Independence Day Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil 312-50v10 Certified Ethical Hacker Exam (C|EH v10) Exam Practice Test

Page: 1 / 74
Total 744 questions

Certified Ethical Hacker Exam (C|EH v10) Questions and Answers

Question 1

Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

Options:

A.

SYN scan

B.

ACK scan

C.

RST scan

D.

Connect scan

E.

FIN scan

Question 2

Which of the following will perform an Xmas scan using NMAP?

Options:

A.

nmap -sA 192.168.1.254

B.

nmap -sP 192.168.1.254

C.

nmap -sX 192.168.1.254

D.

nmap -sV 192.168.1.254

Question 3

Which of the following BEST describes the mechanism of a Boot Sector Virus?

Options:

A.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

C.

Overwrites the original MBR and only executes the new virus code

D.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

Question 4

What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you’ve compromised and gained root access to?

Options:

A.

Install Cryptcat and encrypt outgoing packets from this server.

B.

Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.

C.

Use Alternate Data Streams to hide the outgoing packets from this server.

Question 5

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crime investigations throughout the United States?

Options:

A.

NDCA

B.

NICP

C.

CIRP

D.

NPC

E.

CIA

Question 6

Name two software tools used for OS guessing? (Choose two.)

Options:

A.

Nmap

B.

Snadboy

C.

Queso

D.

UserInfo

E.

NetBus

Question 7

........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.

Fill in the blank with appropriate choice.

Options:

A.

Collision Attack

B.

Evil Twin Attack

C.

Sinkhole Attack

D.

Signal Jamming Attack

Question 8

Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:

invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24

TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

Obviously, it is not going through. What is the issue here?

Options:

A.

OS Scan requires root privileges

B.

The nmap syntax is wrong.

C.

The outgoing TCP/IP fingerprinting is blocked by the host firewall

D.

This is a common behavior for a corrupted nmap application

Question 9

An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.

Options:

A.

2

B.

256

C.

512

D.

Over 10, 000

Question 10

Study the log below and identify the scan type.

Options:

A.

nmap -sR 192.168.1.10

B.

nmap -sS 192.168.1.10

C.

nmap -sV 192.168.1.10

D.

nmap -sO -T 192.168.1.10

Question 11

Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

Options:

A.

Network security policy

B.

Remote access policy

C.

Information protection policy

D.

Access control policy

Question 12

Which Type of scan sends a packets with no flags set?

Options:

A.

Open Scan

B.

Null Scan

C.

Xmas Scan

D.

Half-Open Scan

Question 13

What type of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money, cryptocurrency, etc. to the operators of the malware to remove the restriction?

Options:

A.

Ransomware

B.

Riskware

C.

Adware

D.

Spyware

Question 14

A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?

Options:

A.

Scanning

B.

Reconnaissance

C.

Escalation

D.

Enumeration

Question 15

Backing up data is a security must. However, it also has certain level of risks when mishandled. Which of the following is the greatest threat posed by backups?

Options:

A.

A backup is the source of Malware or illicit information

B.

A backup is incomplete because no verification was performed

C.

A backup is unavailable during disaster recovery

D.

An unencrypted backup can be misplaced or stolen

Question 16

First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?

Options:

A.

Delete the email and pretend nothing happened.

B.

Forward the message to your supervisor and ask for her opinion on how to handle the situation.

C.

Forward the message to your company’s security response team and permanently delete the messagefrom your computer.

D.

Reply to the sender and ask them for more information about the message contents.

Question 17

You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it.

What tool will help you with the task?

Options:

A.

Metagoofil

B.

Armitage

C.

Dimitry

D.

cdpsnarf

Question 18

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine.

What nmap script will help you with this task?

Options:

A.

http-methods

B.

http enum

C.

http-headers

D.

http-git

Question 19

Which of the following is assured by the use of a hash?

Options:

A.

Integrity

B.

Confidentiality

C.

Authentication

D.

Availability

Question 20

Under the "Post-attack Phase and Activities", it is the responsibility of the tester to restore the systems to a pre-test state.

Which of the following activities should not be included in this phase? (see exhibit)

Exhibit:

Options:

A.

III

B.

IV

C.

III and IV

D.

All should be included.

Question 21

You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn't get any response back.

What is happening?

Options:

A.

ICMP could be disabled on the target server.

B.

The ARP is disabled on the target server.

C.

TCP/IP doesn't support ICMP.

D.

You need to run the ping command with root privileges.

Question 22

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

Options:

A.

Immediately stop work and contact the proper legal authorities.

B.

Copy the data to removable media and keep it in case you need it.

C.

Confront the client in a respectful manner and ask her about the data.

D.

Ignore the data and continue the assessment until completed as agreed.

Question 23

A common cryptographical tool is the use of XOR. XOR the following binary values:

10110001

00111010

Options:

A.

10001011

B.

11011000

C.

10011101

D.

10111100

Question 24

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name.

What should be the first step in security testing the client?

Options:

A.

Reconnaissance

B.

Enumeration

C.

Scanning

D.

Escalation

Question 25

Which of the following is the greatest threat posed by backups?

Options:

A.

A backup is the source of Malware or illicit information.

B.

A backup is unavailable during disaster recovery.

C.

A backup is incomplete because no verification was performed.

D.

An un-encrypted backup can be misplaced or stolen.

Question 26

This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.

Which of the following organizations is being described?

Options:

A.

Payment Card Industry (PCI)

B.

Center for Disease Control (CDC)

C.

Institute of Electrical and Electronics Engineers (IEEE)

D.

International Security Industry Organization (ISIO)

Question 27

It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.

Which of the following regulations best matches the description?

Options:

A.

HIPAA

B.

ISO/IEC 27002

C.

COBIT

D.

FISMA

Question 28

What is the best description of SQL Injection?

Options:

A.

It is an attack used to gain unauthorized access to a database.

B.

It is an attack used to modify code in an application.

C.

It is a Man-in-the-Middle attack between your SQL Server and Web App Server.

D.

It is a Denial of Service Attack.

Question 29

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation.

What command will help you to search files using Google as a search engine?

Options:

A.

site: target.com filetype:xls username password email

B.

inurl: target.com filename:xls username password email

C.

domain: target.com archive:xls username password email

D.

site: target.com file:xls username password email

Question 30

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

Options:

A.

PKI

B.

single sign on

C.

biometrics

D.

SOA

Question 31

What is a "Collision attack" in cryptography?

Options:

A.

Collision attacks try to find two inputs producing the same hash.

B.

Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.

C.

Collision attacks try to get the public key.

D.

Collision attacks try to break the hash into three parts to get the plaintext value.

Question 32

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.

What testing method did you use?

Options:

A.

Social engineering

B.

Tailgating

C.

Piggybacking

D.

Eavesdropping

Question 33

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

Options:

A.

Birthday attack

B.

Plaintext attack

C.

Meet in the middle attack

D.

Chosen ciphertext attack

Question 34

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

Options:

A.

Say no; the friend is not the owner of the account.

B.

Say yes; the friend needs help to gather evidence.

C.

Say yes; do the job for free.

D.

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Question 35

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Options:

A.

Timing attack

B.

Replay attack

C.

Memory trade-off attack

D.

Chosen plain-text attack

Question 36

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

Options:

A.

Penetration testing

B.

Social engineering

C.

Vulnerability scanning

D.

Access control list reviews

Question 37

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Question 38

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

Options:

A.

RC4

B.

RC5

C.

MD4

D.

MD5

Question 39

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

Options:

A.

Sarbanes-Oxley Act (SOX)

B.

Gramm-Leach-Bliley Act (GLBA)

C.

Fair and Accurate Credit Transactions Act (FACTA)

D.

Federal Information Security Management Act (FISMA)

Question 40

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

Options:

A.

Say nothing and continue with the security testing.

B.

Stop work immediately and contact the authorities.

C.

Delete the pornography, say nothing, and continue security testing.

D.

Bring the discovery to the financial organization's human resource department.

Question 41

Advanced encryption standard is an algorithm used for which of the following?

Options:

A.

Data integrity

B.

Key discovery

C.

Bulk data encryption

D.

Key recovery

Question 42

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

Options:

A.

The key entered is a symmetric key used to encrypt the wireless data.

B.

The key entered is a hash that is used to prove the integrity of the wireless data.

C.

The key entered is based on the Diffie-Hellman method.

D.

The key is an RSA key used to encrypt the wireless data.

Question 43

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Options:

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

Question 44

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

Options:

A.

Truecrypt

B.

Sub7

C.

Nessus

D.

Clamwin

Question 45

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Options:

A.

Certificate authority

B.

Validation authority

C.

Registration authority

D.

Verification authority

Question 46

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

Options:

A.

SHA-1

B.

MD5

C.

HAVAL

D.

MD4

Question 47

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Options:

A.

Certificate issuance

B.

Certificate validation

C.

Certificate cryptography

D.

Certificate revocation

Question 48

Which type of security document is written with specific step-by-step details?

Options:

A.

Process

B.

Procedure

C.

Policy

D.

Paradigm

Question 49

Which of the following types of firewall inspects only header information in network traffic?

Options:

A.

Packet filter

B.

Stateful inspection

C.

Circuit-level gateway

D.

Application-level gateway

Question 50

A covert channel is a channel that

Options:

A.

transfers information over, within a computer system, or network that is outside of the security policy.

B.

transfers information over, within a computer system, or network that is within the security policy.

C.

transfers information via a communication path within a computer system, or network for transfer of data.

D.

transfers information over, within a computer system, or network that is encrypted.

Question 51

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database.

In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

Options:

A.

Semicolon

B.

Single quote

C.

Exclamation mark

D.

Double quote

Question 52

From the two screenshots below, which of the following is occurring?

Options:

A.

10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

B.

10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

C.

10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

D.

10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Question 53

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Options:

A.

The host is likely a Windows machine.

B.

The host is likely a Linux machine.

C.

The host is likely a router.

D.

The host is likely a printer.

Question 54

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Options:

A.

Information reporting

B.

Vulnerability assessment

C.

Active information gathering

D.

Passive information gathering

Question 55

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

Options:

A.

Proper testing

B.

Secure coding principles

C.

Systems security and architecture review

D.

Analysis of interrupts within the software

Question 56

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

Options:

A.

NMAP -PN -A -O -sS 192.168.2.0/24

B.

NMAP -P0 -A -O -p1-65535 192.168.0/24

C.

NMAP -P0 -A -sT -p0-65535 192.168.0/16

D.

NMAP -PN -O -sS -p 1-1024 192.168.0/8

Question 57

While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model. Which type of firewall is the tester trying to traverse?

Options:

A.

Packet filtering firewall

B.

Application-level firewall

C.

Circuit-level gateway firewall

D.

Stateful multilayer inspection firewall

Question 58

While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. What specific octet within the subnet does the technician see?

Options:

A.

10.10.10.10

B.

127.0.0.1

C.

192.168.1.1

D.

192.168.168.168

Question 59

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D.

Overwrites the original MBR and only executes the new virus code

Question 60

Which type of antenna is used in wireless communication?

Options:

A.

Omnidirectional

B.

Parabolic

C.

Uni-directional

D.

Bi-directional

Question 61

Which of the following cryptography attack methods is usually performed without the use of a computer?

Options:

A.

Ciphertext-only attack

B.

Chosen key attack

C.

Rubber hose attack

D.

Rainbow table attack

Question 62

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Options:

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Question 63

What statement is true regarding LM hashes?

Options:

A.

LM hashes consist in 48 hexadecimal characters.

B.

LM hashes are based on AES128 cryptographic standard.

C.

Uppercase characters in the password are converted to lowercase.

D.

LM hashes are not generated when the password length exceeds 15 characters.

Question 64

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

Options:

A.

SHA1

B.

Diffie-Helman

C.

RSA

D.

AES

Question 65

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:

A.

Nikto

B.

Snort

C.

John the Ripper

D.

Dsniff

Question 66

Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?

Options:

A.

Password protected files

B.

Hidden folders

C.

BIOS password

D.

Full disk encryption.

Question 67

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?

Options:

A.

In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name.

B.

Both pharming and phishing attacks are purely technical and are not considered forms of social engineering.

C.

Both pharming and phishing attacks are identical.

D.

In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name.

Question 68

The "gray box testing" methodology enforces what kind of restriction?

Options:

A.

The internal operation of a system is only partly accessible to the tester.

B.

The internal operation of a system is completely known to the tester.

C.

Only the external operation of a system is accessible to the tester.

D.

Only the internal operation of a system is known to the tester.

Question 69

PGP, SSL, and IKE are all examples of which type of cryptography?

Options:

A.

Public Key

B.

Secret Key

C.

Hash Algorithm

D.

Digest

Question 70

An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.

Which AAA protocol is most likely able to handle this requirement?

Options:

A.

RADIUS

B.

DIAMETER

C.

Kerberos

D.

TACACS+

Question 71

Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'.

What technique is Ricardo using?

Options:

A.

Steganography

B.

Public-key cryptography

C.

RSA algorithm

D.

Encryption

Question 72

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

Options:

A.

Connection Establishment: FIN, ACK-FIN, ACKConnection Termination: SYN, SYN-ACK, ACK

B.

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: ACK, ACK-SYN, SYN

C.

Connection Establishment: ACK, ACK-SYN, SYNConnection Termination: FIN, ACK-FIN, ACK

D.

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: FIN, ACK-FIN, ACK

Question 73

By using a smart card and pin, you are using a two-factor authentication that satisfies

Options:

A.

Something you know and something you are

B.

Something you have and something you know

C.

Something you have and something you are

D.

Something you are and something you remember

Question 74

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.

What Web browser-based security vulnerability was exploited to compromise the user?

Options:

A.

Cross-Site Request Forgery

B.

Cross-Site Scripting

C.

Clickjacking

D.

Web form input validation

Question 75

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

Options:

A.

She is encrypting the file.

B.

She is using John the Ripper to view the contents of the file.

C.

She is using ftp to transfer the file to another hacker named John.

D.

She is using John the Ripper to crack the passwords in the secret.txt file.

Question 76

In Risk Management, how is the term "likelihood" related to the concept of "threat?"

Options:

A.

Likelihood is the probability that a threat-source will exploit a vulnerability.

B.

Likelihood is a possible threat-source that may exploit a vulnerability.

C.

Likelihood is the likely source of a threat that could exploit a vulnerability.

D.

Likelihood is the probability that a vulnerability is a threat-source.

Question 77

In order to have an anonymous Internet surf, which of the following is best choice?

Options:

A.

Use SSL sites when entering personal information

B.

Use Tor network with multi-node

C.

Use shared WiFi

D.

Use public VPN

Question 78

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

Options:

A.

Only using OSPFv3 will mitigate this risk.

B.

Make sure that legitimate network routers are configured to run routing protocols with authentication.

C.

Redirection of the traffic cannot happen unless the admin allows it explicitly.

D.

Disable all routing protocols and only use static routes.

Question 79

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

Options:

A.

Burp Suite

B.

OpenVAS

C.

tshark

D.

Kismet

Question 80

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?

Options:

A.

Fuzzy-testing the code

B.

Third party running the code

C.

Sandboxing the code

D.

String validating the code

Question 81

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

Options:

A.

He must perform privilege escalation.

B.

He needs to disable antivirus protection.

C.

He needs to gain physical access.

D.

He already has admin privileges, as shown by the “501” at the end of the SID.

Question 82

Within the context of Computer Security, which of the following statements describes Social Engineering best?

Options:

A.

Social Engineering is the act of publicly disclosing information

B.

Social Engineering is the means put in place by human resource to perform time accounting

C.

Social Engineering is the act of getting needed information from a person rather than breaking into a system

D.

Social Engineering is a training program within sociology studies

Question 83

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

Options:

A.

Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

B.

"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

C.

"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

D.

Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Question 84

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

Options:

A.

0x60

B.

0x80

C.

0x70

D.

0x90

Question 85

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

Options:

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Question 86

What tool can crack Windows SMB passwords simply by listening to network traffic?

Options:

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Question 87

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

Options:

A.

wireshark --fetch ''192.168.8*''

B.

wireshark --capture --local masked 192.168.8.0 ---range 24

C.

tshark -net 192.255.255.255 mask 192.168.8.0

D.

sudo tshark -f''net 192 .68.8.0/24''

Question 88

A zone file consists of which of the following Resource Records (RRs)?

Options:

A.

DNS, NS, AXFR, and MX records

B.

DNS, NS, PTR, and MX records

C.

SOA, NS, AXFR, and MX records

D.

SOA, NS, A, and MX records

Question 89

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

Options:

A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Question 90

During an Xmas scan what indicates a port is closed?

Options:

A.

No return response

B.

RST

C.

ACK

D.

SYN

Question 91

The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

Options:

A.

network Sniffer

B.

Vulnerability Scanner

C.

Intrusion prevention Server

D.

Security incident and event Monitoring

Question 92

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

Options:

A.

Gateway-based IDS

B.

Network-based IDS

C.

Host-based IDS

D.

Open source-based

Question 93

In Trojan terminology, what is a covert channel?

Options:

A.

A channel that transfers information within a computer system or network in a way that violates the security policy

B.

A legitimate communication path within a computer system or network for transfer of data

C.

It is a kernel operation that hides boot processes and services to mask detection

D.

It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Question 94

How does a denial-of-service attack work?

Options:

A.

A hacker prevents a legitimate user (or group of users) from accessing a service

B.

A hacker uses every character, word, or letter he or she can think of to defeat authentication

C.

A hacker tries to decipher a password by using a system, which subsequently crashes the network

D.

A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Question 95

Under what conditions does a secondary name server request a zone transfer from a primary name server?

Options:

A.

When a primary SOA is higher that a secondary SOA

B.

When a secondary SOA is higher that a primary SOA

C.

When a primary name server has had its service restarted

D.

When a secondary name server has had its service restarted

E.

When the TTL falls to zero

Question 96

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

Options:

A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers

Question 97

Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.

What should Bob recommend to deal with such a threat?

Options:

A.

The use of security agents in clients’ computers

B.

The use of DNSSEC

C.

The use of double-factor authentication

D.

Client awareness

Question 98

Which of the following is the best countermeasure to encrypting ransomwares?

Options:

A.

Use multiple antivirus softwares

B.

Keep some generation of off-line backup

C.

Analyze the ransomware to get decryption key of encrypted data

D.

Pay a ransom

Question 99

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

Options:

A.

Produces less false positives

B.

Can identify unknown attacks

C.

Requires vendor updates for a new threat

D.

Cannot deal with encrypted network traffic

Question 100

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

Options:

A.

Time Keeper

B.

NTP

C.

PPP

D.

OSPP

Question 101

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

Options:

A.

Nmap

B.

Cain & Abel

C.

Nessus

D.

Snort

Question 102

In Wireshark, the packet bytes panes show the data of the current packet in which format?

Options:

A.

Decimal

B.

ASCII only

C.

Binary

D.

Hexadecimal

Question 103

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

Options:

A.

All three servers need to be placed internally

B.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

C.

A web server and the database server facing the Internet, an application server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Question 104

From the following table, identify the wrong answer in terms of Range (ft).

Options:

A.

802.11b

B.

802.11g

C.

802.16(WiMax)

D.

802.11a

Question 105

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the

following represents the best practice your business should observe?

Options:

A.

Hire a security consultant to provide direction.

B.

Do not back up cither the credit card numbers or then hashes.

C.

Back up the hashes of the credit card numbers not the actual credit card numbers.

D.

Encrypt backup tapes that are sent off-site.

Question 106

In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

Options:

A.

Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

B.

Extraction of cryptographic secrets through coercion or torture.

C.

Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.

D.

A backdoor placed into a cryptographic algorithm by its creator.

Question 107

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

Options:

A.

Function Testing

B.

Dynamic Testing

C.

Static Testing

D.

Fuzzing Testing

Question 108

DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.

What command is used to determine if the entry is present in DNS cache?

Options:

A.

nslookup -fullrecursive update.antivirus.com

B.

dnsnooping –rt update.antivirus.com

C.

nslookup -norecursive update.antivirus.com

D.

dns --snoop update.antivirus.com

Question 109

You are the Network Admin, and you get a compliant that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

Options:

A.

Traffic is Blocked on UDP Port 53

B.

Traffic is Blocked on UDP Port 80

C.

Traffic is Blocked on UDP Port 54

D.

Traffic is Blocked on UDP Port 80

Question 110

Darius is analysing IDS logs. During the investigation, he noticed that there was nothing suspicious found and an alert was triggered on normal web application traffic. He can mark this alert as:

Options:

A.

False-Negative

B.

False-Positive

C.

True-Positive

D.

False-Signature

Question 111

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

Options:

A.

Chosen-plaintext attack

B.

Ciphertext-only attack

C.

Adaptive chosen-plaintext attack

D.

Known-plaintext attack

Page: 1 / 74
Total 744 questions