Which of the following type of errors occurs when a legitimate user incorrectly denied access to resources by the Biometrics authentication systems?

A. Type II

B. Type I

C. Type III

D. Type IV

Which of the following is a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number?

A. Snooping

B. Phishing

C. SYN attack

D. Spoofing

Which of the following works at the network layer and hides the local area network IP address and topology?

A. Hub

B. MAC address

C. Network address translation (NAT)

D. Network interface card (NIC)

Which of the following are ensured by the concept of integrity in information system security?
Each correct answer represents a complete solution. Choose two.

A. Unauthorized modifications are not made by authorized users.

B. Data modifications are not made by an unauthorized user or process.

C. The intentional or unintentional unauthorized disclosure of a message or important document contents is prevented.

D. The systems are up and running when they are needed.

Which of the following tools or services is used to find the entire IP address range used by an organization?

A. TRACERT

B. Ping Scanner

C. PATHPING

D. Share Scanner

threat?
Each correct answer represents a complete solution. Choose three.

A. Password policies

B. Vulnerability assessments

C. Data classification

D. Data encryption

Which of the following need to be reduced to suppress a fire?
Each correct answer represents a complete solution. Choose all that apply.

A. Oxygen

B. Fuel

C. CO2

D. High temperature

Which of the following are examples of passive attacks?
Each correct answer represents a complete solution. Choose all that apply.

A. Shoulder surfing

B. Dumpster diving

C. Placing a backdoor

D. Eavesdropping

Which of the following methods of encryption uses a single key to encrypt and decrypt data?

A. S/MIME

B. PGP

C. Symmetric

D. Asymmetric

Which of the following protocols allows an e-mail client to access and manipulate a remote e-mail file without downloading it to the local computer?

A. IMAP

B. SNMP

C. SMTP

D. POP3

You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering?
Each correct answer represents a complete solution. Choose two.

A. Load balancing

B. Ease of maintenance

C. Failover

D. Reduce power consumption

Which of the following types of computers is used for attracting potential intruders?

A. Honey pot

B. Bastion host

C. Data pot

D. Files pot

is true?

A. It is a condition in which an application receives more data than it is configured to accept.

B. It is a collection of files used by Microsoft for software updates released between major service pack releases.

C. It is a false warning about a virus.

D. It manages security credentials and public keys for message encryption.

Which of the following is the method of hiding data within another media type such as graphic or document?

A. Spoofing

B. Cryptanalysis

C. Steganography

D. Packet sniffing

How many voice channels are available in a T2 line?

A. 1

B. 10

C. 24

D. 34

is true?

A. It is a rule list containing access control entries.

B. It specifies whether an audit activity should be performed when an object attempts to access a resource.

C. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.

D. It is a unique number that identifies a user, group, and computer account.

Which of the following books deals with confidentiality?

A. Brown Book

B. Red Book

C. Purple Book

D. Orange Book

Which of the following law does not protect intellectual property?

A. Murphy’s law

B. Patent law

C. Trademark

D. Copyright

Which of the following is the default port for DNS zone transfer?

A. Port 21

B. Port 80

C. Port 23

D. Port 53

Which of the following protocols multicasts messages and information among all member devices in an IP multicast group?

A. ARP

B. TCP

C. ICMP

D. IGMP

In which of the following attacks does the attacker confuse the switch itself into thinking two ports have the same MAC address?

A. ARP spoofing

B. Replay

C. Brute force

D. MAC duplicating

in effect if no expiration date is set?

A. Forever

B. Until the session ends.

C. Fifteen days

D. One year

Which of the following techniques are used to secure wireless networks?
Each correct answer represents a complete solution. Choose three.

A. MAC address filtering

B. SSID spoofing

C. IP spoofing

D. Closed network

Which of the following terms is used for securing an operating system from an attack?

A. System hacking

B. System hardening

C. System mirroring

D. System indexing

Which of the following safes are large enough to allow a person to enter?

A. Wall safes

B. Floor safes

C. Vaults

D. Chests

Which of the following terms refers to a momentary low voltage?

A. Blackout

B. Spike

C. Noise

D. Sag

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

A. Session splicing attack

B. Evasion attack

C. Insertion attack

D. Polymorphic shell code attack

terminal at
home to connect to the company's network. You have to configure your company's router for it. By default, which of the following standard ports does the SSH protocol use for connection?

A. 21

B. 443

C. 80

D. 22

Which of the following protocols is used with a tunneling protocol to provide security?

A. EAP

B. IPSec

C. FTP

D. IPX/SPX

SUMULATION -
Fill in the blank with the appropriate layer name of the OSI model.
Secure Socket Layer (SSL) operates at the _______ layer of the OSI model.

Which of the following is the rating for gasoline or oil fires?

A. Class B

B. Class D

C. Class A

D. Class C

Brutus is a password cracking tool that can be used to crack the following authentications:
✑ HTTP (Basic Authentication)
✑ HTTP (HTML Form/CGI)
✑ POP3 (Post Office Protocol v3)
✑ FTP (File Transfer Protocol)
✑ SMB (Server Message Block)
Telnet -
 
Which of the following attacks can be performed by Brutus for password cracking?
Each correct answer represents a complete solution. Choose all that apply.

A. Dictionary attack

B. Brute force attack

C. Replay attack

D. Hybrid attack

E. Man-in-the-middle attack

volume disk configuration for fault tolerance. What is the minimum number of disk drives required for implementing RAID-5 volumes?

A. Thirty-two

B. Two

C. Three

D. One

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. In order to do so, he performs the following steps of the preattack phase successfully:
✑ Information gathering
✑ Determination of network range
✑ Identification of active systems
✑ Location of open ports and applications
Now, which of the following tasks should he perform next?

A. Install a backdoor to log in remotely on the We-are-secure server.

B. Map the network of We-are-secure Inc.

C. Fingerprint the services running on the we-are-secure network.

D. Perform OS fingerprinting on the We-are-secure network.

What are packet sniffers?

A. Packet sniffers test package security.

B. Packet sniffers capture the packages as they cross the network.

C. Packet sniffers encrypt the packages as they cross the network.

D. Packet sniffers test the packages to verify data integrity.

are true?
Each correct answer represents a complete solution. Choose two.

A. It can also be nested with the Layer Two Tunneling Protocol (L2TP).

B. It is an IPSec protocol.

C. It uses TCP port 22 as the default port and operates at the application layer.

D. It is a text-based communication protocol.

Identify whether the given statement is true or false.
"Availability is a term that refers to the reliable and timely access to data and resources that you are authorized to use."

A. False

B. True

consist of?
Each correct answer represents a complete solution. Choose two.

A. Data service

B. Account service

C. Authentication service

D. Ticket-granting service

Which of the following are politically motivated threats that an organization faces?
Each correct answer represents a complete solution. Choose all that apply.

A. Power distribution outages

B. Civil disobedience

C. Riot

D. Vandalism

E. Terrorist attacks

In which of the following processes, a DNS server may return an incorrect IP address, diverting traffic to another computer?

A. TCP FIN scanning

B. DNS poisoning

C. Snooping

D. TCP SYN scanning

Which of the following should propose applicable and effective security controls for managing the risks?

A. Risk assessment

B. Risk treatment plan

C. Risk communication

D. Risk management plan

algorithm?

A. Password

B. Access control entry

C. Key exchange

D. Access control list

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as __________.

A. False positive

B. False negative

C. True negative

D. True positive

Which of the following is the rating for electronic or computer fires?

A. Class B

B. Class C

C. Class D

D. Class A

Which of the following is a name, symbol, or slogan with which a product is identified?

A. Trademark

B. Patent

C. Trade secret

D. Copyright

Which of the following are the major tasks of risk management?
Each correct answer represents a complete solution. Choose two.

A. Assuring the integrity of organizational data

B. Building Risk free systems

C. Risk control

D. Risk identification

Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?

A. Chain of custody

B. Evidence access policy

C. Chain of evidence

D. Incident response policy

of the OSI model?
Each correct answer represents a complete solution. Choose two.

A. Firewalls

B. Hub

C. Routers

D. MAC addresses

Which of the following refers to a program that allows access to a system by skipping the security checks?

A. Honey pot

B. Hoax

C. Back door

D. Worm

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. While examining a log report, he finds that an intrusion has been attempted by an attacker whose IP address is 0x40.0x3A.0x2B.0xE6. Which of the following decimal IP addresses will respond to the ping on the above Hexadecimal IP address?

A. 64.58.42.230

B. 64.59.43.230

C. 64.58.43.231

D. 64.58.43.230