Question 142. Which of the following is often one of the most overlooked areas of security?
- A. Operational
- B. Technical
- C. Internet
- D. Physical
Answer 142. Option D.
Explanation: Physical security is one of the most overlooked areas of security.
Question 143. A hacker who plants a rogue wireless access point on a network in order to sniff the traffic on
the wired network from outside the building is causing what type of security breach?
- A. Physical
- B. Technical
- C. Operational
- D. Remote access
Answer 143. Option A.
Explanation: In order to place a wireless access point, a hacker needs to have physical access.
Question 144. Which area of security usually receives the least amount of attention during a penetration test?
- A. Technical
- B. Physical
- C. Operational
- D. Wireless
Answer 144. Option B.
Explanation: Physical security usually receives the least amount of testing during a penetration test.
Question 145. Which of the following attacks can be perpetrated by a hacker against an organization with weak physical security controls?
- A. Denial of service
- B. Radio frequency jamming
- C. Hardware keylogger
- D. Banner grabbing
Answer 145. Option C.
Explanation: A hardware keylogger can be installed to capture passwords or other confidential data once a hacker gains physical access to a client system.
Question 146. Which type of access allows passwords stored on a local system to be cracked?
- A. Physical
- B. Technical
- C. Remote
- D. Dial-in
Answer 146. Option A.
Explanation: Physical access allows a hacker to crack passwords on a local system.
Question 147. Which of the following is an example of a physical security breach?
- A. Capturing a credit card number from a web server application
- B. Hacking a SQL server in order to locate a credit card number
- C. Stealing a laptop to acquire credit card numbers
- D. Sniffing a credit card number from packets sent on a wireless hotspot
Answer 147. Option C.
Explanation: Theft of equipment is an example of a physical security breach.
Question 148. What type of attack can be performed once a hacker has physical access?
- A. Finding passwords by dumpster diving
- B. Stealing equipment
- C. Performing a DoS attack
- D. Session hijacking
Answer 148. Option B.
Explanation: Stealing equipment requires physical access.
Question 149. What does LKM stand for?
- A. Linux Kernel Module
- B. Linux Kernel Mode
- C. Linked Kernel Module
- D. Last Kernel Mode
Answer 149. Option A.
Explanation: LKM stands for Linux Kernel Module.
Question 150. What GCC command is used to compile a C++ file called source into an executable file called game ?
- A. g++ source.c –o game
- B. gcc source.c –o game
- C. gcc make source.cpp –o game
- D. g++ source.cpp –o game
Answer 150. Option D.
Explanation: g++ source.cpp –o game is the GCC command to create an executable called game from the source file source.
Question 151. What is the command to deny all users access from the network?
- A. Cat “All:All”>> /etc/hosts.deny
- B. Set “All:All”>> /etc/hosts.deny
- C. IP deny “All:All”
- D. Cat All:All deny
Answer 151. Option A.
Explanation: Cat “All:All” /etc/hosts.deny is the command to deny all users access from the network on a Linux system.
Question 152. Of the following, which are common commercial Linux distributions?
- A. SUSE, Knark, and Red Hat
- B. SUSE, Adore, Debian, and Mandrake
- C. SUSE, Debian, and Red Hat
- D. SUSE, Adore, and Red Hat
Answer 152. Option C.
Explanation: SUSE, Debian, and Red Hat are all commercial versions of Linux.
Question 153. What is a Linux live CD?
- A. A Linux operating system that runs from CD
- B. A Linux operating system installed from a CD onto a hard drive
- C. A Linux tool that runs applications from a CD
- D. A Linux application that makes CDs
Answer 153. Option A.
Explanation: A Linux live CD is a fully functioning operating system that runs from a CD.
Question 154. What type of attack can be disguised as an LKM?
- A. DoS
- B. Trojan
- C. Spam virus
- D. Rootkit
Answer 154. Option D.
Explanation: A rootkit can be disguised as an LKM.
Question 155. Which of the following is a reason to use Linux?
- A. Linux has no security holes.
- B. Linux is always up to date on security patches.
- C. No rootkits can infect a Linux system.
- D. Linux is flexible and can be modified.
Answer 155. Option D.
Explanation: Linux is flexible and can be modified because the source code is openly available.
Question 156. Which of the following is not a way to harden Linux?
- A. Physically secure the system.
- B. Maintain a current patch level.
- C. Change the default passwords.
- D. Install all available services.
Answer 156. Option D.
Explanation: Linux should not have unused services running, because each additional service may have potential vulnerabilities.
Question 157. What type of file is used to create a Linux live CD?
- A. ISO
- B. CD
- C. LIN
- D. CDFS
Answer 157. Option A.
Explanation: An ISO file is used to create a Linux live CD.
Question 158. Why is it important to use a known good distribution of Linux?
- A. Source files can become corrupt if not downloaded properly.
- B. Only certain distributions can be patched.
- C. Source files can be modified, and a Trojan or backdoor may be included in the source binaries of some less-known or free distributions of Linux.
- D. Only some versions of Linux are available to the public.
Answer 158. Option C.
Explanation: Known good distributions have been reviewed by the Linux community to verify that a Trojan or backdoor does not exist in the source code.
Question 159. A system that performs attack recognition and alerting for a network is what?
- A. HIDS
- B. NIDS
- C. Anomaly detection HIDS
- D. Signature-based NIDS
Answer 159. Option B.
Explanation: A NIDS performs attack recognition for an entire network.
Question 160. Which of the following tools bypasses a firewall by sending one byte at a time in the IP header?
- A. Honeyd
- B. Nessus
- C. Covert_TCP
- D. 007 shell
- E. TCP to IP hide
Answer 160. Option C.
Explanation: Covert_TCP passes through a firewall by sending one byte at a time of a file in the IP header.
Question 161. Which of the following is a honeypot-detection tool?
- A. Honeyd
- B. Specter
- C. KFSensor
- D. Sobek
Answer 161. Option D.
Explanation: Sobek is a honeypot-detection tool.
Question 162. Which of the following is a system designed to attract and identify hackers?
- A. Honeypot
- B. Firewall
- C. Honeytrap
- D. IDS
Answer 162. Option A.
Explanation: A honeypot is a system designed to attract and identify hackers.
Question 163. Which of the following is a tool used to modify an attack script to bypass an IDS’s signature detection?
- A. ADMutate
- B. Script mutate
- C. Snort
- D. Specter
Answer 163. Option A.
Explanation: ADMutate is a tool used to modify an attack script to bypass an IDS’s signature detection.
Question 164. What is a reverse WWW shell?
- A. A web server making a reverse connection to a firewall
- B. A web client making a connection to a hacker through the firewall
- C. A web server connecting to a web client through the firewall
- D. A hacker connecting to a web server through a firewall
Answer 164. Option B.
Explanation: A reverse WWW shell occurs when a compromised web client makes a connection back to a hacker’s computer and is able to pass through a firewall.
Question 165. A reverse WWW shell connects to which port on a hacker’s system?
- A. 80
- B. 443
- C. 23
- D. 21
Answer 165. Option A.
Explanation: The hacker’s system, which is acting as a web server, uses port 80.
Question 166. What is the command to install and run Snort?
- A. snort –l c:\snort\log –c C:\snort\etc\snoft.conf –A console
- B. snort –c C:\snort\etc\snoft.conf –A console
- C. snort –c C:\snort\etc\snoft.conf console
- D. snort –l c:\snort\log –c –A
Answer 166. Option A.
Explanation: snort –l c:\snort\log –c C:\snort\etc\snoft.conf –A console is the command to install and run the Snort program.
Question 167. What type of program is Snort?
- A. NIDS
- B. Sniffer, HIDS, and traffic-logging tool
- C. Sniffer and HIDS
- D. NIDS and sniffer
Answer 167. Option B.
Explanation: Snort is a sniffer, HIDS, and traffic-logging tool
Question 168. What are the ways in which an IDS is able to detect intrusion attempts? (Choose all that apply.)
- A. Signature detection
- B. Anomaly detection
- C. Traffic identification
- D. Protocol analysis
Answer 168. Options B, C.
Explanation: Signature analysis and anomaly detection are the ways an IDS detects instruction attempts.
Question 169. How many keys exist is in a public/private key pair?
- A. 1
- B. 2
- C. 3
- D. 4
Answer 169. Option B.
Explanation: Two keys, a public key and a private key, exist in a key pair.
Question 170. How many keys are needed for symmetric key encryption?
- A. 1
- B. 2
- C. 3
- D. 4
Answer 170. Option A.
Explanation: The same key is used to encrypt and decrypt the data with symmetric key encryption.
Question 171. Which of the following key lengths would be considered uncrackable? (Choose all that apply.)
- A. 512
- B. 256
- C. 128
- D. 64
Answer 171. Options A, B.
Explanation: A key length of 256 bits or more is considered uncrackable.
Question 172. What algorithm outputs a 128-bit message digest regardless of the length of the input?
- A. SHA
- B. MD5
- C. RC4
- D. RC6
Answer 172. Option B.
Explanation: MD5 outputs a 128-bit digest with variable-length input.
Question 173. What algorithm outputs a 160-bit key with variable-length input?
- A. SHA
- B. MD5
- C. RC4
- D. RC6
Answer 173. Option A.
Explanation: SHA outputs a 160-bit key with variable-length input.
Question 174. Which algorithm is used in the digital signature process?
- A. RC4
- B. RC5
- C. Blowfish
- D. MD5
Answer 174. Option D.
Explanation: MD5 is used in the digital signature process.
Question 175. What is cryptography?
- A. The study of computer science
- B. The study of mathematics
- C. The study of encryption
- D. The creation of encryption algorithms
Answer 175. Option C.
Explanation: Cryptography is the study of encryption.
Question 176. What is the process of replacing some characters with others in an encryption key?
- A. Transposition
- B. Subtraction
- C. Substitution
- D. Transrelation
Answer 176. Option C.
Explanation: Substitution is the process of replacing some characters with others.
Question 177. Data encrypted with the server’s public key can be decrypted with which key?
- A. Server’s public key
- B. Server’s private key
- C. Client’s public key
- D. Client’s private key
Answer 177. Option B.
Explanation: Data can be decrypted with the other key in the pair—in this case, the server’s private key.
Question 178. Which type of encryption is the fastest to use for large amounts of data?
- A. Symmetric
- B. Public
- C. Private
- D. Asymmetric
Answer 178. Option A.
Explanation: Symmetric key encryption is fast and best to use for large amounts of data.
Question 179. What is the purpose of a pen test?
- A. To simulate methods that intruders take to gain escalated privileges
- B. To see if you can get confidential network data
- C. To test the security posture and policies and procedures of an organization
- D. To get passwords
Answer 179. Option C.
Explanation: A penetration test is designed to test the overall security posture of an organization and to see if it responds according to the security policies.
Question 180. Security assessment categories include which of the following? (Choose all that apply.)
- A. White-hat assessments
- B. Vulnerability assessments
- C. Penetration testing
- D. Security audits
- E. Black-hat assessments
Answer 180. Options B, C, D.
Explanation: Security assessments can be security audits, vulnerability assessments, or penetration testing.
Question 181. What type of testing is the best option for an organization that can benefit from the experience of a security professional?
- A. Automated testing tools
- B. White-hat and black-hat testing
- C. Manual testing
- D. Automated testing
Answer 181. Option C.
Explanation: Manual testing is best, because knowledgeable security professionals can plan, test designs, and do diligent documentation to capture test results.
Question 182. Which type of audit tests the security implementation and access controls in an organization?
- A. A firewall test
- B. A penetration test
- C. An asset audit
- D. A systems audit
Answer 182. Option B.
Explanation: A penetration test produces a report of findings on the security posture of an organization.
Question 183. What is the objective of ethical hacking from the hacker’s prospective?
- A. Determine the security posture of the organization.
- B. Find and penetrate invalid parameters.
- C. Find and steal available system resources.
- D. Leave marks on the network to prove they gained access.
Answer 183. Option A.
Explanation: An ethical hacker is trying to determine the security posture of the organization.
Question 184. What is the first step of a pen test?
- A. Create a map of the network by scanning.
- B. Locate the remote access connections to the network.
- C. Sign a scope of work, NDA, and liability release document with the client.
- D. Perform a physical security audit to ensure the physical site is secure.
Answer 184. Option C.
Explanation: The first step of a pen test should always be to have the client sign a scope of work, NDA, and liability release document.
Question 185. Which tools are not essential in a pen tester’s toolbox?
- A. Password crackers
- B. Port scanning tools
- C. Vulnerability scanning tools
- D. Web testing tools
- E. Database assessment tools
- F. None of the above
Answer 185. Option F.
Explanation: All these tools must be used to discover vulnerabilities in an effective security assessment.
Question 186. What are not the results to be expected from a pre-attack passive reconnaissance phase? (Choose all that apply.)
- A. Directory mapping
- B. Competitive intelligence gathering
- C. Asset classification
- D. Acquiring the target
- E. Product/service offerings
- F. Executing, implanting, and retracting
- G. Social engineering
Answer 186. Options D, F.
Explanation: Acquiring the target and executing, implanting, and retracting are part of the active reconnaissance pre-attack phase.
Question 187. Once the target has been acquired, what is the next step for a company that wants to confirm the vulnerability was exploited? (Choose all that apply.)
- A. Use tools that will exploit a vulnerability and leave a mark.
- B. Create a report that tells management where the vulnerability exists.
- C. Escalate privileges on a vulnerable system.
- D. Execute a command on a vulnerable system to communicate to another system on the network and leave a mark.
Answer 187. Options A, D.
Explanation: The next step after target acquisition is to use tools that will exploit a vulnerability and leave a mark or execute a command on a vulnerable system to communicate to another system on the network and leave a mark.
Question 188. An assessment report for management may include suggested fixes or corrective measures.
- A. True
- B. False
Answer 188. Option A.
Explanation: An assessment may include corrective suggestions to fix the vulnerability.