- Set 1 (Q1 to Q30)
- Set 2 (Q31 to Q60)
- Set 3 (Q61 to Q90)
- Set 4 (Q91 to Q120)
- Set 5 (Q121 to Q150)
- Set 6 (Q151 to Q180)
- Set 7 (Q181 to Q210)
- Set 8 (Q211 to Q240)
- Set 9 (Q241 to Q270)
- Set 10 (Q271 to Q300)
- Set 11 (Q301 to Q330)
- Set 12 (Q331 to Q360)
- Set 13 (Q361 to Q390)
- Set 14 (Q391 to Q420)
- Set 15 (Q421 to Q450)
- Set 16 (Q451 to Q480)
- Set 17 (Q481 to Q510)
- Set 18 (Q511 to Q540)
- Set 19 (Q541 to Q570)
- Set 20 (Q571 to Q600)
- Set 21 (Q601 to Q630)
- Set 22 (Q631 to Q660)
- Set 23 (Q661 to Q690)
- Set 24 (Q691 to Q720)
Q61 - You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What wireshark filter will show the connections from the snort machine to kiwi syslog machine?
- tcp.dstport==514 && ip.dst==192.168.0.150
- tcp.srcport==514 && ip.src==192.168.0.99
- tcp.dstport==514 && ip.dst==192.168.0.0/16
- tcp.srcport==514 && ip.src==192.168.150
Q62 - Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
- Restore a random file.
- Perform a full restore.
- Read the first 512 bytes of the tape.
- Read the last 512 bytes of the tape.
Q63 - What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin?
Q64 - What is the role of test automation in security testing?
- It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
- It is an option but it tends to be very expensive.
- It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
- Test automation is not usable in security due to the complexity of the tests.
Q65 - Which of the following programming languages is most vulnerable to buffer overflow attacks?
Q66 - You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?
- hping2 host.domain.com
- hping2 --set-ICMP host.domain.com
- hping2 -i host.domain.com
- hping2 -1 host.domain.com
Q67 - Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
Q68 - Which protocol is used for setting up secured channels between two devices, typically in VPNs?
Q69 - What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hours to restore OS and Software and needs further 4 hours to restore the database from the last backup to the new hard disk? Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).
Q70 - A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am. Which of the following programming languages would most likely be used?
Q71 - As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?
- Terms of Engagement
- Project Scope
- Non-Disclosure Agreement
- Service Level Agreement
Q72 - When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is
- OWASP is for web applications and OSSTMM does not include web applications.
- OSSTMM is gray box testing and OWASP is black box testing.
- OWASP addresses controls and OSSTMM does not.
- OSSTMM addresses controls and OWASP does not.
Q73 - Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?
- Password protected files
- Hidden folders
- BIOS password
- Full disk encryption.
Q74 - The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?
Q75 - Which protocol is used for setting up secure channels between two devices, typically in VPNs?
Q76 - What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
- Residual risk
- Inherent risk
- Deferred risk
- Impact risk
Q77 - Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.
- Solarwinds IP Network Browser
Answer: A, B and D
Q78 - Which of the following represents the initial two commands that an IRC client sends to join an IRC network?
- USER, NICK
- LOGIN, NICK
- USER, PASS
- LOGIN, USER
Q79 - An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?
Q80 - Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?
- a port scanner
- a vulnerability scanner
- a virus scanner
- a malware scanner
Q81 - Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?
- Omnidirectional antenna
- Dipole antenna
- Yagi antenna
- Parabolic grid antenna
Q82 - What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?
- Blue Book
- ISO 26029
- Common Criteria
- The Wassenaar Agreement
Q83 - Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.
In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?
- Switch then acts as hub by broadcasting packets to all machines on the network
- The CAM overflow table will cause the switch to crash causing Denial of Service
- The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
- Every packet is dropped and the switch sends out SNMP alerts to the IDS port
Q84 - A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?
Q85 - Study the snort rule given below:
From the options below, choose the exploit against which this rule applies.
- SQL Slammer
- MS Blaster
Q86 - Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?
Q87 - You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?
- Install Cryptcat and encrypt outgoing packets from this server.
- Install and use Telnet to encrypt all outgoing traffic from this server.
- Use Alternate Data Streams to hide the outgoing packets from this server.
- Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.
Q88 - If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?
Q89 - The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?
Q90 - Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?
- Ping of death
- SYN flooding
- TCP hijacking
- Smurf attack