QUESTION 24
A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?
A. White Hat
B. Suicide Hacker
C. Gray Hat
D. Black Hat
Correct Answer: C
QUESTION 25
Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?
A. Based on XML
B. Only compatible with the application protocol HTTP
C. Exchanges data between web services
D. Provides a structured model for messaging
Correct Answer: B
QUESTION 26
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?
A. John the Ripper
B. SET
C. CHNTPW
D. Cain & Abel
Correct Answer: C
QUESTION 27
What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?
A. Cross-site request forgery
B. Cross-site scripting
C. Session hijacking
D. Server side request forgery
Correct Answer: A
QUESTION 28
From the following table, identify the wrong answer in terms of Range (ft).
A. 802.11b
B. 802.11g
C. 802.16(WiMax)
D. 802.11a
Correct Answer: D
QUESTION 29
What would you enter, if you wanted to perform a stealth scan using Nmap?
A. nmap -sU
B. nmap -sS
C. nmap -sM
D. nmap -sT
Correct Answer: B
QUESTION 30
You are doing an internal security audit and intend to find out what ports are open on all the servers. What is the best way to find out?
A. Scan servers with Nmap
B. Scan servers with MBSA
C. Telnet to every port on each server
D. Physically go to each server
Correct Answer: A
QUESTION 31
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve’s approach. After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:
A. Although the approach has two phases, it actually implements just one authentication factor
B. The solution implements the two authentication factors: physical object and physical characteristic
C. The solution will have a high level of false positives
D. Biological motion cannot be used to identify people
Correct Answer: B
QUESTION 32
Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?
A. Honeypots
B. Firewalls
C. Network-based intrusion detection system (NIDS)
D. Host-based intrusion detection system (HIDS)
Correct Answer: C
QUESTION 33
Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
A. SSL/TLS Renegotiation Vulnerability
B. Shellshock
C. Heartbleed Bug
D. POODLE
Correct Answer: C
QUESTION 34
Which protocol is used for setting up secure channels between two devices, typically in VPNs?
A. PPP
B. IPSEC
C. PEM
D. SET
Correct Answer: B
QUESTION 35
Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm?
A. SHA-2
B. SHA-3
C. SHA-1
D. SHA-0
Correct Answer: C
QUESTION 36
When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?
A. At least twice a year or after any significant upgrade or modification
B. At least once a year and after any significant upgrade or modification
C. At least once every two years and after any significant upgrade or modification
D. At least once every three years or after any significant upgrade or modification
Correct Answer: B
QUESTION 37
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
A. Traceroute
B. Hping
C. TCP ping
D. Broadcast ping
Correct Answer: B
QUESTION 38
Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?
A. Bootrom Exploit
B. iBoot Exploit
C. Sandbox Exploit
D. Userland Exploit
Correct Answer: D
QUESTION 39
What is not a PCI compliance recommendation?
A. Use a firewall between the public network and the payment card data.
B. Use encryption to protect all transmission of card holder data over any public network.
C. Rotate employees handling credit card transactions on a yearly basis to different departments.
D. Limit access to card holder data to as few individuals as possible.
Correct Answer: C
QUESTION 40
The “white box testing” methodology enforces what kind of restriction?
A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is completely known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. Only the external operation of a system is accessible to the tester.
Correct Answer: B
QUESTION 41
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
A. SQL injection attack
B. Cross-Site Scripting (XSS)
C. LDAP Injection attack
D. Cross-Site Request Forgery (CSRF)
Correct Answer: B
QUESTION 42
This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. Which of the following tools is being described?
A. wificracker
B. Airguard
C. WLAN-crack
D. Aircrack-ng
Correct Answer: D
QUESTION 43
The following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110: What type of activity has been logged?
A. Teardrop attack targeting 192.168.0.110
B. Denial of service attack targeting 192.168.0.105
C. Port scan targeting 192.168.0.110
D. Port scan targeting 192.168.0.105
Correct Answer: C
QUESTION 44
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
A. nmap -A – Pn
B. nmap -sP -p-65535 -T5
C. nmap -sT -O -T0
D. nmap -A –host-timeout 99 -T1
Correct Answer: C
QUESTION 45
Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bob denies that he had ever sent a mail. What do you want to “know” to prove yourself that it was Bob who had send a mail?
A. Confidentiality
B. Integrity
C. Non-Repudiation
D. Authentication
Correct Answer: C
QUESTION 46
What is attempting an injection attack on a web server based on responses to True/False questions called?
A. DMS-specific SQLi
B. Compound SQLi
C. Blind SQLi
D. Classic SQLi
Correct Answer: C
You may also like:- Top 10 Computer Fundamentals Questions and Answers
- Quiz Time – Testing Your Knowledge on Popular Computer Questions
- 15 Important Questions Related to Computer
- Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 14
- Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 13
- Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 12
- Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 11
- Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 10
- Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 9
- Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 8