Professional Documents
Culture Documents
7)
14)
A hacker has successfully infected an internet facing server,
which he will then use to send junk mail to take part in the coordinated
attacks or host junk email content. Which sort of trojan infects this
server?
Botnet Trojan
15)
When you are testing a web application, it is very useful to
employ a proxy tool to save every request and response. You can
manually test every request and analyze the response to find
vulnerabilities. You can test parameter and headers manually to get
more precise results than if using web vulnerability scanners. What
proxy tool will help you find web vulnerabilities?
Burpsuite: Burpsuite is also a very powerful vulnerability scanner, spider
and much more!
16)
Which of the following defines the role of a root Certificate
Authority (CA) in a Public Key Infrastructure (PKI)?
The CA is the trusted root that issues certificates:
17)
You are logged in as a local admin on a Windows 7 system and
you need to launch the Computer Management Console from command
line. Which command would you use?
c:\win...\compmgmt.msc
18)
You've gained access to a Windows 2008 Server which has an
accessible disc drive. When you attempt to boot the server and log in,
you are unable to guess the password. In your tool kit you have an
Ubuntu 9.10 Linux Live CD. Which Linux based tool has the ability to
change any user's password or activate disabled Windows accounts?
CHNTPW
19)
Collision attacks try to find two inputs that produce the same hash
Explanation:
The birthday attack, also known as a collision attack or reverse hash
matching, seeks to find flaws in the one-to-one nature of hashing functions.
In this attack, the malicious individual seeks to substitute in a digitally
signed communication a different message that produces the same
message digest, thereby maintaining the validity of the original digital
signature.
20)
Which of the following countermeasure can specifically protect
against both the MAC Flood and MAC Spoofing attacks?
24)
A companys Web development team has become aware of a
certain type of security vulnerability in their Web software. To mitigate
29)
What is this Shellshock bash vulnerability attempting to
do on this vulnerable Linux
host? env x='(){:;};echo exploit' bash -c 'cat /etc/passwd
Display passwd contents to prompt:
30)
Which of the following is a design pattern based on
distinct pieces of software providing application functionality
as services to other applications?
Service Oriented Architecture
Explanation:
A service-oriented architecture (SOA) is an architectural pattern in
computer software design in which application components
provide services to other components via a communications
protocol, typically over a network. The principles of serviceorientation are independent of any vendor, product or technology
31)
What is the most common method to exploit the "Bash
Bug" or "ShellShock" vulnerability?
Through Web servers utilizing CGI (Common Gateway
Interface) to send a malformed environment variable to a
vulnerable Web server
32)
After trying multiple exploits, you've gained root access
to a Centos 6 server. To ensure you maintain access, what
would you do first?
Download and Install Netcat
33)
Joel and her team have been going through tons of
garbage, recycled paper, and other rubbish in order to find
some information about the target they are attempting to
penetrate. How would you call this type of activity?
Dumpster Diving:
34)
You have successfully gained access to a linux server and
would like to ensure that the succeeding outgoing traffic from
this server will not be caught by a Network Based Intrusion
Detection Systems (NIDS). What is the best way to evade the
NIDS?
Encryption
35)
Which IPSEC mode should you use to assure security and
confidentiality of data within the same LAN?
ESP transport mode
36)
Which of the following statements regarding ethical
hacking is incorrect?
Ethical hackers should never use tools or methods that
have
the potential of exploiting vulnerabilities in an
organization's
systems
37)
You are doing a pentest against an organization that has
just recovered from a major cyber-attack. The CISO and CIO
want to completely and totally eliminate risk. What is one of
the first things you should explain to these individuals?
Explain that you cannot eliminate all risk but you will be
able to reduce risk to acceptable levels
38)
You work as a Security Analyst for a retail organization. In
securing the company's network, you set up a firewall and an
IDS. However, hackers are able to attack the network. After
investigating, you discover that your IDS is not configured
properly and therefore is unable to trigger alarms when
needed. What type of alert is the IDS giving?
False Negative
Explanation:
False Positive is when IDPS raises an alert even though there is
no attack where as false Negative is failure of IDPS to raise an
alert when there is an attack. True Negative is when IDPS does
not raise an alert and there is no attack whereas true positive
is the successful detection of attack by IDPS.
39)
An Intrusion Detection System(IDS) has alerted the
network administrator to a possiblymalicious sequence of
packets went to a Web server in the networks external DMZ.
Thepacket traffic was captured by the IDS and saved to a PCAP
file. What type of network tool can be used to determine if
these packets are genuinelymalicious or simply a false
positive?
Intrusion Prevention System (IPS)
40)
PGP, SSL, and IKE are all examples of which type of
cryptography?
Public Key
41)
It isan entity or event with the potential to adversely
impact a system through unauthorizedaccess destruction
disclosures denial of service or modification of data. Which of
the following terms best matches this definition?
Threat
42)
During a blackbox pen test you attempt to pass IRC traffic
over post 80/TCP from acompromised web enabled host. The
traffic
gets
blocked; however
outbound
HTTP
traffic
isunimpeded. What type of firewall is inspecting outbound
traffic?
Application
43)
Which of the following is not a Bluetooth attack?
Bluedriving
44)
Youve gained physical access to a Windows 2008 R2
server which has as accessible discdrive. When you attempt to
boot the server and log in, you are unable to guess the
password. In your tool kit you have an Ubuntu 9.10 Linux
LiveCD.Which Linux tool has theability to change any users
password or to activate disabled Windows Accounts?
John the Ripper
45)
A companys Web development team has become
aware ofa certain type of securityvulnerability in their Web
software. To mitigate the possibility of this vulnerability
beingexploited, the team wants to modify the software
requirements to disallow users fromentering HTML as input into
their Web application. What kind of web application
vulnerability likely exists in their software?
Cross-site Scripting vulnerability
46)
The purpose of a ____________ is to deny network access
to local area networks andother information assets by
unauthorized wireless devices
Wireless Intrusion Prevention System
47)