1
Q
Which of the following can the administrator do to verify that a tape backup can be recovered in
its entirety?
A. Read the first 512 bytes of the tape
B. Perform a full restore
C. Read the last 512 bytes of the tape
D. Restore a random file
A
B. Perform a full restore
2
Q
A company’s security policy states that all Web browsers must automatically delete their HTTP
browser cookies upon terminating. What sort of security breach is this policy attempting to
mitigate?
A. Attempts by attackers to access the user and password information stored in the company’s SQL
database.
B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s
authentication credentials.
C. Attempts by attackers to access password stored on the user’s computer without the user’s
knowledge.
D. Attempts by attackers to determine the user’s Web browser usage patterns, including when sites
were visited and for how long.
A
B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s
authentication credentials.
3
Q
To maintain compliance with regulatory requirements, a security audit of the systems on a
network must be performed to determine their compliance with security policies. Which one of the
following tools would most likely be used in such an audit?
A. Protocol analyzer
B. Intrusion Detection System
C. Port scanner
D. Vulnerability scanner
A
D. Vulnerability scanner
4
Q
You are tasked to perform a penetration test. While you are performing information gathering, you
find an employee list in Google. You find the receptionist’s email, and you send her an email
changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf
with information. She reads your email and sends back a pdf with links. You exchange the pdf
links with your malicious links (these links contain malware) and send back the modified pdf,
saying that the links don’t work. She reads your email, opens the links, and her machine gets
infected. You now have access to the company network.
What testing method did you use?
A. Social engineering
B. Piggybacking
C. Tailgating
D. Eavesdropping
A
A. Social engineering
5
Q
Your team has won a contract to infiltrate an organization. The company wants to have the attack
be as realistic as possible; therefore, they did not provide any information besides the company
name. What should be the first step in security testing the client?
A. Reconnaissance
B. Escalation
C. Scanning
D. Enumeration
A
A. Reconnaissance
6
Q
A medium-sized healthcare IT business decides to implement a risk management strategy. Which
of the following is NOT one of the five basic responses to risk?
A. Accept
B. Delegate
C. Mitigate
D. Avoid
A
B. Delegate
7
Q
OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the
tool and the correct syntax to connect to a web server?
A. openssl s_client -site www.website.com:443
B. openssl_client -site www.website.com:443
C. openssl_client -connect www.website.com:443
D. openssl s_client -connect www.website.com:443
A
D. openssl s_client -connect www.website.com:443
8
Q
Which of the following describes the characteristics of a Boot Sector Virus?
A. Modifies directory table entries so that directory entries point to the virus code instead of the actual
program.
B. Moves the MBR to another location on the RAM and copies itself to the original location of the
MBR.
C. Moves the MBR to another location on the hard disk and copies itself to the original location of the
MBR.
D. Overwrites the original MBR and only executes the new virus code.
A
C. Moves the MBR to another location on the hard disk and copies itself to the original location of the
MBR.
9
Q
John is an incident handler at a financial institution. His steps in a recent incident are not up to the
standards of the company. John frequently forgets some steps and procedures while handling
responses as they are very stressful to perform. Which of the following actions should John take
to overcome this problem with the least administrative effort?
A. Increase his technical skills
B. Read the incident manual every time it occurs
C. Select someone else to check the procedures
D. Create an incident checklist
A
D. Create an incident checklist
10
Q
Which of the following is the least-likely physical characteristic to be used in biometric control that
supports a large company?
A. Voice
B. Fingerprints
C. Iris patterns
D. Height and Weight
A
D. Height and Weight
11
Q
While using your bank’s online servicing you notice the following string in the URL bar:
“http: // www. MyPersonalBank. com/
account?id=368940911028389&Damount=10980&Camount=21” You observe that if you modify the Damount&Camount values and submit the request, that data on the web page reflects the
changes.
Which type of vulnerability is present on this site?
A. Cookie Tampering
B. SQL Injection
C. Web Parameter Tampering
D. XSS Reflection
A
C. Web Parameter Tampering
12
Q
It is an entity or event with the potential to adversely impact a system through unauthorized
acces, destruction, disclosure, denial of service or modification of data. Which of the following
terms best matches the definition?
A. Attack
B. Vulnerability
C. Threat
D. Risk
A
C. Threat
13
Q
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS)
flaws in software applications?
A. Use security policies and procedures to define and implement proper security settings.
B. Use digital certificates to authenticate a server prior to sending data.
C. Validate and escape all information sent to a server.
D. Verify acces right before allowing access to protected information and UI control
A
C. Validate and escape all information sent to a server.
14
Q
Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He
begins by running a scan which looks for common misconfigurations and outdated software
versions. Which of the following tools is he most likely using?
A. Armitage
B. Nikto
C. Metasploit
D. Nmap
A
B. Nikto
15
Q
Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?
A. He needs to gain physical access.
B. He must perform privilege escalation.
C. He already has admin privileges, as shown by the “501” at the end of the SID.
D. He needs to disable antivirus protection.
A
B. He must perform privilege escalation.
16
Q
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He
is determined that the application is vulnerable to SQL injection and has introduced conditional
timing delays into injected queries to determine whether they are successful. What type of SQL
injection is Elliot most likely performing?
A. NoSQL injection
B. Blind SQL injection
C. Union-based SQL injection
D. Error-based SQL injection
A
B. Blind SQL injection
17
Q
You have successfully logged on a Linux system. You want to now cover your track. Your login
attempt may be logged on several files located in /var/log. Which file does NOT belong to the list:
A. wtmp
B. user.log
C. btmp
D. auth.log
A
B. user.log
18
Q
When you return to your desk after a lunch break, you notice a strange email in your inbox. The
sender is someone you did business with recently, but the subject line has strange characters in
it. What should you do?
A. Forward the message to your company’s security response team and permanently delete the
message from your computer.
B. Reply to the sender and ask them for more information about the message contents.
C. Delete the email and pretend nothing happened.
D. Forward the message to your supervisor and ask for her opinion on how to handle the situation.
A
A. Forward the message to your company’s security response team and permanently delete the
message from your computer.
19
Q
The “gray box testing” methodology enforces what kind of restriction?
A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is completely known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. Only the external operation of a system is accessible to the tester.
A
C. The internal operation of a system is only partly accessible to the tester.
20
Q
Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a
Linux server occuring during non-business hours. After further examination of all login activities, it
is notices that none of the logins have occurred during typical work hours. A Linux administrator
who is investigating this problem realized the system time on the Linux server is wrong by more
than twelve hours. What protocol used on Linux serves to synchronize the time has stopped
working?
A. NTP
B. TimeKeeper
C. OSPF
D. PPP
A
A. NTP
21
Q
The “black box testing” methodology enforces what kind of restriction?
A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is completely known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. Only the external operation of a system is accessible to the tester.
A
D. Only the external operation of a system is accessible to the tester.
22
Q
>NMAP -sn 192.168.11.200-215 The NMAP command above performs which of the following? A. A port scan B. A ping scan C. An operating system detect D. A trace sweep
A
A. A port scan
23
Q
An LDAP directory can be used to store information similar to a SQL database. LDAP uses a
____ database structure instead of SQL’s ______ structure. Because of this, LDAP has difficulty
representing many-to-one relationships.
A. Strict, Abstract
B. Simple, Complex
C. Relational, Hierarchical
D. Hierarchical, Relational
A
D. Hierarchical, Relational
24
Q
What is the purpose of DNS AAAA record? A. Address prefix record B. Address database record C. Authorization, Authentication and Auditing record D. IPv6 address resolution record
A
D. IPv6 address resolution record
25
Which of the following statements is FALSE with respect to Intrusion Detection Systems?
A. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic
B. Intrusion Detection Systems can examine the contents of the data in context of the network
protocol
C. Intrusion Detection Systems can be configured to distinguish specific content in network packets
D. Intrusion Detection Systems require constant update of the signature library
A. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic
26
You are performing a penetration test for a client and have gained shell access to a Windows
machine on the internal network. You intend to retrieve all DNS records for the internal domain. If
the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would
you type at the nslookup prompt to attempt a zone transfer?
A. list domain=abccorp.local type=zone
B. Is -d accorp.local
C. list server=192.168.10.2 type=all
D. Iserver 192.168.10.2 -t all
B. Is -d accorp.local
27
```
Which command can be used to show the current TCP/IP connections?
A. Netsh
B. Net use connection
C. Netstat
D. Net use
```
C. Netstat
28
You are performing information gathering for an important penetration test. You have found pdf,
doc, and images in your objective. You decide to extract metadata from these files and analyze it.
What tool will help you with the task?
A. Armitage
B. Dmitry
C. Metagoofil
D. cdpsnarf
C. Metagoofil
29
You have several plain-text firewall logs that you must review to evaluate network traffic. You
know that in order to do fast, efficient searches of the logs you must use regular expressions.
Which command-line utility are you most likely to use?
A. Relational Database
B. MS Excel
C. Notepad
D. Grep
D. Grep
30
This phase will increase the odds of success in later phases of the penetration test. It is also the
very first step in Information Gathering and it will tell you the "landscape" looks like. What is the
most important phase of ethical hacking in which you need to spend a considerable amount of
time?
A. network mapping
B. footprinting
C. escalating privileges
D. gaining access
B. footprinting
31
When you are collecting information to perform a data analysis, Google commands are very
useful to find sensitive information and files. These files may contain information about
passwords, system functions, or documentation. What command will help you to search files
using Google as a search engine?
A. site: target.com filetype:xls username password email
B. domain: target.com archieve:xls username password email
C. inurl: target.com filename:xls username password email
D. site: target.com file:xls username password email
A. site: target.com filetype:xls username password email
32
You have successfully gained access to your client's internal network and successfully comprised
a Linux server which is part of the internal IP network. You want to know which Microsoft
Windows workstations have file sharing enabled. Which port would you see listening on these
Windows machines in the network?
A. 161
B. 3389
C. 445
D. 1433
C. 445
33
```
Which of the following is assured by the use of a hash?
A. Authentication
B. Confidentially
C. Availability
D. Integrity
```
D. Integrity
34
```
Risks=Threats x Vulnerabilities is referred to as the:
A. BIA equation
B. Disaster recovery formula
C. Risk equation
D. Threat assessment
```
C. Risk equation
35
The tools which receive event logs from servers, network equipment, and applications, and
perform analysis and correlation on those logs, and can generate alarms for security relevant
issues, are known as what?
A. Network Sniffer
B. Vulnerability Scanner
C. Intrusion Prevention Server
D. Security Incident and Event Monitoring
D. Security Incident and Event Monitoring
36
You have just been hired to perform a pen test on an organization that has been subjected to a
large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally
eliminate risk. What is one of the first things you should do when given the job?
A. Establish attribution to suspected attackers
B. Interview all employees in the company to rule out possible insider threats
C. Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to
acceptable levels.
D. Start the wireshark application to start sniffing network traffic.
C. Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to
acceptable levels.
37
```
The purpose of a _______is to deny network access to local area networks and other information
assets by unauthorized wireless devices.
A. Wireless Analyzer
B. Wireless Jammer
C. Wireless Access Point
D. Wireless Access Control List
```
D. Wireless Access Control List
38
What does the -oX flag do in an Nmap scan?
A. Perform an Xmas scan
B. Perform an eXpress scan
C. Output the results in truncated format to the screen
D. Output the results in XML format to a file
D. Output the results in XML format to a file
39
```
During an Xmas scan, what indicates a port is closed?
A. RST
B. SYN
C. ACK
D. No return response
```
D. No return response
40
While performing online banking using a Web browser, a user receives an email that contains a
link to an interesting Web site. When the user clicks on the link, another Web browser session
starts and displays a video of cats playing a piano. The next business day, the user receives what
looks like an email from his bank, indicating that his bank account has been accessed from a
foreign country. The email asks the user to call his bank and verify the authorization of a funds
transfer that took place. What Web browser-based security vulnerability was exploited to
compromise the user?
A. Clickjacking
B. Cross-Sire Scripting
C. Cross-Sire Request Forgery
D. Web form input validation
C. Cross-Sire Request Forgery
41
Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He
is looking for an IDS with the following characteristics: -Verifies success or failure of an attack -
Monitors system activities - Detects attacks that a network-based IDS fails to detect. - Near real-
time detection and response - Does not require additional hardware - Lower entry cost. Which
type of IDS is best suited for Tremp's requirements?
A. Network-based IDS
B. Open source-based IDS
C. Host-based IDS
D. Gateway-based IDS
C. Host-based IDS
42
Which of the following parameters describe LM Hash:
I - The maximum password length is 14 characters
II - There are no distinctions between uppercase and lowercase
III - The password is split into two 7-byte halves
A. II
B. I
C. I, II, and III
D. I and II
C. I, II, and III
43
```
Which of the following is not a Bluetooth attack?
A. Bluesnarfing
B. Bluedriving
C. Bluesmacking
D. Bluejacking
```
B. Bluedriving
44
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable
organization focused on improving the security of software. What item is the primary concern on
OWASP's Top Ten Project Most Critical Web Application Security Risks?
A. Cross Site Scripting
B. Injection
C. Path disclosure
D. Cross Site Request Forgery
B. Injection
45
A pen-tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and
library are required to allow the NIC to work in promiscous mode?
A. Winprom
B. Libpcap
C. Winpsw
D. Winpcap
D. Winpcap
46
Analyst is investigating proxy logs and found out that one of the internal user visited website
storing suspicious java scripts. After opening one of them, he noticed that it is very hard to
understand the code and that all codes differ from the typical java script. What is the name of this
technique to hide the code and extend analysis time?
A. Steganography
B. Code encoding
C. Obfuscation
D. Encryption
C. Obfuscation
47
During the security audit of IT processes, an IS auditor found that there were no documented
security procedures. What should the IS auditor do?
A. Create a procedures document
B. Terminate the audit
C. Conduct compliance testing
D. Identify and evaluate existing practices
D. Identify and evaluate existing practices
48
You just set up a security system in your network. In what kind of system would you find the
following string of characters used as a rule within its configuration? alert tcp any any
->192.168.100.0/24 21 (msg:""FTP on the network!"";)
A. a firewall IPTable
B. FTP Server rule
C. A Router IPTable
D. An Intrusion Detection System
D. An Intrusion Detection System
49
While scanning with Nmap, Patin found several hosts which have the IP ID of incremental
sequences. He then decided to conduct: nmap -Pn -p -sl kiosk.adobe.com www.riaa.com
kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-sl"
with Nmap?
A. Conduct stealth scan
B. Conduct ICMP scan
C. Conduct IDLE scan
D. Conduct silent scan
C. Conduct IDLE scan
50
```
What is the process of logging, recording, and resolving events that take place in an
organization?
A. Incident Management Process
B. Security Policy
C. Internal Procedure
D. Metrics
```
A. Incident Management Process
51
During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised
web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What
type of firewall is inspecting outbound traffic?
A. Circuit
B. Stateful
C. Application
D. Packet Filtering
C. Application
52
The change of a hard drive failure is once every three years. The cost to buy a new hard drive is
$300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a
further 4 hours to restore the database from the last backup to the new hard disk. The recovery
person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is
the closest approximate cost of this replacement and recovery operation per year?
A. $1320
B. $440
C. $100
D. $146
D. $146
53
An IT employee got a call from one our best customers. The caller wanted to know about the
company's network infrastructure, systems, and team. New opportunities of integration are in
sight for both company and customer. What should this employee do?
A. The employee can not provide any information: but, anyway, he/she will provide the name of the
person in charge
B. Since the company's policy is all about Customer Service. he/she will provide information
C. The employee should not provide any information without previous management authorization
D. Disregarding the call, the employee should hand up
C. The employee should not provide any information without previous management authorization
54
```
You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a
sequence number?
A. ICMP
B. TCP
C. UPX
D. UPD
```
B. TCP
55
What is a "Collision attack" in cryptography?
A. Collision attacks try to get the public key
B. Collision attacks try to break the hash into three parts to get the plaintext value
C. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the
private key
D. Collision attacks try to find two inputs producing the same hash
D. Collision attacks try to find two inputs producing the same hash
56
```
Which of the following is the successor of SSL?
A. GRE
B. IPSec
C. RSA
D. TLS
```
D. TLS
57
This international organization regulates billions of transactions daily and provides security
guidelines to protect personally identifiable information (PII). These security controls provide a
baseline and prevent low-level hackers sometimes known as script kiddies from causing a data
breach. Which of the following organization is being described?
A. Institute of Electrical and Electronics Engineers(IEEE)
B. International Security Industry Organization (ISIO)
C. Center for Disease Control (CDC)
D. Payment Card Industry (PCI)
D. Payment Card Industry (PCI)
58
Which of the following DoS tools is used to attack target web applications by starvation of
available sessions on the web server? The tool keeps sessions at halt using never-ending POST
transmissions and sending an arbitrarily large content-length header value.
A. Stacheldraht
B. LOIC
C. R-U-Dead-Yet? (RUDY)
D. MyDoom
C. R-U-Dead-Yet? (RUDY)
59
```
WPA2 uses AES for wireless data encryption at which of the following encryption levels?
A. 64 bit and CCMP
B. 128 bit and CRC
C. 128 bit and CCMP
D. 128 bi and TKIP
```
C. 128 bit and CCMP
60
You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet
10.1.4.0/23.
Which of the following IP addresses could be leased as a result of the new configuration?
A. 10.1.4.254
B. 10.1.255.200
C. 10.1.5.200
D. 10.1.4.156
C. 10.1.5.200
61
Your company was hired by a small healthcare provider to perform a technician assessment on
the network. What is the best approach for discovering vulnerabilities on a Windows-based
computer?
A. Create a disk image of a clean Windows installation
B. Use the built-in Windows Update tool
C. Use a scan tool like Nessus
D. Check MITRE.org for the latest of CVE findings
C. Use a scan tool like Nessus
62
You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job
which will run the capture against a specific set of IPs. - 192.168.8.0/24. What command you
would use?
A. tshark -net 192.255.255.255 mask 192.168.8.0
B. wireshark -capture -local -masked 192.168.8.0 -range 24
C. sudo tshark -f "net 192.168.8.0/24"
D. wireshark -fetch "192.168.8/*"
B. wireshark -capture -local -masked 192.168.8.0 -range 24
63
Initiating an attack against targeted business and organizations, threat actors compromise a
carefully selected website by inserting an exploit resulting in malware infection. The attackers run
exploits on well- known and trusted sites likely to be visited by their targeted victims. Aside from
carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits
that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense
against these exploits. What type of attack is outlined in the scenario?
A. Heartbeat Attack
B. Spear Phishing Attack
C. Shellshock Attack
D. Watering Hole Attack
D. Watering Hole Attack
64
What kind of detection techniques is being used in antivirus softwares that identifies malware by
collecting data from multiple protected systems and instead of analyzing files locally it's made on
the provider's environment.
A. Behavioral based
B. Heuristics based
C. Honypot based
D. Cloud based
D. Cloud based
65
Which of these options is the most secure procedure for storing backup tapes?
A. In a climate controlled facility offsite
B. In a cool dry environment
C. On a different floor in the same building
D. Inside the data center for faster retrieval in a fireproof safe
A. In a climate controlled facility offsite
66
```
Which security strategy requires using several, varying methods to protect IT systems against
attacks?
A. Defense in depth
B. Covert channels
C. Exponential backoff algorithm
D. Three-way handshake
```
A. Defense in depth
67
```
Which utility will tell you in real time which ports are listening or in another state?
A. Netsat
B. Loki
C. Nmap
D. TCPView
```
D. TCPView
68
Which of the following statements regarding ethical hacking is incorrect?
A. An organization should use ethical hackers who do not sell vendor hardware/software or other
consulting services
B. Ethical hackers should never use tools or methods that have the potential of exploiting
vulnerabilities in an organization's systems
C. Ethical hacking should not involve writing to or modifying the target systems.
D. Testing should be remotely performed offsite.
B. Ethical hackers should never use tools or methods that have the potential of exploiting
vulnerabilities in an organization's systems
69
A common cryptographical tool is the use of XOR. XOR the following binary values: 10110001
00111010
A. 10011101
B. 10001011
C. 10111100
D. 11011000
B. 10001011
70
Why containers are less secure that virtual machine?
A. Host OS on containers has a larger surface attack.
B. Containers are attached to the same virtual network.
C. Containers may fulfill disk space of the host.
D. A compromise container may cause a CPU starvation of the host.
D. A compromise container may cause a CPU starvation of the host.
71
```
Which of the following is a component of a risk assessment?
A. Administrative safeguards
B. Physical security
C. Logical interface
D. DMZ
```
A. Administrative safeguards
72
Which of the following is the structure designed to verify and authenticate the identity of
individuals within the enterprise taking part in a data exchange?
A. PKI
B. SOA
C. biometrics
D. single sign on
A. PKI
73
You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?
A. Block the blacklist IP’s @ Firewall
B. Update the latest signatures on you IDS/IPS
C. Clean the Malware which are trying to communicate with the External Blacklist IP’s
D. Block the Blacklist IP’s @ Firewall as well as Clean the Malware which are trying to communicate with the External Blacklist IP’s.
D. Block the Blacklist IP’s @ Firewall as well as Clean the Malware which are trying to communicate with the External Blacklist IP’s.
74
A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and
192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?
A. NMAP -P 192.168.1-5.
B. NMAP -P 192.168.0.0/16
C. NMAP -P 192.168.1.0,2.0,3.0,4.0,5.0
D. NMAP -P 192.168.1/17
A. NMAP -P 192.168.1-5.
75
A penetration tester is attempting to scan an internal corporate network from the internet without
alerting the border sensor. Which is the most efficient technique should the tester consider using?
A. Spoofing an IP address
B. Tunneling scan over SSH
C. Tunneling over high port numbers
D. Scanning using fragmented IP packets
B. Tunneling scan over SSH
76
```
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch
would the hacker use?
A. -sO
B. -sP
C. -sS
D. -sU
```
A. -sO
77
ICMP ping and ping sweeps are used to check for active systems and to check
A. if ICMP ping traverses a firewall.
B. the route that the ICMP ping took.
C. the location of the switchport in relation to the ICMP ping.
D. the number of hops an ICMP ping takes to reach a destination.
A. if ICMP ping traverses a firewall.
78
```
Which command line switch would be used in NMAP to perform operating system detection?
A. -OS
B. -sO
C. -sP
D. -O
```
D. -O
79
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses
the nslookup interactive mode for the search. Which command should the hacker type into the
command shell to request the appropriate records?
A. Locate type=ns
B. Request type=ns
C. Set type=ns
D. Transfer type=ns
C. Set type=ns
80
A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may
contain connectivity passwords that can be decoded with which of the following?
A. Cupp
B. Nessus
C. Cain and Abel
D. John The Ripper Pro
C. Cain and Abel
81
```
An NMAP scan of a server shows port 25 is open. What risk could this pose?
A. Open printer sharing
B. Web portal data leak
C. Clear text authentication
D. Active mail relay
```
D. Active mail relay
82
When utilizing technical assessment methods to assess the security posture of a network, which
of the following techniques would be most effective in determining whether end-user security
training would be beneficial?
A. Vulnerability scanning
B. Social engineering
C. Application security testing
D. Network sniffing
B. Social engineering
83
A company has publicly hosted web applications and an internal Intranet protected by a firewall.
Which technique will help protect against enumeration?
A. Reject all invalid email received via SMTP.
B. Allow full DNS zone transfers.
C. Remove A records for internal hosts.
D. Enable null session pipes.
C. Remove A records for internal hosts.
84
```
Which of the following techniques will identify if computer files have been changed?
A. Network sniffing
B. Permission sets
C. Integrity checking hashes
D. Firewall alerts
```
C. Integrity checking hashes
85
What are two things that are possible when scanning UDP ports? (Choose two)
A. A reset will be returned
B. An ICMP message will be returned
C. The four-way handshake will not be completed
D. An RFC 1294 message will be returned
E. Nothing
B. An ICMP message will be returned
C. The four-way handshake will not be completed
E. Nothing
86
```
What does a type 3 code 13 represent?(Choose two.
A. Echo request
B. Destination unreachable
C. Network unreachable
D. Administratively prohibited
E. Port unreachable
F. Time exceeded
```
B. Destination
D. Administratively
87
Destination unreachable administratively prohibited messages can inform the hacker to what?
A. That a circuit level proxy has been installed and is filtering traffic
B. That his/her scans are being blocked by a honeypot or jail
C. That the packets are being malformed by the scanning software
D. That a router or other packet-filtering device is blocking traffic
E. That the network is functioning normally
D. That a router or other packet-filtering device is blocking traffic
88
```
Which of the following Nmap commands would be used to perform a stack fingerprinting?
A. Nmap -O -p80
B. Nmap -hU -Q
C. Nmap -sT -p
D. Nmap -u -o -w2
E. Nmap -sS -0p target
```
A. Nmap -O -p80
89
(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic
TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.). Snort
has been used to capture packets on the network. On studying the packets, the penetration tester
finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?
What is odd about this attack? Choose the best answer.
A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
B. This is back orifice activity as the scan comes form port 31337.
C. The attacker wants to avoid creating a sub-carries connection that is not normally valid.
D. These packets were crafted by a tool, they were not created by a standard IP stack.
B. This is back orifice activity as the scan comes form port 31337.
90
```
Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up
by and IDS?
A. SYN scan
B. ACK scan
C. RST scan
D. Connect scan
E. FIN scan
```
D. Connect scan
91
```
Name two software tools used for OS guessing? (Choose two.
A. Nmap
B. Snadboy
C. Queso
D. UserInfo
E. NetBus
```
A. Nmap
C. Queso
92
Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle
database server has been compromised and customer information along with financial data has
been stolen. The financial loss will be estimated in millions of dollars if the database gets into the
hands of competitors. Sandra wants to report this crime to the law enforcement agencies
immediately. Which organization coordinates computer crime investigations throughout the
United States?
```
A. NDCA
B. NICP
C. CIRP
D. NPC
E. CIA
```
D. NPC
93
Which among the following can be used to get this output?
A. A Bo2k system query.
B. nmap protocol scan
C. A sniffer
D. An SNMP walk
D. An SNMP walk
94
You are manually conducting Idle Scanning using Hping2. During your scanning you notice that
almost every query increments the IPID regardless of the port being queried. One or two of the
queries cause the IPID to increment by more than one value. Why do you think this occurs?
A. The zombie you are using is not truly idle.
B. A stateful inspection firewall is resetting your queries.
C. Hping2 cannot be used for idle scanning.
D. These ports are actually open on the target system.
A. The zombie you are using is not truly idle.
95
While performing ping scans into a target network you get a frantic call from the organization's
security team. They report that they are under a denial of service attack. When you stop your
scan, the smurf attack event stops showing up on the organization's IDS monitor. How can you
modify your scan to prevent triggering this event in the IDS?
A. Scan more slowly.
B. Do not scan the broadcast IP.
C. Spoof the source IP address.
D. Only scan the Windows systems.
B. Do not scan the broadcast IP.
96
Neil notices that a single address is generating traffic from its port 500 to port 500 of several other
machines on the network. This scan is eating up most of the network bandwidth and Neil is
concerned. As a security professional, what would you infer from this scan?
A. It is a network fault and the originating machine is in a network loop
B. It is a worm that is malfunctioning or hardcoded to scan on port 500
C. The attacker is trying to detect machines on the network which have SSL enabled
D. The attacker is trying to determine the type of VPN implementation and checking for IPSec
D. The attacker is trying to determine the type of VPN implementation and checking for IPSec
97
A distributed port scan operates by:
A. Blocking access to the scanning clients by the targeted host
B. Using denial-of-service software against a range of TCP ports
C. Blocking access to the targeted host by each of the distributed scanning clients
D. Having multiple computers each scan a small number of ports, then correlating the results
D. Having multiple computers each scan a small number of ports, then correlating the results
98
```
An nmap command that includes the host specification of 202.176.56-57.* will scan _______
number of hosts.
A. 2
B. 256
C. 512
D. Over 10, 000
```
C. 512
99
A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of
the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO
packets had an ICMP ID:0 and Seq:0. What can you infer from this information?
A. The packets were sent by a worm spoofing the IP addresses of 47 infected sites
B. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system
C. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq
number
D. 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0
and Seq 0
B. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system
100
```
Which of the following commands runs snort in packet logger mode?
A. ./snort -dev -h ./log
B. ./snort -dev -l ./log
C. ./snort -dev -o ./log
D. ./snort -dev -p ./log
```
B. ./snort -dev -l ./log
101
```
What operating system is the target host running based on the open ports shown above?
A. Windows XP
B. Windows 98 SE
C. Windows NT4 Server
D. Windows 2000 Server
```
D. Windows 2000 Server
102
```
Which of the following command line switch would you use for OS detection in Nmap?
A. -D
B. -O
C. -P
D. -X
```
B. -O
103
Why would an attacker want to perform a scan on port 137?
A. To discover proxy servers on a network
B. To disrupt the NetBIOS SMB service on the target host
C. To check for file and print sharing on Windows systems
D. To discover information about a target host using NBTSTAT
D. To discover information about a target host using NBTSTAT
104
```
Which Type of scan sends a packets with no flags set? Select the Answer
A. Open Scan
B. Null Scan
C. Xmas Scan
D. Half-Open Scan
```
B. Null Scan
105
Sandra has been actively scanning the client network on which she is doing a vulnerability
assessment test. While conducting a port scan she notices open ports in the range of 135 to 139.
What protocol is most likely to be listening on those ports?
A. Finger
B. FTP
C. Samba
D. SMB
D. SMB
106
SNMP is a protocol used to query hosts, servers, and devices about performance or health status
data. This protocol has long been used by hackers to gather great amount of information about
remote hosts. Which of the following features makes this possible? (Choose two)
A. It used TCP as the underlying protocol.
B. It uses community string that is transmitted in clear text.
C. It is susceptible to sniffing.
D. It is used by all network devices on the market.
B. It uses community string that is transmitted in clear text.
D. It is used by all network devices on the market.
107
Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.
Bob is willing to share his knowledge with those who are willing to learn, and many have
expressed their interest in learning from him. However, this knowledge has a risk associated with
it, as it can be used for malevolent attacks as well.
In this context, what would be the most affective method to bridge the knowledge gap between
the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the
best answer)
A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and
safeguards.
B. Hire more computer security monitoring personnel to monitor computer systems and networks.
C. Make obtaining either a computer security certification or accreditation easier to achieve so more
individuals feel that they are a part of something larger than life.
D. Train more National Guard and reservist in the art of computer security to help out in times of
emergency or crises.
A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and
safeguards.
108
Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool
"SIDExtractor". Here is the output of the SIDs:
From the above list identify the user account with System Administrator privileges.
```
A. John
B. Rebecca
C. Sheela
D. Shawn
E. Somia
F. Chang
G. Micah
```
F. Chang
109
Which address translation scheme would allow a single public IP address to always correspond
to a single machine on an internal network, allowing "server publishing"?
A. Overloading Port Address Translation
B. Dynamic Port Address Translation
C. Dynamic Network Address Translation
D. Static Network Address Translation
D. Static Network Address Translation
110
What is the following command used for?
net use \targetipc$ "" /u:""
A. Grabbing the etc/passwd file
B. Grabbing the SAM
C. Connecting to a Linux computer through Samba.
D. This command is used to connect as a null session
E. Enumeration of Cisco routers
D. This command is used to connect as a null session
111
One of your team members has asked you to analyze the following SOA record.
What is the TTL?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600
604800 2400.
```
A. 200303028
B. 3600
C. 604800
D. 2400
E. 60
F. 4800
```
D. 2400
112
MX record priority increases as the number increases. (True/False.)
A. True
B. False
B. False
113
```
Which of the following tools can be used to perform a zone transfer?
A. NSLookup
B. Finger
C. Dig
D. Sam Spade
E. Host
F. Netcat
G. Neotrace
```
A. NSLookup
C. Dig
D. Sam Spade
E. Host
114
Under what conditions does a secondary name server request a zone transfer from a primary
name server?
A. When a primary SOA is higher that a secondary SOA
B. When a secondary SOA is higher that a primary SOA
C. When a primary name server has had its service restarted
D. When a secondary name server has had its service restarted
E. When the TTL falls to zero
A. When a primary SOA is higher that a secondary SOA
115
```
What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through
the firewall if your network is comprised of Windows NT, 2000, and XP?(Choose all that apply.
A. 110
B. 135
C. 139
D. 161
E. 445
F. 1024
```
B. 135
C. 139
E. 445
116
Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web
site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer
the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According
to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was
removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!
From his office, which was directly connected to Mason Insurance's internal network, Joseph
surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No
changes were apparent. Joseph called a friend of his at his home to help troubleshoot the
problem. The Web site appeared defaced when his friend visited using his DSL connection. So,
while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance
web site. To help make sense of this problem, Joseph decided to access the Web site using his
dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem
to dial up the same ISP used by Smith. After his modem connected, he quickly typed
www.masonins.com in his browser to reveal the following web page:
H@cker Mess@ge:
Y0u @re De@d! Fre@ks!
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal
network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire
against the entire Web site, and determined that every system file and all the Web content on the
server were intact. How did the attacker accomplish this hack?
A. ARP spoofing
B. SQL injection
C. DNS poisoning
D. Routing table injection
C. DNS poisoning
117
```
Which of the following tools are used for enumeration? (Choose three.)
A. SolarWinds
B. USER2SID
C. Cheops
D. SID2USER
E. DumpSec
```
B. USER2SID
D. SID2USER
E. DumpSec
118
What did the following commands determine?
C: user2sid \earth guest
S-1-5-21-343818398-789336058-1343024091-501
C:sid2user 5 21 343818398 789336058 1343024091 500
Name is Joe
Domain is EARTH
A. That the Joe account has a SID of 500
B. These commands demonstrate that the guest account has NOT been disabled
C. These commands demonstrate that the guest account has been disabled
D. That the true administrator is Joe
E. Issued alone, these commands prove nothing
D. That the true administrator is Joe
119
Which definition among those given below best describes a covert channel?
A. A server program using a port that is not well known.
B. Making use of a protocol in a way it is not intended to be used.
C. It is the multiplexing taking place on a communication link.
D. It is one of the weak channels used by WEP which makes it insecure.
B. Making use of a protocol in a way it is not intended to be used.
120
Susan has attached to her company's network. She has managed to synchronize her boss's
sessions with that of the file server. She then intercepted his traffic destined for the server,
changed it the way she wanted to and then placed it on the server in his home directory.
What kind of attack is Susan carrying on?
A. A sniffing attack
B. A spoofing attack
C. A man in the middle attack
D. A denial of service attack
C. A man in the middle attack
121
Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to
use these tools in his lab and is now ready for real world exploitation. He was able to effectively
intercept communications between the two entities and establish credentials with both sides of
the connections. The two remote ends of the communication never notice that Eric is relaying the
information between the two. What would you call this attack?
A. Interceptor
B. Man-in-the-middle
C. ARP Proxy
D. Poisoning Attack
B. Man-in-the-middle
122
Eve is spending her day scanning the library computers. She notices that Alice is using a
computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice
machine. From the command prompt, she types the following command.
For /f "tokens=1 %%a in (hackfile.txt) do net use *
\\10.1.2.3\c$ /user:"Administrator" %%a
What is Eve trying to do?
A. Eve is trying to connect as an user with Administrator privileges
B. Eve is trying to enumerate all users with Administrative privileges
C. Eve is trying to carry out a password crack for user Administrator
D. Eve is trying to escalate privilege of the null user to that of Administrator
C. Eve is trying to carry out a password crack for user Administrator
123
Which of the following represents the initial two commands that an IRC client sends to join an IRC
network?
A. USER, NICK
B. LOGIN, NICK
C. USER, PASS
D. LOGIN, USER
A. USER, NICK
124
Null sessions are un-authenticated connections (not using a username or password.) to an NT or
2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?
A. 137 and 139
B. 137 and 443
C. 139 and 443
D. 139 and 445
D. 139 and 445
125
The following is an entry captured by a network IDS.You are assigned the task of analyzing this
entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel
processor. You figure that the attacker is attempting a buffer overflow attack. You also notice
"/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?
A. The buffer overflow attack has been neutralized by the IDS
B. The attacker is creating a directory on the compromised machine
C. The attacker is attempting a buffer overflow attack and has succeeded
D. The attacker is attempting an exploit that launches a command-line shell
D. The attacker is attempting an exploit that launches a command-line shell
126
```
Based on the following extract from the log of a compromised machine, what is the hacker really
trying to steal?
A. har.txt
B. SAM file
C. wwwroot
D. Repair file
```
B. SAM file
127
As a securing consultant, what are some of the things you would recommend to a company to
ensure DNS security? Select the best answers.
A. Use the same machines for DNS and other applications
B. Harden DNS servers
C. Use split-horizon operation for DNS servers
D. Restrict Zone transfers
E. Have subnet diversity between DNS servers
B. Harden DNS servers
C. Use split-horizon operation for DNS servers
D. Restrict Zone transfers
E. Have subnet diversity between DNS servers
128
Why would you consider sending an email to an address that you know does not exist within the
company you are performing a Penetration Test for?
A. To determine who is the holder of the root account
B. To perform a DoS
C. To create needless SPAM
D. To illicit a response back that will reveal information about email servers and how they treat
undeliverable mail
E. To test for virus protection
D. To illicit a response back that will reveal information about email servers and how they treat
undeliverable mail
129
```
QUESTION 657
What tool can crack Windows SMB passwords simply by listening to network traffic? Select the
best answer.
A. This is not possible
B. Netbus
C. NTFSDOS
D. L0phtcrack
```
D. L0phtcrack
130
A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on
his network. What are some things he can do to prevent it? Select the best answers.
A. Use port security on his switches.
B. Use a tool like ARPwatch to monitor for strange ARP activity.
C. Use a firewall between all LAN segments.
D. If you have a small network, use static ARP entries.
E. Use only static IP addresses on all PC's.
Answer: ABD
A. Use port security on his switches.
B. Use a tool like ARPwatch to monitor for strange ARP activity.
D. If you have a small network, use static ARP entries.
131
```
Peter, a Network Administrator, has come to you looking for advice on a tool that would help him
perform SNMP enquires over the network.
Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.
A. SNMPUtil
B. SNScan
C. SNMPScan
D. Solarwinds IP Network Browser
E. NMap
```
A. SNMPUtil
B. SNScan
D. Solarwinds IP
132
Bob is doing a password assessment for one of his clients. Bob suspects that security policies
are not in place. He also suspects that weak passwords are probably the norm throughout the
company he is evaluating. Bob is familiar with password weaknesses and key loggers. Which of
the following options best represents the means that Bob can adopt to retrieve passwords from
his clients hosts and servers?
A. Hardware, Software, and Sniffing.
B. Hardware and Software Keyloggers.
C. Passwords are always best obtained using Hardware key loggers.
D. Software only, they are the most effective.
A. Hardware, Software, and Sniffing.
133
Which of the following algorithms can be used to guarantee the integrity of messages being sent,
in transit, or stored? (Choose the best answer)
A. symmetric algorithms
B. asymmetric algorithms
C. hashing algorithms
D. integrity algorithms
C. hashing algorithms
134
A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the
SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.
However, he is unable to capture any logons though he knows that other users are logging in.
What do you think is the most likely reason behind this?
A. There is a NIDS present on that segment.
B. Kerberos is preventing it.
C. Windows logons cannot be sniffed.
D. L0phtcrack only sniffs logons to web servers.
B. Kerberos is preventing it.
135
You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using
LM Brute force hacking tool for decryption.
What encryption algorithm will you be decrypting?
A. MD4
B. DES
C. SHA
D. SSL
B. DES
136
In the context of password security, a simple dictionary attack involves loading a dictionary file (a
text file full of dictionary words) into a cracking application such as L0phtCrack or John the
Ripper, and running it against user accounts located by the application. The larger the word and
word fragment selection, the more effective the dictionary attack is. The brute force method is the
most inclusive, although slow. It usually tries every possible letter and number combination in its
automated exploration. If you would use both brute force and dictionary methods combined
together to have variation of words, what would you call such an attack?
A. Full Blown
B. Thorough
C. Hybrid
D. BruteDics
C. Hybrid
137
What is the algorithm used by LM for Windows2000 SAM?
A. MD4
B. DES
C. SHA
D. SSL
B. DES
138
E-mail scams and mail fraud are regulated by which of the following?
A. 18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers
B. 18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices
C. 18 U.S.C. par. 1362 Communication Lines, Stations, or Systems
D. 18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral
Communication
A. 18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers
139
Which of the following LM hashes represent a password of less than 8 characters? (Select 2)
```
A. BA810DBA98995F1817306D272A9441BB
B. 44EFCE164AB921CQAAD3B435B51404EE
C. 0182BD0BD4444BF836077A718CCDF409
D. CEC52EB9C8E3455DC2265B23734E0DAC
E. B757BF5C0D87772FAAD3B435B51404EE
F. E52CAC67419A9A224A3B108F3FA6CB6D
```
B. 44EFCE164AB921CQAAD3B435B51404EE
E. B757BF5C0D87772FAAD3B435B51404EE
140
Which of the following is the primary objective of a rootkit?
A. It opens a port to provide an unauthorized service
B. It creates a buffer overflow
C. It replaces legitimate programs
D. It provides an undocumented opening in a program
C. It replaces legitimate programs
141
This kind of password cracking method uses word lists in combination with numbers and special
characters:
A. Hybrid
B. Linear
C. Symmetric
D. Brute Force
A. Hybrid
142
_________ is a tool that can hide processes from the process list, can hide files, registry entries,
and intercept keystrokes.
```
A. Trojan
B. RootKit
C. DoS tool
D. Scanner
E. Backdoor
```
B. RootKit
143
What is the BEST alternative if you discover that a rootkit has been installed on one of your
computers?
A. Copy the system files from a known good system
B. Perform a trap and trace
C. Delete the files and try to determine the source
D. Reload from a previous backup
E. Reload from known good media
E. Reload from known good media
144
What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?
A. All are hacking tools developed by the legion of doom
B. All are tools that can be used not only by hackers, but also security personnel
C. All are DDOS tools
D. All are tools that are only effective against Windows
E. All are tools that are only effective against Linux
C. All are DDOS tools
145
How can you determine if an LM hash you extracted contains a password that is less than 8
characters long?
A. There is no way to tell because a hash cannot be reversed
B. The right most portion of the hash is always the same
C. The hash always starts with AB923D
D. The left most portion of the hash is always the same
E. A portion of the hash will be all 0's
B. The right most portion of the hash is always the same
146
When discussing passwords, what is considered a brute force attack?
A. You attempt every single possibility until you exhaust all possible combinations or discover the
password
B. You threaten to use the rubber hose on someone unless they reveal their password
C. You load a dictionary of words into your cracking program
D. You create hashes of a large number of words and compare it with the encrypted passwords
E. You wait until the password expires
A. You attempt every single possibility until you exhaust all possible combinations or discover the
password
147
Which of the following are well know password-cracking programs?(Choose all that apply.
```
A. L0phtcrack
B. NetCat
C. Jack the Ripper
D. Netbus
E. John the Ripper
```
A. L0phtcrack
E. John the Ripper
148
Password cracking programs reverse the hashing process to recover passwords.(True/False.)
A. True
B. False
B. False
149
What is GINA?
A. Gateway Interface Network Application
B. GUI Installed Network Application CLASS
C. Global Internet National Authority (G-USA)
D. Graphical Identification and Authentication DLL
D. Graphical Identification and Authentication DLL
150
Every company needs a formal written document which spells out to employees precisely what
they are allowed to use the company's systems for, what is prohibited, and what will happen to
them if they break the rules. Two printed copies of the policy should be given to every employee
as soon as possible after they join the organization. The employee should be asked to sign one
copy, which should be safely filed by the company. No one should be allowed to use the
company's computer systems until they have signed the policy in acceptance of its terms.
What is this document called?
A. Information Audit Policy (IAP)
B. Information Security Policy (ISP)
C. Penetration Testing Policy (PTP)
D. Company Compliance Policy (CCP)
B. Information Security Policy (ISP)
151
Which type of sniffing technique is generally referred as MiTM attack?
A. Password Sniffing
B. ARP Poisoning
C. Mac Flooding
D. DHCP Sniffing
B. ARP Poisoning
152
This is an attack that takes advantage of a web site vulnerability in which the site displays content
that includes un-sanitized user-provided data.
See foobar
What is this attack?
A. Cross-site-scripting attack
B. SQL Injection
C. URL Traversal attack
D. Buffer Overflow attack
A. Cross-site-scripting attack
New CEH V10
flashcards
Decks in class (1)
# Cards
