- Set 1 (Q1 to Q30)
- Set 2 (Q31 to Q60)
- Set 3 (Q61 to Q90)
- Set 4 (Q91 to Q120)
- Set 5 (Q121 to Q150)
- Set 6 (Q151 to Q180)
- Set 7 (Q181 to Q210)
- Set 8 (Q211 to Q240)
- Set 9 (Q241 to Q270)
- Set 10 (Q271 to Q300)
- Set 11 (Q301 to Q330)
- Set 12 (Q331 to Q360)
- Set 13 (Q361 to Q390)
- Set 14 (Q391 to Q420)
- Set 15 (Q421 to Q450)
- Set 16 (Q451 to Q480)
- Set 17 (Q481 to Q510)
- Set 18 (Q511 to Q540)
- Set 19 (Q541 to Q570)
- Set 20 (Q571 to Q600)
- Set 21 (Q601 to Q630)
- Set 22 (Q631 to Q660)
- Set 23 (Q661 to Q690)
- Set 24 (Q691 to Q720)
Q271 - A hacker is an intelligent individual with excellent computer skills and the ability to explore acomputer's software and hardware without the owner's permission. Their intention can either be tosimply gain knowledge or to illegally make changes. Which of the following class of hacker refers toan individual who works both offensively and defensively at various times?
- Suicide Hacker
- Black Hat
- White Hat
- Gray Hat
Q272 - Fingerprinting VPN firewalls is possible with which of the following tools?
- Angry IP
Q273 - What is a "Collision attack" in cryptography?
- Collision attacks try to find two inputs producing the same hash.
- Collision attacks try to break the hash into two parts, with the same bytes in each part to get theprivate key.
- Collision attacks try to get the public key.
- Collision attacks try to break the hash into three parts to get the plaintext value.
Q274 - It is a short-range wireless communication technology intended to replace the cablesconnecting portable of fixed devices while maintaining high levels of security. It allows mobilephones, computers and other devices to connect and communicate using a short-range wirelessconnection. Which of the following terms best matches the definition?
- A. Bluetooth
- Radio-Frequency Identification
Q275 - What is a NULL scan?
- A scan in which all flags are turned off
- A scan in which certain flags are off
- A scan in which all flags are on
- A scan in which the packet size is set to zero
- A scan with an illegal packet size
Q276 - An attacker runs netcat tool to transfer a secret file between two hosts.
He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?
- Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat < machine A IP > 1234
- Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat < machine A IP > 1234
- Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat < machine A IP > 1234 -pw password
- Use cryptcat instead of netcat
Q277 - This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?
- network mapping
- gaining access
- escalating privileges
Q278 - In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?
- Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.
- Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.
- Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addresses.
- Vulnerabilities in the application layer are greatly different from IPv4.
Q279 - Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?
- John the Ripper
Q280 - Which initial procedure should an ethical hacker perform after being brought into an organization?
- Begin security testing.
- Turn over deliverables.
- Sign a formal contract with non-disclosure.
- Assess what the organization is trying to protect.
Q281 - What is the main security service a cryptographic hash provides?
- Integrity and ease of computation
- Message authentication and collision resistance
- Integrity and collision resistance
- Integrity and computational in-feasibility
Q282 - A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
- Paros Proxy
Q283 - Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?
Q284 - You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 126.96.36.199/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict?
- Botnet Attack
- Spear Phishing Attack
- Advanced Persistent Threats
- Rootkit Attack
Q285 - What is the least important information when you analyze a public IP address in a security alert?
Q286 - How can telnet be used to fingerprint a web server?
- telnet webserverAddress 80 HEAD / HTTP/1.0
- telnet webserverAddress 80 PUT / HTTP/1.0
- telnet webserverAddress 80 HEAD / HTTP/2.0
- telnet webserverAddress 80 PUT / HTTP/2.0
Q287 - If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
- TCP ping
- Broadcast ping
Q288 - Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
Q289 - An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?
- ARP Poisoning
- Smurf Attack
- DNS spoofing
- MAC Flooding
Q290 - After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
- Create User Account
- Disable Key Services
- Disable IPTables
- Download and Install Netcat
Q291 - If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?
- SDLC process
- Honey pot
- SQL injection
- Trap door
Q292 - The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?
- The buffer overflow attack has been neutralized by the IDS
- The attacker is creating a directory on the compromised machine
- The attacker is attempting a buffer overflow attack and has succeeded
- The attacker is attempting an exploit that launches a command-line shell
Q293 - Security and privacy of/on information systems are two entities that requires lawful regulations. Which of the following regulations defines security and privacy controls for Federal information systems and organizations?
- NIST SP 800-53
- EU Safe Harbor
Q294 - A circuit level gateway works at which of the following layers of the OSI Model?
- Layer 5 - Application
- Layer 4 - TCP
- Layer 3 - Internet protocol
- Layer 2 - Data link
Q295 - You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?
- All three servers need to be placed internally
- A web server facing the Internet, an application server on the internal network, a database server on the internal network
- A web server and the database server facing the Internet, an application server on the internal network
- All three servers need to face the Internet so that they can communicate between themselves
Q296 - What is the purpose of a demilitarized zone on a network?
- To scan all traffic coming through the DMZ to the internal network
- To only provide direct access to the nodes within the DMZ and protect the network behind it
- To provide a place to put the honeypot
- To contain the network devices you wish to protect
Q297 - Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?
- Key distribution
Q298 - A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?
- Threaten to publish the penetration test results if not paid.
- Follow proper legal procedures against the company to request payment.
- Tell other customers of the financial problems with payments from this company.
- Exploit some of the vulnerabilities found on the company webserver to deface it.
Q299 - Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?
- Sarbanes-Oxley Act (SOX)
- Gramm-Leach-Bliley Act (GLBA)
- Fair and Accurate Credit Transactions Act (FACTA)
- Federal Information Security Management Act (FISMA)
Q300 - Which of the following Nmap commands will produce the following output?
- nmap -sN -Ps -T4 192.168.1.1
- nmap -sT -sX -Pn -p 1-65535 192.168.1.1
- nmap -sS -Pn 192.168.1.1
- nmap -sS -sU -Pn -p 1-65535 192.168.1.1