‘As an Ethical Hacker you are captunng trafic from your customer network with Wireshark and you need {ofind and venly just SMTP trafic. What command in Wireshask will help you to find this Kind of traffic? OA request smip 25 ® tepporteq25, Oe smtp port © tcp contains port 25 Answer: B Anattacker has installed a RAT on a host. The attacker wants to ensure that when a user atlempis to go to "www MyPersonelBank com’, thatthe user is directed to a phishing site Which fle does the attacker need to modify? OA Bootini OB Sudoers Networks 0 Hosts Answer: D Which type of security feature stops vehicles from crashing through the doors of a building? OA Tumstile ©8 Bollards Oc Mantrap OD Receptionist Answer: BLog monitoring tools performing behamtoral analysis have alerted several suspicious logins on a Linu ‘server occuring during non-business hours. After further examination of al login actiuties, itis notices that none ofthe logins have occurred ring typical work hours. A Linux administrator who is investigating this problem realized the system time on the Linux server is wrong by more than twelve hours. What protocol Used on Linux serves to synchronize the ime has stopped working? oa NIP 8 TimeKeeper Oc OSPF Go Ppp Answer: A Anenterprise recently moved to & new office and the new neighborhoods litle risky. The CEO wants ‘to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job? A. Use fencesin the entrance doors. GB Install a CCTV with cameras pointing to the entrance doors and the street © Use an IDS in the entrance doors and install some of them near the comers. © Use lights inal he enirance doors and along the company’s perimeter Answer: B ‘Bob, a network administrator at BigUniversity, realized that some students are connecting their ‘notebooks in the wired network to have Intemet access. In the university campus, there are many Ethernet Poor's available for professors and authorized visitors but not for students He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem? A. Disable unused ports inthe switches: 8 Separate students in a different VLAN C Use the 802 1xprotocol OD Ask students to use the wireless network Answer: CWhichis the first step followed by Vulnerability Scanners for scanning a network? op TCP/UDP Port scanning Firewall detection OS Detection Checking if the remote host is alive Answer: D Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-polcies like Computer Security Policy, Information Protection Policy Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Accaunt Policy. Whats the main theme of the sub-policies for information Technologies? oa Availability, Non-repudiation, Confidenbality Authenticity, Integrity, Non-repudiation Confidentiality, Integrity, Availabilty Authenticity, Confidentiality, Integrity ‘Answer: C ‘The "Gray-box testing" methodology enforces what kind of restriction? A OB oc op Only the intemal operation of a system is known to the tester. The intemal operation of a system is completely known to the tester ‘The internal operation of a system is only partly accessible to the tester. Only the external operation of a system is accessible to the tester. Answer: CWhich resuts willbe retumed with the following Google search query? sitetarget com site:Man op -ketng target com accounting Results trom matches on the site marketing target.com that are in the domain target com but ‘do not include the word accounting. Resuls matching allwords in the query. Resuls for matches on target com and Marketing target.com that include the word *accourting’ Resutts matching “accounting” in domain target com but not on the site Marketina target com ‘Answer: C How can rainbow tables be defeated? oD Password salting Use of non-dictionary words All uppercase character passwords Lockout accounts under brute force password cracking attempts Answer: A What is comect about digital signatures? Da ‘A igital signature cannot be moved from one signed document to another because itis the hash of the onginal document encrypted with the pvate key ofthe signing pany. Digital signatures may be used in different documents of the same type. ‘Acigital signature cannot be moved from one signed document to another because itis a plain hash of the document content Digital signatures are issued once for each user and can be used everywhere unt they expire. Angwer: A‘While scanning with Nnap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nap -Pn—p —s! kiosk adabe com www siaa, com kiosk adobe cam s the host with incremental IP ID sequence. What is the purpose of using “-s wilh Nmap? OA Conduct stealth scan 8 Conduct CMP scan D€ Conduct IDLE scan 0 Conduct silent scan Anawer: C ‘What type of OS fingerprinting technique sends specialy crafted packets to the remote OS and analyzes the received response? OA Passive O8 Adive Oc Reflective 0. Distibutive Answer: B Insecure direct object reference is a type of wiherabilty where the application does not vert ifthe user is authorized to access the intemal objact via its name or key. ‘Suppose a malicious user Rob ties to get access to the account of a benign user Ned. ‘Which of the following requests best ilstrates an attempt to exploit an insecure direct object reference vulnerability? DA “GE Tirestricledigoldtransfer?o=Rab&from=1 or HTTP/1.tHost westbank corn" 8 “GETirestrictedaccounts/2name=Ned HTTPI1.1 Host: westbank com” © *GETiresticted-bank getaccauni(Ned’) HTTP/1.1 Host: westbank com” OD “GETirestrictedvin%00account%00Ned"%00access HTTP/1.1 Host: westbank com” Answer: B|What's the correct process forthe TCP three-way handshake connection establishment and connection termination? A Comection Establishment SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK 8 Comection Establishment ACK, ACK-SYN, SYN Connection Termination: FIN, ACK-FIN, ACK © € Comection Establishment FIN, ACK-FIN, ACK Connection Termination: SYN, SYN-ACK, ACK 20 Comection Establishment SYN, SYN-ACK, ACK Connection Termination: ACK, ACK-SYN, SYN Answer: A User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKIlo secure his message and ensure oniy user B can read the sensitive email. At what layer ofthe. OSI layer does the encryption and decryption of the message take place? OA Application ©8 Transport Session OD Presentation Answer: D. ‘Assume a business-crucial web-site of some company thatis used to sell handsets tothe customers ‘worldwide. Allthe developed components are reviewed by the secunty team on a monthiy basis. in order to drive business futher, the web-site developers decided to add some 3rd party marketing tools on it ‘The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company. ‘Whats the main secunty risk associated with this scenano? DA External script contents could be maliciously madified without the security team knowledge External scripts have direct access to the company servers and can steal the data from there OC There is no risk at allas the marketing services are trustworthy 0 Extemal seripts increase the outbound company data trafic which leads greater financial losses Answer: A“The network in ABC company is using the network address 192.168.1.64 with mask 255.255 255.192. n the network the servers are in the addresses 192.168.1.122, 192, 168.1.123 and 192.168 1.124 ‘An attacker is trying to find those servers but he cannot see them in his scanning, The command he is Using is: nmap 192.168 1.64728 ‘Why he cannot see the servers? He needs to change the address to 192.168.1.0 with the same mask ©8 He needs to add the command “Ip address” just before the IP address. @c_ Heis scanning from 192.188. 1.64 to 192.188.1.78 because of the mask /28 and the servers, are notin that range. ©0 The network must be dawn and the nmap command and IP address are ok Answer: C What is the purpose of a demilitarized zone on a network? OA Toscan alltraffic coming through the DMZ to the internal network. 2B To only provide direct access to the nodes within the DMZ and protect the network behind it OC Toprovide a place to put the honeypot 2.0 To contain the network devices you wish to protect Answer: B You are doing an intemal security audit and intend to find out what ports are open on allthe servers. What isthe best way to find our? OA Scan servers with Nmap 8 Scan servers with MBSA OC Telnet to every port on each server 0 Physically go to each sever Answer: AAlice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the ‘ollowing attack scenanos will compromise the privacy of her data? OA None of these scenarios compromise the privacy of Alice’s data OB Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successful resists Andrew's attempl to access the stored data OC Hacker Harry breaks into the cloud server and steals the encrypted data D_ Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before Answer: D ‘Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend? A Command injection Attacks ©8 File Injection Attack Se Cross-Site Request Forgery (CSRF) ‘20 Hidden Field Manipulation Attack Answer: C Which of the following is not a Bluetooth attack? 4 Bluesnarfing 8 Bluedriving Oc Bluesmacking © Bluejacking Answer: BWhich service in a PKI will vouch for the identity of an individual or company? Oa CBC OB KDC Oc CA op CR Answer: C ‘An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and, Intrusion Detection Systems (IDS) on the network of an organization that has expenenced a possible breach of security. When the investigator attempts to correlate the information in all ofthe logs, the ‘sequence of many of the logged events do not match up. ‘What is the most ikely cause? OA The network devices are not all synchronized ©. Proper chain of custody was not observed while collecting the logs, © Thealtacker altered or erased events from the logs. ©. The security breach was a false positive. Answer: A. ‘You are tasked to pertom a penetration test. While you are performing information gathering, you find an ‘employee list in Google. You find the recectionist’s email and you send her an email changing the source ‘email to her boss's email (boss@compary)In this email, you ask for a pdf with information, She reads | your email and sends back a pdf with inks. You exchange the paf Inks with your malicious links (these links contain malvare) and send back the modified pf, saying that the links don't work. She reads your ‘email, opens the links, and her machine gets infected. You now have access to the company network What testing method did you use? OA Social engineering ©8 Pigaybacking 2€ Tailgating 0 Eavesdropping Answer: A‘What isthe role of test automation in security testing? OA tis an option but ittends to be very expensive, 8B it should be used exclusively. Manual testing is outdated because of low spend and possible ‘est setup inconsistencies. > Test automation is nol usable in security due to the complexity of the tests 0 itcan accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manuel testing completely. Answer: D. What is the minimum number of network connections in a multihomed firewall? OA 3 OB 2 ‘Ahacker is an inteligert individual with excellent computer skills and the ability o explore a computer's software and hardware without the ovmer's permission. Their intention can either be fo simply gain knowledge orto ilegally make changes. ‘Which ofthe following class of hacker refers to an individual who works both offensively and defensively at various times? OA White Hat O Suicide Hacker Oc GrayHat 00 Black Hat Answer: C‘Your business has decided to add credit card numbers to the data it backs up to tape. Which of the. following represents the best practice your business should observe? A Do not back up either the credit card numbers or theirhashes. 8 Encrypt backup tapes that are sent off-site, Back up the hashes of the credit card numbers not the actual credit card numbers. ©D Hire a security consultant to provide direction. Answer: D ‘This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (Pl). These security controls provide a baseline and prevent low-level hackers sometimes known as Script kiddies from causing a data breach. Which ofthe folowing organization is being described? OA Institute of Electrical and Electronics Enaineers(\EEE) ©B Intemational Security Industry Organization (IS10) O€ Genter for Disease Control (CDC) © Payment Card Industry (PCI) Answer: D Which of the following is one of the most effective ways to prevent Cross-site Scripting (SS) flaws in software applications? 8 Use security policies and procedures to define and implement proper security settings, 28 Use digital certificates to authenticate a server prior to sending data, OC Validate and escape all information sentto a server. 5.0. Venty access right before allowing access to protacted infomation and Ul controls. Answer: CWhich security strategy requires using several, varying methods to protect IT systems against attacks? OA Defense in depth ©8 Covert channels, OC Exponential backoff algorthm ©0 Three-way handshake ‘Angwer: A Which of the following is the structure designed to very and authenticate the identity of individuals within the enterprise taking part in a data exchange? Oa PK SOA © biometrics )B_ single sign on Answer: A You are working as a Secuity Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.08. While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP's are communicating to a Single Pubic IP. Therefore, the Internal P's are ‘sending data to the Public I. Aer futher analysis, you ind out that this Public IP is @ blacklisted IP, and the internal communicating devices are compromised What kind falack does the above scenario depict? Ok Botnet Atack ©. Spear Phishing Attack © Advanced Persistent Threats © Rootkit Attack Answer: AJohn the Rippers @ technical assessment tool used to test the weakness af which af the following? OA Usemames 8 File permissions Ce Firewall lesets OD Passwords ‘Answer: D Online Testing = Reports https:l/ibt’ prometric.com/users/customireport_queuelrq_ str... comporate. ‘network What fool should the analst use fo perform a Blackjacking attack? ‘OA Paros Proxy 8 BBProy ‘OC Bloover Ob BBCIack Answer: B [tis a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These quidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing ary electronic medical date to keep patient data secure. ‘Which of the following reaulations best matches the description? OA FISMA 8 ISOIEC 27002 Ge HIPAA Oo cosr‘Accompany’s secunty policy states that all Web browsers must automatically delete their HTTP browser ‘cookies upon terminating. What sort of secunty breach is this policy atternpting to mitigate? OA Attempts by attackers to access the user and password information stared in the company’s SQL database 8 Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials OC Attempts by attackers to access password stored on the user's computer without the user's knowledge. OD _Atfemps by attackers to determine the user’s Web browser usage patterns, including when siles were visited and for how long, Answer: B Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing? ‘Scanning 8 Footprinting 2 Enumeration OD. System Hacking Answer: B Accompany’s security policy states that all Web browsers must automatically delete their HTTP browser ‘cookies upon terminating. What sort of secunty breach is this policy attempting to migate? OA Attempts by attackers to access the user and password information stored in the company’s SQL database, 8 Attempts by altackers to access Web sites thal trust tre Web browser user by stealing the user's authentication credentials. (OC Attempts by attackers to access password stored on the user's computer without the user's knowledge. © Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long, Answer: BPeter is surfing the internet looking for information about OX Company. Which hacking process is Peter doing? On Scanning 8 Footprinting © Enumeration 0 System Hacking Answer: 8 Port scanning can be used as part of a technical assessment to determine network vuinerabilites. The TCP XMAS scan is used to idenily listening ports on the targeted system. IFa scanned portis open, what happens? OA The port willignore the packets. ©B The port will send an RST. © The port will send an ACK. 0 Theport will send a SYN Answer: A. ‘An LDAP directory can be used lo store information similar to a SQL database. LDAP uses a database structure instead of SQL’s structure, Because of this, LDAP has difficulty representing ‘many-t0.0ne relationships. OA Stnct, Abstract GB Simple, Complex © Relational, Hierarchical OD Hierarchical, Relational ‘Answer: DYou want to analyze packets on your wireless network. Which program would you use? Wireshark with Airpcap Airsnort with Airpcap Wireshark with Winpcap Ethereal with Winocap ‘Answer: A What is not a PGI compliance recommendation? Answer: Use a firewall between the public network and the payment card data. Use encryption to protect all transmission of card holder data over any public network. Rotate employees handling credit card transactions on a yearly basis to different departments, Limit access to card holder data to as few individuals as possible. Hc Anattacker scans a host with the below command. Which three flags are set? (Choose three.) ‘#nmap ~sX hostdomain.com On oe ec Thisis ACK scan. ACK flagis set ‘Ths is Xmas scan. SYN and ACK flags are set ‘This is Xmas scan. URG, PUSH and FIN are set ‘Thisis SYN scan, SYN flagis set ‘Answer: C‘Ahacker has managed to gain access to a Linux host and stolen the password fle from /etcipasswd, How can he use it? OA The file reveals the passwords to the roct user only. 8 The password fle does not contain the passwords themseNves. OC He cannot read it because itis encrypted © He can open it and read the user ids and corresponding passwords. Answer: B Which of the following parameters describe LM Hash: The maximum password length is 14 characters ~ There are no distinctions between uppercase and lowercase Ill- The password is spit into two 7-byte halves Oa ll op | oc OD landll Answer: C You are attempting to man-in-the-middle a session, Which protocol will allow you to guess a sequence number? 8 ICMP. Top Oc UPX o> UPD Answer: BWhich of the following will perform an Xmas scan using NMAP? OA nmap -SA 192.168.1.254 OB nmap -sP 192.168.1254 OC nmap -sX 192.168.1.254 OD nmap -sV 192.168.1.254 Answer: C Which command can be used to show the current TCPIIP connections? OA Netsh ©B Netuse connection Oc Netstat ©D Netuse Answer: C ‘Which of the following is the least-tikely physical characteristic to be used in biometric contral that ‘supports a large company? OA Voice 2.8 Fingerprints Oc Ins pattems ©0 Height and Weight Answer: DWhich one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain? OA [cache] 8 [site] OC [inurl] 0 fink} Answer: B Jim's company regularly performs backups oftheir critical servers. But the company cannot afford to send backup tapes to an offsite vendor for long-tatm storage and archiving Instead, Jim’s company keeps the backup tapes in a safe in the ofice. Jimm’s campany is audited each year, and the resuils from this year's audil show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit? ‘A Encrypt the backup tapes and transport them in a lock box. (8 Degauss the backup tapes and transport them ina lock box. Hash the backup tapes and transport them in a lock box. ©D__ Encrypt the backup tapes and use a courier to transport them Answer: A Risks=Threats x Vulnerabilities is referred to as the: OA BlA equation 8B Disaster recovery formula ©c Risk equation 0 Threat assessment Answer: C‘An ttacker is using nmap to do a ping sweep and a port scanning ina subnet of 254 addresses, In wich order should he perform these steps? GA The sequence does not matter. Both steps have to be performed against all hosts. © 8 First the port scan to idenbly interesting services and then the ping sweep to find hosts, responding to icmp echo requests. © Firstthe ping sweep to identiy live hosts and then the port scan on the live hosts. This way he saves time, @D The port scan alone is adequate. This way he saves time. Answer: Aregional bank hires your company to perform a secutily assessment on their network after a recent ‘data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommenda ons to the bank? A Placea front-end web server in a demilitarized zone that only handles extemal web trafic 8 Require all employees to change their anti-virus program with a new one ©€ Move the financial data to another server on the same IP subnet Issue naw certificates to the web servers trom the root cerificate authonty Answer: A Which of the following tools can be used for passive OS fingerprinting? DA tepdump OB nmap De ping SD tracert Answer: AWhich of the following is considered as one of the most reliable forms of TCP scanning? 2. TCP ConnectiFull Open Scan 8 Half-open Scan 9 NULL Scan 5p Xmas Scan Answer: A Idensty the web application attack where the attackers exploit vulnerabilities in dynamically generated ‘web pages fo inject client-side script into web pages viewed by other users. A SQL injection attack 28 Cross-Site Scripting (XS) ©€ LDAP injection attack Cross-Site Request Forgery (CSRF) Answer: B Ldeniy the UDP post thal Network Time Protocol (NTP) uses as is primary means of communication? on 12 © 161 oc 68 on 113Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. |Which type of virus detection method did Chandler use inthis context? OA Heuristic Analysis @8 Code Emulation Integrity checking 0 Scanning ‘As a Cerfied Ethical Hacker, you were contracted by a private firm to conduct an extemal security assessment through penetration testing ‘What document describes the specifics of the testing, the associated violations, and essentialy protects both the organization's interest and your labillies asa tester? OA Senice Level Agreement 2B Project Scope D¢ Rules of Engagement > Non Disclosure Agreement ‘Answer: C ‘Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN? OAH promiscuous ESP confidential Oc AHTunnel mode 0 ESP transport mode‘Atechnician is resolving an issue where a computers unable to connect to the Intemet using a wireless ‘access point. The computer is able to transfer lles locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and defaut gateway they are both on the 192.168.1.0/24. Which ofthe following has occurred? OA. The computer is nat using a pnvate IP address. O8 The gateway is not routing to a public IP address. 6 The gateway and the computer are not on the same network. OD The computers using an invalid IP address. Answer: B You are moritoring the network of your organizations. You notice that: ‘¢ There are huge outbound connections from your Internal Network to External IPS ¢ On further investigation, you see that the external IPs are blacklisted ‘¢ Some connections are accepted, and some are dropped You find that itis a CnC communication Which of the following solution will you suggest? OA Block the Blacklist IP's @ Firewall 8 Update the Latest Signatures on your IDS/IPS Oc Clean the Malware which are trying to Communicate with the External Blacklist IP's ©0 Block the Blacklist P's @ Firewall as well as Clean the Malware which are tying to Communicate with the External Blacklist IP's. Answer: D Ricardo wants to send secrel messages to a competitor company. To secure these messages, he uses. a technique of hiding a secret message within an ordinary message. The technique provides ‘secuty through obscunty. ‘What technique is Ricardo using? OA Encryption 08 Steganography Oc RSAalgorithm 0 Public-key cryptography Answer: B‘The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common ‘Vuinerabilties and Exposures (CVE) as CVE-2014.0160. This bug affects the OpenSSL implementation of the Transport Layer Secunty (TLS) protocols defined in RFC6520, ‘What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy? OA Pubic 8 Private ©¢ Shared ©0 Root Answer: B A security analyst is performing an audit on the network to determine if there are any dewations trom the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem, installed. Which security policy must the secutty analyst check to see if dial-out modems are allowed? OA. Firewal-management policy G8 Acceptable-use policy OC Remote.access policy 0 Permissive policy Answer: C When you are getting information about a web server, itis very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script wil help you with this task? DA hilp-methods > Bhp enum: OC hitp-headers OD hitp-git Answer: Aenv x=" echo exploit’ bash —c ‘cat/etcipasswa? \Whatiis the Shellshock bash vulnerability attempting to do a vulnerable Linux host? OA Removes the passwd file 8 Changes all passwords in passwd De Add new user to the passwd file 3D Display passwd content to prompt Answer: D ‘Anetwork administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, wo are shell script files, and the third is a binary fle is named "nc." The FTP server's access logs show that the anonymous user account logged into the server, unloaded the files, and extracted the contents of te tarball and ran the script using a function provided by the FTP server's software. The ‘ps'command shows that the ‘nc’ fle is running as process, and the netstat command shows the “nc” process is listening on a network port What kind of vuinerabilty must be present to make this remote attack possible? OA. File system permissions OB Privilege escalation OC Directory traversal © Brute force login ‘Answer: A This asymmetry cipher is based on factoring the product of two large prime numbers. What cipher is described above? OA SHA OB RSA Oe MDS Op RCS Answer‘You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax? Oa oa oc op hping2 -1 host.domain.com hping2-i host domain com hping2 -setICMP host domain. com hping2 host domain com Answer: A Which of the following scanning method splits the TCP header into several packets and makes it difficult, for packet filers to detect the purpose of the packet? DA oe op ICMP Echo scanning 'SYNFIN scanning using P fragments ‘ACK flag probe scanning IPID scanning Answer: B ‘Which of the following statements is TRUE? oD Sniffers operate on Layer 2 of the OSI model Sniffers operate on Layer 3 of the OSI model Sniffers operate on both Layer 2 & Layer 3 of the OSI model. Sniffers operate on the Layer 1 of the OSI model. Answer: ATo reach a bank web site the trafic from workstations must pass through a firewall. You have been asked fo review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using ntps. Which ofthe fllowing firewall rules meets this requirement? On If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit IT (source matches 10.10. 10.01/24 and destination matches 10.20 20.1 and port matches 80 (or 443) then permit If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit If (source matches 10.10.10.0 and destination matches 10.20 20.1 and pott matches 443) then permit ‘Answer: A ‘Why is @ penetration test considered to be more thorough than vulnerability scan? DA oR oc Vulnerability scans only do host discovery and port scanning by default. ‘A penetration test actively exploits vuinerabilties in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation. Itis not — a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement. The tools used by penetration testers tend to have much more comprehensive vulnerability databases, Answer: BWhich utility will tel you in real time which ports are listening orin another state? DA Netsat 2B Loki Oc Nmap SD TCPView Answer: D ‘What is the least important information when you analyze a public IP address in a secunty alert? Oa ARP 8 Whois oc DNS ©0 Geolocation Answer: AEmil uses nmap to scan two hosts using this command: nmap -SS -T4 -O 192.168.99.1 192.168.99.7 He receives this output Nmap scan report for 192.168.99.1 Host is up (0.00082s latency). Not shown: 994 filtered ports PORT STATE SERVICE 21/tep open fip 23/tep open telnet 53/tep open domain 80/tep open http 161 /tcp closed samp MAC Adgress: BO:75:D5:33:57:74 (ZTE) Device type: general purpose Running: Linux 2.6.X OS CPE: epe:/o:limux-linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.33 Network Distance: 1 hop ‘Naap scaa report for 192.168.99.7 Host is up (0.000047s latency) All 1000 scanned ports on 192.168.99.7 are closed Too many fingerprints match this host to give specific OS details Network Distance: 0 hops ‘What is his conclusion? OA Host 192.168 99 7 is an iPad, © He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7 € Host 192.168.99.1 is the host that he launched the scan from. ©D_ Host 192.168.997 is down. Answer: BPGP, SSL, and IKE are all examples of which type of cryptography? OA Hash Algorithm OB Digest Oc Secret Key OD _ Public Key Answer: D An IT employee got a call from one of our best customers. The caller wanted to know about the company’s network infrastructure, systems, and team. New opportunities of intearation are in sight for both company and customer. What should this employee do? A The employees cannot provide any information; but, anyway, he(she wil provide the name oF ‘the person in charge. Since the company's policy is all about Customer Service, he/she will provide information. Disragarding the cal, the employee should hang up. 0 The employee should not provide any information without previous management authorization. Answer: D ‘While performing online banking using a Web browser, a user receives an email that contains a fink to an interesting Web site. When the user clicks on the Ink, another Web browser session starts and displays 2 video of cats playing a piano. The next business day, the user receives what looks like an email from fis bank, indicating that his bank account has been accessed from a foreign country. The email asks the ser to call his bank and verify the authorization ofa funds transfer that took place. What Web browser based security vulnerability was exploited to compromise the user? O* Chckjacking O8 Cross Site Scripting S€ Gross-Site Request Forgery 0 Web form input validationYouhave successfully comprised a server having an|P address of 10.10.0.5. You would Ike to ‘enumerate all machines in the same network quickly. What is the best Nmap command you will use? OA nmap Td q 10.10.0.0/24 8 nmap -T4-F 10.10.0.0124 Oe nmap-T4-110.10.1.0/24 2D nmap -T4-0 10.10.0.0124 Answer: B penetration tester is conducting a port scan ona specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considenng that NMAP resut below, which of the folowing is likly to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11.08 NMAP scan report for 172. 16.40.65 Hosts up (1.00s latency). Not ‘shown: 992 closed parts PORT STATE SERVICE 21/ep open fp 22/tcp apen telnet 80VIcp open hip, 139)tcp open netbios-ssn 516/tcp open 631/tcp open ipp 9100icp open MAC Address: 00:00:48:0D:EE8 OA The hostis ikely a Linux machine, ©8 The hostis ikely a printer. The host is tkely a router. OD The hostis ikely a Windows machine. Answer: B ‘Which of the folowing areas is considered a strength of symmetric key cryplography when compared with asymmetric algorithms? OA Scalability 8 Speed € Key distribution 0 Secunity Answer: BWhich tool allows analysts and pen testers to examine inks between data using glaphs and lnk analysis? Om Metasploit © Cain & Abel Oc Matego ©. Wireshare Answer: © Code injection is a form of attack in which a malicious user: OA Insetts text into a data field that gets interpreted as code OB Gets the server to execute arbitrary code using a buffer overfiow Cc Inserts addifional code into the JavaScript runing in the browser 0D Gains access to the codebase on the server and inserts new code Answer: A Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are requested fo accept the offer and you oblige ‘Afr 2 days, Bob denies that ne had ever sent a mail ‘What do you want to "know" to prove yourself that it was Bob who had send a mail? OA Confidentiality 8 Integrity © NonRepudiation ©D Authentication Answer: C‘To determine if a software program properly handles a wide range of invalid input, a for of automated ‘esting can be used to randomly generate invalid input in an attempt to crash the program, What term is commonly used when referring to this type of testing? A Randomizing 28 Bounding Se Mutating 20 Fuzzing ‘Answer: D ‘Youhave gained physical access to a Windows 2008 R2 server which has an accessible disc drive. ‘When you attempt to boot the server and lag in, you are unable to guess the password. In your toolkit, you. have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts? OA Johnthe Ripper 8 SET Oc CHNTPW OD Cain & Abel Anawer: C Which of the following options represents a conceptual characteristic of an anomaly based IDS over @ signature-based IDS? OA Produces less false positives 08 Canidentfy unknown attacks © Requires vendor updates for a new threat OD Cannot deal with encrypted network traffic Answer: Bis an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actualy has been set up to eavesdrop on wireless communications. tis the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone 108 tainted hotspot by posing as a legitimate provider. This type of altack may be sed to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which Involves setting up a fraudulent web site and luring people there Fillin the blank with appropriate choice GA. EvilTwin Attack 8 Sinkhole Attack OC Collision Attack © Signal Jamming Attack Answer: A. Which ofthe folowing program infects the system boot sector and the executable les atthe same time? OA Steathvius © Polymorphic vius © Macro vis OD Multipartite Virus ‘Answer: DAlthough FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection? OA Psec Oe SFIP Oc FIPS Oo SsL ‘Answer: A. Why shouid the security analyst disable/remove unnecessary ISAPI filters? OA To defend against social engineering attacks ©8 To defend against webserver attacks ©€ To defend against jailbreaking ©D To defend against wireless attacks Answer: B In which ofthe following password protection technique, random strings of characters are added to the Password before calculating their hashes? A Keyed Hashing 8 Key Stretching Oc Sating ©D Double Hashing ‘Answer: CWhich of the following is the best countermeasure to encrypting ransomwares? OA Use mutiple antivirus softwares ©8 Keep some generation of off-line backup OC Analyze the ransomware to get decryption key of encrypted data © Paya ransom Answer: B DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. t may be useful during the examination ofthe network to determine what software: update resources are used, thus discovering what software is installed. ‘What command is used to determine if the entry is present in DNS cache? nslookup -fulrecursive update.antivirus.com 8 gnsnooping -t update. antvirus.com OC nslookup -norecursive update antvirus.com (0 Gs ~snoop update. antivirus.com Answer: © (On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interuptits service. What is the name of the pracess by which you can determine those critical business? OA Risk Mitigation © 8 Emergency Plan Response (EPR) Ge Disaster Recovery Planning (ORP) ©0 Business impact Analysis (BIA) ‘Answer: DBob, a system administrator ai TPNQM SA, concluded one day that a DMZ snot needed if he properly configures the firewall to allow access just fo Serversiports, which can have direct inlemel access, and, block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful frewallis available, which is nat the case. of TPNOM SA. Inthis context, what can you say? OA Bob can be right since DMZ does not make sense when combined with stateless firewalls 8 Bobs partaly nght. He does not need to separate networks ifhe can create rules by destination Ps, one by one Bob is totaly wrong, DMZ is always relevant when the company has intemet servers and ‘workstations: Bob is partially ight. DMZ does not make sense when a stateless frewallis available Anawer: © ‘The following is part ofa log file taken from the machine an the network with the IP address of 192.168.1.106: Time:Mar 13 17:30:15 Port:20 Sousce:192.168.1.103 Destination: 192.168. 1.106 Protocol: TCP ‘Time:Mar 13 17:30:17 Port:21 Soucce:192.168.1.103 Destination: 192.168. 1.106 Protocel: TCP Time:Mar 13 17:30:19 Port:22 Soucce:192.168.1.103 Destination: 192.168. 1.106 Protocol: TCP ‘Time*Mar 13 17-30-21 Port-23 Sousce:192.168.1 103 Destination: 192.168. 1.106 Protocol: TCP ‘Time:Mar 13 17:30:22 Port:25 Soucce:192.168.1.103 Destination: 192.168. 1.106 Protocol: TCP ‘Time*Mar 13 17-30-23 Port:80 Soucce:192.168.1 103 Destination: 192.168. 1.106 Protocal: TCP ‘Time:Mar 13 17:30.30 Post.443 Source:192.168.1.103 Destination: 192.168.1.106 Protocol: TCP ‘What type of activity has been logged? OA Port scan targeting 192.1684 103 8 Teardrop attack targeting 192.168.1.106 OC Denial of service attack targeting 192.168.1.103 ©0 Portscantargeting 192.168.1108 Answer: DWhich of the following is the successor of SSL? OA GRE OB IPSec Oc RSA oo TLS Answer: D ‘Which of the following incident handling pracess phases is responsible for defining rules, collaborating human workforce, creating back-up plan, and testing the plans for an organization? OA Preparation phase 8 Containment phase OC Identification phase 0 Recovery phase Answer: A DHCP snooping isa great solution to prevent rogue DHCP servers on your network, Wich security ‘feature on switchers leverages the DHCP snooping database to help prevent mann the middie attacks? OA Spanning tree Dynamic ARP inspection (DAI) Oe Port secuiity © Layer 2 Attack Prevention Protocol (LAPP) Answer: B‘Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. Whal type of test is he conducting? QA Internal, Blackbox 8 Extemal, Blackbox OC Extemal, Whitebox ©D-_Internal, Whitebox Answer: A Due to a slowdown of normal network operations, the T department decided to monitor internet traffic for allof the employees. From a legal standpoint, what would be troublesome to take this kind of measure? A Allofthe employees would stop normal work activities ©8 IT department would be telling employees who the boss is SC Not informing the employees that they are going to be monitored could be an invasion of privacy, 0 The network could stll expenence trafic slow down. Answer: © Based on the below log, which of the following sentences are true? Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15~22 tep_Ip A SSH communications are encrypted it's impossible to know who is the client or the server, 8 Application is FTP and 10.240.250 23 is the client and 10.249 253.15 is the server Oc Application is SSH and 10.240 250.23 is the client and 10.249.263.15 is the server >D Application is SSH and 10.240.250.23 is the server and 10.249.253.15is the server Answer: CYour team has won @ contract to infiltrate an organization. The company wants to have the attack be es realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in secunty testing the client? A Reconnaissance ©8 Escalation Se Scanning ©0 Enumeration ‘Answer: A ‘Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety? OA Read the first 512 bytes of the tape 8 Performa full restore OC Read the last 512 bytes of the tape OD Restore a random file Answer: B You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific sel of IPs. — 192.168.8.0/24. Whal command you would use? OA. tshark net 192.255.255.255 mask 192.168.8.0 8 wireshark ~capture —local ~masked 192.168.8.0 range 24 OC sudo tshark-f"net 192 168.8.0124" OD wireshark fetch "192.168.8" Answer: B‘Which of the following steps for isk assessment methodology refers to vulnerability identification? OA Assigns values to risk probabilities, Impact values 8 Determines risk probability thal vulnerabiliy wil be exploited (High, Medium, Low) C Identifies sources of harm to anIT system (Natural, Human, Environmental) 20 Determines if any flaws exist in systems, policies, or procedures Answer: D ‘Which ofthe folowing security policies defines the use of VPN for gaining access to an internal corporate network? Network secunty poiicy © Information protection policy ° Access control policy © Remote access policy Answer: D ‘Youre the Network Admin, and you get a compliant that some of the websites are no longer accessible. ‘You try to ping the servers and find them to be reachable. Then you type the IP address and then you ty ‘onthe browser, and find itto be accessible. But they are not accessible when you try using the URL. ‘What may be the problem? DA Trafic is Blocked on UDP Port £3 DB Traffic is Blocked on TCP Port 80 € Traficis Blocked on TCP Pott 54 OD Traficis Blocked on UDP Port 80 Answer: AFrom the following table, identify the wrong answer in terms of Range (ft). Standard Range (ft) 802.1la 150-150 802.11b 150-150 802.11g 150-150 802.16(WiMax) 30 miles Oa 802.11b OB 802119 Oc €02.16(WiMax) Op 802114 Answer: D ‘Your company was hired by a small healthcare provider to perform a technician assessment on the network. What is the best approach for discovering vulnerabihties on a Windows-based computer? OA Create a disk image of a clean Windows installation ©B Use the butt in Windows Update toot ©C Use a scantool ike Nessus OD Check MITRE.org for the latest lst of CVE findings Answer: C‘Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan? Answer: B Internet Protacol Secuity IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except. 8 Workat the Data Link Layer 8 Protect the payload and the headers Oc Eneypt OD Authenticate Answer: A. Inboth pharming and phishing attacks an attacker can create websites that look similar to legate sites with the intent of collecting personal identifiable information from its victims. What s the difference between pharming and phishing attacks? OA Bolh pharming and phishing attacks are identical, ©8 Ina pharming attack a victim is redirected to @ fake wabsite by modifying their host configuration file or by exploiting winerabiliies in DNS. na phishing attack an attacker provides the victim with a URL that is either misspelled or looks simular to the actual websites domain name. OC Inaphishing attack a vicim is redirected to a fake website by modifying their host Configuration file or by exploiting vuinerabilities in DNS. n a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites ‘domain name. Both pharming and phishing attacks are purely technical and are nat considered forms of social engineering Answer: BYou have just been hired to perform a pen test on an organization that has been subjected toa large-scale attack. The CIO is concemed with mitigating teats and vulnerabilities fo totally elrminate risk. What is one ofthe fist things you shauld do when given the job? ‘A. Establish atibution to suspected attackers ©8 Interview ail employees in the company to rule out possible insider threats © Explainto the ClO that you cannot eliminate all risk, but you willbe able to reduce risk to acceptable levels. © Start the wireshark application to start sniffing network trafic. ‘Answer: C ‘You have successfully gained access to your client's intemal network and successfully comprised a Linux ‘server which is part ofthe internal IP network. You want to know which Microsoft Windows workstations have fle shanng enabled. Which port would you see listening on these Windows machines in the network? On 161 OB 3389 Oc 445 Op 1493 Answer: C What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an orgarization to defend against malicious attacks or potential vinerabilities? What kind of Web application winerabiltyikely exists in their software? DA Host-Based Intrusion Detection System. DB Security through obscurity 2 Defense in depth OD Network-Based Inusion Detection System Answer: C‘Sam is working as s per-tester in an organization in Hauston. He performs penetration testing an IDS in order to find the different ways an attacker uses to evade the IDS. Sam sends a large amount of packets to the target IDS that generates alerts, which enable Sam to hide the real traffic. What type of method is ‘Sam using to evade IDS? OR Deniabof-Sevice 8 False Positive Generation © Insertion Attack © Obfuscating Answer: B ‘Whats the known plaintext altack used against DES which gves the resuf that encrypting plaintext wth ‘one DES key followed by encrypting it with a second DES key is no more secure than using a single Key? DA Manin-the-middle attack ‘Meet in-the-midile attack OC Replay attack OD. Traffic analysis attack Answer: B A penetration test was done at @ company. After the test, a report was vriten and given to the company’s IT authorities. A section from the reports shown below. Access List should be written between VLANS. Port security should be enabled for the intranet ‘© A secutity solution which fiters data packets should be set between intranet (LAN) and DMZ. ‘© A WAF should be used in ront ofthe web appications. According to the section from the report, which ofthe folowing choice is tue? OA. Astatetul firewall can be used between intranet (LAN) and DMZ. OB There is access control policy between VLANs. © MAC Spoot attacks cannot be performed, OD Possibility of SQL Injection attack is eliminated. Answer: A‘An attacker attaches a rogue router in a network. He wants to redirect trafic to a LAN attached to his: router as part of a mann the-middle attack. What measure on behaif of the legitimate admin can mitigate this attack? OA Make sure that legitimate network routers are configured to run routing protocols with authentication. 28 Disable all routing protocols and only use stalic routes OC Only using OSPFV3 will mitigate this nsk. 2.8 Redirection ofthe traffic cannot happen unless the admin allows it explicit. Answer: A. In many states sending spams illegal. Thus, the spammers have techniques to try and ensure that no ‘one knows they sent the spam out {o thousands of users at a time. Which of the foliwing best describes what spammers use to hide the origin of these types of e-mails? © Ablackiist of companies that have their mail server relays configured to allow traffic only to ‘their specific domain name. 8 Mail laying, which is @ technique of bouncing e-mail from internal to extemal mails servers ccontinuousy. Se Ablackiist of companies that have their mail server relays configured to be wide open. © Tools that will reconfigure a mail server's relay component to send the e-mail back to the spammers occasionally. ‘Answer: ‘When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which ofthe following best describes what itis meant by processing? 3A The amount of time and resources that are necessary to maintain a biometric system 8 How long it takes to setup individual user accounts OC The amount of time it takes to be either accepted or rejected from when an individual rovides identification and authentication information 0 The amount of time it takes to convert biometric data into a template on a smart card Answer: CYou need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the intemet. What is the recommended architecture intems of server placement? OA Alltwee servers need to be placed internally ©8 Aweb server facing the Internet, an appication server on the intemal network, a database ‘server on the internal network © Aweb server and the database server facing the Internet, an appitcation server on the intemal network OD Alltwee servers need to face the Internet so that they can communicate between themselves Answer: B By using @ smart card and pin, you are using a two-factor authentication that satisfies A Something you know and something you are ©8 Something you have and something you know © Something you have and something you are © Something you are and something you remember Answer: B ‘Youlust set up a secunty system in your network. In what kind of system would you Mnd the folowing string of characters used as a rule within its configuration? alert tcp any any ->192. 168.100 0/24 21 (msg:"FTP ‘on the network!™) OA” Afrewall!PTable OB FTP Sarverrule OC ARouter IPTable OD _Anlizusion Detection System Answer: DEve stole a file named sectet bt, transferred it to her computer and she just entered these commands: {eve@tocathost-J8 john seeret. rt Loaded 2 password hashes with no diffrent salts (LM[DES 128/128 SSE2-16)) Press “qo Cuol-C wo abort, almost any other key for states ‘0 0-00-00:03 3/3 0g/s 8616853 861680/s 172336C/s MEO. .SAMPLUT 0 0.00.00.04 3/3 Ops 3296K ps 3296Ke's 6592KCis GOS. KARISH (0 0:00:00:07 3/3 Og/s 8154K p's 8154Ke’s 16309KCis NYI80K. NVI837 (0g 0:00:00-10 3/3 0g/s 958Kpis 7958Ke's 1S9L7KCis SHAGRN. SHENYS What is she trying lo achieve? (OA She is using ip to transfer the file to another hacker named John. ‘She is using John the Ripper to crack the passwords in the secret tt fle OC She is encrypting the file. 0 Shes using John the Ripper to view the contents ofthe file, Answer: B What attack is used to crack passwords by using a precomputed table of hashed passwords? OA Brute Force Attack ©B_ Rainbow Table Attack @C Dictionary Attack OD Hybrid Attack Answer: B Which of the following is an extremely common IDS evasion technique in the web world? ©A Unicode Characters 8 Subnetting ©c Port Knocking OD Spyware Answer: AWhich of the following is a low-tech way of gaining unauthorized access to systems? OA Scanning 8 Sniffing OC Social Engineering OD Enumeration Answer: C Avhacker named Jack is tying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks. ‘What process would help hin? OA Banner Grabbing 8 IDLEMPID Scanning € SSDP Scanning © UDP Scanning Answer: A. Emails transmitted across the Intemet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypled. What is the name of the command used by SMTP to transmit email over TLS? OA OPPORTUNSTICTLS: OB UPGRADETLS ¢ FORCELTS OD STARTTLS, Answer: DWhich protocol is used for setting up secure channels between two devices, ypicaly in VPNs? Oo” PPP 8 IPSEC oc PEM Oo SET Answer: B You are performing a penetrationtest for a cient and have gained shell access to a Windows mactine on ‘he internal network. You intend to retrieve all DNS records fr the internal domain. the DNS servers at 192.188.10.2 and the domain name is abccorp local, what command would you type at the nslookup prompt o attempt a zone transfer? A ist domain=abccorp local ype=zone |'s -d accomp local list server=192.168.10.2 type=all OD Ieerver 192.168.102-tall ‘Answer: & ‘Tomaintain compliance with regulatory requirements, a security audit ofthe systems on a network must bbe performed to determine their compliance with Secunty policies. Which one of the following tools would ‘most likely be used in such an audit? Oa Protecol analyzer 28 Intrusion Detection System D€ Port scanner 20 Vuinerability scanner Answer: D‘What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application? OA Black-box 38 Announced S¢ White-box 20 Greybox ‘Answer: D Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation ‘on his cell phone as an authorized employee badges in. Jimmy, while stl on the phone, arabs the door as itbegins to close. ‘What just happened? OA Masquerading OB Tailgating Phishing OD Whaling Answer: B ‘Which of the following Bluetooth hacking techniques does an attacker use to send messages to users ‘without the recipient's consent, similar to email spamming? OA Bluesmacking 8 Bluesniffing © Bluesnarting 2D Bluejacking Answer: D‘When conducting a penetration test, itis crucial to use all means to get all available information about the ‘target network. One ofthe ways to do that is by sniffing the network. Which of the folowing cannot be performed by the passive network sniffing? OA Identifying operating systems, services, protocols and devices 8 Modifying and replaying captured network trafic Collecting unencrypted information about usemames and passwords Capturing a network traffic for further analysis Answer: B ‘tis an enfity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Which of the falowing tems best ‘matches the definition? On Attack OB Vulnerability ec Threat OD. Risk ‘Anewer: C Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message wil often use the name of the company CEO, President, or Managers. ‘The time a hacker spends performing research to locate this information about a company is known as? OA Exploration © vestigation ©C Reconnaissance 0 Enumeration Answer: CThe following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110. ‘Time:lune 16 17:30:15 Port:20 Source:192.168.0,105 Destinatlon:192.168.0.110 Pratocal:TCP Timedune 16 17:30:17 Port:21 Sour: Time:June 16 17:20:21 Port:23 Sour 192.168.0.105 Destination:192.168.0.110 Protocol: TCP ‘Time:lune 16 17:30:22 Port:25 Source:192.168.0,105 Destinatlon:192.168.0.110 Protacal:TCP ‘Time:lune 16 17:30:23 Port:80 Source:192.168.0,105 Destinatlon:192.168.0.110 Pratocal:TCP Timedune 16 17:30:30 Port:443 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP ‘What type of activity has been logged? Teardrop attack targeting 192.168.0.110 OB Denial of service attack targeting 192.168.0.105, OC Portscan targeting 192.168.0.110 0 Port scan targeting 192.168.0105, Answer: C ‘The purpose of a isto deny network access to local area networks and other information assets by unauthorized wireless devices. Wireless Analyzer ©8 Wireless Jammer Wireless Access Point OD Wireless Access Control List, Answer: D sa sel of extensions to DNS that provide to DNS clients (resolvers) the origin authentication ‘of DNS data to reduce the threat of DNS poisoning, spoofing, and similar types of attacks. DA DNSSEC ©8 Resource records >¢ Resource transfer D0. Zone transfer Answer: ARebacea commonly sees an error an her Windows system that states that a Data Execution Prevention (DEP) extor has taken place. Which ofthe folowing is most likely taking place? OA Malicious code is attempting to execute instruction a non executable memory region. Apage fault is occuring, which forces the operating system to write data from the hard drive, © Arace condition is being exploited, and the operating system is containing the malicious process. ©. Malware is executing in either ROM or a cache memory area. Answer: A ‘You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blackisted IP address (C2 Server) on the Intemet. The IP address was. blacktisted just before the alert. You are staring an investigation to roughly analyze the severity ofthe situation. Which of the following is appropriate to analyze? OA Eventlogs onthe PC DB Intemet FirewallPraxy log O€ IDStog © Eventlogs on domain controller Answer: B Which of the following tools is used to analyze the files produced by severel packet-capture programs ‘such as tcpdump, WinDump, Wireshark, and EtherPeek? OA teptrace OB Nessus OC OpenVAS 20 teptraceroute Answer: A.Which of the following is the BEST way to defend against network sriffing? OA Restrict Physical Access to Server Rooms hosting Critical Servers OB Use Static IP Address ©C Using encryption protocols to secure network communications © Register all machines MAC Address in a Centralized Database Answer: C Gavin owns a white-hat firm and is performing a website security audit for one of his chents. He begins by running a scan which looks for common misconfigurations and outdated software versions, Which of the following tools is he most likely using? On Ammitage 8 Niko Oc Metasploit OD Nmap Answer: B ‘Which ofthe following is an adaptive SQL Injection testing technique used to discover coding errors by inputing massive amounts of random data and observing the changes inthe output? OA Function Testing 8 Dynamic Testing Oc Static Testing OD Fuzzing Testing Answer: DWhat term describes the amount of risk that remains afler the vulnerabilities are classified and the countermeasures have been deployed? OA Deferredrisk OB Impact risk OC Inherent tisk OD Residual risk Answer: D In order to have an anonymous Internet surf, which of the following is best choice?” A. Use SSL sites when entering personal information OB Use Tor network with muti-node Ce Use shated WiFi OD Use pubic VPN Answer: B Bob received this text message on his mobile phione: ‘Hello, this is Scott Smelby from the Yatioo Bank. Kindly contact me for a wtal transaction on- scottsmelby@yahoo.com”. Which statement below is tue? OA Thisis scamas everybody can get a @yahoo address, not the Yahoo customer service ‘employees, Tis is scam because Bob does not know Scott, 6 Bob should write to scottmelby@yahoo.com to verity the identity of Scott 0 Thisis probably a leaitimate message as it comes from a respectable organization Answer: AWhich ofthe following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with ‘a maximum length of (264-1) bits and resembles the MDS algorithm? On SHAZ Oe SHAS Oc SHAI © sHAO Answer: C ‘Steve, a scientist wha works in a governmental security agency, developed a technological solution to Identify people based on walking patterns and implemented this approach to a phiysical control access. ‘A.camera captures people waking and identifies the individuals using Steve's approach. ‘After that, people must approximate their RFID badges. Both the identifications are required to open the door. Inthis case, we can say: DA Although the approach has two phases, it actually implements just one authentication factor 28 The solution implements the two authentication factors: physical object and physical characteristic D€ The solution will have & high level of false positives 2B Biological motion cannot be used to identify people Answer: B large mobile teleshony and data network operator has a data center that houses network elements, These are essentially large computers running on Linux. The perimeter of the data canter is secured with firewalls and IPS systems, ‘What s the best securily policy concerning this setup? OA Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed, 28 Asiong as the physical access to the network elements is restricted, there is no need for additional measures. © There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist ©The operator knows that attacks and down time are inevitable and should have a backup site. Answer: A‘Which regulation defines security and privacy controls for Federal information systems and ‘organizations? OA HIPAA OB EU Safe Harbor oc PCLDSS OD NIST-800-53 Answer: D ‘The change of a hard dave failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. twill equire a futher 4 hours to restore the database trom the last backup to the new hard disk. The recovery person earns $1 0hour Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%) Whats the closest approximate cost of ‘his replacement and recovery operation per year? Ga $1320 ce $440 oe $100 > $146 Answer: D Firewalk has just completed the second phase (the scanning phase) and a technician receives the output ‘shown below. What conclusions can be crown based on these scan resuts? TCP port 21 no response TCP port 22 — no response TCP port 23 - Time-to-lve exceeded A The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond wth a TTL error 8 The lack of response from ports 21 and 22 indicate that those services are not running on the ‘destination server ‘The scan on port 23 passed through the fiteing device. This indicates that port 23 was not blocked at the firewall ©D The firewall isos blocking ports 21 through 23 and a service is listening on port 23 of the {target host Answer: C\What type of vuinerabilty’atack is it when the malicious person forces the user's browser to send an authenticated request to a server? OA Cross-site request forgery Cross-site scripting © Session hijacking OD Sener side request forgery Answer: A Which of the following vituses tries to hide from anf-virus programs by actively altering and corrupting the ‘chosen service call interruptions when they are being run? OA Stealth vius 8 Tunneling vis © Cavity vius Polymorphic virus Answer: A ‘Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems? OA msfencode 8 msfpayload Oe msc OD msid Answer: AWhich of the following Nmap commands will produce the following output? Output: Staring Nmap 6.47 (ttp://nmap.org) at 2015-05-26 12:50 EDT Nmap scan seport for 192.168.1.1 Host is up (0.00042s latency), Not shown: 65530 open | filtered ports, 65529 filtered ports PORT STATE SERVICE 111 tcp open rpebind 999/tcp open garcon 1017/tcp open unknown 1021/tep open exp1 1023/tcp open netvenuechat 2049/tep open nfs 17501 /tep open unknown 111/udp open rpcbind 123/udp open ntp 137/udp open netbios-ns 2049/udp open zeroconf 17501/udp open{filtered unknown 51857/udp openifiltered unknown, 14358/udp openffiltered unknown 56228/udp openifiltered unknown, 57598/udp openifiltered unknown, 59488/udp open filtered unknown, 60027/udp openifiltered unknown, A&A nmap -sT -sX -Pn -p 1-65535 192.168.1.1 OB nmap -sN -Ps-T4 192.168.1.1 ©c_ nmap -sS -sU-Pn -p 1-65535 192.168.1.1 OD nmap —sS -Pn 192.168.14 Answer: C‘You are monitoring the network of your organizations. You notice that: ¢ There are huge outbound connections from your Interal Network to External IPS ‘¢ On further investigation, you see that the external IPs are blacklisted @ Some connections are accepted, and some are dropped You find that itis a Cn communication Which of the following solution will you suggest? OA Block the Blackiist IP's @ Firewall ©8 Update the Latest Signatures on your IDS/IPS. ©C Clean the Malware which are trying to Communicate with the Extemal Blacklist IP's ©o BothBandc Answer: Dping -* 6 192.168.0.101 output Pinging 192.168.0.101 with 32 bytes of data: Reply from 192.168.0.101: 2 time<1ms TTL=128 Reply from 192.168.0.101 2 time<1ms TTL=128 Reply from 192.168.0.101 Reply from 192.168.0.101: bytes=32 time<1ms TIL=128 Reply from 192.168.0.101: bytes=32 time<1ms TIL=128 Reply from 192.168.0.101: byte 2 times1ms TTL=128 Ping statistics for 192.168.0.101 Packets: Sent=6, Received=6, Lost=0 (0% loss). Approximate round trip times in milli-seconds: Minimum=Oms, Maximum=(ms, Average=Oms What does the option * indicate? Answer: C The company ABC recertly contracted a new accountant. The accountant willbe working with the financial statements. Those financial statements need to be approved by the CFO and then they willbe sent to the accountant but the CFO is worned because he wants to be sure that the information sent to the accountant was not modified once he approved it. What's the folowing options can be useful to ensure the integnty of the data? ‘The CFO can use a hash algorithm in the document once he approved the financial statements 8 The CFO can use an excel file with a password OC The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document ©. The document can be sent to the accountant using an exclusive USB for that document Answer: A‘Which component of IPsec performs protocot-level functions that are required to encrypt and decrypt the packets? OA Intemet Key Exchange (IKE) 8 Oakley OC IPsec Policy Agent 0 IPsec driver Answer: A. Which regulation defines security and privacy controls for Federal information systems and organizations? DA HIPAA OB EU Safe Harbor De PCLDSS 2 NIST-900-53 Answer: D Which ofthe following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture? OA Chosen-Cipher text Attack 2B Ciphertext-only Attack: © Timing Attack ©D_ Rubber Hose Attack Answer: DWhat is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewal, which permits the hacker to determine which ports are open and ifthe packets can pass through the packet fering of the frewal? O& Sessionhiacking 28 Firewalking € Man.in-the middle attack © Network sniffing Answer: B ‘A computer science student needs to fil some information into a secured Adobe PDF job application ‘that was recetved from a prospective employer. Instead of requesting a new document that alowed the ‘orms to be completed, the student decides to wnte a script thet pulls passwords from a list of commonly sed passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting? OA Man-in-the-middle attack ©8 Session hijacking Oc Brute-orce attack 20 Dictionary-attack Answer: D Avbank stores and processes sensitive privacy information related to home loans. However, auciting has. never been enabled on the system. What is the first step that the bank should take before enabling the ‘audit feature? 8 Perform a vulnerability scan of the system, © 8 Determine the impact of enabling the audit feature. ©¢ Perform a cost/benefit analysis of the audit feature. © Allocate funds for stafing of audit log review.WPA2 uses AES for wireless data encryption at which of the following encryption levels? OA 64bit and COMP. OB 128bitand CRC Oc 128 bit and CCMP OD 128biand TKIP Answer: C Ian attacker uses the command SELECT'FROM user WHERE name = °x’ AND userid IS NULL; Which type of SQL injection attack is the attacker performing? OA Endof Line Comment 8 UNION SAL Injection ©€ MegalLogically Incorect Query ©D Tautology Answer: A Which ofthe following statements regarding ethical hacking is incorrect? OA An organization should use ethical hackers who do not sell vendor hardware/software or ‘other consulting services OB Ethical hackers should never use tools or methods that have the potential of exploiting, ‘wulnerabilties in an organization's systems Ethical hacking should not involve writing to or modifying the target systems. OD. Testing should be remotely performed offsite. Answer: 8While using your bank's online servicing you notice the following string in the URL bar: “hip: // www, MyPersonalBank. com’ account?id=36894091 10263808 Damount-10980&Camount=21" You observe that if you moaify the Damount&Camount values and submit the request, that data on the web page reflects the changes. Which type of vulnerability is present on this site? GA Cookie Tampering 8 SQL inecton OC Web Parameter Tampering © XSS Reflection ‘Answer: C ‘You have successtuly gained access to a Linux server and would ike to ensure that the succeeding ‘outgoing trafic from this server will not be caught by Network-Based Intrusion Detection Systems (NIDS). ‘What is the best way to evade the NDS? OA Outof band signaling Protocol solation Se Encryption DD Allemate Data Streams Answer: C Which of the following act requires employer's standard national numbers to identify them on standard transactions? Oa SOx 28 HIPAA Oc DMCA 22 PCLDSS Answer: BYou are a Network Security Oficer. You have two machines. The frst machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perfrom a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to ‘un wireshark in the snort machine fo check ifthe messages are going to the kiwi syslog machine. What Wireshark fiter wil show the connections from the snort machine to kiwi syslog machine? OA top sreport= = 514 88 ip.ste= = 192.168.0.99 8 tepsreport= 114 88 ip sre= = 192.168.150 oc 14 88 ip dst= = 192168099 14 88 ip. dst= = 192.168.0.150 ‘A regional bank hires your company to perform a security assessment on their network after a recent data breach, The attacker was able to steal financial data from the bank by compromising only a single ‘server. Based on this information, what should be one of your key recommendations to the bank? GA Place a front-end web server in a demilitarized zone that only handles external web traffic Require all employees to change their passwords immediately € Move the financial data to another server on the same IP subnet © _ Issue new cenificates to the web servers from the root certificate authority Answer: A What does a firewall check to prevent particular ports and applications from getting packets into an organization? A Transpor layer port numbers and application layer headers ©8 Presentation layer headers and the session layer port numbers O.¢ Network layer headers and the session layer port numbers © Application layer port numbers and the transport layer headers: ‘Answer: A.‘You have several plain-text firewall logs that you must review to evaluate network trafic. You know that in ‘order to do fast, efficient searches of the logs you must use reaular expressions. Which command-line utility are you most likely to use? GA Relational Database C8 MSExcel OC Notepad OD Grep Answer: D OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the too! ‘and the correct syntax to connect to a web server? OA openssl s_client site wmwwebsite.com443 ‘openss|_client-site wwnw.website.comi443 Se. opensst_ciient -comect www website com:443 2D openssl s_ciient -connect wwnw website. com443 Answer: D When tuning security alerts, whatis the best approach? OA Tune to avoid False positives and False Negatives ©B8 Rise False positives Rise False Negatives OC Decrease the false positives 0 Decrease False negatives Answer: ASuppose your company has just passed a security risk assessment exercise. The results display that the nisk of the breach in the main company application 's 50%. Secunty staff has taken some measures and Implemented the necessary controls. After that, another secunty risk assessment was performed showing that risk has decreased to 10%. The risk threshold forthe application is 20%. Which ofthe folowing risk decisions willbe the best for the project in terms of its successful continuation with the most business profit? GA Acceptthe risk © 8 Introduce more controls to bring risk to 0% © Mitgate the nsk 20 Avoid the risk Answer: ALook at the following output. Whet did the hacker accomplish? <<>> DiG 9.7 -P1 <<>> axfi domam.com @192.168.1.105 ; global options: +cmd domain.com. 3600 IN SOA srvl.domain.com. hostsrrl.d omain.com. 131 900 500 86400 3600 domain.com. 600 IN A 192.168.1.102 domain.com. 600 INA 192.168.1.105 domain.com. 3600 IN NS srv1.domain.com domain.com. 3600 IN NS srv2.domain.com ‘ypn.domain.com. 36(0 IN A 192,168.11 server domain.com. 3600 IN A 192.168.13 office. domain.com. 3600 IN A 192.168.14 semote.domain.com. 3600 IN A 192.168. 1.48 support. domain.com. 3600 IN A 192.168.1.47 asl domain com. 3600 IN A 192.168.1.41 ns2,domain com, 3600 IN A 192.168.1.42 ns3.domain com. 3600 IN A 192.168.1.34 nsf domain com. 3600 IN A 192.168.1.45 sevl domain com. 3610 IN A 192.168.1102 sev2.domain.com. 1230 IN A 192.168.1.105 domain.com. 3600 INSOA srv1.domain.com. hostsrv1.do main.com. 131 900 630 86400 3600 ; Query time: 269 msec ; SERVER: 192.168 1.105#53(192 168.1105) ; WHEN: Sun Avg Il 20:07:59 2013 , XER size: 65 records (messages 65, bytes 4501) a The hacker used wno is to gather publicly available records for the domain. 8 The hacker used the "fierce" tool to brute force the list of available domains. Oc The hackerlisted DNS records on his own domain, 0 The hacker successfully transferred the zane and enumerated the hosts, Answer: DShellshock allowed an unauthorized user to gain access to a server. It affected many intemet facing services, which OS did it not direclly affect? Om Linux OB Unix oe Osx OD Windows Answer: D Which of the following Linux commands will resolve a domain name into IP address? >host-t a hackeddomain.com 8 =host-tns hackeddomain.com host -t soa hackeddomain.com 3D >host t AXFR hackeddomain.com Answer: A What kind of detection techniques is being used in antivirus software that identifies makware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the provider's ermironment? OA Behavioral based 8 Heuristics based Se Honypot based 0 Cloud based Answer:Scenario, 4. Victim opens the attacker's web site 2. Attacker sets up a web site which contains interesting and attractive content Ike ‘Do you want fo make $1000 ina day?’ 2. Vietim clicks tothe interesting and attractive content URL. 4. Attacker creates a transparent 'frame’ in front of the URL which victim attempts to click, so victim ‘thinks that he(she clicks tothe ‘Do you want to make $1000 ina day?’ URL but actually he/she clicks to ‘the content or URL that exists in the transparent ‘fame’ which is setup by the attacker. What is the name of the attack which is mentioned in the scenario? Sassion Fixation 58 HTML nection HTTP Parameter Potion Ob Cliekdacking Attack ‘Answer: D you want only o scan fewer ports than the default scan using Nmap tool, which option would you use? OA sp ope Answer: D ‘When analyzing the IDS logs, the system administrator noticed an alert was logged when the extemal router was accessed from the administrator's Computer to update the router configuration. What type of analettis this? OA False negative 28 Twe negative De True positive OD False positive Answer: DWhich of these options is the most secure procedure for storing backup tapes? OA Ina climate controlled facility offsite ©B Inacool dry environment ©€ One different floor in the same building ©D Inside the data center for faster retrieval in a fireproof safe Answer: A Inwhich phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Example: alittle: root passwd A. Maintaining Access 8 Gaining Access Oe Reconnaissance ©0 Scanning and Enumeration ‘Answer: C In Risk Management, hows the term “likelihood related to the concept of "threat?" OA Likelihood is the likely source ofa threat that could exploit a vulnerability, ©8 Likelihoodis the probability that a threat-source will exploit a vuinerabilty OC Likelihood is a possible threat-source that may exploit a vulnerability ©D Likelihood is the probability that a vulnerability is a threat-source. Answer: BWhich of the following is a command line packet analyzer similar to GULbased Wireshark? OA Nessus 8 Jack the ripper Oc Tepdump OD Ethereal Answer: C ‘An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed? OA Reverse Social Engineenng 28 Tailgating © Piggybacking @o Announced Answer: B Which of the following is a command line packet analyzer similar to GULbased Wireshark? OA Nessus OB Jack the ripper Oc Tepdump OD Ethereal Answer: C‘An unauthorized individual enters a building following an employee through the employee entrance after the lunch rust What type of breach has the individual just performed? Reverse Social Engineering 8 Tailgating Piggybacking © Announced Answer: 8 ‘There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data resut in he value is? OA. Polymorphism DB Escrow © Colson > Colision Answer: D ‘A new wireless client is configured to join an 802.11 network. This cient uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect, A.wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem? ©A__The WAP does not recognize the client's MAC address. 8 The client cannot see the SSID of the wireless network ©€ Cientis configured for the wrong channel 0 The wireless client is not configured to use DHCP. Answer: AWhich of the following prowdes a security professional with most information about the system's security posture? DA Wardriving, warchalking, social engineering OB Social engineering, company site browsing, talgating € Phishing, spamming, sending trojans 0 Port scanning, banner grabbing, service identification Anawer: D ‘The security administrator of ABC needs to permit intemet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP trafic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access to the fip, and the: ‘permitted hosts cannot access the Internet According to the next configuration, what is happening in the network? emit tep any eq DA The AGL 104 needs to be fist because 1s UDP OB The ACL 110 needs to be changed to port 80 O€ The ACL for FTP must be before the ACL 110 DD The first ACL is derying all TCP trafic and the other ACLs are being ignored by the router Answer: D A\virus that attempts to install itself inside the file itis infecting is called? OA Tunneling virus 8 Cavity wrus © Polymorphic virus ©D- Stealth virus Answer: B‘What would you enter, if you wanted to perform a stealth scan using Nmap? OA nmap -sU ©B nmap-sS ©c nmap-sM ©D nmap -sT Answer: B Bob finished a C programming course and created a small C application to monitor the network trafic and produce alerts when any origin sends “many" IP packets, based on the average number of packets. ‘sent by all oigins and using some thresholds. Inconcept, the solution developed by Bob is actually: OA. Just a network monitoring too! Asionature-based IDS OC Ahyond IDs ©D Abelavior-based IDS Answer: A ‘What is the most common method to exploit the “Bash Bug’ or “ShellShock" vulnerability? OA. Manipulate format strings in text fields OB SSH OC SYNFlood 20 Through Web servers utilizing GGI (Gommon Gateway Interface) to send a malformed environment variable to a vulnerable Web server Answer: DWhich of the folowing statements is FALSE with respect to Intusion Detection Systems? ‘A Inirusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic, Inrusion Detection Systems can examine the contents of the data in context ofthe network protoco! Inrusion Detection Systems can be comfigured to distinguish specific content in network packets © Intrusion Detection Systems require constant update of the signature fibrary Anower: A ‘Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP), Which ofthe following is an incorrect detinition or characteristics of the protocol? OA Based on XML © Only compatible with the application protocol HTTP ©C Exchanges data between web services: 0 Provides a stuctured model for messaging Answer: B Which of the following is a serious vuinerabiity in the popular OpenSSL cryptographic software kbrary? This weakness allows stealing the information protected, under normal conditions, by the SSLITLS. eneryplion used to secure the Internet A SSLITLS Renegotiation Vulnerability ©8 Shellshock SC Heartbleed Bug 20 POODLE newer: ©‘What type of analysis is performed wiven an attacker has partial knowledge of inner-workings ofthe application? OA Black-box 8 Announced Oc White-box 0 Grey box Answer: D ‘You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed {o ind interesting data, such as fles with usernames and passwords. You find a hidden folder that has the ‘administrator’s bank account password and login information forthe administrator's bitcoin account, ‘What should you do? >A Do nat report it and continue the penetration test. ‘Transfer money from the administrator's account to another account © Donnottranster the money but steal the bitcoins. DD Report immediately to the administrator Answer: What is the difference between the AES and RSA algoritnms? OA Both are symmetric algorithms, but AES uses 256-bit keys AES is asymmetric, which is used to create a publiciprivate key pair, RSA is symmetric, which is used to encrypt data © Both are asymmatic algorithms, but RSA uses 1024-bit keys, 20 RSAis asymmetric, which is used to create a publicipnvate key pair; AES is symmetric, which is used to encrypt data Answer: D‘Which access control mechanism allows for mutiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems? QA Single sign-on 2.8 Windows authentication OC Role Based Access Control (RBAC) ©0 Discretionary Access Control (DAC) Answer: A Accompany’s Web development team has become aware of a certain type of security vulnerability in their ‘Web software. To mitigate the possibility ofthis vulnerabilly being exploited, the tear wants to modify the software requirements to disallow users from entering HTML as input into their Web application ‘What kind of Web application vulnerability likely exists in their software? OA Cross-site scripting vulnerability, Web site defacement vulnerability © SQL injection vuinerabilty OD Cross-site Request Forgery vuinerabilty Answer: A During the secunty auait of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do? OA Create a procedures document 8 Terminate the audit © Conduct compliance testing @D_ Identify and evaluate existing practices Answer: DWhich ofthe following describes the characteristics of a Boot Sector Virus? OA Modifies directory table enties so that directory entries point tothe virus code instead of the actual program. 8 Moves the MBR to another location on the RAM and copies itsef to the onginal location of, the MBR. 2 Moves the MBR to another location on the hard disk and copies itself the original location of the MBR, DD Overmites the original MBR and only executes the new virus cade. Answer: C A company’s policy requires employees to perfom file ransters using protocols which encrypt trafic. You ‘suspect some employees are stil performina file transfers using unencrypted protocols because the ‘employees do not ike changes. You have positioned a network sniffer to capture trafic from the laptoos Used by employees in the data ingest department. Using Wiresharicto examine the captured trafic, which ‘command can be used as display fiterto find unencrypted file ransters?. ©0 tepport!=21 ‘Answer: A ‘What is one of the advantages of using both symmetnic and asymmetic cryptogrsphy in SSL/TLS? A Supporting both types of algorithms allows less-powerful devices such as mobile phones to Use symmetric eneryption instead. ©8 Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail ©€ Symmetric encryption allows the server to security transmit the session keys out-of band. © Asymmetric cryptography is computationally expensive in comparison. However, itis wel-suited to securely negotiate keys for use with symmetric cryptography, Answer: DWhats the purpose of DNS AAAA record? OA Address prefixrecord 8 Address database record ©¢ Authorization, Authentication and Auditing record ©D_ [Pv6 address resolution record Answer: D executives are found fable for not properly protecting their company’s assets and information systems, ‘what type of law would apply inthis situation? ©A Common © criminal oe Gm © International ‘Answer: C You are logged in as a local admin on a Windows 7 system and you need to launch the Computer ‘Management Console from command Ine. Which command would you use? OA clgpedit @B_ clcompmamtmse Oc cincpacp D_ cisenices. mse Answer: BMatthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Cowp's lobby. He checks his current SID, which is S-1-5-21-1223362307-1872883824-86 1252 104-501 What needs to happen before Matthew has full administrator access? DA He needs to gain physical access. '® He must perform priviege escalation, > He already has admin privileges, as shown by the “501” at the end of the SID. © Heneeds to disable antivirus protection Answer: B ‘You re attempting to run an Nmap port scan on a web server. Which ofthe following commands would resutt in a scan of common ports withthe least amount of noise in order to evade IDS? OA pmap-A-Pn 8 pmap-sP -9.69535-15 Qc nmap-st-0-T0 OD pmap—A —hostimeout 99-71 Answer: C tester has been hired to do @ wab application security lest. The tester notices thatthe site is dynamic and must make use of a back end database. In order forthe tester to see if SQL injection is possible, what is the first character that the tester should use fo attempt breaking a valid SQL request? OA Semicolon 28 Single quote © Exclamation mark, ©D_ Double quote Answer: BWhich method of password cracking takes the most time and effort? OA Shoulder surfing OB Brute force ©C Dictionary attack ©D_ Rainbow tables Answer: B [tis a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices wile maintaining high levels of secunty.it allows mobile phones, computers and other devices to connect and communicate using a short range wireless connecton. Which ofthe folowing terms best matches the definition? OA Bluetooth os WLAN Oe InfraRed 0 Radio-Frequency identification Answer: A Why containers are less secure than virtual machine? A Host OS on containers has a larger surface attack. ‘OB Containers are attached to the same virtual network. ©C Containers may fulfil disk space of the host. ©D Acompromise container may cause a CPU starvation of the host. Answer: DWhich of the following programming languages is most susceptible to buffer overflow attacks, due to its lack ofa bultn-bounds checking mechanism? Code: #include int maindt char butterlsl, strepy butter, °14114491111110111111191191111"), } Output ‘Segmentation faut On cH 8 Python ee Java On cH ‘Answer: D During the process of encryption and decryption, what keys are shared? Oa Private keys 8 User passwords Oc Pubic keys ©0 Public and private keys Answer: The “black box testing” methodology enforces what kind of restriction? © Only the internal operation of a system is known to the tester. 8 The intemal operation of a systemis completely known to the tester. OC The intemal operation of a systemis only partly accessible to the tester. ©D Only the extemal operation of a system is accessible to the tester. Answer: D‘You perform a scan of your company's network and discover that TCP port 123 is open, What services: bby defaut run on TCP port 1237 OA Telnet OB POP Network Time Protocol OD DNS. Answer: C ‘Your company performs penetration tests and security assessments for small and medium sizad ‘business inthe local area. During a routine secunity assessment, you discover information that suggests ‘your client is involved with human trfficking. ‘What shoud you do? © Conftontthe client in arespectul manner and ask her about the data ©8 Copy the data to removable media and keep itn case youneedit. ©6 anor the date and continue the assessment until completed as agreed. © immectately sop work and contact the proper legal authorities. Answer: D What is attempting an injection attack on a web server based on responses to True/False questions called? OR DMS-spectfic SAL 2.8 Compound SQLi Oc Blind SaLi 0 Classic SQL Answer: C ‘You are performing information gathering for an important penetration test. You have found pat, doc, and images in your objective. You decide to extract metadata from these fles and anaiyze it. What tool will help you withthe task? Armitage 8 DMity SC Metagoofi 0 cdpsnart Answer: CDuring a recent security assessment, you discover the organization has one Domain Name Server (ONS) ina Demilitarized Zone (DMZ) and a second DNS server on the internal network. ‘What is this type of DNS configuration commonly called? OA” DynDNS OB DNS Scheme oe DNSSEC OD SpitDNS ‘Answer: D ‘The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable ‘organization focused an improving the secunty of software. What iter isthe primary concern an OWASP” ss Top Ten Project Most Critical Web Application Secunty Risks? GA. Cross Site Scripting 28 Injection Oc Path disclosure ©0 Cross Site Request Forgery Answer: B Analtacker with accass to the inside network of a small company launches a successful STP manipulation attack. What will he do next? GA Hewill create a SPAN entry on the spoofed roat bridge and redirect trafic to his computer. ©8 He willactivate OSPF on the spoofed root bridge. OC He willrepeat this action so that it escalates to a DoS attack, OD Hewillrepeat the same attack against all 2 switches of the network Answer: A.Jesse receives an email with an attachment labeled Court_Notice_21206 zip’. Inside tne zip fle named “Court Notice_21206 docx exe" disguised as a word document. Upon execution, a window appears stating, “This word documents comupt. In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download adcitional malicious binaries. What type of malware has Jesse encountered? Oa Worm 8 Macro Vitus Se Key-Logger 90 Trojan ‘Answer: D ‘The collection of potentially actionable, overt, and publicly available information is known as OA Open-source intelligence 8 Human intelligence OC Social inteligence OD Realinteligence ‘Answer: A ‘This phase will increase the odds of success in later phases of the penetration test. is also the very first step in Information Gathenng and it wll tll you the landscape" looks lke. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time? OA network mapping 28 footprinting Oe escalating privileges OD gaining access Answer: BWhich of the folowing tools is used to detect wireless LANs using the 802.11 a/bigin WLAN standards ona linux platform? Kismet ©8 Netstumbler © Nessus ©D Abel Answer: A Youneed a tool that can do network intrusion prevention and intrusion detection, function as a network: sniffer, and record network activity. What tool would you most ikely select? OA Snort 8 Nmap. Oe Cain & Abel OD Nessus Answer: A. John s an incident handler at a financial institution. His steps in a recentincident are not up tothe ‘standards of the company. John frequently forgets some steps and procedures while handing responses as they are very stressful to perform, Which ofthe following actions should John take to overcome this problem withthe least administrative effor? GA Increase his technical skis © 8 Read the incident manual every time it occurs ©€ Select someone else to check the procedures 20 Create an incident checkiist Answer: DWhat does the -X flag do in an Nmap scan? OA Perform an Xmas scan ©8 Perform aneXpress scan ‘OC Output the results in truncated format to the screen 0D Output the results in XML format to a file Answer: D Which ofthe following types of jailbreaking allows user-level access but does not allow iboot level access? Bootrom Exploit OB Boot Exploit OC Sandbox Exploit OD Userland Exploit Answer: D A.company’s Web development team has become aware of a certain type of secunty wuinerabiity in their ‘Web software. To mitigate the possibity of ths vulnerability being exolotted, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application ‘What kind of Web application vulnerability IKely exists in their software? SA Gross-site scripting vuinerabikty 8 Session management vulnerability © SQL injection vuinerabilty OD Cross-site Request Forgery vulnerability Answer: A‘Some clients of TPNOM SA were redirected to a malicious site when they tried to access the TPNOM ‘main site, Bob, a system administrator at TPNOM SA, found that they were victims of ONS Cache Poisoning What should Bob recommend to deal with such a threat? A The use of secuily agents in cients’ computers 8 Theuse of DNSSEC © The use of double-tactor authentication ©0 Client awareness Answer: B Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can ‘accomplish this with Nmap? Stealth is not a concern, DA nmap —p 445 -n TA open 10.1.0.0/16 OB nmap—p 445 -max -Pn 10.1.0.016 O nmap—sn-sF 10.1.0.0/16 445 OD nmap-s445-sU-T5 10.1.0.0/16 Answer: A. During a black-box pen test you attempt to pass IRC trafic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic? Oa Circuit OB Stateful Se Application OD Packet Fitering Answer: CInwhich of the following cryptography attack methods, the allacker makes a series of interactive queries, ‘choosing subsequent plaintex!s based on the information from the previous encryptions? OA Chosen-plaintext attack 8 Ciphertextonly attack 6 Adaptive chosen-plaintext attack OD Known plaintext attack Answer: A ‘An attacker changes the profile information of a particular user (victim) on the target website. The ‘attacker uses this string to update the victim’s profile to a text fle and then submit the data to the attacker’ ‘s database. - ‘What is this type of attack (that can use either HTTP GET or HTTP POST) called? DA Cross-Site Request Forgery 8 SQL injection O€ Browser Hacking OD Cross-Site Seripting Answer: A ‘What is the process of logging, recording, and resolving events that take place in an organization? A Incident Management Process OB Security Policy OC intemal Procedure OD Mettics Answer: A‘What is the most secure way to mitigate the theft of corporate information fram a laptop that was lettin a hotel roorn? OA Seta BIOS password © Eneryptthe data on the hard drive ©C _Usea strong logon password to the operating system. © Back up everything on the laptop and store the backup in a safe place. Answer: B |n 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkoy ina matter of seconds. This security flaw led to a network invasion of Td Maxx and data theft through a technique known as wardriving, Which Algorithm is this refernng to? GA Wired Equivalent Privacy (WEP) GB WrFi Protectad Access (WPA) © WhFI Protected Access 2 (WPA2) G0 Temporal Key Integrity Protocol (TKIP) Answer: A Eliot inthe process of exploiting a web application thal uses SQL as a back-end database. He is, ‘determined that the application is vulnerable to SQL injection and has iniroduced conditional ting

You might also like

• CompTIA Network+ N10 007 Practice Exam Questions 2020 Fully Updated

  

  Document180 pages

  CompTIA Network+ N10 007 Practice Exam Questions 2020 Fully Updated

  nya marcel

  No ratings yet
• Cahier Des Charges de Réalisation Du Site Internet

  

  Document5 pages

  Cahier Des Charges de Réalisation Du Site Internet

  nya marcel

  No ratings yet
• Presentation ACRONIS

  

  Document43 pages

  Presentation ACRONIS

  nya marcel

  No ratings yet
• • Magazines
  • Podcasts
  • Sheet music
• Business-Model-Easy Home

  

  Document1 page

  Business-Model-Easy Home

  nya marcel

  No ratings yet
• Plaquette ISO 27001 Management de La Securite de L Information

  

  Document4 pages

  Plaquette ISO 27001 Management de La Securite de L Information

  nya marcel

  No ratings yet
• Business-Model-Easy Home

  

  Document1 page

  Business-Model-Easy Home

  nya marcel

  No ratings yet
• Business Model Canvas Français Word 1

  

  Document1 page

  Business Model Canvas Français Word 1

  nya marcel

  100% (1)
• Business-Model-Easy Home

  

  Document1 page

  Business-Model-Easy Home

  nya marcel

  No ratings yet
• Business-Model-Easy Home

  

  Document1 page

  Business-Model-Easy Home

  nya marcel

  No ratings yet
• Business-Model-Easy Home

  

  Document1 page

  Business-Model-Easy Home

  nya marcel

  No ratings yet
• Simulateur Comparateur Statuts Juridiques Entreprise 3

  

  Document14 pages

  Simulateur Comparateur Statuts Juridiques Entreprise 3

  nya marcel

  No ratings yet
• Offre-MINPOSTEL Revue

  

  Document20 pages

  Offre-MINPOSTEL Revue

  nya marcel

  No ratings yet
• Assurance Qualite Logiciellev2

  

  Document20 pages

  Assurance Qualite Logiciellev2

  nya marcel

  No ratings yet
• The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  

  From Everand

  The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  Mark Manson

  Rating: 4 out of 5 stars

  4/5 (5796)
• Shoe Dog: A Memoir by the Creator of Nike

  

  From Everand

  Shoe Dog: A Memoir by the Creator of Nike

  Phil Knight

  Rating: 4.5 out of 5 stars

  4.5/5 (537)
• Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  

  From Everand

  Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  Margot Lee Shetterly

  Rating: 4 out of 5 stars

  4/5 (895)
• The Yellow House: A Memoir (2019 National Book Award Winner)

  

  From Everand

  The Yellow House: A Memoir (2019 National Book Award Winner)

  Sarah M. Broom

  Rating: 4 out of 5 stars

  4/5 (98)
• On Fire: The (Burning) Case for a Green New Deal

  

  From Everand

  On Fire: The (Burning) Case for a Green New Deal

  Naomi Klein

  Rating: 4 out of 5 stars

  4/5 (74)
• Never Split the Difference: Negotiating As If Your Life Depended On It

  

  From Everand

  Never Split the Difference: Negotiating As If Your Life Depended On It

  Chris Voss

  Rating: 4.5 out of 5 stars

  4.5/5 (838)
• The Little Book of Hygge: Danish Secrets to Happy Living

  

  From Everand

  The Little Book of Hygge: Danish Secrets to Happy Living

  Meik Wiking

  Rating: 3.5 out of 5 stars

  3.5/5 (400)
• The Emperor of All Maladies: A Biography of Cancer

  

  From Everand

  The Emperor of All Maladies: A Biography of Cancer

  Siddhartha Mukherjee

  Rating: 4.5 out of 5 stars

  4.5/5 (271)
• Yes Please

  

  From Everand

  Yes Please

  Amy Poehler

  Rating: 4 out of 5 stars

  4/5 (1891)
• Grit: The Power of Passion and Perseverance

  

  From Everand

  Grit: The Power of Passion and Perseverance

  Angela Duckworth

  Rating: 4 out of 5 stars

  4/5 (589)
• Fear: Trump in the White House

  

  From Everand

  Fear: Trump in the White House

  Bob Woodward

  Rating: 3.5 out of 5 stars

  3.5/5 (738)
• A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  

  From Everand

  A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  Dave Eggers

  Rating: 3.5 out of 5 stars

  3.5/5 (231)
• Team of Rivals: The Political Genius of Abraham Lincoln

  

  From Everand

  Team of Rivals: The Political Genius of Abraham Lincoln

  Doris Kearns Goodwin

  Rating: 4.5 out of 5 stars

  4.5/5 (234)
• Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  

  From Everand

  Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  Gilbert King

  Rating: 4.5 out of 5 stars

  4.5/5 (266)
• Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  

  From Everand

  Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  Ashlee Vance

  Rating: 4.5 out of 5 stars

  4.5/5 (474)
• The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  

  From Everand

  The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  Ben Horowitz

  Rating: 4.5 out of 5 stars

  4.5/5 (345)
• Rise of ISIS: A Threat We Can't Ignore

  

  From Everand

  Rise of ISIS: A Threat We Can't Ignore

  Jay Sekulow

  Rating: 3.5 out of 5 stars

  3.5/5 (137)
• The World Is Flat 3.0: A Brief History of the Twenty-first Century

  

  From Everand

  The World Is Flat 3.0: A Brief History of the Twenty-first Century

  Thomas L. Friedman

  Rating: 3.5 out of 5 stars

  3.5/5 (2259)
• Angela's Ashes: A Memoir

  

  From Everand

  Angela's Ashes: A Memoir

  Frank McCourt

  Rating: 4.5 out of 5 stars

  4.5/5 (440)
• Principles: Life and Work

  

  From Everand

  Principles: Life and Work

  Ray Dalio

  Rating: 4 out of 5 stars

  4/5 (599)
• The Unwinding: An Inner History of the New America

  

  From Everand

  The Unwinding: An Inner History of the New America

  George Packer

  Rating: 4 out of 5 stars

  4/5 (45)
• Steve Jobs

  

  From Everand

  Steve Jobs

  Walter Isaacson

  Rating: 4.5 out of 5 stars

  4.5/5 (806)
• The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  

  From Everand

  The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  Brene Brown

  Rating: 4 out of 5 stars

  4/5 (1091)
• Bad Feminist: Essays

  

  From Everand

  Bad Feminist: Essays

  Roxane Gay

  Rating: 4 out of 5 stars

  4/5 (1016)
• The Glass Castle: A Memoir

  

  From Everand

  The Glass Castle: A Memoir

  Jeannette Walls

  Rating: 4.5 out of 5 stars

  4.5/5 (1713)
• John Adams

  

  From Everand

  John Adams

  David McCullough

  Rating: 4.5 out of 5 stars

  4.5/5 (2409)
• The Outsider: A Novel

  

  From Everand

  The Outsider: A Novel

  Stephen King

  Rating: 4 out of 5 stars

  4/5 (1840)
• The Light Between Oceans: A Novel

  

  From Everand

  The Light Between Oceans: A Novel

  M.L. Stedman

  Rating: 4.5 out of 5 stars

  4.5/5 (789)
• Wolf Hall: A Novel

  

  From Everand

  Wolf Hall: A Novel

  Hilary Mantel

  Rating: 4 out of 5 stars

  4/5 (3811)
• The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  

  From Everand

  The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  Viet Thanh Nguyen

  Rating: 4.5 out of 5 stars

  4.5/5 (122)
• The Woman in Cabin 10

  

  From Everand

  The Woman in Cabin 10

  Ruth Ware

  Rating: 3.5 out of 5 stars

  3.5/5 (2519)
• Her Body and Other Parties: Stories

  

  From Everand

  Her Body and Other Parties: Stories

  Carmen Maria Machado

  Rating: 4 out of 5 stars

  4/5 (821)
• A Man Called Ove: A Novel

  

  From Everand

  A Man Called Ove: A Novel

  Fredrik Backman

  Rating: 4.5 out of 5 stars

  4.5/5 (4610)
• Brooklyn: A Novel

  

  From Everand

  Brooklyn: A Novel

  Colm Toibin

  Rating: 3.5 out of 5 stars

  3.5/5 (1938)
• The Art of Racing in the Rain: A Novel

  

  From Everand

  The Art of Racing in the Rain: A Novel

  Garth Stein

  Rating: 4 out of 5 stars

  4/5 (4201)
• Manhattan Beach: A Novel

  

  From Everand

  Manhattan Beach: A Novel

  Jennifer Egan

  Rating: 3.5 out of 5 stars

  3.5/5 (792)
• Little Women

  

  From Everand

  Little Women

  Louisa May Alcott

  Rating: 4 out of 5 stars

  4/5 (104)
• The Perks of Being a Wallflower

  

  From Everand

  The Perks of Being a Wallflower

  Stephen Chbosky

  Rating: 4.5 out of 5 stars

  4.5/5 (2104)
• The Constant Gardener: A Novel

  

  From Everand

  The Constant Gardener: A Novel

  John Le Carré

  Rating: 3.5 out of 5 stars

  3.5/5 (104)
• Sing, Unburied, Sing: A Novel

  

  From Everand

  Sing, Unburied, Sing: A Novel

  Jesmyn Ward

  Rating: 4 out of 5 stars

  4/5 (1104)
• A Tree Grows in Brooklyn

  

  From Everand

  A Tree Grows in Brooklyn

  Betty Smith

  Rating: 4.5 out of 5 stars

  4.5/5 (1929)