Q91 - Which of the following tools can be used for passive OS fingerprinting?

1. tcpdump
2. nmap
3. ping
4. tracert

Q92 - Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

1. Penetration testing
2. Social engineering
3. Vulnerability scanning
4. Access control list reviews

Q93 - You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.
Dear valued customers,
We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

or you may contact us at the following address:
Media Internet Consultants, Edif. Neptuno, Planta
Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama
How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

1. Look at the website design, if it looks professional then it is a Real Anti-Virus website
2. Connect to the site using SSL, if you are successful then the website is genuine
3. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
4. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
5. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Q94 - You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts?

1. CHNTPW
2. Cain & Abel
3. SET
4. John the Ripper

Q95 - Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

1. UDP 123
2. UDP 541
3. UDP 514
4. UDP 415

Q96 - Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

1. NMAP
2. Metasploit
3. Nessus
4. BeEF

Q97 - Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

1. Certificate issuance
2. Certificate validation
3. Certificate cryptography
4. Certificate revocation

Q98 - Which of the following describes the characteristics of a Boot Sector Virus?

1. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
2. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
3. Modifies directory table entries so that directory entries point to the virus code instead of the actual program
4. Overwrites the original MBR and only executes the new virus code

Q99 - Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers. Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

1. Hardware, Software, and Sniffing.
2. Hardware and Software Keyloggers.
3. Passwords are always best obtained using Hardware key loggers.
4. Software only, they are the most effective.

Q100 - The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%). What is the closest approximate cost of this replacement and recovery operation per year?

1. $146
2. $1320
3. $440
4. $100

Q101 - You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line. Which command would you use?

1. c:\compmgmt.msc
2. c:\services.msc
3. c:\ncpa.cp
4. c:\gpedit

Q102 - Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

1. WebBugs
2. WebGoat
3. VULN_HTML
4. WebScarab

Q103 - Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

1. SQL injection attack
2. Cross-Site Scripting (XSS)
3. LDAP Injection attack
4. Cross-Site Request Forgery (CSRF)

Q104 - You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection Systems (NIDS). What is the best way to evade the NIDS?

1. Encryption
2. Protocol Isolation
3. Alternate Data Streams
4. Out of band signalling

Q105 - What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

1. All are hacking tools developed by the legion of doom
2. All are tools that can be used not only by hackers, but also security personnel
3. All are DDOS tools
4. All are tools that are only effective against Windows
5. All are tools that are only effective against Linux

Q106 - The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices.

1. Wireless Intrusion Prevention System
2. Wireless Access Point
3. Wireless Access Control List
4. Wireless Analyzer

Q107 - An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

1. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
2. He will activate OSPF on the spoofed root bridge.
3. He will repeat the same attack against all L2 switches of the network.
4. He will repeat this action so that it escalates to a DoS attack.

Q108 - Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

1. 768 bit key
2. 1025 bit key
3. 1536 bit key
4. 2048 bit key

Q109 - Which among the following is a Windows command that a hacker can use to list all the shares to which the current user context has access?

1. NET FILE
2. NET USE
3. NET CONFIG
4. NET VIEW

Q110 - If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?

1. Civil
2. International
3. Criminal
4. Common

Q111 - What is the following command used for?
net use \targetipc$ "" /u:""

1. Grabbing the etc/passwd file
2. Grabbing the SAM
3. Connecting to a Linux computer through Samba.
4. This command is used to connect as a null session
5. Enumeration of Cisco routers

Q112 - What hacking attack is challenge/response authentication used to prevent?

1. Replay attacks
2. Scanning attacks
3. Session hijacking attacks
4. Password cracking attacks

Q113 - Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm?

1. SHA-2
2. SHA-3
3. SHA-1
4. SHA-0

Q114 - In order to show improvement of security over time, what must be developed?

1. Reports
2. Testing tools
3. Metrics
4. Taxonomy of vulnerabilities

Q115 - Due to a slowdown of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

1. All of the employees would stop normal work activities
2. IT department would be telling employees who the boss is
3. Not informing the employees that they are going to be monitored could be an invasion of privacy.
4. The network could still experience traffic slow down.

Q116 - These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hackers are we talking about?

1. Black-Hat Hackers
2. Script Kiddies
3. White-Hat Hackers
4. Gray-Hat Hacker

Q117 - You are monitoring the network of your organizations. You notice that: Which of the following solution will you suggest?

1. Block the Blacklist IP's @ Firewall
2. Update the Latest Signatures on your IDS/IPS
3. Clean the Malware which are trying to Communicate with the External Blacklist IP's
4. Both B and C

Q118 - What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you've compromised and gained root access to?

1. Install Cryptcat and encrypt outgoing packets from this server.
2. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.
3. Use Alternate Data Streams to hide the outgoing packets from this server.

Q119 - When discussing passwords, what is considered a brute force attack?

1. You attempt every single possibility until you exhaust all possible combinations or discover the password
2. You threaten to use the rubber hose on someone unless they reveal their password
3. You load a dictionary of words into your cracking program
4. You create hashes of a large number of words and compare it with the encrypted passwords
5. You wait until the password expires

Q120 - Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

1. Validate and escape all information sent to a server
2. Use security policies and procedures to define and implement proper security settings
3. Verify access right before allowing access to protected information and UI controls
4. Use digital certificates to authenticate a server prior to sending data