New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CPEH-001 Questions and Answers

Question # 6

Which of the following is a vulnerability in GNU’s bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

A.

Shellshock

B.

Rootshell

C.

Rootshock

D.

Shellbash

Full Access
Question # 7

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

A.

Port Scanning

B.

Hacking Active Directory

C.

Privilege Escalation

D.

Shoulder-Surfing

Full Access
Question # 8

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

A.

Ping of death

B.

SYN flooding

C.

TCP hijacking

D.

Smurf attack

Full Access
Question # 9

A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous penetration tests. What should you do?

A.

Share reports, after NDA is signed

B.

Share full reports, not redacted

C.

Decline but, provide references

D.

Share full reports with redactions

Full Access
Question # 10

A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?

A.

Ignore it.

B.

Try to sell the information to a well-paying party on the dark web.

C.

Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability.

D.

Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.

Full Access
Question # 11

You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the configuration of this Windows system you find two static routes.

route add 10.0.0.0 mask 255.0.0.0 10.0.0.1

route add 0.0.0.0 mask 255.0.0.0 199.168.0.1

What is the main purpose of those static routes?

A.

Both static routes indicate that the traffic is external with different gateway.

B.

The first static route indicates that the internal traffic will use an external gateway and the second static route indicates that the traffic will be rerouted.

C.

Both static routes indicate that the traffic is internal with different gateway.

D.

The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to an external gateway.

Full Access
Question # 12

Which of the following statements regarding ethical hacking is incorrect?

A.

Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization's systems.

B.

Testing should be remotely performed offsite.

C.

An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services.

D.

Ethical hacking should not involve writing to or modifying the target systems.

Full Access
Question # 13

Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?

A.

Internal Whitebox

B.

External, Whitebox

C.

Internal, Blackbox

D.

External, Blackbox

Full Access
Question # 14

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

A.

The password file does not contain the passwords themselves.

B.

He can open it and read the user ids and corresponding passwords.

C.

The file reveals the passwords to the root user only.

D.

He cannot read it because it is encrypted.

Full Access
Question # 15

You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?

A.

Network-based IDS

B.

Firewall

C.

Proxy

D.

Host-based IDS

Full Access
Question # 16

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

A.

The document can be sent to the accountant using an exclusive USB for that document.

B.

The CFO can use a hash algorithm in the document once he approved the financial statements.

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.

D.

The CFO can use an excel file with a password.

Full Access
Question # 17

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

Hybrid Attack

Full Access
Question # 18

What hacking attack is challenge/response authentication used to prevent?

A.

Replay attacks

B.

Scanning attacks

C.

Session hijacking attacks

D.

Password cracking attacks

Full Access
Question # 19

It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?

A.

Containment

B.

Eradication

C.

Recovery

D.

Discovery

Full Access
Question # 20

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities.

Example:

allintitle: root passwd

A.

Maintaining Access

B.

Gaining Access

C.

Reconnaissance

D.

Scanning and Enumeration

Full Access
Question # 21

In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e-mails?

A.

A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name.

B.

Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.

C.

A blacklist of companies that have their mail server relays configured to be wide open.

D.

Tools that will reconfigure a mail server's relay component to send the e-mail back to the spammers occasionally.

Full Access
Question # 22

MX record priority increases as the number increases. (True/False.)

A.

True

B.

False

Full Access
Question # 23

Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications?

A.

Use cryptographic storage to store all PII

B.

Use full disk encryption on all hard drives to protect PII

C.

Use encrypted communications protocols to transmit PII

D.

Use a security token to log into all Web applications that use PII

Full Access
Question # 24

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

A.

Say no; the friend is not the owner of the account.

B.

Say yes; the friend needs help to gather evidence.

C.

Say yes; do the job for free.

D.

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Full Access
Question # 25

Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'.

What technique is Ricardo using?

A.

Steganography

B.

Public-key cryptography

C.

RSA algorithm

D.

Encryption

Full Access
Question # 26

If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

A.

Spoof Scan

B.

TCP Connect scan

C.

TCP SYN

D.

Idle Scan

Full Access
Question # 27

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

A.

Harvesting

B.

Windowing

C.

Hardening

D.

Stealthing

Full Access
Question # 28

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

A.

Key registry

B.

Recovery agent

C.

Directory

D.

Key escrow

Full Access
Question # 29

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker 's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Full Access
Question # 30

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Full Access
Question # 31

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

A.

ARP Poisoning

B.

Smurf Attack

C.

DNS spoofing

D.

MAC Flooding

Full Access
Question # 32

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

A.

Poly key exchange

B.

Cross certification

C.

Poly key reference

D.

Cross-site exchange

Full Access
Question # 33

Which of the following guidelines or standards is associated with the credit card industry?

A.

Control Objectives for Information and Related Technology (COBIT)

B.

Sarbanes-Oxley Act (SOX)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Payment Card Industry Data Security Standards (PCI DSS)

Full Access
Question # 34

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crime investigations throughout the United States?

A.

NDCA

B.

NICP

C.

CIRP

D.

NPC

E.

CIA

Full Access
Question # 35

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

What is the closest approximate cost of this replacement and recovery operation per year?

A.

$146

B.

$1320

C.

$440

D.

$100

Full Access
Question # 36

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

A.

Connection Establishment: FIN, ACK-FIN, ACKConnection Termination: SYN, SYN-ACK, ACK

B.

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: ACK, ACK-SYN, SYN

C.

Connection Establishment: ACK, ACK-SYN, SYNConnection Termination: FIN, ACK-FIN, ACK

D.

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: FIN, ACK-FIN, ACK

Full Access
Question # 37

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

A.

[cache:]

B.

[site:]

C.

[inurl:]

D.

[link:]

Full Access
Question # 38

A virus that attempts to install itself inside the file it is infecting is called?

A.

Tunneling virus

B.

Cavity virus

C.

Polymorphic virus

D.

Stealth virus

Full Access
Question # 39

DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.

What command is used to determine if the entry is present in DNS cache?

A.

nslookup -fullrecursive update.antivirus.com

B.

dnsnooping –rt update.antivirus.com

C.

nslookup -norecursive update.antivirus.com

D.

dns --snoop update.antivirus.com

Full Access
Question # 40

Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol would you implement?

A.

TACACS+

B.

DIAMETER

C.

Kerberos

D.

RADIUS

Full Access
Question # 41

A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use?

A.

Intrusion Prevention System (IPS)

B.

Vulnerability scanner

C.

Protocol analyzer

D.

Network sniffer

Full Access
Question # 42

Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?

A.

It is a network fault and the originating machine is in a network loop

B.

It is a worm that is malfunctioning or hardcoded to scan on port 500

C.

The attacker is trying to detect machines on the network which have SSL enabled

D.

The attacker is trying to determine the type of VPN implementation and checking for IPSec

Full Access
Question # 43

Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?

A.

Preparation phase

B.

Containment phase

C.

Recovery phase

D.

Identification phase

Full Access
Question # 44

Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network's SSID and password and you hear them both clearly. What do you do with this information?

A.

Nothing, but suggest to him to change the network's SSID and password.

B.

Sell his SSID and password to friends that come to your house, so it doesn't slow down your network.

C.

Log onto to his network, after all it's his fault that you can get in.

D.

Only use his network when you have large downloads so you don't tax your own network.

Full Access
Question # 45

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

A.

USER, NICK

B.

LOGIN, NICK

C.

USER, PASS

D.

LOGIN, USER

Full Access
Question # 46

What is GINA?

A.

Gateway Interface Network Application

B.

GUI Installed Network Application CLASS

C.

Global Internet National Authority (G-USA)

D.

Graphical Identification and Authentication DLL

Full Access
Question # 47

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

A.

Birthday

B.

Brute force

C.

Man-in-the-middle

D.

Smurf

Full Access
Question # 48

Which definition among those given below best describes a covert channel?

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure

Full Access
Question # 49

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

Full Access
Question # 50

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

A.

To determine who is the holder of the root account

B.

To perform a DoS

C.

To create needless SPAM

D.

To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

E.

To test for virus protection

Full Access
Question # 51

When discussing passwords, what is considered a brute force attack?

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Full Access
Question # 52

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

A.

Eve is trying to connect as a user with Administrator privileges

B.

Eve is trying to enumerate all users with Administrative privileges

C.

Eve is trying to carry out a password crack for user Administrator

D.

Eve is trying to escalate privilege of the null user to that of Administrator

Full Access
Question # 53

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Full Access
Question # 54

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Full Access
Question # 55

What did the following commands determine?

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Full Access
Question # 56

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

Full Access
Question # 57

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

A.

Sender's public key

B.

Receiver's private key

C.

Receiver's public key

D.

Sender's private key

Full Access
Question # 58

How do employers protect assets with security policies pertaining to employee surveillance activities?

A.

Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

B.

Employers use informal verbal communication channels to explain employee monitoring activities to employees.

C.

Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

D.

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Full Access
Question # 59

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

A.

Multiple keys for non-repudiation of bulk data

B.

Different keys on both ends of the transport medium

C.

Bulk encryption for data transmission over fiber

D.

The same key on each end of the transmission medium

Full Access
Question # 60

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door.

In this case, we can say:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Full Access
Question # 61

Which is the first step followed by Vulnerability Scanners for scanning a network?

A.

TCP/UDP Port scanning

B.

Firewall detection

C.

OS Detection

D.

Checking if the remote host is alive

Full Access
Question # 62

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules.

Which of the following types of firewalls can protect against SQL injection attacks?

A.

Data-driven firewall

B.

Stateful firewall

C.

Packet firewall

D.

Web application firewall

Full Access
Question # 63

If an attacker uses the command SELECT*FROM user WHERE name = ‘x’ AND userid IS NULL; --‘; which type of SQL injection attack is the attacker performing?

A.

End of Line Comment

B.

UNION SQL Injection

C.

Illegal/Logically Incorrect Query

D.

Tautology

Full Access
Question # 64

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the

following represents the best practice your business should observe?

A.

Hire a security consultant to provide direction.

B.

Do not back up cither the credit card numbers or then hashes.

C.

Back up the hashes of the credit card numbers not the actual credit card numbers.

D.

Encrypt backup tapes that are sent off-site.

Full Access
Question # 65

During the process of encryption and decryption, what keys are shared?

During the process of encryption and decryption, what keys are shared?

A.

Private keys

B.

User passwords

C.

Public keys

D.

Public and private keys

Full Access
Question # 66

What is the minimum number of network connections in a multi homed firewall?

A.

3

B.

5

C.

4

D.

2

Full Access
Question # 67

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

A.

Implementing server-side PKI certificates for all connections

B.

Mandating only client-side PKI certificates for all connections

C.

Requiring client and server PKI certificates for all connections

D.

Requiring strong authentication for all DNS queries

Full Access
Question # 68

Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it's true positive or false positive. Looking at the logs he copy and paste basic details like below:

source IP: 192.168.21.100

source port: 80

destination IP: 192.168.10.23

destination port: 63221

What is the most proper answer.

A.

This is most probably true negative.

B.

This is most probably true positive which triggered on secure communication between client and server.

C.

This is most probably false-positive, because an alert triggered on reversed traffic.

D.

This is most probably false-positive because IDS is monitoring one direction traffic.

Full Access
Question # 69

While performing ping scans into a target network you get a frantic call from the organization's security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization's IDS monitor.

How can you modify your scan to prevent triggering this event in the IDS?

A.

Scan more slowly.

B.

Do not scan the broadcast IP.

C.

Spoof the source IP address.

D.

Only scan the Windows systems.

Full Access
Question # 70

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

A.

The zombie you are using is not truly idle.

B.

A stateful inspection firewall is resetting your queries.

C.

Hping2 cannot be used for idle scanning.

D.

These ports are actually open on the target system.

Full Access
Question # 71

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

A.

Recipient's private key

B.

Recipient's public key

C.

Master encryption key

D.

Sender's public key

Full Access
Question # 72

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".

Which web applications vulnerability did the analyst discover?

A.

Cross-site request forgery

B.

Command injection

C.

Cross-site scripting

D.

SQL injection

Full Access
Question # 73

Which of the following identifies the three modes in which Snort can be configured to run?

A.

Sniffer, Packet Logger, and Network Intrusion Detection System

B.

Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System

C.

Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System

D.

Sniffer, Packet Logger, and Host Intrusion Prevention System

Full Access
Question # 74

What is the main reason the use of a stored biometric is vulnerable to an attack?

A.

The digital representation of the biometric might not be unique, even if the physical characteristic is unique.

B.

Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.

C.

A stored biometric is no longer "something you are" and instead becomes "something you have".

D.

A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Full Access
Question # 75

Which type of scan measures a person's external features through a digital video camera?

A.

Iris scan

B.

Retinal scan

C.

Facial recognition scan

D.

Signature kinetics scan

Full Access
Question # 76

What are the three types of authentication?

A.

Something you: know, remember, prove

B.

Something you: have, know, are

C.

Something you: show, prove, are

D.

Something you: show, have, prove

Full Access
Question # 77

Which of the following examples best represents a logical or technical control?

A.

Security tokens

B.

Heating and air conditioning

C.

Smoke and fire alarms

D.

Corporate security policy

Full Access
Question # 78

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

A.

IP Security (IPSEC)

B.

Multipurpose Internet Mail Extensions (MIME)

C.

Pretty Good Privacy (PGP)

D.

Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Full Access
Question # 79

Which tool would be used to collect wireless packet data?

A.

NetStumbler

B.

John the Ripper

C.

Nessus

D.

Netcat

Full Access
Question # 80

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

A.

white box

B.

grey box

C.

red box

D.

black box

Full Access
Question # 81

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

A.

They are written in Java.

B.

They send alerts to security monitors.

C.

They use the same packet analysis engine.

D.

They use the same packet capture utility.

Full Access
Question # 82

Which of the following is a client-server tool utilized to evade firewall inspection?

A.

tcp-over-dns

B.

kismet

C.

nikto

D.

hping

Full Access
Question # 83

Which of the following is a preventive control?

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Full Access
Question # 84

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input?

A.

Validate web content input for query strings.

B.

Validate web content input with scanning tools.

C.

Validate web content input for type, length, and range.

D.

Validate web content input for extraneous queries.

Full Access
Question # 85

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

A.

Restore a random file.

B.

Perform a full restore.

C.

Read the first 512 bytes of the tape.

D.

Read the last 512 bytes of the tape.

Full Access
Question # 86

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

A.

Fast processor to help with network traffic analysis

B.

They must be dual-homed

C.

Similar RAM requirements

D.

Fast network interface cards

Full Access
Question # 87

Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

A.

Use a scan tool like Nessus

B.

Use the built-in Windows Update tool

C.

Check MITRE.org for the latest list of CVE findings

D.

Create a disk image of a clean Windows installation

Full Access
Question # 88

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content.

Which sort of trojan infects this server?

A.

Botnet Trojan

B.

Turtle Trojans

C.

Banking Trojans

D.

Ransomware Trojans

Full Access
Question # 89

What is the benefit of performing an unannounced Penetration Testing?

A.

The tester will have an actual security posture visibility of the target network.

B.

Network security would be in a "best state" posture.

C.

It is best to catch critical infrastructure unpatched.

D.

The tester could not provide an honest analysis.

Full Access
Question # 90

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

A.

Maltego

B.

Cain & Abel

C.

Metasploit

D.

Wireshark

Full Access
Question # 91

During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded.

What type of firewall is inspecting outbound traffic?

A.

Application

B.

Circuit

C.

Stateful

D.

Packet Filtering

Full Access
Question # 92

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.

What wireshark filter will show the connections from the snort machine to kiwi syslog machine?

A.

tcp.dstport==514 && ip.dst==192.168.0.150

B.

tcp.srcport==514 && ip.src==192.168.0.99

C.

tcp.dstport==514 && ip.dst==192.168.0.0/16

D.

tcp.srcport==514 && ip.src==192.168.150

Full Access
Question # 93

A medium-sized healthcare IT business decides to implement a risk management strategy.

Which of the following is NOT one of the five basic responses to risk?

A.

Delegate

B.

Avoid

C.

Mitigate

D.

Accept

Full Access
Question # 94

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.

What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?

A.

Terms of Engagement

B.

Project Scope

C.

Non-Disclosure Agreement

D.

Service Level Agreement

Full Access
Question # 95

It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection.

Which of the following terms best matches the definition?

A.

Bluetooth

B.

Radio-Frequency Identification

C.

WLAN

D.

InfraRed

Full Access
Question # 96

Which regulation defines security and privacy controls for Federal information systems and organizations?

A.

NIST-800-53

B.

PCI-DSS

C.

EU Safe Harbor

D.

HIPAA

Full Access
Question # 97

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation.

What command will help you to search files using Google as a search engine?

A.

site: target.com filetype:xls username password email

B.

inurl: target.com filename:xls username password email

C.

domain: target.com archive:xls username password email

D.

site: target.com file:xls username password email

Full Access
Question # 98

Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of vulnerability.

What is this style of attack called?

A.

zero-day

B.

zero-hour

C.

zero-sum

D.

no-day

Full Access
Question # 99

You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection Systems (NIDS).

What is the best way to evade the NIDS?

A.

Encryption

B.

Protocol Isolation

C.

Alternate Data Streams

D.

Out of band signalling

Full Access
Question # 100

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.

Based on this information, what should be one of your key recommendations to the bank?

A.

Place a front-end web server in a demilitarized zone that only handles external web traffic

B.

Require all employees to change their passwords immediately

C.

Move the financial data to another server on the same IP subnet

D.

Issue new certificates to the web servers from the root certificate authority

Full Access
Question # 101

What is the best description of SQL Injection?

A.

It is an attack used to gain unauthorized access to a database.

B.

It is an attack used to modify code in an application.

C.

It is a Man-in-the-Middle attack between your SQL Server and Web App Server.

D.

It is a Denial of Service Attack.

Full Access
Question # 102

Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.

What type of attack is outlined in the scenario?

A.

Watering Hole Attack

B.

Heartbleed Attack

C.

Shellshock Attack

D.

Spear Phising Attack

Full Access
Question # 103

Which of the following is a low-tech way of gaining unauthorized access to systems?

A.

Social Engineering

B.

Sniffing

C.

Eavesdropping

D.

Scanning

Full Access
Question # 104

An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.

Which AAA protocol is most likely able to handle this requirement?

A.

RADIUS

B.

DIAMETER

C.

Kerberos

D.

TACACS+

Full Access
Question # 105

Which type of security document is written with specific step-by-step details?

A.

Process

B.

Procedure

C.

Policy

D.

Paradigm

Full Access
Question # 106

On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?

A.

Risk Mitigation

B.

Emergency Plan Response (EPR)

C.

Disaster Recovery Planning (DRP)

D.

Business Impact Analysis (BIA)

Full Access
Question # 107

What does the -oX flag do in an Nmap scan?

A.

Perform an express scan

B.

Output the results in truncated format to the screen

C.

Perform an Xmas scan

D.

Output the results in XML format to a file

Full Access
Question # 108

What is the least important information when you analyze a public IP address in a security alert?

A.

ARP

B.

Whois

C.

DNS

D.

Geolocation

Full Access
Question # 109

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

A.

Cross-site scripting

B.

SQL injection

C.

VPath injection

D.

XML denial of service issues

Full Access
Question # 110

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

A.

OWASP is for web applications and OSSTMM does not include web applications.

B.

OSSTMM is gray box testing and OWASP is black box testing.

C.

OWASP addresses controls and OSSTMM does not.

D.

OSSTMM addresses controls and OWASP does not.

Full Access