B : Rainbow table attack
113 Which service in PKI will vouch A : CA
114 Port scanning can be used as part of a technical B : the hosts will ignore packets
assessment to determine network vulnerability. The
Tcp XMAS is used to identify listening ports on the
targeted system. If a scanned port is open, what
happens?
115 An attacker change the profile of a victim using Cross site request forgery (CSRF)
 code below:
Iframe src= http vulnerweb …….
………………
Which attack using HTTP Get and Post
116 Rebecca comonly sees an error on her windwows B : malicious code is attempting to execute instructions a
system that states that a data execution in a non executable memory
prevention(DEP) error has taken place which of the
following is most like taking place ?
117 By using a smart card and pin you are using two B : something you have
factorauthentification …
118 in an internal security audit the white hacker gain D : privilege escalation
control over a user account and attempt acces another
account information what kind of technique is used ?
119 There is one scenario : - Victim open attacker Clickjacking attack
website ; - Attacker make an attractive site with fake
gift for the victim ; - Victim click on the link of the
gift ; - Attacker create 'iframe'… What's name of the
attack ?
120 Bob learns that his credentials are compromised: C : a fingerprint scanner and his username and passwords
He contacts for resetting and they suggested dual
factor authentication, which is the best ?
121 You're an ethical hacker who audit a company. When D : both static routes indicates that the traffic is external
you verify the NOC, one of the machine has 2 with different gateway
connexions, one wired and other wireless. When you
check the configuration route, you have : route add
10.0.0.0 Mask 255.0.0.0 10.0.0.1 route add 0.0.0.0
mask 255.0.0.0 192.168.0.1 (j'ai pas noté la question,
essaie de voir avec divine stp)
122 Firewalk complete the second phase of his scan. The C : the filewall itsel is blocking port 21 throug 23 and
output of the scan is sent to a technician. What can be service is listening on port 23 of the target
the conclusion after readint the report ? Tcp 21 no
response tcp 22 no response tcp 23 TTL
123 A company want to make a security assesment after a C : place a front-end web server in DMZ that only
breach, where the attacker has steal financial data handles external web traffic
using only one server. What can be one key of your
recommandations ?
124 Which metasploit frame work tool can help pentest D : Msfencode
125 What's the meaning of this google search query : C : results matching « accountling » in domain target.com
site:target.com -site:marketing.target.com accounting but not on the site
?

Pas de numeros pour ces questions de Brice, vous trouverez certainement !

A newly discovered flaw in a software in a software application would be considered which kind of
security vulnerability?
Which of the following is considered an exploit framework and has the ability to perform an automated
attack on services, port, application, unpatched security flaw in computer system
You are performing a penetration test, you archived access via a buffer overfload exploit and you
proceed to find interesting data such files…
Your next door neighbor that you do not get alone with is having issue with their network, so he yells to
his spouse he network’s SSID and password and you hear them both cleary. What do you do with this
information
A large company intends to use blackberry for corporate mobile phone and a security… will use the
blackjacking attack method to demonstrate how an attacker … prometric online testing …
?? A penetration test was done at a company after the test a repport was writen …a section of the
report is shown below :

 Access list should be written between Vlan ;

 Port Security should be enabled for the intranet
 A security solution…
 A WAF should be used in front of the web application.
 ?? graig receives a repport of all computer s on the network that showed all the missing
patches and weak paswords what type of sftware generate thi s repport ?
 ?? what is the role of test automation ?