New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Full Access
Question # 5

While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site:

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability has been detected in the web application?

A.

Buffer overflow

B.

Cross-site request forgery

C.

Distributed denial of service

D.

Cross-site scripting

Full Access
Question # 6

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

A.

An extensible security framework named COBIT

B.

A list of flaws and how to fix them

C.

Web application patches

D.

A security certification for hardened web applications

Full Access
Question # 7

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

A.

Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

B.

To get messaging programs to function with this algorithm requires complex configurations.

C.

It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

D.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Full Access
Question # 8

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

A.

Ignore the problem completely and let someone else deal with it.

B.

Create a document that will crash the computer when opened and send it to friends.

C.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Full Access
Question # 9

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Full Access
Question # 10

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

A.

It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.

B.

If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.

C.

Hashing is faster compared to more traditional encryption algorithms.

D.

Passwords stored using hashes are non-reversible, making finding the password much more difficult.

Full Access
Question # 11

In the OSI model, where does PPTP encryption take place?

A.

Transport layer

B.

Application layer

C.

Data link layer

D.

Network layer

Full Access
Question # 12

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

A.

Cross-site scripting

B.

SQL injection

C.

VPath injection

D.

XML denial of service issues

Full Access
Question # 13

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

A.

MD5

B.

SHA-1

C.

RC4

D.

MD4

Full Access
Question # 14

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

A.

Investigate based on the maintenance schedule of the affected systems.

B.

Investigate based on the service level agreements of the systems.

C.

Investigate based on the potential effect of the incident.

D.

Investigate based on the order that the alerts arrived in.

Full Access
Question # 15

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

A.

white box

B.

grey box

C.

red box

D.

black box

Full Access
Question # 16

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

A.

The host is likely a Windows machine.

B.

The host is likely a Linux machine.

C.

The host is likely a router.

D.

The host is likely a printer.

Full Access
Question # 17

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

A.

tcp.src == 25 and ip.host == 192.168.0.125

B.

host 192.168.0.125:25

C.

port 25 and host 192.168.0.125

D.

tcp.port == 25 and ip.host == 192.168.0.125

Full Access
Question # 18

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?

A.

nmap

B.

ping

C.

tracert

D.

tcpdump

Full Access
Question # 19

Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?

A.

It is a network fault and the originating machine is in a network loop

B.

It is a worm that is malfunctioning or hardcoded to scan on port 500

C.

The attacker is trying to detect machines on the network which have SSL enabled

D.

The attacker is trying to determine the type of VPN implementation and checking for IPSec

Full Access
Question # 20

Which type of security feature stops vehicles from crashing through the doors of a building?

A.

Turnstile

B.

Bollards

C.

Mantrap

D.

Receptionist

Full Access
Question # 21

Why would an attacker want to perform a scan on port 137?

A.

To discover proxy servers on a network

B.

To disrupt the NetBIOS SMB service on the target host

C.

To check for file and print sharing on Windows systems

D.

To discover information about a target host using NBTSTAT

Full Access
Question # 22

What is the best Nmap command to use when you want to list all devices in the same network quickly after you successfully identified a server whose IP address is 10.10.0.5?

A.

nmap -T4 -F 10.10.0.0/24

B.

nmap -T4 -q 10.10.0.0/24

C.

nmap -T4 -O 10.10.0.0/24

D.

nmap -T4 -r 10.10.1.0/24

Full Access
Question # 23

Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?

A.

Metasploit

B.

Wireshark

C.

Maltego

D.

Cain & Abel

Full Access
Question # 24

Which of the following BEST describes the mechanism of a Boot Sector Virus?

A.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

C.

Overwrites the original MBR and only executes the new virus code

D.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

Full Access
Question # 25

What is the term coined for logging, recording and resolving events in a company?

A.

Internal Procedure

B.

Security Policy

C.

Incident Management Process

D.

Metrics

Full Access
Question # 26

Bob received this text message on his mobile phone: ““Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com””. Which statement below is true?

A.

This is probably a legitimate message as it comes from a respectable organization.

B.

Bob should write to scottsmelby@yahoo.com to verify the identity of Scott.

C.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

D.

This is a scam because Bob does not know Scott.

Full Access
Question # 27

Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:

invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24

TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

Obviously, it is not going through. What is the issue here?

A.

OS Scan requires root privileges

B.

The nmap syntax is wrong.

C.

The outgoing TCP/IP fingerprinting is blocked by the host firewall

D.

This is a common behavior for a corrupted nmap application

Full Access
Question # 28

Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

A.

Network security policy

B.

Remote access policy

C.

Information protection policy

D.

Access control policy

Full Access
Question # 29

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

A.

Port Scanning

B.

Hacking Active Directory

C.

Privilege Escalation

D.

Shoulder-Surfing

Full Access
Question # 30

Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

A.

Heartbleed Bug

B.

POODLE

C.

SSL/TLS Renegotiation Vulnerability

D.

Shellshock

Full Access
Question # 31

You’ve just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?

A.

Disable Key Services

B.

Create User Account

C.

Download and Install Netcat

D.

Disable IPTables

Full Access
Question # 32

LM hash is a compromised password hashing function. Which of the following parameters describe LM Hash:?

I – The maximum password length is 14 characters.

II – There are no distinctions between uppercase and lowercase.

III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.

A.

I

B.

I, II, and III

C.

II

D.

I and II

Full Access
Question # 33

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.). Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes from port 31337.

C.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D.

These packets were crafted by a tool, they were not created by a standard IP stack.

Full Access
Question # 34

On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?

A.

Risk Mitigation

B.

Emergency Plan Response (EPR)

C.

Disaster Recovery Planning (DRP)

D.

Business Impact Analysis (BIA)

Full Access
Question # 35

Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?

The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

A.

My Doom

B.

Astacheldraht

C.

R-U-Dead-Yet?(RUDY)

D.

LOIC

Full Access
Question # 36

Code injection is a form of attack in which a malicious user:

A.

Inserts text into a data field that gets interpreted as code

B.

Gets the server to execute arbitrary code using a buffer overflow

C.

Inserts additional code into the JavaScript running in the browser

D.

Gains access to the codebase on the server and inserts new code

Full Access
Question # 37

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

A.

Nmap

B.

Cain & Abel

C.

Nessus

D.

Snort

Full Access
Question # 38

Sam is working as s pen-tester in an organization in Houston. He performs penetration testing on IDS in order to find the different ways an attacker uses to evade the IDS. Sam sends a large amount of packets to the target IDS that generates alerts, which enable Sam to hide the real traffic. What type of method is Sam using to evade IDS?

A.

Denial-of-Service

B.

False Positive Generation

C.

Insertion Attack

D.

Obfuscating

Full Access
Question # 39

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

A.

Event logs on the PC

B.

Internet Firewall/Proxy log

C.

IDS log

D.

Event logs on domain controller

Full Access
Question # 40

Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

A.

Command Injection Attacks

B.

File Injection Attack

C.

Cross-Site Request Forgery (CSRF)

D.

Hidden Field Manipulation Attack

Full Access
Question # 41

Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?

A.

Bootrom Exploit

B.

iBoot Exploit

C.

Sandbox Exploit

D.

Userland Exploit

Full Access
Question # 42

Developers at your company are creating a web application which will be available for use by anyone on the Internet, The developers have taken the approach of implementing a Three-Tier Architecture for the web application. The developers are now asking you which network should the Presentation Tier (front- end web server) be placed in?

A.

isolated vlan network

B.

Mesh network

C.

DMZ network

D.

Internal network

Full Access
Question # 43

Which is the first step followed by Vulnerability Scanners for scanning a network?

A.

TCP/UDP Port scanning

B.

Firewall detection

C.

OS Detection

D.

Checking if the remote host is alive

Full Access
Question # 44

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

A.

None of these scenarios compromise the privacy of Alice’s data

B.

Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew’s attempt to access the stored data

C.

Hacker Harry breaks into the cloud server and steals the encrypted data

D.

Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

Full Access
Question # 45

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.

When users accessed any page, the applet ran and exploited many machines.

Which one of the following tools the hacker probably used to inject HTML code?

A.

Wireshark

B.

Ettercap

C.

Aircrack-ng

D.

Tcpdump

Full Access
Question # 46

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

A.

Data items and vulnerability scanning

B.

Interviewing employees and network engineers

C.

Reviewing the firewalls configuration

D.

Source code review

Full Access
Question # 47

Which of the following is the best countermeasure to encrypting ransomwares?

A.

Use multiple antivirus softwares

B.

Keep some generation of off-line backup

C.

Analyze the ransomware to get decryption key of encrypted data

D.

Pay a ransom

Full Access
Question # 48

Which of the following statements is TRUE?

A.

Sniffers operate on Layer 2 of the OSI model

B.

Sniffers operate on Layer 3 of the OSI model

C.

Sniffers operate on both Layer 2 & Layer 3 of the OSI model.

D.

Sniffers operate on the Layer 1 of the OSI model.

Full Access
Question # 49

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

A.

ICMP Echo scanning

B.

SYN/FIN scanning using IP fragments

C.

ACK flag probe scanning

D.

IPID scanning

Full Access
Question # 50

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A.

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

B.

Attempts by attackers to access the user and password information stored in the company's SQL database.

C.

Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

D.

Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

Full Access
Question # 51

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

What kind of Web application vulnerability likely exists in their software?

A.

Cross-site scripting vulnerability

B.

Cross-site Request Forgery vulnerability

C.

SQL injection vulnerability

D.

Web site defacement vulnerability

Full Access
Question # 52

Which protocol is used for setting up secured channels between two devices, typically in VPNs?

A.

IPSEC

B.

PEM

C.

SET

D.

PPP

Full Access
Question # 53

Emil uses nmap to scan two hosts using this command.

nmap -sS -T4 -O 192.168.99.1 192.168.99.7

He receives this output:

What is his conclusion?

A.

Host 192.168.99.7 is an iPad.

B.

He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7.

C.

Host 192.168.99.1 is the host that he launched the scan from.

D.

Host 192.168.99.7 is down.

Full Access
Question # 54

Which of the following is a protocol specifically designed for transporting event messages?

A.

SYSLOG

B.

SMS

C.

SNMP

D.

ICMP

Full Access
Question # 55

A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below:

According to the section from the report, which of the following choice is true?

A.

MAC Spoof attacks cannot be performed.

B.

Possibility of SQL Injection attack is eliminated.

C.

A stateful firewall can be used between intranet (LAN) and DMZ.

D.

There is access control policy between VLANs.

Full Access
Question # 56

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

What term is commonly used when referring to this type of testing?

A.

Fuzzing

B.

Randomizing

C.

Mutating

D.

Bounding

Full Access
Question # 57

An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

A.

Insufficient input validation

B.

Insufficient exception handling

C.

Insufficient database hardening

D.

Insufficient security management

Full Access
Question # 58

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

A.

A biometric system that bases authentication decisions on behavioral attributes.

B.

A biometric system that bases authentication decisions on physical attributes.

C.

An authentication system that creates one-time passwords that are encrypted with secret keys.

D.

An authentication system that uses passphrases that are converted into virtual passwords.

Full Access
Question # 59

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.

Which tool can be used to perform session splicing attacks?

A.

Whisker

B.

tcpsplice

C.

Burp

D.

Hydra

Full Access
Question # 60

An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

A.

Since the company's policy is all about Customer Service, he/she will provide information.

B.

Disregarding the call, the employee should hang up.

C.

The employee should not provide any information without previous management authorization.

D.

The employees can not provide any information; but, anyway, he/she will provide the name of the person in charge.

Full Access
Question # 61

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

A.

hping2 host.domain.com

B.

hping2 --set-ICMP host.domain.com

C.

hping2 -i host.domain.com

D.

hping2 -1 host.domain.com

Full Access
Question # 62

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

A.

Application Layer

B.

Data tier

C.

Presentation tier

D.

Logic tier

Full Access
Question # 63

Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication, which option below offers that?

A.

A new username and password

B.

A fingerprint scanner and his username and password.

C.

Disable his username and use just a fingerprint scanner.

D.

His username and a stronger password.

Full Access
Question # 64

Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

A.

Protect the payload and the headers

B.

Authenticate

C.

Encrypt

D.

Work at the Data Link Layer

Full Access
Question # 65

Which of the following security operations is used for determining the attack surface of an organization?

A.

Running a network scan to detect network services in the corporate DMZ

B.

Training employees on the security policy regarding social engineering

C.

Reviewing the need for a security clearance for each employee

D.

Using configuration management to determine when and where to apply security patches

Full Access
Question # 66

Which of the following business challenges could be solved by using a vulnerability scanner?

A.

Auditors want to discover if all systems are following a standard naming convention.

B.

A web server was compromised and management needs to know if any further systems were compromised.

C.

There is an emergency need to remove administrator access from multiple machines for an employee that quit.

D.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

Full Access
Question # 67

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

A.

The victim user must open the malicious link with an Internet Explorer prior to version 8.

B.

The session cookies generated by the application do not have the HttpOnly flag set.

C.

The victim user must open the malicious link with a Firefox prior to version 3.

D.

The web application should not use random tokens.

Full Access
Question # 68

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

A.

nessus +

B.

nessus *s

C.

nessus &

D.

nessus -d

Full Access
Question # 69

Which of the following lists are valid data-gathering activities associated with a risk assessment?

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

Full Access
Question # 70

Which of the following is a preventive control?

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Full Access
Question # 71

Which of the following programs is usually targeted at Microsoft Office products?

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Full Access
Question # 72

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?

A.

Using the Metasploit psexec module setting the SA / Admin credential

B.

Invoking the stored procedure xp_shell to spawn a Windows command shell

C.

Invoking the stored procedure cmd_shell to spawn a Windows command shell

D.

Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Full Access
Question # 73

Which type of scan is used on the eye to measure the layer of blood vessels?

A.

Facial recognition scan

B.

Retinal scan

C.

Iris scan

D.

Signature kinetics scan

Full Access
Question # 74

Which of the following is a symmetric cryptographic standard?

A.

DSA

B.

PKI

C.

RSA

D.

3DES

Full Access
Question # 75

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".

Which web applications vulnerability did the analyst discover?

A.

Cross-site request forgery

B.

Command injection

C.

Cross-site scripting

D.

SQL injection

Full Access
Question # 76

What is the main reason the use of a stored biometric is vulnerable to an attack?

A.

The digital representation of the biometric might not be unique, even if the physical characteristic is unique.

B.

Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.

C.

A stored biometric is no longer "something you are" and instead becomes "something you have".

D.

A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Full Access
Question # 77

A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?

A.

Cupp

B.

Nessus

C.

Cain and Abel

D.

John The Ripper Pro

Full Access
Question # 78

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

A.

IP Security (IPSEC)

B.

Multipurpose Internet Mail Extensions (MIME)

C.

Pretty Good Privacy (PGP)

D.

Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Full Access
Question # 79

How do employers protect assets with security policies pertaining to employee surveillance activities?

A.

Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

B.

Employers use informal verbal communication channels to explain employee monitoring activities to employees.

C.

Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

D.

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Full Access
Question # 80

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

A.

They provide a repeatable framework.

B.

Anyone can run the command line scripts.

C.

They are available at low cost.

D.

They are subject to government regulation.

Full Access
Question # 81

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name.

What should be the first step in security testing the client?

A.

Reconnaissance

B.

Enumeration

C.

Scanning

D.

Escalation

Full Access
Question # 82

Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?

A.

Service Oriented Architecture

B.

Object Oriented Architecture

C.

Lean Coding

D.

Agile Process

Full Access
Question # 83

During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded.

What type of firewall is inspecting outbound traffic?

A.

Application

B.

Circuit

C.

Stateful

D.

Packet Filtering

Full Access
Question # 84

You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk.

What is one of the first things you should do when given the job?

A.

Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.

B.

Interview all employees in the company to rule out possible insider threats.

C.

Establish attribution to suspected attackers.

D.

Start the wireshark application to start sniffing network traffic.

Full Access
Question # 85

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

What is this type of DNS configuration commonly called?

A.

Split DNS

B.

DNSSEC

C.

DynDNS

D.

DNS Scheme

Full Access
Question # 86

What is the process of logging, recording, and resolving events that take place in an organization?

A.

Incident Management Process

B.

Security Policy

C.

Internal Procedure

D.

Metrics

Full Access
Question # 87

This asymmetry cipher is based on factoring the product of two large prime numbers.

What cipher is described above?

A.

RSA

B.

SHA

C.

RC5

D.

MD5

Full Access
Question # 88

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation.

What command will help you to search files using Google as a search engine?

A.

site: target.com filetype:xls username password email

B.

inurl: target.com filename:xls username password email

C.

domain: target.com archive:xls username password email

D.

site: target.com file:xls username password email

Full Access
Question # 89

It is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers).

Which of the following vulnerabilities is being described?

A.

Shellshock

B.

Rootshock

C.

Rootshell

D.

Shellbash

Full Access
Question # 90

env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

A.

Display passwd content to prompt

B.

Removes the passwd file

C.

Changes all passwords in passwd

D.

Add new user to the passwd file

Full Access
Question # 91

After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

A.

Create User Account

B.

Disable Key Services

C.

Disable IPTables

D.

Download and Install Netcat

Full Access
Question # 92

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System.

What is the best approach?

A.

Install Cryptcat and encrypt outgoing packets from this server.

B.

Install and use Telnet to encrypt all outgoing traffic from this server.

C.

Use Alternate Data Streams to hide the outgoing packets from this server.

D.

Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.

Full Access
Question # 93

Which regulation defines security and privacy controls for Federal information systems and organizations?

A.

NIST-800-53

B.

PCI-DSS

C.

EU Safe Harbor

D.

HIPAA

Full Access
Question # 94

Which of the following is assured by the use of a hash?

A.

Integrity

B.

Confidentiality

C.

Authentication

D.

Availability

Full Access
Question # 95

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

A.

Maltego

B.

Cain & Abel

C.

Metasploit

D.

Wireshark

Full Access
Question # 96

Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.

What type of attack is outlined in the scenario?

A.

Watering Hole Attack

B.

Heartbleed Attack

C.

Shellshock Attack

D.

Spear Phising Attack

Full Access
Question # 97

What is the proper response for a NULL scan if the port is closed?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Full Access
Question # 98

When discussing passwords, what is considered a brute force attack?

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Full Access
Question # 99

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

Hybrid Attack

Full Access
Question # 100

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

A.

Attacker generates TCP SYN packets with random destination addresses towards a victim host

B.

Attacker floods TCP SYN packets with random source addresses towards a victim host

C.

Attacker generates TCP ACK packets with random source addresses towards a victim host

D.

Attacker generates TCP RST packets with random source addresses towards a victim host

Full Access
Question # 101

Identify the correct terminology that defines the above statement.

A.

Vulnerability Scanning

B.

Penetration Testing

C.

Security Policy Implementation

D.

Designing Network Security

Full Access
Question # 102

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

A.

wireshark --fetch ''192.168.8*''

B.

wireshark --capture --local masked 192.168.8.0 ---range 24

C.

tshark -net 192.255.255.255 mask 192.168.8.0

D.

sudo tshark -f''net 192 .68.8.0/24''

Full Access
Question # 103

What is GINA?

A.

Gateway Interface Network Application

B.

GUI Installed Network Application CLASS

C.

Global Internet National Authority (G-USA)

D.

Graphical Identification and Authentication DLL

Full Access
Question # 104

Which of the following statements about a zone transfer is correct? (Choose three.)

A.

A zone transfer is accomplished with the DNS

B.

A zone transfer is accomplished with the nslookup service

C.

A zone transfer passes all zone information that a DNS server maintains

D.

A zone transfer passes all zone information that a nslookup server maintains

E.

A zone transfer can be prevented by blocking all inbound TCP port 53 connections

F.

Zone transfers cannot occur on the Internet

Full Access
Question # 105

Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

A.

Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B.

He can send an IP packet with the SYN bit and the source address of his computer.

C.

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D.

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Full Access
Question # 106

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Full Access
Question # 107

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Full Access
Question # 108

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges.

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Full Access
Question # 109

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below:

You are hired to conduct security testing on their network.

You successfully brute-force the SNMP community string using a SNMP crack tool.

The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router. How would you proceed?

A.

Use the Cisco's TFTP default password to connect and download the configuration file

B.

Run a network sniffer and capture the returned traffic with the configuration file from the router

C.

Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

D.

Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Full Access
Question # 110

Password cracking programs reverse the hashing process to recover passwords. (True/False.)

A.

True

B.

False

Full Access