New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium GAQM CPEH-001 Dumps Questions Answers

Page: 1 / 28
Total 736 questions

Certified Professional Ethical Hacker (CPEH) Questions and Answers

Question 1

You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts?

Options:

A.

CHNTPW

B.

Cain & Abel

C.

SET

D.

John the Ripper

Buy Now
Question 2

Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of vulnerability.

What is this style of attack called?

Options:

A.

zero-day

B.

zero-hour

C.

zero-sum

D.

no-day

Question 3

It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again.

Which of the following terms best matches the definition?

Options:

A.

Ransomware

B.

Adware

C.

Spyware

D.

Riskware

Question 4

When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

What proxy tool will help you find web vulnerabilities?

Options:

A.

Burpsuite

B.

Maskgen

C.

Dimitry

D.

Proxychains

Question 5

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to " ", that the user is directed to a phishing site.

Which file does the attacker need to modify?

Options:

A.

Hosts

B.

Sudoers

C.

Boot.ini

D.

Networks

Question 6

What is the benefit of performing an unannounced Penetration Testing?

Options:

A.

The tester will have an actual security posture visibility of the target network.

B.

Network security would be in a "best state" posture.

C.

It is best to catch critical infrastructure unpatched.

D.

The tester could not provide an honest analysis.

Question 7

You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk.

What is one of the first things you should do when given the job?

Options:

A.

Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.

B.

Interview all employees in the company to rule out possible insider threats.

C.

Establish attribution to suspected attackers.

D.

Start the wireshark application to start sniffing network traffic.

Question 8

Which of the following is not a Bluetooth attack?

Options:

A.

Bluedriving

B.

Bluejacking

C.

Bluesmacking

D.

Bluesnarfing

Question 9

After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

Options:

A.

Create User Account

B.

Disable Key Services

C.

Disable IPTables

D.

Download and Install Netcat

Question 10

In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known as wardriving.

Which Algorithm is this referring to?

Options:

A.

Wired Equivalent Privacy (WEP)

B.

Wi-Fi Protected Access (WPA)

C.

Wi-Fi Protected Access 2 (WPA2)

D.

Temporal Key Integrity Protocol (TKIP)

Question 11

What is the best description of SQL Injection?

Options:

A.

It is an attack used to gain unauthorized access to a database.

B.

It is an attack used to modify code in an application.

C.

It is a Man-in-the-Middle attack between your SQL Server and Web App Server.

D.

It is a Denial of Service Attack.

Question 12

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Options:

A.

The host is likely a printer.

B.

The host is likely a Windows machine.

C.

The host is likely a Linux machine.

D.

The host is likely a router.

Question 13

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

Options:

A.

TCP

B.

UPD

C.

ICMP

D.

UPX

Question 14

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration?

alert tcp any any -> 192.168.100.0/24 21 (msg: "FTP on the network!";)

Options:

A.

An Intrusion Detection System

B.

A firewall IPTable

C.

A Router IPTable

D.

FTP Server rule

Question 15

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.

What wireshark filter will show the connections from the snort machine to kiwi syslog machine?

Options:

A.

tcp.dstport==514 && ip.dst==192.168.0.150

B.

tcp.srcport==514 && ip.src==192.168.0.99

C.

tcp.dstport==514 && ip.dst==192.168.0.0/16

D.

tcp.srcport==514 && ip.src==192.168.150

Question 16

A common cryptographical tool is the use of XOR. XOR the following binary values:

10110001

00111010

Options:

A.

10001011

B.

11011000

C.

10011101

D.

10111100

Question 17

A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous penetration tests. What should you do?

Options:

A.

Share reports, after NDA is signed

B.

Share full reports, not redacted

C.

Decline but, provide references

D.

Share full reports with redactions

Question 18

Name two software tools used for OS guessing? (Choose two.)

Options:

A.

Nmap

B.

Snadboy

C.

Queso

D.

UserInfo

E.

NetBus

Question 19

Which of the following command line switch would you use for OS detection in Nmap?

Options:

A.

-D

B.

-O

C.

-P

D.

–X

Question 20

Which of the following tools would MOST LIKELY be used to perform security audit on various of forms of network systems?

Options:

A.

Intrusion Detection System

B.

Vulnerability scanner

C.

Port scanner

D.

Protocol analyzer

Question 21

The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500. EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss Expectancy (ALE).

Options:

A.

$62.5

B.

$250

C.

$125

D.

$65.2

Question 22

In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

Options:

A.

Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.

B.

Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.

C.

Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addresses.

D.

Vulnerabilities in the application layer are greatly different from IPv4.

Question 23

Destination unreachable administratively prohibited messages can inform the hacker to what?

Options:

A.

That a circuit level proxy has been installed and is filtering traffic

B.

That his/her scans are being blocked by a honeypot or jail

C.

That the packets are being malformed by the scanning software

D.

That a router or other packet-filtering device is blocking traffic

E.

That the network is functioning normally

Question 24

........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.

Fill in the blank with appropriate choice.

Options:

A.

Collision Attack

B.

Evil Twin Attack

C.

Sinkhole Attack

D.

Signal Jamming Attack

Question 25

What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you’ve compromised and gained root access to?

Options:

A.

Install Cryptcat and encrypt outgoing packets from this server.

B.

Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.

C.

Use Alternate Data Streams to hide the outgoing packets from this server.

Question 26

Which of the following is a form of penetration testing that relies heavily on human interaction and often involves tricking people into breaking normal security procedures?

Options:

A.

Social Engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Question 27

You’ve just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?

Options:

A.

Disable Key Services

B.

Create User Account

C.

Download and Install Netcat

D.

Disable IPTables

Question 28

Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

Options:

A.

Network security policy

B.

Remote access policy

C.

Information protection policy

D.

Access control policy

Question 29

Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?

Options:

A.

Windows

B.

Unix

C.

Linux

D.

OS X

Question 30

Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network's SSID and password and you hear them both clearly. What do you do with this information?

Options:

A.

Nothing, but suggest to him to change the network's SSID and password.

B.

Sell his SSID and password to friends that come to your house, so it doesn't slow down your network.

C.

Log onto to his network, after all it's his fault that you can get in.

D.

Only use his network when you have large downloads so you don't tax your own network.

Question 31

While performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser opens and shows an animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all his funds on the bank was gone. What Web browser-based security vulnerability got exploited by the hacker?

Options:

A.

Clickjacking

B.

Web Form Input Validation

C.

Cross-Site Request Forgery

D.

Cross-Site Scripting

Question 32

Which of the following is designed to verify and authenticate individuals taking part in a data exchange within an enterprise?

Options:

A.

SOA

B.

Single-Sign On

C.

PKI

D.

Biometrics

Question 33

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

Options:

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Question 34

Which of the following identifies the three modes in which Snort can be configured to run?

Options:

A.

Sniffer, Packet Logger, and Network Intrusion Detection System

B.

Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System

C.

Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System

D.

Sniffer, Packet Logger, and Host Intrusion Prevention System

Question 35

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

Options:

A.

Passive

B.

Reflective

C.

Active

D.

Distributive

Question 36

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

Options:

A.

Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

B.

Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

C.

Network firewalls can prevent attacks if they are properly configured.

D.

Network firewalls cannot prevent attacks because they are too complex to configure.

Question 37

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Options:

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Question 38

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

Options:

A.

Man-in-the-middle attack

B.

Brute-force attack

C.

Dictionary attack

D.

Session hijacking

Question 39

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?

Options:

A.

Fraggle

B.

MAC Flood

C.

Smurf

D.

Tear Drop

Question 40

Which of the following parameters enables NMAP's operating system detection feature?

Options:

A.

NMAP -sV

B.

NMAP -oS

C.

NMAP -sR

D.

NMAP -O

Question 41

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

Options:

A.

Microsoft Security Baseline Analyzer

B.

Retina

C.

Core Impact

D.

Microsoft Baseline Security Analyzer

Question 42

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

Options:

A.

nessus +

B.

nessus *s

C.

nessus &

D.

nessus -d

Question 43

Which set of access control solutions implements two-factor authentication?

Options:

A.

USB token and PIN

B.

Fingerprint scanner and retina scanner

C.

Password and PIN

D.

Account and password

Question 44

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".

Which web applications vulnerability did the analyst discover?

Options:

A.

Cross-site request forgery

B.

Command injection

C.

Cross-site scripting

D.

SQL injection

Question 45

One way to defeat a multi-level security solution is to leak data via

Options:

A.

a bypass regulator.

B.

steganography.

C.

a covert channel.

D.

asymmetric routing.

Question 46

Which of the following is a detective control?

Options:

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Question 47

Which of the following examples best represents a logical or technical control?

Options:

A.

Security tokens

B.

Heating and air conditioning

C.

Smoke and fire alarms

D.

Corporate security policy

Question 48

Which type of access control is used on a router or firewall to limit network activity?

Options:

A.

Mandatory

B.

Discretionary

C.

Rule-based

D.

Role-based

Question 49

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

VPath injection

D.

XML denial of service issues

Question 50

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Question 51

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

Options:

A.

Sender's public key

B.

Receiver's private key

C.

Receiver's public key

D.

Sender's private key

Question 52

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Options:

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Question 53

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Options:

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

Question 54

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Options:

A.

Legal, performance, audit

B.

Audit, standards based, regulatory

C.

Contractual, regulatory, industry

D.

Legislative, contractual, standards based

Question 55

SOAP services use which technology to format information?

Options:

A.

SATA

B.

PCI

C.

XML

D.

ISDN

Question 56

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

Options:

A.

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

B.

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

C.

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

D.

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Question 57

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

Options:

A.

Say no; the friend is not the owner of the account.

B.

Say yes; the friend needs help to gather evidence.

C.

Say yes; do the job for free.

D.

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Question 58

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

Options:

A.

WebBugs

B.

WebGoat

C.

VULN_HTML

D.

WebScarab

Question 59

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

Options:

A.

Birthday attack

B.

Plaintext attack

C.

Meet in the middle attack

D.

Chosen ciphertext attack

Question 60

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.

Hping

B.

Traceroute

C.

TCP ping

D.

Broadcast ping

Question 61

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

Options:

A.

Say nothing and continue with the security testing.

B.

Stop work immediately and contact the authorities.

C.

Delete the pornography, say nothing, and continue security testing.

D.

Bring the discovery to the financial organization's human resource department.

Question 62

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

Options:

A.

Key registry

B.

Recovery agent

C.

Directory

D.

Key escrow

Question 63

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

Options:

A.

Investigate based on the maintenance schedule of the affected systems.

B.

Investigate based on the service level agreements of the systems.

C.

Investigate based on the potential effect of the incident.

D.

Investigate based on the order that the alerts arrived in.

Question 64

Which of the following guidelines or standards is associated with the credit card industry?

Options:

A.

Control Objectives for Information and Related Technology (COBIT)

B.

Sarbanes-Oxley Act (SOX)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Payment Card Industry Data Security Standards (PCI DSS)

Question 65

What did the following commands determine?

Options:

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Question 66

What is a NULL scan?

Options:

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with an illegal packet size

Question 67

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

Options:

A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32-bit encryption.

D.

Effective length is 7 characters.

Question 68

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

Options:

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Question 69

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

Options:

A.

210.1.55.200

B.

10.1.4.254

C.

10..1.5.200

D.

10.1.4.156

Question 70

During an Xmas scan what indicates a port is closed?

Options:

A.

No return response

B.

RST

C.

ACK

D.

SYN

Question 71

Study the following log extract and identify the attack.

Options:

A.

Hexcode Attack

B.

Cross Site Scripting

C.

Multiple Domain Traversal Attack

D.

Unicode Directory Traversal Attack

Question 72

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Options:

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

Question 73

One of your team members has asked you to analyze the following SOA record.

What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

Options:

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Question 74

Which DNS resource record can indicate how long any "DNS poisoning" could last?

Options:

A.

MX

B.

SOA

C.

NS

D.

TIMEOUT

Question 75

Which command can be used to show the current TCP/IP connections?

Options:

A.

Netsh

B.

Netstat

C.

Net use connection

D.

Net use

Question 76

Identify the correct terminology that defines the above statement.

Options:

A.

Vulnerability Scanning

B.

Penetration Testing

C.

Security Policy Implementation

D.

Designing Network Security

Question 77

Which type of sniffing technique is generally referred as MiTM attack?

Options:

A.

Password Sniffing

B.

ARP Poisoning

C.

Mac Flooding

D.

DHCP Sniffing

Question 78

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

Options:

A.

Overloading Port Address Translation

B.

Dynamic Port Address Translation

C.

Dynamic Network Address Translation

D.

Static Network Address Translation

Question 79

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Question 80

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Options:

A.

list server=192.168.10.2 type=all

B.

is-d abccorp.local

C.

Iserver 192.168.10.2-t all

D.

List domain=Abccorp.local type=zone

Question 81

Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

Options:

A.

Command Injection Attacks

B.

File Injection Attack

C.

Cross-Site Request Forgery (CSRF)

D.

Hidden Field Manipulation Attack

Question 82

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

Options:

A.

Botnet Attack

B.

Spear Phishing Attack

C.

Advanced Persistent Threats

D.

Rootkit Attack

Question 83

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

Options:

A.

Time Keeper

B.

NTP

C.

PPP

D.

OSPP

Question 84

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

Options:

A.

SQL injection attack

B.

Cross-Site Scripting (XSS)

C.

LDAP Injection attack

D.

Cross-Site Request Forgery (CSRF)

Question 85

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

Options:

A.

Reverse Social Engineering

B.

Tailgating

C.

Piggybacking

D.

Announced

Question 86

Why containers are less secure that virtual machines?

Options:

A.

Host OS on containers has a larger surface attack.

B.

Containers may full fill disk space of the host.

C.

A compromise container may cause a CPU starvation of the host.

D.

Containers are attached to the same virtual network.

Question 87

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

He identified this when the IDS alerted for malware activities in the network.

What should Bob do to avoid this problem?

Options:

A.

Disable unused ports in the switches

B.

Separate students in a different VLAN

C.

Use the 802.1x protocol

D.

Ask students to use the wireless network

Question 88

You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?

Options:

A.

Double quotation

B.

Backslash

C.

Semicolon

D.

Single quotation

Question 89

You are the Network Admin, and you get a compliant that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

Options:

A.

Traffic is Blocked on UDP Port 53

B.

Traffic is Blocked on UDP Port 80

C.

Traffic is Blocked on UDP Port 54

D.

Traffic is Blocked on UDP Port 80

Question 90

The collection of potentially actionable, overt, and publicly available information is known as

Options:

A.

Open-source intelligence

B.

Human intelligence

C.

Social intelligence

D.

Real intelligence

Question 91

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

Options:

A.

OPPORTUNISTICTLS STARTTLS

B.

FORCETLS

C.

UPGRADETLS

Question 92

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

Options:

A.

Function Testing

B.

Dynamic Testing

C.

Static Testing

D.

Fuzzing Testing

Question 93

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient’s consent, similar to email spamming?

Options:

A.

Bluesmacking

B.

Bluesniffing

C.

Bluesnarfing

D.

Bluejacking

Question 94

What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

Options:

A.

Cross-site request forgery

B.

Cross-site scripting

C.

Session hijacking

D.

Server side request forgery

Question 95

Which of the following program infects the system boot sector and the executable files at the same time?

Options:

A.

Stealth virus

B.

Polymorphic virus

C.

Macro virus

D.

Multipartite Virus

Question 96

Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company.

What is the main security risk associated with this scenario?

Options:

A.

External script contents could be maliciously modified without the security team knowledge

B.

External scripts have direct access to the company servers and can steal the data from there

C.

There is no risk at all as the marketing services are trustworthy

D.

External scripts increase the outbound company data traffic which leads greater financial losses

Question 97

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?

Options:

A.

Fuzzy-testing the code

B.

Third party running the code

C.

Sandboxing the code

D.

String validating the code

Question 98

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

What kind of Web application vulnerability likely exists in their software?

Options:

A.

Cross-site scripting vulnerability

B.

Cross-site Request Forgery vulnerability

C.

SQL injection vulnerability

D.

Web site defacement vulnerability

Question 99

Which method of password cracking takes the most time and effort?

Options:

A.

Brute force

B.

Rainbow tables

C.

Dictionary attack

D.

Shoulder surfing

Question 100

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

Options:

A.

The document can be sent to the accountant using an exclusive USB for that document.

B.

The CFO can use a hash algorithm in the document once he approved the financial statements.

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.

D.

The CFO can use an excel file with a password.

Question 101

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Options:

A.

msfpayload

B.

msfcli

C.

msfencode

D.

msfd

Question 102

In Risk Management, how is the term "likelihood" related to the concept of "threat?"

Options:

A.

Likelihood is the probability that a threat-source will exploit a vulnerability.

B.

Likelihood is a possible threat-source that may exploit a vulnerability.

C.

Likelihood is the likely source of a threat that could exploit a vulnerability.

D.

Likelihood is the probability that a vulnerability is a threat-source.

Question 103

Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?

Options:

A.

Scalability

B.

Speed

C.

Key distribution

D.

Security

Question 104

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

Options:

A.

hping2 host.domain.com

B.

hping2 --set-ICMP host.domain.com

C.

hping2 -i host.domain.com

D.

hping2 -1 host.domain.com

Question 105

Which of the following security operations is used for determining the attack surface of an organization?

Options:

A.

Running a network scan to detect network services in the corporate DMZ

B.

Training employees on the security policy regarding social engineering

C.

Reviewing the need for a security clearance for each employee

D.

Using configuration management to determine when and where to apply security patches

Question 106

If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

Options:

A.

Spoof Scan

B.

TCP Connect scan

C.

TCP SYN

D.

Idle Scan

Question 107

Due to a slowdown of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

Options:

A.

All of the employees would stop normal work activities

B.

IT department would be telling employees who the boss is

C.

Not informing the employees that they are going to be monitored could be an invasion of privacy.

D.

The network could still experience traffic slow down.

Question 108

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

What term is commonly used when referring to this type of testing?

Options:

A.

Fuzzing

B.

Randomizing

C.

Mutating

D.

Bounding

Question 109

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file.

What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Options:

A.

Protocol analyzer

B.

Intrusion Prevention System (IPS)

C.

Network sniffer

D.

Vulnerability scanner

Question 110

Look at the following output. What did the hacker accomplish?

Options:

A.

The hacker used whois to gather publicly available records for the domain.

B.

The hacker used the "fierce" tool to brute force the list of available domains.

C.

The hacker listed DNS records on his own domain.

D.

The hacker successfully transferred the zone and enumerated the hosts.

Page: 1 / 28
Total 736 questions