Question no 1:

In this form of encryption algorithm, every individual block contains 64-bit data, and three
keys are used, where each key consists of 56 bits. Which is this encryption algorithm?
AES
MD5 encryption algorithm
IDEA
Triple Data Encryption Standard

Question no 2:
John, a professional hacker, decided to use DNS to perform data exfiltration on a target
network. In this process, he embedded malicious data into the DNS protocol packets that
even DNSSEC cannot detect. Using this technique, John successfully injected malware to
bypass a firewall and maintained communication with the victim machine and C&C server.
What is the technique employed by John to bypass the firewall?
DNS cache snooping
DNS enumeration
DNSSEC zone walking
DNS tunneling method

Question no 3:
Which of the following information security controls creates an appealing isolated
environment for hackers to prevent them from compromising critical targets
while simultaneously gathering information about the hacker?
Firewall
Honeypot
Botnet
Intrusion detection system
Question no 4:
There have been concerns in your network that the wireless network component is not
sufficiently secure. You perform a vulnerability scan of the wireless network and find that
it is using an old encryption protocol that was designed to mimic wired encryption.
What encryption protocol is being used?
WEP
WPA
RADIUS
WPA3

Question no 5:
Abel, a cloud architect, uses container technology to deploy applications/software
including all its dependencies, such as libraries and configuration files, binaries, and other
resources that run independently from other processes in the cloud environment. For the
containerization of applications, he follows the five-tier container technology
architecture. Currently, Abel is verifying and validating image contents, signing images,
and sending them to the registries.

Which of the following tiers of the container technology architecture is Abel currently
working in?

Tier-1: Developer machines

Question no 6:
Consider the following Nmap output:
Starting Nmap X.XX (http://nmap.org) at XXX-XX-XX XX:XX EDT
Nmap scan report for 192.168.1.42 Host is up (0.00023s latency).
Not shown: 932 filtered ports, 56 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
Nmap done: 1 IP address (1 host up) scanned in 3.90 seconds
What command-line parameter could you use to determine the type and version number
of
the web server?
-sV
-sS
-V
-Pn

Question no 7:
Attacker Steve targeted an organization’s network with the aim of redirecting the

company’s web traffic to another malicious website. To achieve this goal, Steve performed

DNS cache poisoning by exploiting the vulnerabilities in the DNS server software and

modified the original IP address of the target website to that of a fake website.

What is the technique employed by Steve to gather information for identity theft?

Pharming
Skimming
Pretexting
Wardriving

Question no 8:
ohn is investigating web-application firewall logs and observers that someone is
attempting to inject the following:
char buff[10];
buff[10] = 'a';
What type of attack is this?
CSRF
XSS
SQL injection
Buffer overflow

Question no 9:
Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless

communications. He installed a fake communication tower between two authentic endpoints

to mislead the victim. Bobby used this virtual tower to interrupt the data transmission

between the user and real tower, attempting to hijack an active session. Upon receiving the

user’s request, Bobby manipulated the traffic with the virtual tower and redirected the

victim to a malicious website.

What is the attack performed by Bobby in the above scenario?

aLTEr attack
Wardriving
KRACK attack
Jamming signal attack

Question no 10:
Allen, a professional pen tester, was hired by XpertTech Solutions to perform an attack

simulation on the organization’s network resources. To perform the attack, he took

he found that port 139 was open and could see the resources that could be accessed or viewed

on a remote system. He came across many NetBIOS codes during enumeration.

Identify the NetBIOS code used for obtaining the messenger service running for the loggedin user?

< 00 >
< 03 >
< 1B >
< 20 >

Question no 11:
You have been authorized to perform a penetration test against a website. You want to
use Google dorks to footprint the site but only want results that show file extensions.
What Google dork operator would you use?
filetype
site
ext
inurl

Question no 12:
John, a professional hacker, performs a network attack on a renowned organization and
gains unauthorized access to the target network. He remains in the network without being
detected for a long time and obtains sensitive information without sabotaging the
organization.
Which of the following attack techniques is used by John?
Diversion theft
Advanced persistent threat
Insider threat
Spear-phishing sites
Question no 13:
You are a penetration tester working to test the user awareness of the employees of the
client XYZ. You harvested two employees’ emails from some public sources and are
creating a client-side backdoor to send it to the employees via email.

Which stage of the cyber kill chain are you at?

Question no 14:
Garry is a network administrator in an organization. He uses SNMP to manage networked
devices from a remote location. To manage nodes in the network, he uses MIB, which
contains formal descriptions of all network objects managed by SNMP. He accesses the
contents of MIB by using a web browser either by entering the IP address and Lseries.mib
or by entering the DNS library name and Lseries.mib. He is currently retrieving
information from an MIB that contains object types for workstations and server services.
Which of the following types of MIB is accessed by Garry in the above scenario?
LNMIB2.MIB
MIB_II.MIB
WINS.MIB
DHCP.MIB

Question no 15:
Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her
company. After a few days, Ralph contacted Jane while masquerading as a legitimate
customer support executive, informing that her systems need to be serviced for proper
functioning and that customer support will send a computer technician. Jane promptly
replied positively. Ralph entered Jane’s company using this opportunity and gathered
sensitive information by scanning terminals for passwords, searching for important
documents in desks, and rummaging bins.
What is the type of attack technique Ralph used on Jane?
Shoulder surfing
Dumpster diving
Eavesdropping
Impersonation

Question no 16:
A penetration tester is performing the footprinting process and is reviewing publicly
available information about an organization by using the Google search engine.
Which of the following advanced operators would allow the pen tester to restrict the
search to the organization’s web domain?
[location:]
[link:]
[allinurl:]
[site:]

Question no 17:

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the

target’s MSP provider by sending spear-phishing emails and distributed custom-made

malware to compromise user accounts and gain remote access to the cloud service. Further,

she accessed the target customer profiles with her MSP account, compressed the customer

data, and stored them in the MSP. Then, she used this information to launch further attacks

on the target organization.

Which of the following cloud attacks did Alice perform in the above scenario?

Cloudborne attack
Cloud hopper attack
Cloud cryptojacking
Man-in-the-cloud (MITC) attack
Question no 18:
Attacker Rony installed a rogue access point within an organization’s perimeter and
attempted to intrude into its internal network. Johnson, a security auditor, identified
some unusual traffic in the internal network that is aimed at cracking the authentication
mechanism. He immediately turned off the targeted network and tested for any weak and
outdated security mechanisms that are open to attack.
What is the type of vulnerability assessment performed by Johnson in the above scenario?
Host-based assessment
Application assessment
Distributed assessment
Wireless network assessment

Question no 19:
The network users are complaining because their systems are slowing down. Further,
everytime they attempt to go to a website, they receive a series of pop-ups with
advertisements. What type of malware have the systems been infected with?
Virus
Trojan
Spyware
Adware

Question no 20:
Richard, an attacker, aimed to hack IoT devices connected to a target network. In this
process, Richard recorded the frequency required to share information between
connected devices. After obtaining the frequency, he captured the original data when
commands were initiated by the connected devices. Once the original data were
collected, he used free tools such as URH to segregate the command sequence.
Subsequently, he started injecting the segregated command sequence on the same
frequency into the IoT network, which repeats the captured signals of the devices.
What is the type of attack performed by Richard in the above scenario?
Reconnaissance attack
Cryptanalysis attack
Side-channel attack
Replay attack

Question no 21:
After an audit, the auditors inform you that there is a critical finding that you must tackle
immediately. You read the audit report, and the problem is the service running on port
389. Which service is this and how can you tackle the problem?
The service is SMTP, and you must change it to SMIME, which is an encrypted way to send
emails.
The findings do not require immediate actions and are only suggestions.
The service is NTP, and you have to change it from UDP to TCP in order to encrypt it.
The service is LDAP, and you must change it to 636, which is LDAPS

Question no 22:
What would be the fastest way to perform content enumeration on a given web server by
using the Gobuster tool?
Performing content enumeration using a wordlist
Performing content enumeration using the bruteforce mode and 10 threads
Skipping SSL certificate verification
Performing content enumeration using the bruteforce mode and random file extensions

Question no 23:
What firewall evasion scanning technique make use of a zombie system that has low
network activity as well as its fragment identification numbers?
Spoof source address scanning
Decoy scanning
Packet fragmentation scanning
Idle scanning

Question no 24:
Which of the following Bluetooth hacking techniques refers to the theft of information
from a wireless device through Bluetooth?
Bluesmacking
Bluesnarfing
Bluejacking
Bluebugging

Question no 25:
Dorian is sending a digitally signed email to Polly. With which key is Dorian signing this
message and how is Poly validating it?

Dorian is signing the message with Poly’s public key, and Poly will verify that the message
came from
Dorian by using Dorian’s public key.
Dorian is signing the message with his private key, and Poly will verify that the message
came from Dorian
by using Dorian’s public key.
Dorian is signing the message with his public key, and Poly will verify that the message came
from Dorian
by using Dorian’s private key.
Dorian is signing the message with Poly’s private key, and Poly will verify that the message
came from
Dorian by using Dorian’s public key