Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website.
What is the technique employed by Steve to gather information for identity theft?

A. Pharming

B. Skimming

C. Pretexting

D. Wardriving

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?

A. httpd.conf

B. administration.config

C. php.ini

D. idq.dll

While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, `Learn more about your friends!`, as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions on the post. A few days later, Matt's bank account has been accessed, and the password has been changed.
What most likely happened?

A. Matt inadvertently provided the answers to his security questions when responding to the post.

B. Matt inadvertently provided his password when responding to the post.

C. Matt’s computer was infected with a keylogger.

D. Matt’s bank-account login information was brute forced.

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

A. Exploration

B. Investigation

C. Reconnaissance

D. Enumeration

Which among the following is the best example of the hacking concept called "clearing tracks"?

A. An attacker gains access to a server through an exploitable vulnerability.

B. During a cyberattack, a hacker injects a rootkit into a server.

C. After a system is breached, a hacker creates a backdoor to allow re-entry into a system.

D. During a cyberattack, a hacker corrupts the event logs on all machines.

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming?

A. Bluesmacking

B. BlueSniffing

C. Bluejacking

D. Bluesnarfing

Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificates.
Which of the following protocols is used by Bella?

A. FTPS

B. FTP

C. HTTPS

D. IP

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m.
What is the short-range wireless communication technology George employed in the above scenario?

A. LPWAN

B. MQTT

C. NB-IoT

D. Zigbee

According to the NIST cloud deployment reference architecture, which of the following provides connectivity and transport services to consumers?

A. Cloud connector

B. Cloud broker

C. Cloud carrier

D. Cloud provider

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

A. Perform a vulnerability scan of the system.

B. Determine the impact of enabling the audit feature.

C. Perform a cost/benefit analysis of the audit feature.

D. Allocate funds for staffing of audit log review.

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

A. SOA

B. biometrics

C. single sign on

D. PKI

Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following results:
TTL: 64 -
Window Size: 5840 -
What the OS running on the target machine?

A. Windows OS

B. Mac OS

C. Linux OS

D. Solaris OS

Which of the following describes the characteristics of a Boot Sector Virus?

A. Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.

C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

D. Overwrites the original MBR and only executes the new virus code.

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: `The attacker must scan every port on the server several times using a set of spoofed source IP addresses.` Suppose that you are using
Nmap to perform this scan.
What flag will you use to satisfy this requirement?

A. The -g flag

B. The -A flag

C. The -f fag

D. The -D flag

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.
What tests would you perform to determine whether his computer is infected?

A. Upload the file to VirusTotal.

B. You do not check; rather, you immediately restore a previous snapshot of the operating system.

C. Use ExifTool and check for malicious content.

D. Use netstat and check for outgoing connections to strange IP addresses or domains.

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

A. Protocol analyzer

B. Network sniffer

C. Intrusion Prevention System (IPS)

D. Vulnerability scanner

During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.
Which of the following services is enumerated by Lawrence in this scenario?

A. Remote procedure call (RPC)

B. Telnet

C. Server Message Block (SMB)

D. Network File System (NFS)

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

A. Piggybacking

B. Announced

C. Tailgating

D. Reverse Social Engineering

Which of the following is the BEST way to defend against network sniffing?

A. Using encryption protocols to secure network communications

B. Register all machines MAC Address in a Centralized Database

C. Use Static IP Address

D. Restrict Physical Access to Server Rooms hosting Critical Servers

Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

A. Bluesmacking

B. Bluesnarfing

C. Bluejacking

D. Bluebugging

Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

A. Iris patterns

B. Voice

C. Height and Weight

D. Fingerprints

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information.
Which of the following techniques is employed by Susan?

A. Web shells

B. Webhooks

C. REST API

D. SOAP API

Cross-site request forgery involves:

A. A request sent by a malicious user from a browser to a server

B. A server making a request to another server without the user’s knowledge

C. Modification of a request by a proxy between client and server.

D. A browser making a request to a server without the user’s knowledge

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names to launch further attacks on the target organization.
What is the tool employed by John to gather information from the LDAP service?

A. ike-scan

B. Zabasearch

C. JXplorer

D. EarthExplorer

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.
What is the port scanning technique used by Sam to discover open ports?

A. Xmas scan

B. IDLE/IPID header scan

C. TCP Maimon scan

D. ACK flag probe scan

If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use?

A. -r

B. -F

C. -P

D. -sP

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?

A. Bob can be right since DMZ does not make sense when combined with stateless firewalls

B. Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one

C. Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations

D. Bob is partially right. DMZ does not make sense when a stateless firewall is available

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls.
On which of the following ports should Robin run the NSTX tool?

A. Port 50

B. Port 23

C. Port 53

D. Port 80

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes.
Which type of attack can she implement in order to continue?

A. Pass the hash

B. Internal monologue attack

C. LLMNR/NBT-NS poisoning

D. Pass the ticket

_________ is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

A. DNSSEC

B. Resource records

C. Resource transfer

D. Zone transfer

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

A. nmap -A – Pn

B. nmap -sP -p-65535 -T5

C. nmap -sT -O -T0

D. nmap -A –host-timeout 99 -T1

During the process of encryption and decryption, what keys are shared?

A. Public keys

B. Private keys

C. Public and private keys

D. User passwords

What type of virus is most likely to remain undetected by antivirus software?

A. Cavity virus

B. Macro virus

C. Stealth virus

D. File-extension virus

Sam is working as a system administrator in an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect its severity using CVSS v3.0 to properly assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing CVSS rating was 4.0.
What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

A. Critical

B. Medium

C. High

D. Low

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

A. False-negative

B. False-positive

C. Brute force attack

D. Backdoor

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

A. Clickjacking

B. Cross-Site Scripting

C. Cross-Site Request Forgery

D. Web form input validation

James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources.
What is the framework used by James to conduct footprinting and reconnaissance activities?

A. OSINT framework

B. WebSploit Framework

C. Browser Exploitation Framework

D. SpeedPhish Framework

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

A. Presentation tier

B. Application Layer

C. Logic tier

D. Data tier

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as `'or '1'='1'` in any basic injection statement such as `or 1=1.`
Identify the evasion technique used by Daniel in the above scenario.

A. Char encoding

B. IP fragmentation

C. Variation

D. Null byte

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

A. Session hijacking

B. Firewalking

C. Man-in-the middle attack

D. Network sniffing

Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However, Jane has a long, complex password on her router. What attack has likely occurred?

A. Wardriving

B. Wireless sniffing

C. Evil twin

D. Piggybacking

While performing an Nmap scan against a host, Paola determines the existence of a firewall.
In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

A. -sA

B. -sX

C. -sT

D. -sF

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

A. Passwords

B. File permissions

C. Firewall rulesets

D. Usernames

What is the code written for?

A. Denial-of-service (DOS)

B. Buffer Overflow

C. Bruteforce

D. Encryption

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the provider's environment?

A. Behavioral based

B. Heuristics based

C. Honeypot based

D. Cloud based

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A. Attempts by attackers to access the user and password information stored in the company’s SQL database.

B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.

C. Attempts by attackers to access passwords stored on the user’s computer without the user’s knowledge.

D. Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour.
Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

A. $1320

B. $440

C. $100

D. $146

Bill has been hired as a penetration tester and cyber security auditor for a major credit card company.
Which information security standard is most applicable to his role?

A. FISMA

B. Sarbanes-Oxley Act

C. HITECH

D. PCI-DSS

Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources.
Which of the following models covers this?

A. Platform as a service

B. Software as a service

C. Functions as a service

D. Infrastructure as a service

Harper, a software engineer, is developing an email application. To ensure the confidentiality of email messages, Harper uses a symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which includes large 8 ֳ— 32-bit S-boxes (S1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a masking key (Km1) and a rotation key
(Kr1) for performing its functions.
What is the algorithm employed by Harper to secure the email messages?

A. CAST-128

B. AES

C. GOST block cipher

D. DES