Independence Day - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

CPEH-001 Sample Questions Answers

Questions 4

From the following table, identify the wrong answer in terms of Range (ft).

Options:

A.

802.11b

B.

802.11g

C.

802.16(WiMax)

D.

802.11a

Buy Now
Questions 5

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

What kind of Web application vulnerability likely exists in their software?

Options:

A.

Cross-site scripting vulnerability

B.

Cross-site Request Forgery vulnerability

C.

SQL injection vulnerability

D.

Web site defacement vulnerability

Buy Now
Questions 6

Which of these options is the most secure procedure for storing backup tapes?

Options:

A.

In a climate controlled facility offsite

B.

On a different floor in the same building

C.

Inside the data center for faster retrieval in a fireproof safe

D.

In a cool dry environment

Buy Now
Questions 7

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

Options:

A.

Only using OSPFv3 will mitigate this risk.

B.

Make sure that legitimate network routers are configured to run routing protocols with authentication.

C.

Redirection of the traffic cannot happen unless the admin allows it explicitly.

D.

Disable all routing protocols and only use static routes.

Buy Now
Questions 8

An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

Options:

A.

Since the company's policy is all about Customer Service, he/she will provide information.

B.

Disregarding the call, the employee should hang up.

C.

The employee should not provide any information without previous management authorization.

D.

The employees can not provide any information; but, anyway, he/she will provide the name of the person in charge.

Buy Now
Questions 9

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

Options:

A.

The amount of time it takes to convert biometric data into a template on a smart card.

B.

The amount of time and resources that are necessary to maintain a biometric system.

C.

The amount of time it takes to be either accepted or rejected form when an individual provides Identification and authentication information.

D.

How long it takes to setup individual user accounts.

Buy Now
Questions 10

Due to a slowdown of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

Options:

A.

All of the employees would stop normal work activities

B.

IT department would be telling employees who the boss is

C.

Not informing the employees that they are going to be monitored could be an invasion of privacy.

D.

The network could still experience traffic slow down.

Buy Now
Questions 11

The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

Options:

A.

RST

B.

ACK

C.

SYN-ACK

D.

SYN

Buy Now
Questions 12

Which of the following processes evaluates the adherence of an organization to its stated security policy?

Options:

A.

Vulnerability assessment

B.

Penetration testing

C.

Risk assessment

D.

Security auditing

Buy Now
Questions 13

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

Options:

A.

137 and 139

B.

137 and 443

C.

139 and 443

D.

139 and 445

Buy Now
Questions 14

A zone file consists of which of the following Resource Records (RRs)?

Options:

A.

DNS, NS, AXFR, and MX records

B.

DNS, NS, PTR, and MX records

C.

SOA, NS, AXFR, and MX records

D.

SOA, NS, A, and MX records

Buy Now
Questions 15

Look at the following output. What did the hacker accomplish?

Options:

A.

The hacker used whois to gather publicly available records for the domain.

B.

The hacker used the "fierce" tool to brute force the list of available domains.

C.

The hacker listed DNS records on his own domain.

D.

The hacker successfully transferred the zone and enumerated the hosts.

Buy Now
Questions 16

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Cavity virus

B.

Polymorphic virus

C.

Tunneling virus

D.

Stealth virus

Buy Now
Questions 17

You have the SOA presented below in your Zone.

Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

Options:

A.

One day

B.

One hour

C.

One week

D.

One month

Buy Now
Questions 18

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

Options:

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

Buy Now
Questions 19

Which set of access control solutions implements two-factor authentication?

Options:

A.

USB token and PIN

B.

Fingerprint scanner and retina scanner

C.

Password and PIN

D.

Account and password

Buy Now
Questions 20

Which of the following is used to indicate a single-line comment in structured query language (SQL)?

Options:

A.

--

B.

||

C.

%%

D.

''

Buy Now
Questions 21

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Buy Now
Questions 22

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Options:

A.

Transport layer port numbers and application layer headers

B.

Presentation layer headers and the session layer port numbers

C.

Network layer headers and the session layer port numbers

D.

Application layer port numbers and the transport layer headers

Buy Now
Questions 23

Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?

Options:

A.

Internal Whitebox

B.

External, Whitebox

C.

Internal, Blackbox

D.

External, Blackbox

Buy Now
Questions 24

One way to defeat a multi-level security solution is to leak data via

Options:

A.

a bypass regulator.

B.

steganography.

C.

a covert channel.

D.

asymmetric routing.

Buy Now
Questions 25

Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

Options:

A.

SYN scan

B.

ACK scan

C.

RST scan

D.

Connect scan

E.

FIN scan

Buy Now
Questions 26

The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. Also he needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router nobody can access to the ftp and the permitted hosts cannot access to the Internet. According to the next configuration what is happening in the network?

Options:

A.

The ACL 110 needs to be changed to port 80

B.

The ACL for FTP must be before the ACL 110

C.

The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

D.

The ACL 104 needs to be first because is UDP

Buy Now
Questions 27

One of the Forbes 500 companies has been subjected to a large scale attack. You are one of the shortlisted pen testers that they may hire. During the interview with the CIO, he emphasized that he wants to totally eliminate all risks. What is one of the first things you should do when hired?

Options:

A.

Interview all employees in the company to rule out possible insider threats.

B.

Establish attribution to suspected attackers.

C.

Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.

D.

Start the Wireshark application to start sniffing network traffic.

Buy Now
Questions 28

Which of the following is the greatest threat posed by backups?

Options:

A.

A backup is the source of Malware or illicit information.

B.

A backup is unavailable during disaster recovery.

C.

A backup is incomplete because no verification was performed.

D.

An un-encrypted backup can be misplaced or stolen.

Buy Now
Questions 29

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

Options:

A.

Block port 25 at the firewall.

B.

Shut off the SMTP service on the server.

C.

Force all connections to use a username and password.

D.

Switch from Windows Exchange to UNIX Sendmail.

E.

None of the above.

Buy Now
Questions 30

What tool can crack Windows SMB passwords simply by listening to network traffic?

Options:

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Buy Now
Questions 31

Which command line switch would be used in NMAP to perform operating system detection?

Options:

A.

-OS

B.

-sO

C.

-sP

D.

-O

Buy Now
Questions 32

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.

What do you think Tess King is trying to accomplish? Select the best answer.

Options:

A.

A zone harvesting

B.

A zone transfer

C.

A zone update

D.

A zone estimate

Buy Now
Questions 33

This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like.

What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

Options:

A.

footprinting

B.

network mapping

C.

gaining access

D.

escalating privileges

Buy Now
Questions 34

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

Options:

A.

She is encrypting the file.

B.

She is using John the Ripper to view the contents of the file.

C.

She is using ftp to transfer the file to another hacker named John.

D.

She is using John the Ripper to crack the passwords in the secret.txt file.

Buy Now
Questions 35

Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

Options:

A.

Height and Weight

B.

Voice

C.

Fingerprints

D.

Iris patterns

Buy Now
Questions 36

What is a successful method for protecting a router from potential smurf attacks?

Options:

A.

Placing the router in broadcast mode

B.

Enabling port forwarding on the router

C.

Installing the router outside of the network's firewall

D.

Disabling the router from accepting broadcast ping messages

Buy Now
Questions 37

A medium-sized healthcare IT business decides to implement a risk management strategy.

Which of the following is NOT one of the five basic responses to risk?

Options:

A.

Delegate

B.

Avoid

C.

Mitigate

D.

Accept

Buy Now
Questions 38

How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

Options:

A.

Defeating the scanner from detecting any code change at the kernel

B.

Replacing patch system calls with its own version that hides the rootkit (attacker's) actions

C.

Performing common services for the application process and replacing real applications with fake ones

D.

Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options

Buy Now
Questions 39

Which of the following is a client-server tool utilized to evade firewall inspection?

Options:

A.

tcp-over-dns

B.

kismet

C.

nikto

D.

hping

Buy Now
Questions 40

Which of the following is a component of a risk assessment?

Options:

A.

Physical security

B.

Administrative safeguards

C.

DMZ

D.

Logical interface

Buy Now
Questions 41

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

Dear valued customers,

We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

or you may contact us at the following address:

Media Internet Consultants, Edif. Neptuno, Planta

Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

Options:

A.

Look at the website design, if it looks professional then it is a Real Anti-Virus website

B.

Connect to the site using SSL, if you are successful then the website is genuine

C.

Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

D.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

E.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Buy Now
Questions 42

Fingerprinting an Operating System helps a cracker because:

Options:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Buy Now
Questions 43

What hacking attack is challenge/response authentication used to prevent?

Options:

A.

Replay attacks

B.

Scanning attacks

C.

Session hijacking attacks

D.

Password cracking attacks

Buy Now
Questions 44

During an Xmas scan what indicates a port is closed?

Options:

A.

No return response

B.

RST

C.

ACK

D.

SYN

Buy Now
Questions 45

Study the following log extract and identify the attack.

Options:

A.

Hexcode Attack

B.

Cross Site Scripting

C.

Multiple Domain Traversal Attack

D.

Unicode Directory Traversal Attack

Buy Now
Questions 46

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Options:

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection

Buy Now
Questions 47

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

Options:

A.

Teardrop

B.

SYN flood

C.

Smurf attack

D.

Ping of death

Buy Now
Questions 48

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Options:

A.

At least once a year and after any significant upgrade or modification

B.

At least once every three years or after any significant upgrade or modification

C.

At least twice a year or after any significant upgrade or modification

D.

At least once every two years and after any significant upgrade or modification

Buy Now
Questions 49

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

Options:

A.

Ping of death

B.

SYN flooding

C.

TCP hijacking

D.

Smurf attack

Buy Now
Questions 50

Which system consists of a publicly available set of databases that contain domain name registration contact information?

Options:

A.

WHOIS

B.

IANA

C.

CAPTCHA

D.

IETF

Buy Now
Questions 51

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

Options:

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

Buy Now
Questions 52

Fingerprinting VPN firewalls is possible with which of the following tools?

Options:

A.

Angry IP

B.

Nikto

C.

Ike-scan

D.

Arp-scan

Buy Now
Questions 53

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

VPath injection

D.

XML denial of service issues

Buy Now
Questions 54

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

Options:

A.

The key entered is a symmetric key used to encrypt the wireless data.

B.

The key entered is a hash that is used to prove the integrity of the wireless data.

C.

The key entered is based on the Diffie-Hellman method.

D.

The key is an RSA key used to encrypt the wireless data.

Buy Now
Questions 55

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

Options:

A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32-bit encryption.

D.

Effective length is 7 characters.

Buy Now
Questions 56

In the context of Windows Security, what is a 'null' user?

Options:

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Buy Now
Questions 57

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

Options:

A.

Eve is trying to connect as a user with Administrator privileges

B.

Eve is trying to enumerate all users with Administrative privileges

C.

Eve is trying to carry out a password crack for user Administrator

D.

Eve is trying to escalate privilege of the null user to that of Administrator

Buy Now
Questions 58

Identify the correct terminology that defines the above statement.

Options:

A.

Vulnerability Scanning

B.

Penetration Testing

C.

Security Policy Implementation

D.

Designing Network Security

Buy Now
Questions 59

E-mail scams and mail fraud are regulated by which of the following?

Options:

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Buy Now
Questions 60

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

Options:

A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers

Buy Now
Questions 61

SOAP services use which technology to format information?

Options:

A.

SATA

B.

PCI

C.

XML

D.

ISDN

Buy Now
Questions 62

Which of the following guidelines or standards is associated with the credit card industry?

Options:

A.

Control Objectives for Information and Related Technology (COBIT)

B.

Sarbanes-Oxley Act (SOX)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Payment Card Industry Data Security Standards (PCI DSS)

Buy Now
Questions 63

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Buy Now
Questions 64

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

Options:

A.

RC4

B.

RC5

C.

MD4

D.

MD5

Buy Now
Questions 65

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

Options:

A.

Birthday attack

B.

Plaintext attack

C.

Meet in the middle attack

D.

Chosen ciphertext attack

Buy Now
Questions 66

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

Options:

A.

SDLC process

B.

Honey pot

C.

SQL injection

D.

Trap door

Buy Now
Questions 67

While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site:

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability has been detected in the web application?

Options:

A.

Buffer overflow

B.

Cross-site request forgery

C.

Distributed denial of service

D.

Cross-site scripting

Buy Now
Questions 68

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

Options:

A.

OWASP is for web applications and OSSTMM does not include web applications.

B.

OSSTMM is gray box testing and OWASP is black box testing.

C.

OWASP addresses controls and OSSTMM does not.

D.

OSSTMM addresses controls and OWASP does not.

Buy Now
Questions 69

Which initial procedure should an ethical hacker perform after being brought into an organization?

Options:

A.

Begin security testing.

B.

Turn over deliverables.

C.

Sign a formal contract with non-disclosure.

D.

Assess what the organization is trying to protect.

Buy Now
Questions 70

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Options:

A.

Certificate authority

B.

Validation authority

C.

Registration authority

D.

Verification authority

Buy Now
Questions 71

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server. What should the administrator do next?

Options:

A.

Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.

B.

Configure the firewall to allow traffic on TCP ports 80 and UDP port 443.

C.

Configure the firewall to allow traffic on TCP port 53.

D.

Configure the firewall to allow traffic on TCP port 8080.

Buy Now
Questions 72

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

Options:

A.

Poly key exchange

B.

Cross certification

C.

Poly key reference

D.

Cross-site exchange

Buy Now
Questions 73

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

Options:

A.

Investigate based on the maintenance schedule of the affected systems.

B.

Investigate based on the service level agreements of the systems.

C.

Investigate based on the potential effect of the incident.

D.

Investigate based on the order that the alerts arrived in.

Buy Now
Questions 74

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

Options:

A.

Sender's public key

B.

Receiver's private key

C.

Receiver's public key

D.

Sender's private key

Buy Now
Questions 75

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

Options:

A.

MD5

B.

SHA-1

C.

RC4

D.

MD4

Buy Now
Questions 76

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.

Hping

B.

Traceroute

C.

TCP ping

D.

Broadcast ping

Buy Now
Questions 77

How do employers protect assets with security policies pertaining to employee surveillance activities?

Options:

A.

Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

B.

Employers use informal verbal communication channels to explain employee monitoring activities to employees.

C.

Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

D.

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Buy Now
Questions 78

Which type of security document is written with specific step-by-step details?

Options:

A.

Process

B.

Procedure

C.

Policy

D.

Paradigm

Buy Now
Questions 79

Which statement best describes a server type under an N-tier architecture?

Options:

A.

A group of servers at a specific layer

B.

A single server with a specific role

C.

A group of servers with a unique role

D.

A single server at a specific layer

Buy Now
Questions 80

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Options:

A.

Legal, performance, audit

B.

Audit, standards based, regulatory

C.

Contractual, regulatory, industry

D.

Legislative, contractual, standards based

Buy Now
Questions 81

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Options:

A.

Certificate issuance

B.

Certificate validation

C.

Certificate cryptography

D.

Certificate revocation

Buy Now
Questions 82

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network’s IDS?

Options:

A.

Timing options to slow the speed that the port scan is conducted

B.

Fingerprinting to identify which operating systems are running on the network

C.

ICMP ping sweep to determine which hosts on the network are not available

D.

Traceroute to control the path of the packets sent during the scan

Buy Now
Questions 83

Which of the following is a characteristic of Public Key Infrastructure (PKI)?

Options:

A.

Public-key cryptosystems are faster than symmetric-key cryptosystems.

B.

Public-key cryptosystems distribute public-keys within digital signatures.

C.

Public-key cryptosystems do not require a secure key distribution channel.

D.

Public-key cryptosystems do not provide technical non-repudiation via digital signatures.

Buy Now
Questions 84

A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?

Options:

A.

Public key

B.

Private key

C.

Modulus length

D.

Email server certificate

Buy Now
Questions 85

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

Options:

A.

WebBugs

B.

WebGoat

C.

VULN_HTML

D.

WebScarab

Buy Now
Questions 86

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Options:

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

Buy Now
Questions 87

When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?

Options:

A.

Network tap

B.

Layer 3 switch

C.

Network bridge

D.

Application firewall

Buy Now
Questions 88

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:

Which exploit is indicated by this script?

Options:

A.

A buffer overflow exploit

B.

A chained exploit

C.

A SQL injection exploit

D.

A denial of service exploit

Buy Now
Questions 89

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Options:

A.

Perform a dictionary attack.

B.

Perform a brute force attack.

C.

Perform an attack with a rainbow table.

D.

Perform a hybrid attack.

Buy Now
Questions 90

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?

Options:

A.

Blue Book

B.

ISO 26029

C.

Common Criteria

D.

The Wassenaar Agreement

Buy Now
Questions 91

Which of the following is considered an acceptable option when managing a risk?

Options:

A.

Reject the risk.

B.

Deny the risk.

C.

Mitigate the risk.

D.

Initiate the risk.

Buy Now
Questions 92

Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.

What is the first thing that Nedved needs to do before contacting the incident response team?

Options:

A.

Leave it as it Is and contact the incident response te3m right away

B.

Block the connection to the suspicious IP Address from the firewall

C.

Disconnect the email server from the network

D.

Migrate the connection to the backup email server

Buy Now
Questions 93

What results will the following command yield: 'NMAP -sS -O -p 123-153 192.168.100.3'?

Options:

A.

A stealth scan, opening port 123 and 153

B.

A stealth scan, checking open ports 123 to 153

C.

A stealth scan, checking all open ports excluding ports 123 to 153

D.

A stealth scan, determine operating system, and scanning ports 123 to 153

Buy Now
Questions 94

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

Options:

A.

Metasploit scripting engine

B.

Nessus scripting engine

C.

NMAP scripting engine

D.

SAINT scripting engine

Buy Now
Questions 95

Which of the following is an example of an asymmetric encryption implementation?

Options:

A.

SHA1

B.

PGP

C.

3DES

D.

MD5

Buy Now
Questions 96

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

Options:

A.

The request to the web server is not visible to the administrator of the vulnerable application.

B.

The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C.

The successful attack does not show an error message to the administrator of the affected application.

D.

The vulnerable application does not display errors with information about the injection results to the attacker.

Buy Now
Questions 97

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Options:

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Buy Now
Questions 98

Which of the following is an application that requires a host application for replication?

Options:

A.

Micro

B.

Worm

C.

Trojan

D.

Virus

Buy Now
Questions 99

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

Options:

A.

768 bit key

B.

1025 bit key

C.

1536 bit key

D.

2048 bit key

Buy Now
Questions 100

A hacker was able to sniff packets on a company's wireless network. The following information was discovered:

Using the Exlcusive OR, what was the original message?

Options:

A.

00101000 11101110

B.

11010111 00010001

C.

00001101 10100100

D.

11110010 01011011

Buy Now
Questions 101

In order to show improvement of security over time, what must be developed?

Options:

A.

Reports

B.

Testing tools

C.

Metrics

D.

Taxonomy of vulnerabilities

Buy Now
Questions 102

Which of the following is a detective control?

Options:

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Buy Now
Questions 103

How can telnet be used to fingerprint a web server?

Options:

A.

telnet webserverAddress 80HEAD / HTTP/1.0

B.

telnet webserverAddress 80PUT / HTTP/1.0

C.

telnet webserverAddress 80HEAD / HTTP/2.0

D.

telnet webserverAddress 80PUT / HTTP/2.0

Buy Now
Questions 104

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Options:

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Buy Now
Questions 105

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

Options:

A.

Firewall-management policy

B.

Acceptable-use policy

C.

Remote-access policy

D.

Permissive policy

Buy Now
Questions 106

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

What is most likely taking place?

Options:

A.

Ping sweep of the 192.168.1.106 network

B.

Remote service brute force attempt

C.

Port scan of 192.168.1.106

D.

Denial of service attack on 192.168.1.106

Buy Now
Questions 107

Which of the following programs is usually targeted at Microsoft Office products?

Options:

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Buy Now
Questions 108

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Options:

A.

Intrusion Detection Systems can be configured to distinguish specific content in network packets

B.

Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

C.

Intrusion Detection Systems require constant update of the signature library

D.

Intrusion Detection Systems can examine the contents of the data n context of the network protocol

Buy Now
Questions 109

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

Options:

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Buy Now
Questions 110

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Options:

A.

list server=192.168.10.2 type=all

B.

is-d abccorp.local

C.

Iserver 192.168.10.2-t all

D.

List domain=Abccorp.local type=zone

Buy Now
Questions 111

What is the purpose of DNS AAAA record?

Options:

A.

Authorization, Authentication and Auditing record

B.

Address prefix record

C.

Address database record

D.

IPv6 address resolution record

Buy Now
Questions 112

When discussing passwords, what is considered a brute force attack?

Options:

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Buy Now
Questions 113

The "white box testing" methodology enforces what kind of restriction?

Options:

A.

The internal operation of a system is completely known to the tester.

B.

Only the external operation of a system is accessible to the tester.

C.

Only the internal operation of a system is known to the tester.

D.

The internal operation of a system is only partly accessible to the tester.

Buy Now
Questions 114

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

What term is commonly used when referring to this type of testing?

Options:

A.

Fuzzing

B.

Randomizing

C.

Mutating

D.

Bounding

Buy Now
Questions 115

Under what conditions does a secondary name server request a zone transfer from a primary name server?

Options:

A.

When a primary SOA is higher that a secondary SOA

B.

When a secondary SOA is higher that a primary SOA

C.

When a primary name server has had its service restarted

D.

When a secondary name server has had its service restarted

E.

When the TTL falls to zero

Buy Now
Questions 116

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

Options:

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Buy Now
Questions 117

You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts?

Options:

A.

CHNTPW

B.

Cain & Abel

C.

SET

D.

John the Ripper

Buy Now
Questions 118

env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

Options:

A.

Display passwd content to prompt

B.

Removes the passwd file

C.

Changes all passwords in passwd

D.

Add new user to the passwd file

Buy Now
Questions 119

You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn't get any response back.

What is happening?

Options:

A.

ICMP could be disabled on the target server.

B.

The ARP is disabled on the target server.

C.

TCP/IP doesn't support ICMP.

D.

You need to run the ping command with root privileges.

Buy Now
Questions 120

You have successfully gained access to your client's internal network and successfully comprised a Linux server which is part of the internal IP network. You want to know which Microsoft Windows workstations have file sharing enabled.

Which port would you see listening on these Windows machines in the network?

Options:

A.

445

B.

3389

C.

161

D.

1433

Buy Now
Questions 121

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Options:

A.

The host is likely a printer.

B.

The host is likely a Windows machine.

C.

The host is likely a Linux machine.

D.

The host is likely a router.

Buy Now
Questions 122

Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of vulnerability.

What is this style of attack called?

Options:

A.

zero-day

B.

zero-hour

C.

zero-sum

D.

no-day

Buy Now
Questions 123

You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it.

What tool will help you with the task?

Options:

A.

Metagoofil

B.

Armitage

C.

Dimitry

D.

cdpsnarf

Buy Now
Questions 124

MX record priority increases as the number increases. (True/False.)

Options:

A.

True

B.

False

Buy Now
Questions 125

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker 's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

Options:

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Buy Now
Questions 126

This TCP flag instructs the sending system to transmit all buffered data immediately.

Options:

A.

SYN

B.

RST

C.

PSH

D.

URG

E.

FIN

Buy Now
Questions 127

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

Options:

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Buy Now
Questions 128

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

Options:

A.

Identifying operating systems, services, protocols and devices

B.

Modifying and replaying captured network traffic

C.

Collecting unencrypted information about usernames and passwords

D.

Capturing a network traffic for further analysis

Buy Now
Questions 129

Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

Options:

A.

nmap -sn -sF 10.1.0.0/16 445

B.

nmap -p 445 -n -T4 –open 10.1.0.0/16

C.

nmap -s 445 -sU -T5 10.1.0.0/16

D.

nmap -p 445 –max -Pn 10.1.0.0/16

Buy Now
Questions 130

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

Options:

A.

None of these scenarios compromise the privacy of Alice’s data

B.

Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew’s attempt to access the stored data

C.

Hacker Harry breaks into the cloud server and steals the encrypted data

D.

Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

Buy Now
Questions 131

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.

Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

Options:

A.

“GET/restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”

B.

“GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com”

C.

“GET/restricted/bank.getaccount(‘Ned’) HTTP/1.1 Host: westbank.com”

D.

“GET/restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

Buy Now
Questions 132

Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company.

What is the main security risk associated with this scenario?

Options:

A.

External script contents could be maliciously modified without the security team knowledge

B.

External scripts have direct access to the company servers and can steal the data from there

C.

There is no risk at all as the marketing services are trustworthy

D.

External scripts increase the outbound company data traffic which leads greater financial losses

Buy Now
Questions 133

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

Options:

A.

Injection

B.

Cross Site Scripting

C.

Cross Site Request Forgery

D.

Path disclosure

Buy Now
Questions 134

Which of the following is not a Bluetooth attack?

Options:

A.

Bluedriving

B.

Bluejacking

C.

Bluesmacking

D.

Bluesnarfing

Buy Now
Questions 135

Which of the following is the successor of SSL?

Options:

A.

TLS

B.

RSA

C.

GRE

D.

IPSec

Buy Now
Questions 136

How does the Address Resolution Protocol (ARP) work?

Options:

A.

It sends a request packet to all the network elements, asking for the MAC address from a specific IP.

B.

It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.

C.

It sends a reply packet for a specific IP, asking for the MAC address.

D.

It sends a request packet to all the network elements, asking for the domain name from a specific IP.

Buy Now
Questions 137

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Options:

A.

Cross-Site Request Forgery

B.

Cross-Site Scripting

C.

SQL Injection

D.

Browser Hacking

Buy Now
Questions 138

What is the process of logging, recording, and resolving events that take place in an organization?

Options:

A.

Incident Management Process

B.

Security Policy

C.

Internal Procedure

D.

Metrics

Buy Now
Questions 139

What is the best description of SQL Injection?

Options:

A.

It is an attack used to gain unauthorized access to a database.

B.

It is an attack used to modify code in an application.

C.

It is a Man-in-the-Middle attack between your SQL Server and Web App Server.

D.

It is a Denial of Service Attack.

Buy Now
Questions 140

In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

Options:

A.

Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

B.

Extraction of cryptographic secrets through coercion or torture.

C.

Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.

D.

A backdoor placed into a cryptographic algorithm by its creator.

Buy Now
Questions 141

Why containers are less secure that virtual machines?

Options:

A.

Host OS on containers has a larger surface attack.

B.

Containers may full fill disk space of the host.

C.

A compromise container may cause a CPU starvation of the host.

D.

Containers are attached to the same virtual network.

Buy Now
Questions 142

Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy.

What is the main theme of the sub-policies for Information Technologies?

Options:

A.

Availability, Non-repudiation, Confidentiality

B.

Authenticity, Integrity, Non-repudiation

C.

Confidentiality, Integrity, Availability

D.

Authenticity, Confidentiality, Integrity

Buy Now
Questions 143

Which of the following is the best countermeasure to encrypting ransomwares?

Options:

A.

Use multiple antivirus softwares

B.

Keep some generation of off-line backup

C.

Analyze the ransomware to get decryption key of encrypted data

D.

Pay a ransom

Buy Now
Questions 144

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

Options:

A.

Event logs on the PC

B.

Internet Firewall/Proxy log

C.

IDS log

D.

Event logs on domain controller

Buy Now
Questions 145

On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?

Options:

A.

Risk Mitigation

B.

Emergency Plan Response (EPR)

C.

Disaster Recovery Planning (DRP)

D.

Business Impact Analysis (BIA)

Buy Now
Questions 146

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

Options:

A.

tcp.port != 21

B.

tcp.port = 23

C.

tcp.port ==21

D.

tcp.port ==21 || tcp.port ==22

Buy Now
Questions 147

The collection of potentially actionable, overt, and publicly available information is known as

Options:

A.

Open-source intelligence

B.

Human intelligence

C.

Social intelligence

D.

Real intelligence

Buy Now
Questions 148

You are monitoring the network of your organizations. You notice that:

1. There are huge outbound connections from your Internal Network to External IPs.

2. On further investigation, you see that the External IPs are blacklisted.

3. Some connections are accepted, and some are dropped.

4. You find that it is a CnC communication.

Which of the following solution will you suggest?

Options:

A.

Block the Blacklist IP’s @ Firewall

B.

Update the Latest Signatures on your IDS/IPS

C.

Clean the Malware which are trying to Communicate with the External Blacklist IP’s

D.

Both B and C

Buy Now
Questions 149

You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for.

Which of the below scanning technique will you use?

Options:

A.

ACK flag scanning

B.

TCP Scanning

C.

IP Fragment Scanning

D.

Inverse TCP flag scanning

Buy Now
Questions 150

Which of the following provides a security professional with most information about the system’s security posture?

Options:

A.

Wardriving, warchalking, social engineering

B.

Social engineering, company site browsing, tailgating

C.

Phishing, spamming, sending trojans

D.

Port scanning, banner grabbing, service identification

Buy Now
Questions 151

A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library

are required to allow the NIC to work in promiscuous mode?

Options:

A.

Libpcap

B.

Awinpcap

C.

Winprom

D.

Winpcap

Buy Now
Questions 152

Scenario: 1. Victim opens the attacker’s web site.

2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make S100 In a day?',

3. Victim clicks to the interesting and attractive content url.

4- Attacker creates a transparent iframe' in front of the url which victim attempt to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/sne clicks to the content or url that exists in the transparent iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

Options:

A.

HTTP Parameter Pollution

B.

HTML Injection

C.

Session Fixation

D.

ClickJacking Attack

Buy Now
Questions 153

Which of the following tools can be used for passive OS fingerprinting?

Options:

A.

tcpdump

B.

nmap

C.

ping

D.

tracert

Buy Now
Questions 154

The security concept of "separation of duties" is most similar to the operation of which type of security device?

Options:

A.

Firewall

B.

Bastion host

C.

Intrusion Detection System

D.

Honeypot

Buy Now
Questions 155

Which method of password cracking takes the most time and effort?

Options:

A.

Brute force

B.

Rainbow tables

C.

Dictionary attack

D.

Shoulder surfing

Buy Now
Questions 156

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

Options:

A.

The document can be sent to the accountant using an exclusive USB for that document.

B.

The CFO can use a hash algorithm in the document once he approved the financial statements.

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.

D.

The CFO can use an excel file with a password.

Buy Now
Questions 157

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?

Options:

A.

Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.

B.

As long as the physical access to the network elements is restricted, there is no need for additional measures.

C.

There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.

D.

The operator knows that attacks and down time are inevitable and should have a backup site.

Buy Now
Questions 158

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

Options:

A.

Connection Establishment: FIN, ACK-FIN, ACKConnection Termination: SYN, SYN-ACK, ACK

B.

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: ACK, ACK-SYN, SYN

C.

Connection Establishment: ACK, ACK-SYN, SYNConnection Termination: FIN, ACK-FIN, ACK

D.

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: FIN, ACK-FIN, ACK

Buy Now
Questions 159

PGP, SSL, and IKE are all examples of which type of cryptography?

Options:

A.

Public Key

B.

Secret Key

C.

Hash Algorithm

D.

Digest

Buy Now
Questions 160

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it.

What should you do?

Options:

A.

Forward the message to your company’s security response team and permanently delete the message from your computer.

B.

Reply to the sender and ask them for more information about the message contents.

C.

Delete the email and pretend nothing happened

D.

Forward the message to your supervisor and ask for her opinion on how to handle the situation

Buy Now
Questions 161

It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again.

Which of the following terms best matches the definition?

Options:

A.

Ransomware

B.

Adware

C.

Spyware

D.

Riskware

Buy Now
Questions 162

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

What seems to be wrong?

Options:

A.

OS Scan requires root privileges.

B.

The nmap syntax is wrong.

C.

This is a common behavior for a corrupted nmap application.

D.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

Buy Now
Questions 163

Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file is a file named “Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This word document is corrupt.” In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries.

What type of malware has Jesse encountered?

Options:

A.

Trojan

B.

Worm

C.

Macro Virus

D.

Key-Logger

Buy Now
Questions 164

You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection Systems (NIDS).

What is the best way to evade the NIDS?

Options:

A.

Encryption

B.

Protocol Isolation

C.

Alternate Data Streams

D.

Out of band signalling

Buy Now
Questions 165

You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk.

What is one of the first things you should do when given the job?

Options:

A.

Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.

B.

Interview all employees in the company to rule out possible insider threats.

C.

Establish attribution to suspected attackers.

D.

Start the wireshark application to start sniffing network traffic.

Buy Now
Questions 166

Which of the following is assured by the use of a hash?

Options:

A.

Integrity

B.

Confidentiality

C.

Authentication

D.

Availability

Buy Now
Questions 167

This asymmetry cipher is based on factoring the product of two large prime numbers.

What cipher is described above?

Options:

A.

RSA

B.

SHA

C.

RC5

D.

MD5

Buy Now
Questions 168

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

Options:

A.

Immediately stop work and contact the proper legal authorities.

B.

Copy the data to removable media and keep it in case you need it.

C.

Confront the client in a respectful manner and ask her about the data.

D.

Ignore the data and continue the assessment until completed as agreed.

Buy Now
Questions 169

Which of the following is a component of a risk assessment?

Options:

A.

Administrative safeguards

B.

Physical security

C.

DMZ

D.

Logical interface

Buy Now
Questions 170

While using your bank’s online servicing you notice the following string in the URL bar: “http://www.MyPersonalBank.com/account?id=368940911028389 &Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.

Which type of vulnerability is present on this site?

Options:

A.

Web Parameter Tampering

B.

Cookie Tampering

C.

XSS Reflection

D.

SQL injection

Buy Now
Questions 171

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.

Based on this information, what should be one of your key recommendations to the bank?

Options:

A.

Place a front-end web server in a demilitarized zone that only handles external web traffic

B.

Require all employees to change their passwords immediately

C.

Move the financial data to another server on the same IP subnet

D.

Issue new certificates to the web servers from the root certificate authority

Buy Now
Questions 172

Which of the following is an extremely common IDS evasion technique in the web world?

Options:

A.

unicode characters

B.

spyware

C.

port knocking

D.

subnetting

Buy Now
Questions 173

What is the code written for?

Options:

A.

Buffer Overflow

B.

Encryption

C.

Bruteforce

D.

Denial-of-service (Dos)

Buy Now
Questions 174

Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?

Options:

A.

http-git

B.

http-headers

C.

http enum

D.

http-methods

Buy Now
Questions 175

........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.

Fill in the blank with appropriate choice.

Options:

A.

Collision Attack

B.

Evil Twin Attack

C.

Sinkhole Attack

D.

Signal Jamming Attack

Buy Now
Questions 176

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities.

Example:

allintitle: root passwd

Options:

A.

Maintaining Access

B.

Gaining Access

C.

Reconnaissance

D.

Scanning and Enumeration

Buy Now
Questions 177

What are two things that are possible when scanning UDP ports? (Choose two.)

Options:

A.

A reset will be returned

B.

An ICMP message will be returned

C.

The four-way handshake will not be completed

D.

An RFC 1294 message will be returned

E.

Nothing

Buy Now
Questions 178

Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

Options:

A.

Network security policy

B.

Remote access policy

C.

Information protection policy

D.

Access control policy

Buy Now
Questions 179

A distributed port scan operates by:

Options:

A.

Blocking access to the scanning clients by the targeted host

B.

Using denial-of-service software against a range of TCP ports

C.

Blocking access to the targeted host by each of the distributed scanning clients

D.

Having multiple computers each scan a small number of ports, then correlating the results

Buy Now
Questions 180

While you were gathering information as part of security assessments for one of your clients, you were able to gather data that show your client is involved with fraudulent activities. What should you do?

Options:

A.

Immediately stop work and contact the proper legal authorities

B.

Ignore the data and continue the assessment until completed as agreed

C.

Confront the client in a respectful manner and ask her about the data

D.

Copy the data to removable media and keep it in case you need it

Buy Now
Questions 181

Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?

Options:

A.

Metasploit

B.

Wireshark

C.

Maltego

D.

Cain & Abel

Buy Now
Questions 182

Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?

Options:

A.

Use digital certificates to authenticate a server prior to sending data.

B.

Verify access right before allowing access to protected information and UI controls.

C.

Verify access right before allowing access to protected information and UI controls.

D.

Validate and escape all information sent to a server.

Buy Now
Questions 183

Which of the following is a vulnerability in GNU’s bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

Options:

A.

Shellshock

B.

Rootshell

C.

Rootshock

D.

Shellbash

Buy Now
Questions 184

Why would an attacker want to perform a scan on port 137?

Options:

A.

To discover proxy servers on a network

B.

To disrupt the NetBIOS SMB service on the target host

C.

To check for file and print sharing on Windows systems

D.

To discover information about a target host using NBTSTAT

Buy Now
Questions 185

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.). Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

Options:

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes from port 31337.

C.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D.

These packets were crafted by a tool, they were not created by a standard IP stack.

Buy Now
Questions 186

What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hours to restore OS and Software and needs further 4 hours to restore the database from the last backup to the new hard disk? Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

Options:

A.

$440

B.

$100

C.

$1320

D.

$146

Buy Now
Questions 187

Which Type of scan sends a packets with no flags set?

Options:

A.

Open Scan

B.

Null Scan

C.

Xmas Scan

D.

Half-Open Scan

Buy Now
Questions 188

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

Options:

A.

Port Scanning

B.

Hacking Active Directory

C.

Privilege Escalation

D.

Shoulder-Surfing

Buy Now
Questions 189

Suppose you’ve gained access to your client’s hybrid network. On which port should you listen to in order to know which Microsoft Windows workstations has its file sharing enabled?

Options:

A.

1433

B.

161

C.

445

D.

3389

Buy Now
Questions 190

A new wireless client that is 802.11 compliant cannot connect to a wireless network given that the client can see the network and it has compatible hardware and software installed. Upon further tests and investigation, it was found out that the Wireless Access Point (WAP) was not responding to the association requests being sent by the wireless client. What MOST likely is the issue on this scenario?

Options:

A.

The client cannot see the SSID of the wireless network

B.

The WAP does not recognize the client’s MAC address.

C.

The wireless client is not configured to use DHCP.

D.

Client is configured for the wrong channel

Buy Now
Questions 191

SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts. Which of the following features makes this possible? (Choose two.)

Options:

A.

It used TCP as the underlying protocol.

B.

It uses community string that is transmitted in clear text.

C.

It is susceptible to sniffing.

D.

It is used by all network devices on the market.

Buy Now
Questions 192

Knowing the nature of backup tapes, which of the following is the MOST RECOMMENDED way of storing backup tapes?

Options:

A.

In a cool dry environment

B.

Inside the data center for faster retrieval in a fireproof safe

C.

In a climate controlled facility offsite

D.

On a different floor in the same building

Buy Now
Questions 193

Which of the following command line switch would you use for OS detection in Nmap?

Options:

A.

-D

B.

-O

C.

-P

D.

–X

Buy Now
Questions 194

A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?

Options:

A.

Scanning

B.

Reconnaissance

C.

Escalation

D.

Enumeration

Buy Now
Questions 195

Which specific element of security testing is being assured by using hash?

Options:

A.

Authentication

B.

Integrity

C.

Confidentiality

D.

Availability

Buy Now
Questions 196

What is the term coined for logging, recording and resolving events in a company?

Options:

A.

Internal Procedure

B.

Security Policy

C.

Incident Management Process

D.

Metrics

Buy Now
Questions 197

Which of the following BEST describes how Address Resolution Protocol (ARP) works?

Options:

A.

It sends a reply packet for a specific IP, asking for the MAC address

B.

It sends a reply packet to all the network elements, asking for the MAC address from a specific IP

C.

It sends a request packet to all the network elements, asking for the domain name from a specific IP

D.

It sends a request packet to all the network elements, asking for the MAC address from a specific IP

Buy Now
Questions 198

Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?

Options:

A.

Windows

B.

Unix

C.

Linux

D.

OS X

Buy Now
Questions 199

Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?

Options:

A.

Preparation phase

B.

Containment phase

C.

Recovery phase

D.

Identification phase

Buy Now
Questions 200

Which service in a PKI will vouch for the identity of an individual or company?

Options:

A.

KDC

B.

CA

C.

CR

D.

CBC

Buy Now
Questions 201

It is a widely used standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. This protocol is specifically designed for transporting event messages. Which of the following is being described?

Options:

A.

SNMP

B.

ICMP

C.

SYSLOG

D.

SMS

Buy Now
Questions 202

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

Basic example to understand how cryptography works is given below:

Which of the following choices is true about cryptography?

Options:

A.

Algorithm is not the secret, key is the secret.

B.

Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext.

C.

Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way.

D.

Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.

Buy Now
Questions 203

What is not a PCI compliance recommendation?

Options:

A.

Limit access to card holder data to as few individuals as possible.

B.

Use encryption to protect all transmission of card holder data over any public network.

C.

Rotate employees handling credit card transactions on a yearly basis to different departments.

D.

Use a firewall between the public network and the payment card data.

Buy Now
Questions 204

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

What is the closest approximate cost of this replacement and recovery operation per year?

Options:

A.

$146

B.

$1320

C.

$440

D.

$100

Buy Now
Questions 205

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.

Which tool can be used to perform session splicing attacks?

Options:

A.

Whisker

B.

tcpsplice

C.

Burp

D.

Hydra

Buy Now
Questions 206

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

Options:

A.

Kismet

B.

Nessus

C.

Netstumbler

D.

Abel

Buy Now
Questions 207

Which protocol is used for setting up secured channels between two devices, typically in VPNs?

Options:

A.

IPSEC

B.

PEM

C.

SET

D.

PPP

Buy Now
Questions 208

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Options:

A.

msfpayload

B.

msfcli

C.

msfencode

D.

msfd

Buy Now
Questions 209

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Options:

A.

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

B.

Attempts by attackers to access the user and password information stored in the company's SQL database.

C.

Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

D.

Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

Buy Now
Questions 210

What is the role of test automation in security testing?

Options:

A.

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

B.

It is an option but it tends to be very expensive.

C.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

D.

Test automation is not usable in security due to the complexity of the tests.

Buy Now
Questions 211

A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below:

According to the section from the report, which of the following choice is true?

Options:

A.

MAC Spoof attacks cannot be performed.

B.

Possibility of SQL Injection attack is eliminated.

C.

A stateful firewall can be used between intranet (LAN) and DMZ.

D.

There is access control policy between VLANs.

Buy Now
Questions 212

A virus that attempts to install itself inside the file it is infecting is called?

Options:

A.

Tunneling virus

B.

Cavity virus

C.

Polymorphic virus

D.

Stealth virus

Buy Now
Questions 213

Which of the below hashing functions are not recommended for use?

Options:

A.

SHA-1.ECC

B.

MD5, SHA-1

C.

SHA-2. SHA-3

D.

MD5. SHA-5

Buy Now
Questions 214

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Options:

A.

Data items and vulnerability scanning

B.

Interviewing employees and network engineers

C.

Reviewing the firewalls configuration

D.

Source code review

Buy Now
Questions 215

Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

Options:

A.

Internet Key Exchange (IKE)

B.

Oakley

C.

IPsec Policy Agent

D.

IPsec driver

Buy Now
Questions 216

What would you enter, if you wanted to perform a stealth scan using Nmap?

Options:

A.

nmap -sU

B.

nmap -sS

C.

nmap -sM

D.

nmap -sT

Buy Now
Questions 217

What does the -oX flag do in an Nmap scan?

Options:

A.

Perform an express scan

B.

Output the results in truncated format to the screen

C.

Perform an Xmas scan

D.

Output the results in XML format to a file

Buy Now
Questions 218

Cross-site request forgery involves:

Options:

A.

A request sent by a malicious user from a browser to a server

B.

Modification of a request by a proxy between client and server

C.

A browser making a request to a server without the user’s knowledge

D.

A server making a request to another server without the user’s knowledge

Buy Now
Questions 219

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

Options:

A.

123

B.

161

C.

69

D.

113

Buy Now
Questions 220

Which of the following is considered as one of the most reliable forms of TCP scanning?

Options:

A.

TCP Connect/Full Open Scan

B.

Half-open Scan

C.

NULL Scan

D.

Xmas Scan

Buy Now
Exam Code: CPEH-001
Exam Name: Certified Professional Ethical Hacker (CPEH)
Last Update: Jul 12, 2024
Questions: 736
$56  $159.99
$42  $119.99
$35  $99.99
buy now CPEH-001