You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?

A. c:gpedit

B. c:compmgmt.msc

C. c:ncpa.cp

D. c:services.msc

A pen-tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

A. Winprom

B. Libpcap

C. Winpsw

D. Winpcap

In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

A. Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.

B. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.

C. Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addresses.

D. Vulnerabilities in the application layer are greatly different from IPv4.

Which of the following is a low-tech way of gaining unauthorized access to systems?

A. Scanning

B. Sniffing

C. Social Engineering

D. Eavesdropping

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

A. hping2 -1 host.domain.com

B. hping2-i host.domain.com

C. hping2 “”set-ICMP host.domain.com

D. hping2 host.domain.com

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation. What command will help you to search files using Google as a search engine?

A. site: target.com filetype:xls username password email

B. domain: target.com archieve:xls username password email

C. inurl: target.com filename:xls username password email

D. site: target.com file:xls username password email

This asymmetry cipher is based on factoring the product of two large prime numbers.
What cipher is described above?

A. SHA

B. RSA

C. MD5

D. RC5

During an Xmas scan, what indicates a port is closed?

A. RST

B. SYN

C. ACK

D. No return response

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

A. Single sign-on

B. Windows authentication

C. Role Based Access Control (RBAC)

D. Discretionary Access Control (DAC)

This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering and it will tell you the
"landscape" looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

A. network mapping

B. footprinting

C. escalating privileges

D. gaining access

Which of the following statements is TRUE?

A. Sniffers operate on Layer 2 of the OSI model

B. Sniffers operate on Layer 3 of the OSI model

C. Sniffers operate on both Layer 2 & Layer 3 of the OSI model.

D. Sniffers operate on the Layer 1 of the OSI model.

Which type of security feature stops vehicles from crashing through the doors of a building?

A. Turnstile

B. Bollards

C. Mantrap

D. Receptionist

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

A. Application

B. Transport

C. Session

D. Presentation

Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like
Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and
User Account Policy.
What is the main theme of the sub-policies for Information Technologies?

A. Availability, Non-repudiation, Confidentiality

B. Authenticity, Integrity, Non-repudiation

C. Confidentiality, Integrity, Availability

D. Authenticity, Confidentiality, Integrity

You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for.
Which of the below scanning technique will you use?

A. ACK flag scanning

B. TCP Scanning

C. IP Fragment Scanning

D. Inverse TCP flag scanning

Which regulation defines security and privacy controls for Federal information systems and organizations?

A. HIPAA

B. EU Safe Harbor

C. PCI-DSS

D. NIST-800-53

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?

A. Heuristic Analysis

B. Code Emulation

C. Integrity checking

D. Scanning

Why should the security analyst disable/remove unnecessary ISAPI filters?

A. To defend against social engineering attacks

B. To defend against webserver attacks

C. To defend against jailbreaking

D. To defend against wireless attacks

What is the minimum number of network connections in a multihomed firewall?

A. 3

B. 2

C. 5

D. 4

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

A. Omnidirectional antenna

B. Dipole antenna

C. Yagi antenna

D. Parabolic grid antenna

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System
(OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at
2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

A. The host is likely a Linux machine.

B. The host is likely a printer.

C. The host is likely a router.

D. The host is likely a Windows machine.

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

A. -T0

B. -T5

C. -O

D. -A

Which protocol is used for setting up secure channels between two devices, typically in VPNs?

A. PPP

B. IPSEC

C. PEM

D. SET

What is the difference between the AES and RSA algorithms?

A. Both are symmetric algorithms, but AES uses 256-bit keys

B. AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data

C. Both are asymmetric algorithms, but RSA uses 1024-bit keys

D. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data

Scenario:
1. Victim opens the attacker's web site.
2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'.
3. Victim clicks to the interesting and attractive content URL.
4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content or UPL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?

A. Session Fixation

B. HTML Injection

C. HTTP Parameter Pollution

D. Clickjacking Attack

An attacker scans a host with the below command. Which three flags are set? (Choose three.)
#nmap ""sX host.domain.com

A. This is ACK scan. ACK flag is set

B. This is Xmas scan. SYN and ACK flags are set

C. This is Xmas scan. URG, PUSH and FIN are set

D. This is SYN scan. SYN flag is set

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

A. Function Testing

B. Dynamic Testing

C. Static Testing

D. Fuzzing Testing

Why containers are less secure than virtual machines?

A. Host OS on containers has a larger surface attack.

B. Containers are attached to the same virtual network.

C. Containers may fulfill disk space of the host.

D. A compromise container may cause a CPU starvation of the host.

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp's lobby. He checks his current SID, which is S-1-5-21-
1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

A. He needs to gain physical access.

B. He must perform privilege escalation.

C. He already has admin privileges, as shown by the “501” at the end of the SID.

D. He needs to disable antivirus protection.

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account. What should you do?

A. Do not report it and continue the penetration test.

B. Transfer money from the administrator’s account to another account.

C. Do not transfer the money but steal the bitcoins.

D. Report immediately to the administrator.

Which of the following act requires employer's standard national numbers to identify them on standard transactions?

A. SOX

B. HIPAA

C. DMCA

D. PCI-DSS

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

A. Passive

B. Active

C. Reflective

D. Distributive

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

A. Deferred risk

B. Impact risk

C. Inherent risk

D. Residual risk

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

A. OPPORTUNISTICTLS

B. UPGRADETLS

C. FORCETLS

D. STARTTLS

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", that the user is directed to a phishing site.
Which file does the attacker need to modify?

A. Boot.ini

B. Sudoers

C. Networks

D. Hosts

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

A. Identifying operating systems, services, protocols and devices

B. Modifying and replaying captured network traffic

C. Collecting unencrypted information about usernames and passwords

D. Capturing a network traffic for further analysis

Which of the following program infects the system boot sector and the executable files at the same time?

A. Stealth virus

B. Polymorphic virus

C. Macro virus

D. Multipartite Virus

If an attacker uses the command SELECT*FROM user WHERE name = "˜x' AND userid IS NULL; --"˜; which type of SQL injection attack is the attacker performing?

A. End of Line Comment

B. UNION SQL Injection

C. Illegal/Logically Incorrect Query

D. Tautology

Which utility will tell you in real time which ports are listening or in another state?

A. Netsat

B. Loki

C. Nmap

D. TCPView

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an
IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

A. tcpsplice

B. Burp

C. Hydra

D. Whisker

_________ is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

A. DNSSEC

B. Resource records

C. Resource transfer

D. Zone transfer

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23.
Which of the following IP addresses could be leased as a result of the new configuration?

A. 10.1.4.254

B. 10.1.255.200

C. 10.1.5.200

D. 10.1.4.156

You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

A. Block the Blacklist IP’s @ Firewall

B. Update the Latest Signatures on your IDS/IPS

C. Clean the Malware which are trying to Communicate with the External Blacklist IP’s

D. Both B and C

Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?

A. Full Disk encryption

B. BIOS password

C. Hidden folders

D. Password protected files

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

A. tcp port = = 21

B. tcp. port = 23

C. tcp.port = = 21 | | tcp.port = =22

D. tcp.port ! = 21

Which of the following steps for risk assessment methodology refers to vulnerability identification?

A. Assigns values to risk probabilities; Impact values

B. Determines risk probability that vulnerability will be exploited (High, Medium, Low)

C. Identifies sources of harm to an IT system (Natural, Human, Environmental)

D. Determines if any flaws exist in systems, policies, or procedures

Risks=Threats x Vulnerabilities is referred to as the:

A. BIA equation

B. Disaster recovery formula

C. Risk equation

D. Threat assessment

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

A. Event logs on the PC

B. Internet Firewall/Proxy log

C. IDS log

D. Event logs on domain controller

You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?

A. Double quotation

B. Backslash

C. Semicolon

D. Single quotation

In Risk Management, how is the term "likelihood" related to the concept of "threat?"

A. Likelihood is the likely source of a threat that could exploit a vulnerability.

B. Likelihood is the probability that a threat-source will exploit a vulnerability.

C. Likelihood is a possible threat-source that may exploit a vulnerability.

D. Likelihood is the probability that a vulnerability is a threat-source.