- Set 1 (Q1 to Q30)
- Set 2 (Q31 to Q60)
- Set 3 (Q61 to Q90)
- Set 4 (Q91 to Q120)
- Set 5 (Q121 to Q150)
- Set 6 (Q151 to Q180)
- Set 7 (Q181 to Q210)
- Set 8 (Q211 to Q240)
- Set 9 (Q241 to Q270)
- Set 10 (Q271 to Q300)
- Set 11 (Q301 to Q330)
- Set 12 (Q331 to Q360)
- Set 13 (Q361 to Q390)
- Set 14 (Q391 to Q420)
- Set 15 (Q421 to Q450)
- Set 16 (Q451 to Q480)
- Set 17 (Q481 to Q510)
- Set 18 (Q511 to Q540)
- Set 19 (Q541 to Q570)
- Set 20 (Q571 to Q600)
- Set 21 (Q601 to Q630)
- Set 22 (Q631 to Q660)
- Set 23 (Q661 to Q690)
- Set 24 (Q691 to Q720)
Q211 - Advanced encryption standard is an algorithm used for which of the following?
- Data integrity
- Key discovery
- Bulk data encryption
- Key recovery
Q212 - Which of the following tools can be used to perform a zone transfer?
- Sam Spade
Answer: A, C, D and E
Q213 - By using a smart card and pin, you are using a two-factor authentication that satisfies
- Something you know and something you are
- Something you have and something you know
- Something you have and something you are
- Something you are and something you remember
Q214 - Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe?
- Hire a security consultant to provide direction.
- Do not back up cither the credit card numbers or then hashes.
- Back up the hashes of the credit card numbers not the actual credit card numbers.
- Encrypt backup tapes that are sent off-site.
Q215 - You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account. What should you do?
- Report immediately to the administrator
- Do not report it and continue the penetration test.
- Transfer money from the administrator's account to another account.
- Do not transfer the money but steal the bitcoins.
Q216 - A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?
- tcp.port != 21
- tcp.port = 23
- tcp.port ==21
- tcp.port ==21 || tcp.port ==22
Q217 - Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning. What should Bob recommend to deal with such a threat?
- The use of security agents in clients' computers
- The use of DNSSEC
- The use of double-factor authentication
- Client awareness
Q218 - During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?
- Identify and evaluate existing practices
- Create a procedures document
- Conduct compliance testing
- Terminate the audit
Q219 - A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of Web application vulnerability likely exists in their software?
- Cross-site scripting vulnerability
- Cross-site Request Forgery vulnerability
- SQL injection vulnerability
- Web site defacement vulnerability
Q220 - Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?
- The root CA is the recovery agent used to encrypt data when a user's certificate is lost.
- The root CA stores the user's hash value for safekeeping.
- The CA is the trusted root that issues certificates.
- The root CA is used to encrypt email messages to prevent unintended disclosure of data.
Q221 - Which service in a PKI will vouch for the identity of an individual or company?
Q222 - It is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers). Which of the following vulnerabilities is being described?
Q223 - What is the term coined for logging, recording and resolving events in a company?
- Internal Procedure
- Security Policy
- Incident Management Process
Q224 - Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?
- Cross-site scripting
- SQL injection
- Missing patches
- CRLF injection
Q225 - Study the following log extract and identify the attack.
- Hexcode Attack
- Cross Site Scripting
- Multiple Domain Traversal Attack
- Unicode Directory Traversal Attack
Q226 - Password cracking programs reverse the hashing process to recover passwords. (True/False.)
Q227 - What does a firewall check to prevent particular ports and applications from getting packets into an organization?
- Transport layer port numbers and application layer headers
- Presentation layer headers and the session layer port numbers
- Network layer headers and the session layer port numbers
- Application layer port numbers and the transport layer headers
Q228 - While reviewing the result of scanning run against a target network you come across the following:
Which among the following can be used to get this output?
- A Bo2k system query.
- nmap protocol scan
- A sniffer
- An SNMP walk
Q229 - _________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.
- DoS tool
Q230 - Which of the following is a client-server tool utilized to evade firewall inspection?
Q231 - Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?
- Microsoft Security Baseline Analyzer
- Core Impact
- Microsoft Baseline Security Analyzer
Q232 - Which set of access control solutions implements two-factor authentication?
- USB token and PIN
- Fingerprint scanner and retina scanner
- Password and PIN
- Account and password
Q233 - An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order should he perform these steps?
- The sequence does not matter. Both steps have to be performed against all hosts.
- First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.
- First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time.
- The port scan alone is adequate. This way he saves time.
Q234 - Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?
Q235 - In the field of cryptanalysis, what is meant by a "rubber-hose" attack?
- Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.
- Extraction of cryptographic secrets through coercion or torture.
- Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
- A backdoor placed into a cryptographic algorithm by its creator.
Q236 - An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?
- By using SQL injection
- By changing hidden form values
- By using cross site scripting
- By utilizing a buffer overflow attack
Q237 - Which of the following is an extremely common IDS evasion technique in the web world?
- unicode characters
- port knocking
Q238 - The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?
- promiscuous mode
- port forwarding
- multi-cast mode
Q239 - Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA. In this context, what can you say?
- A. Bob can be right since DMZ does not make sense when combined with stateless firewalls
- Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one
- Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations
- Bob is partially right. DMZ does not make sense when a stateless firewall is available
Q240 - Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?
- Overloading Port Address Translation
- Dynamic Port Address Translation
- Dynamic Network Address Translation
- Static Network Address Translation