- Set 1 (Q1 to Q30)
- Set 2 (Q31 to Q60)
- Set 3 (Q61 to Q90)
- Set 4 (Q91 to Q120)
- Set 5 (Q121 to Q150)
- Set 6 (Q151 to Q180)
- Set 7 (Q181 to Q210)
- Set 8 (Q211 to Q240)
- Set 9 (Q241 to Q270)
- Set 10 (Q271 to Q300)
- Set 11 (Q301 to Q330)
- Set 12 (Q331 to Q360)
- Set 13 (Q361 to Q390)
- Set 14 (Q391 to Q420)
- Set 15 (Q421 to Q450)
- Set 16 (Q451 to Q480)
- Set 17 (Q481 to Q510)
- Set 18 (Q511 to Q540)
- Set 19 (Q541 to Q570)
- Set 20 (Q571 to Q600)
- Set 21 (Q601 to Q630)
- Set 22 (Q631 to Q660)
- Set 23 (Q661 to Q690)
- Set 24 (Q691 to Q720)
Q121 - Emil uses nmap to scan two hosts using this command.
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:
What is his conclusion?
- Host 192.168.99.7 is an iPad.
- He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7.
- Host 192.168.99.1 is the host that he launched the scan from.
- Host 192.168.99.7 is down.
Q122 - What is GINA?
- Gateway Interface Network Application
- GUI Installed Network Application CLASS
- Global Internet National Authority (G-USA)
- Graphical Identification and Authentication DLL
Q123 - After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?
Q124 - A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.
- Use port security on his switches.
- Use a tool like ARPwatch to monitor for strange ARP activity.
- Use a firewall between all LAN segments.
- If you have a small network, use static ARP entries.
- Use only static IP addresses on all PC's.
Answer: A, B and D
Q125 - A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?
- Botnet Trojan
- Turtle Trojans
- Banking Trojans
- Ransomware Trojans
Q126 - You have initiated an active operating system fingerprinting attempt with nmap against a target system:
What operating system is the target host running based on the open ports shown above?
- Windows XP
- Windows 98 SE
- Windows NT4 Server
- Windows 2000 Server
Q127 - In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities.
allintitle: root passwd
- Maintaining Access
- Gaining Access
- Scanning and Enumeration
Q128 - A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?
- Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
- Attempts by attackers to access the user and password information stored in the company's SQL database.
- Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
- Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
Q129 - Which of the following are well known password-cracking programs?
- Jack the Ripper
- John the Ripper
Answer: A and E
Q130 - One of your team members has asked you to analyze the following SOA record. What is the version?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)
Q131 - LM hash is a compromised password hashing function. Which of the following parameters describe LM Hash:?
I - The maximum password length is 14 characters.
II - There are no distinctions between uppercase and lowercase.
III - It's a simple algorithm, so 10,000,000 hashes can be generated per second.
- I, II, and III
- I and II
Q132 - Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?
Q133 - Which of the following program infects the system boot sector and the executable files at the same time?
- Stealth virus
- Polymorphic virus
- Macro virus
- Multipartite Virus
Q134 - If you are to determine the attack surface of an organization, which of the following is the BEST thing to do?
- Running a network scan to detect network services in the corporate DMZ
- Reviewing the need for a security clearance for each employee
- Using configuration management to determine when and where to apply security patches
- Training employees on the security policy regarding social engineering
Q135 - Which is the first step followed by Vulnerability Scanners for scanning a network?
- TCP/UDP Port scanning
- Firewall detection
- OS Detection
- Checking if the remote host is alive
Q136 - While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site:
< script >alert(" Testing Testing Testing ") script >
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text:
"Testing Testing Testing". Which vulnerability has been detected in the web application?
- Buffer overflow
- Cross-site request forgery
- Distributed denial of service
- Cross-site scripting
Q137 - Which system consists of a publicly available set of databases that contain domain name registration contact information?
Q138 - A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
Q139 - You perform a scan of your company's network and discover that TCP port 123 is open. What services by default run on TCP port 123?
- Network Time Protocol
Q140 - What does the option * indicate?
Q141 - Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
- Jack the ripper
Q142 - Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?
- Disable unused ports in the switches
- Separate students in a different VLAN
- Use the 802.1x protocol
- Ask students to use the wireless network
Q143 - While performing ping scans into a target network you get a frantic call from the organization's security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization's IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?
- Scan more slowly.
- Do not scan the broadcast IP.
- Spoof the source IP address.
- Only scan the Windows systems.
Q144 - While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?
- The port will send an ACK
- The port will send a SYN
- The port will ignore the packets
- The port will send an RST
Q145 - Which of the following techniques will identify if computer files have been changed?
- Network sniffing
- Permission sets
- Integrity checking hashes
- Firewall alerts
Q146 - Which tool would be used to collect wireless packet data?
- John the Ripper
Q147 - You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?
- Event logs on the PC
- Internet Firewall/Proxy log
- IDS log
- Event logs on domain controller
Q148 - The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?
Q149 - Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?
- Time Keeper
Q150 - Which command line switch would be used in NMAP to perform operating system detection?