1. Which of the following is a wireless network detector that is commonly found on Linux?

A. Kismet

B. Abel

C. Netstumbler

D. Nessus

Answer: A

2. A security consultant decides to use multiple layers of anti-virus defense. This approach can be used
to mitigate which kind of attack?

A. Forensic attack

B. ARP spoofing attack

C. Social engineering attack

D. Scanning attack

Answer: C

3. Code injection is a form of attack in which a malicious user:

A. Inserts text into a data field that gets interpreted as code

B. Gets the server to execute arbitrary code using a buffer overflow

C. Inserts additional code into the JavaScript running in the browser

D. Gains access to the codebase on the server and inserts new code

Answer: A

4. Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS
and is tested there. What is this middle step called?

A. Fuzzy-testing the code

B. Third party running the code

C. Sandboxing the code

D. String validating the code

 Answer: C

5. The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of
control objectives. Which requirement would best fit under the objective "Implement strong access
control measures"?

A. Regularly test security systems and processes.

B. Encrypt transmission of cardholder data across open, public networks.

C. Assign a unique ID to each person with computer access.

D. Use and regularly update anti-virus software on all systems commonly affected by malware.

Answer: C

6. Which act requires employer's standard national numbers to identify them on standard transactions?

A. SOX

B. HIPAA

C. DMCA

D. PCI-DSS

Answer: B

7. Which NMAP script could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?

A. http-git

B. http-headers

C. http enum

D. http-methods

Answer: D

8. Fred wants to trick a switch into thinking it has established a session with his computer. How can Fred
accomplish this?

A. Send an IP packet with the RST/SIN bit and the source address of his computer.

B. Send an IP packet with the SYN bit and the source address of his computer.

C. Send an IP packet with the ACK bit set to zero and the source address of the switch.
 D. Send an IP packet to the switch with the ACK bit and the source address of his machine.

Answer: D

9. What is the process of logging, recording, and resolving events that take place in an organization?

A. Incident Management Process

B. Security Policy

C. Internal Procedure

D. Metrics

Answer: A

10. If an attacker gains access to a Linux host and steals the password file from /etc/passwd, how can
they use it?

A. The password file does not contain the passwords themselves.

B. They can open it and read the user IDs and corresponding passwords.

C. The file reveals the passwords to the root user only.

D. They cannot read it because it is encrypted.

Answer: A

11. What is the most secure way to mitigate the theft of corporate information from a laptop left in a
hotel room?

A. Set a BIOS password.

B. Encrypt the data on the hard drive.

C. Use a strong login password to the operating system.

D. Back up everything on the laptop and store the backup in a safe place.

Answer: B

12. You are manually conducting Idle Scanning using Hping2. Why might the IPID increment more than
one value for certain queries?

A. The zombie you are using is not truly idle.

B. A stateful inspection firewall is resetting your queries.

 C. Hping2 cannot be used for idle scanning.

D. These ports are actually open on the target system.

Answer: A

13. When analyzing IDS logs, what type of alert is triggered when nothing suspicious is found?

A. False-Negative

B. False-Positive

C. True-Positive

D. False-Signature

Answer: A

14. What is the proper response for a NULL scan if the port is closed?

A. SYN

B. ACK

C. FIN

D. PSH

E. RST

F. No response

Answer: E

15. What is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Ris

ks?

A. Insufficient Transport Layer Protection

B. Security Misconfiguration

C. Sensitive Data Exposure

D. Injection Flaws

Answer: D
16. In the context of network security, what does ACL stand for?

A. Advanced Cryptographic Log

B. Access Control List

C. Application Control Language

D. Address Confirmation Log

Answer: B

17. Which security protocol is used to secure email communication?

A. SMTP

B. HTTP

C. SSL/TLS

D. ICMP

Answer: C

18. What is the purpose of a CAPTCHA?

A. To prevent SQL injection attacks

B. To limit the rate of incoming traffic to a website

C. To ensure secure file transfers

D. To distinguish between human users and automated bots

Answer: D

19. Which cryptographic protocol is used to provide secure communication over a computer network?

A. HTTP

B. SSH

C. FTP

D. Telnet

Answer: B
20. Which type of malware is designed to block access to a computer system until a sum of money is
paid?

A. Spyware

B. Ransomware

C. Adware

D. Rootkit

Answer: B

Certainly, here are 20 questions about cybersecurity along with their options for the class test:

**Question 1:**

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security
assessment through penetration testing. What document describes the specifics of the testing, the
associated violations, and essentially protects both the organization's interest and your liabilities as a
tester?

A. Terms of Engagement

B. Project Scope

C. Non-Disclosure Agreement

D. Service Level Agreement

**Answer: A**

**Question 2:**

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and
Open Source Security Testing Methodology Manual (OSSTMM), the main difference is:

A. OWASP is for web applications and OSSTMM does not include web applications.

B. OSSTMM is gray box testing and OWASP is black box testing.

C. OWASP addresses controls and OSSTMM does not.

D. OSSTMM addresses controls and OWASP does not.

**Answer: D**

**Question 3:**
Sophia travels a lot and worries that her laptop containing confidential documents might be stolen.
What is the best protection that will work for her?

A. Password protected files

B. Hidden folders

C. BIOS password

D. Full disk encryption.

**Answer: D**

**Question 4:**

The establishment of a TCP connection involves a negotiation called 3-way handshake. What type of
message sends the client to the server in order to begin this negotiation?

A. RST

B. ACK

C. SYN-ACK

D. SYN

**Answer: D**

**Question 5:**

Which protocol is used for setting up secure channels between two devices, typically in VPNs?

A. PPP

B. IPSEC

C. PEM

D. SET

**Answer: B**

**Question 6:**

What term describes the amount of risk that remains after the vulnerabilities are classified and the
countermeasures have been deployed?

A. Residual risk

B. Inherent risk
C. Deferred risk

D. Impact risk

**Answer: A**

**Question 7:**

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him
perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is
looking for? Select the best answers.

A. SNMPUtil

B. SNScan

C. SNMPScan

D. Solarwinds IP Network Browser

E. NMap

**Answer: A B D**

**Question 8:**

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz
to VHF and UHF?

A. Omnidirectional antenna

B. Dipole antenna

C. Yagi antenna

D. Parabolic grid antenna

**Answer: C**

**Question 9:**

What is the name of the international standard that establishes a baseline level of confidence in the
security functionality of IT products by providing a set of requirements for evaluation?

A. Blue Book

B. ISO 26029

C. Common Criteria
D. The Wassenaar Agreement

**Answer: C**

**Question 10:**

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on
the switch. In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different
source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC
addresses to physical ports. What happens when the CAM table becomes full?

A. Switch then acts as hub by broadcasting packets to all machines on the network

B. The CAM overflow table will cause the switch to crash causing Denial of Service

C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port

**Answer: A**

**Question 11:**

A company recently hired your team of Ethical Hackers to test the security of their network systems. The
company wants to have the attack be as realistic as possible. They did not provide any information
besides the name of their company. What phase of security testing would your team jump in right
away?

A. Scanning

B. Reconnaissance

C. Escalation

D. Enumeration

**Answer: B**

**Question 12:**

What tool is used to exploit the cross-site scripting vulnerability?

A. XSSUtil

B. BeEF

C. CSRFScanner

D. SQLiPen
**Answer: B**

**Question 13:**

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed
a malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited
many machines. Which one of the following tools did the attacker probably use to inject HTML code?

A. Wireshark

B. Ettercap

C. Aircrack-ng

D. Tcpdump

**Answer: B**

**Question 14:**

Craig received a report of all the computers on the network that showed

no vulnerabilities. He wonders how that is possible. What can you tell Craig?

A. It is not possible to have a network without vulnerabilities

B. Maybe the computers were turned off

C. A network without vulnerabilities is only possible in a controlled lab environment

D. Vulnerability scanners are not foolproof; they can miss some vulnerabilities

**Answer: D**

**Question 15:**

Which of the following cryptographic attacks specifically focuses on making multiple attempts to guess a
password or a key?

A. Dictionary attack

B. Rainbow table attack

C. Frequency analysis attack

D. Differential cryptanalysis

**Answer: A**
**Question 16:**

Why do organizations implement a principle of least privilege (POLP) in their cybersecurity practices?

A. To limit the number of employees in an organization

B. To restrict access rights to only those necessary to perform a function

C. To increase the power of administrators

D. To encourage employees to use weak passwords

**Answer: B**

**Question 17:**

Which protocol is used to send email securely over the Internet?

A. POP3

B. SMTP

C. IMAP

D. S/MIME

**Answer: D**

**Question 18:**

What is a SQL injection attack?

A. Forcing a user to reveal their password

B. Gaining unauthorized access to a wireless network

C. Exploiting a vulnerability in a web application's database to execute malicious SQL statements

D. Intercepting communication between two parties to steal sensitive information

**Answer: C**

**Question 19:**

What is a firewall rule that allows only inbound traffic on port 80 called?

A. Inbound rule

B. Outbound rule
C. Ingress rule

D. Egress rule

**Answer: C**

**Question 20:**

Why are regular software updates important for cybersecurity?

A. They provide new features to the software.

B. They remove the need for antivirus software.

C. They address security vulnerabilities and bugs.

D. They make the software compatible with all operating systems.

**Answer: C**

1. **Question:** Developers at your company are creating a web application which will be available for
use by anyone on the Internet. The developers have taken the approach of implementing a Three-Tier
Architecture for the web application. The developers are now asking you which network should the
Presentation Tier (front-end web server) be placed in?

- A. isolated vlan network

- B. Mesh network

- C. DMZ network

- D. Internal network

- **Answer:** A

2. **Question:** A medium-sized healthcare IT business decides to implement a risk management

strategy. Which of the following is NOT one of the five basic responses to risk?

- A. Delegate

- B. Avoid

- C. Mitigate

- D. Accept

- **Answer:** A
3. **Question:** Which of the following provides a security professional with most information about
the system's security posture?

- A. Wardriving, warchalking, social engineering

- B. Social engineering, company site browsing, tailgating

- C. Phishing, spamming, sending trojans

- D. Port scanning, banner grabbing, service identification

- **Answer:** D

4. **Question:** Which of the following steps for risk assessment methodology refers to vulnerability
identification?

- A. Determines if any flaws exist in systems, policies, or procedures

- B. Assigns values to risk probabilities; Impact values.

- C. Determines risk probability that vulnerability will be exploited (High. Medium, Low)

- D. Identifies sources of harm to an IT system. (Natural, Human, Environmental)

- **Answer:** C

5. **Question:** The use of technologies like IPSec can help guarantee the following: authenticity,
integrity, confidentiality, and

- A. non-repudiation.

- B. operability.

- C. security.

- D. usability.

- **Answer:** A

6. **Question:** A zone file consists of which of the following Resource Records (RRs)?

- A. DNS, NS, AXFR, and MX records

- B. DNS, NS, PTR, and MX records

- C. SOA, NS, AXFR, and MX records

- D. SOA, NS, A, and MX records

 - **Answer:** D

7. **Question:** Which of the following is a hardware requirement that either an IDS/IPS system or a
proxy server must have in order to properly function?

- A. Fast processor to help with network traffic analysis

- B. They must be dual-homed

- C. Similar RAM requirements

- D. Fast network interface cards

- **Answer:** B

8. **Question:** Jimmy is standing outside a secure entrance to a facility. He is pretending to have a

tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the
phone, grabs the door as it begins to close. What just happened?

- A. Phishing

- B. Whaling

- C. Tailgating

- D. Masquerading

- **Answer:** C

9. **Question:** Which of the following Nmap commands would be used to perform a stack
fingerprinting?

- A. Nmap -O -p80 <host(s)>

- B. Nmap -hU -Q<host(s)>

- **C. Nmap -sT -p <host(s)>**

- D. Nmap -u -o -w2 <host>

- E. Nmap -sS -0p targe

- **Answer:** C

10. **Question:** An IT security engineer notices that the company's web server is currently being
hacked. What should the engineer do next?
 - A. Unplug the network connection on the company's web server.

- B. Determine the origin of the attack and launch a counterattack.

- C. Record as much information as possible from the attack.

- D. Perform a system restart on the company's web server.

- **Answer:** C

11. **Question:** Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has
learned to use these tools in his lab and is now ready for real-world exploitation. He was able to
effectively intercept communications between the two entities and establish credentials with both sides
of the connections. The two remote ends of the communication never notice that Eric is relaying the
information between the two. What would you call this attack?

- A. Interceptor

- B. Man-in-the-middle

- C. ARP Proxy

- D. Poisoning Attack

- **Answer:** B

12. **Question:** Which security control role does encryption meet?

- A. Preventative

- B. Detective

- C. Offensive

- D. Defensive

- **Answer:** A

13. **Question:** Perspective clients want to see sample reports from previous penetration tests. What
should you do next?

- A. Decline but, provide references.

- B. Share full reports, not redacted.

- C. Share full reports with redactions.

- D. Share reports, after NDA is signed.

 - **Answer:** A

14. **Question:** How is sniffing broadly categorized?

- A. Active and passive

- B. Broadcast and unicast

- C. Unmanaged and managed

- D. Filtered and unfiltered

- **Answer:** A

15. **Question:** To send a PGP encrypted message, which piece of information from the recipient
must the sender have before encrypting the message?

- A. Recipient's private key

- B. Recipient's public key

- C. Master encryption key

- D. Sender's public key

- **Answer:** B

1. You are attempting to run an Nmap port scan on a web server. Which of the following commands
would result in a scan of common ports with the least amount of noise in order to evade IDS?

A. nmap -A -Pn

B. nmap -sP -p-65535 -T5

C. nmap -sT -O -T0

D. nmap -A --host-timeout 99 -T1

Answer: C

2. Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?

A. Use digital certificates to authenticate a server prior to sending data.

B. Verify access right before allowing access to protected information and UI controls.

C. Verify access right before allowing access to protected information and UI controls.

D. Validate and escape all information sent to a server.

Answer: D

3. Which of the following is a preventive control?

A. Smart card authentication

B. Security policy

C. Audit trail

D. Continuity of operations plan

Answer: A

4. To determine if a software program properly handles a wide range of invalid input, a form of
automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

A. Fuzzing

B. Randomizing

C. Mutating

D. Bounding

Answer: A

5. What is the broadcast address for the subnet 190.86.168.0/22?

A. 190.86.168.255

B. 190.86.255.255

C. 190.86.171.255

D. 190.86.169.255

Answer: C

6. Which of the following security operations is used for determining the attack surface of an
organization?
A. Running a network scan to detect network services in the corporate DMZ

B. Training employees on the security policy regarding social engineering

C. Reviewing the need for a security clearance for each employee

D. Using configuration management to determine when and where to apply security patches

Answer: A

7. Which tier in the N-tier application architecture is responsible for moving and processing data
between the tiers?

A. Application Layer

B. Data tier

C. Presentation tier

D. Logic tier

Answer: D

8. The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic
in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other
traffic. After he applied his ACL configuration in the router, nobody can access to the ftp, and the
permitted hosts cannot access the Internet. According to the next configuration, what is happening in
the network?

A. The ACL 104 needs to be first because is UDP

B. The ACL 110 needs to be changed to port 80

C. The ACL for FTP must be before the ACL 110

D. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

Answer: D

9. How can a policy help improve an employee's security awareness?

A. By implementing written security procedures, enabling employee security training, and promoting the
benefits of security

B. By using informal networks of communication, establishing secret passing procedures, and

immediately terminating employees

C. By sharing security secrets with employees, enabling employees to share secrets, and establishing a
consultative help line
D. By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring
that managers know employee strengths

Answer: A

10. Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI).
What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and
Company B trust one another and each private PKI can validate digital certificates from the other
company?

A. Poly key exchange

B. Cross certification

C. Poly key reference

D. Cross-site exchange

Answer: B

11. Risks = Threats x Vulnerabilities is referred to as the:

A. Risk equation

B. Threat assessment

C. BIA equation

D. Disaster recovery formula

Answer: A

12. In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering
the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data
theft through a technique known as wardriving. Which Algorithm is this referring to?

A. Wired Equivalent Privacy (WEP)

B. Wi-Fi Protected Access (WPA)

C. Wi-Fi Protected Access 2 (WPA2)

D. Temporal Key Integrity Protocol (TKIP)

Answer: A
13. This kind of password cracking method uses word lists in combination with numbers and special
characters:

A. Hybrid

B. Linear

C. Symmetric

D. Brute Force

Answer: A

14. Which of the following security policies defines the use of VPN for gaining access to an internal
corporate network?

A. Network security policy

B. Remote access policy

C. Information protection policy

D. Access control policy

Answer: B

15. Which of the following ensures that updates to policies, procedures, and configurations are made in
a controlled and documented fashion?

A. Regulatory compliance

B. Peer review

C. Change management

D. Penetration testing

Answer: C

Here are 20 selected questions about cyber security along with their options:

**Question 430:** What information should an IT system analysis provide to the risk assessor?

A. Management buy-in

B. Threat statement
C. Security architecture

D. Impact analysis

Answer: C

**Question 431:** An attacker has captured a target file that is encrypted with public key cryptography.
Which of the attacks below is likely to be used to crack the target file?

A. Timing attack

B. Replay attack

C. Memory trade-off attack

D. Chosen plain-text attack

Answer: D

**Question 432:** International Organization for Standardization (ISO) standard 27002 provides
guidance for compliance by outlining

A. guidelines and practices for security controls.

B. financial soundness and business viability metrics.

C. standard best practice for configuration management.

D. contract agreement writing standards.

Answer: A

**Question 433:** Which of the following is the primary objective of a rootkit?

A. It opens a port to provide an unauthorized service

B. It creates a buffer overflow

C. It replaces legitimate programs

D. It provides an undocumented opening in a program

Answer: C

**Question 434:** The "gray box testing" methodology enforces what kind of restriction?

A. The internal operation of a system is only partly accessible to the tester.

B. The internal operation of a system is completely known to the tester.

C. Only the external operation of a system is accessible to the tester.

D. Only the internal operation of a system is known to the tester.

Answer: A

**Question 435:** An attacker changes the profile information of a particular user (victim) on the target
website. The attacker uses this string to update the victim's profile to a text file and then submit the
data to the attacker's database.

< iframe src="http://www.vulnweb.com/updateif.php" style="display:none"></iframe> What is this type

of attack (that can use either HTTP GET or HTTP POST) called?

A. Cross-Site Request Forgery

B. Cross-Site Scripting

C. SQL Injection

D. Browser Hacking

Answer: A

**Question 436:** Which of the following tools are used for enumeration? (Choose three.)

A. SolarWinds

B. USER2SID

C. Cheops

D. SID2USER

E. DumpSec

Answer: B D E

**Question 437:** A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will
the pentester pivot using Metasploit?

A. Issue the pivot exploit and set the meterpreter.

B. Reconfigure the network settings in the meterpreter.

C. Set the payload to propagate through the meterpreter.

D. Create a route statement in the meterpreter.

Answer: D

**Question 438:** Which of the following describes the characteristics of a Boot Sector Virus?

A. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B. Moves the MBR to another location on the hard disk and copies itself to the original location of the
MBR

C. Modifies directory table entries so that directory entries point to the virus code instead of the actual
program

D. Overwrites the original MBR and only executes the new virus code

Answer: B

**Question 439:** In order to have an anonymous Internet surf, which of the following is best choice?

A. Use SSL sites when entering personal information

B. Use Tor network with multi-node

C. Use shared WiFi

D. Use public VPN

Answer: B

**Question 440:** A security analyst in an insurance company is assigned to test a new web application
that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers
that the application is developed in ASP scripting language and it uses MSSQL as a database backend.
The analyst locates the application's search form and introduces the following code in the search input
field:

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".
Which web applications vulnerability did the analyst discover?

A. Cross-site request forgery

B. Command injection

C. Cross-site scripting

D. SQL injection

Answer: C
**Question 441:** You have several plain-text firewall logs that you must review to evaluate network
traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions.
Which command-line utility are you most likely to use?

A. Grep

B. Notepad

C. MS Excel

D. Relational Database

Answer: A

**Question 442:** A computer technician is using a new version of a word processing software package
when it is discovered that a special sequence of characters causes the entire computer to crash. The
technician researches the bug and discovers that no one else experienced the problem. What is the
appropriate next step?

A. Ignore the problem completely and let someone else deal with it.

B. Create a document that will crash the computer when opened and send it to friends.

C. Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D. Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Answer: D

**Question 443:** Which of the following is an application that requires a host application for
replication?

A. Micro

B. Worm

C. Trojan

D. Virus

Answer: D

**Question 444:** An organization hires a tester to do a wireless penetration test. Previous reports
indicate that the last test did not contain management or control packets in the submitted traces. Which
of the following is the most likely reason for lack of management or control packets?

A. The wireless card was not turned on.

B. The wrong network card drivers were in use by Wireshark.

C. On Linux and Mac OS X, only 802.11 headers are received in promiscuous mode.

D. Certain operating systems and adapters do not collect the management or control packets.

Answer: D

**Question 445:** An attacker scans a host with the below command. Which three flags are set?

#nmap -sX host.domain.com

A. This is ACK scan. ACK flag is set

B. This is Xmas scan. SYN and ACK flags are set

C. This is Xmas scan. URG, PUSH and FIN are set

D. This is SYN scan. SYN flag is set

Answer: C

**Question 446:** You work for Acme Corporation as Sales Manager. The company has tight network
security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and
transfer them to your home computer. Your company filters and monitors traffic that leaves from the
internal network to the Internet. How will you achieve this without raising suspicion?

A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer

C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an
innocent looking email or file transfer using Steganography techniques

D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Answer: C

**Question 447:**

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless
access point. The computer is able to transfer files locally to other machines, but cannot successfully
reach the Internet. When the technician examines the IP address and default gateway they are both on
the 192.168.1.0/24. Which of the following has occurred?

A. The gateway is not routing to a public IP address.

B. The computer is using an invalid IP address.

C. The gateway and the computer are not on the same network.

D. The computer is not using a private IP address.

Answer: A

**Question 448:** A certified ethical hacker (CEH) is approached by a friend who believes her husband
is cheating. She offers to pay to break into her husband's email account in order to find proof so she can
take him to court. What is the ethical response?

A. Say no; the friend is not the owner of the account.

B. Say yes; the friend needs help to gather evidence.

C. Say yes; do the job for free.

D. Say no; make sure that the friend knows the risk she's asking the CEH to take.

Answer: A

**Question 449:** env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

A. Display passwd content to prompt

B. Removes the passwd file

C. Changes all passwords in passwd

D. Add new user to the passwd file

Answer: A

**Question 450:** As a securing consultant, what are some of the things you would recommend to a
company to ensure DNS security?

A. Use the same machines for DNS and other applications

B. Harden DNS servers

C. Use split-horizon operation for DNS servers

D. Restrict Zone transfers

E. Have subnet diversity between DNS servers

Answer: B C D E
It seems like you've provided a list of questions related to cybersecurity along with their respective
answer choices. Here are 15 questions I've selected from the list along with their options:

**Question 472:**

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by
inputting massive amounts of random data and observing the changes in the output?

A. Function Testing

B. Dynamic Testing

C. Static Testing

D. Fuzzing Testing

Answer: D

**Question 474:**

Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation
on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door
as it begins to close. What just happened?

A. Piggybacking

B. Masquerading

C. Phishing

D. Whaling

Answer: A

**Question 475:**

You have the SOA presented below in your Zone. Your secondary servers have not been able to contact
your primary server to synchronize information. How long will the secondary servers attempt to contact
the primary server before it considers that zone is dead and stops responding to queries?

collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

A. One day

B. One hour

C. One week

D. One month
Answer: C

**Question 476:**

Study the log below and identify the scan type.

A. nmap -sR 192.168.1.10

B. nmap -sS 192.168.1.10

C. nmap -sV 192.168.1.10

D. nmap -sO -T 192.168.1.10

Answer: D

**Question 477:**

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

A. They are written in Java.

B. They send alerts to security monitors.

C. They use the same packet analysis engine.

D. They use the same packet capture utility.

Answer: D

**Question 480:**

Which type of cryptography does SSL, IKE, and PGP belong to?

A. Secret Key

B. Hash Algorithm

C. Digest

D. Public Key

Answer: D

**Question 481:**
A regional bank hires your company to perform a security assessment on their network after a recent
data breach. The attacker was able to steal financial data from the bank by compromising only a single
server. Based on this information, what should be one of your key recommendations to the bank?

A. Place a front-end web server in a demilitarized zone that only handles external web traffic

B. Require all employees to change their passwords immediately

C. Move the financial data to another server on the same IP subnet

D. Issue new certificates to the web servers from the root certificate authority

Answer: A

**Question 484:**

To reduce the attack surface of a system, administrators should perform which of the following
processes to remove unnecessary software, services, and insecure configuration settings?

A. Harvesting

B. Windowing

C. Hardening

D. Stealthing

Answer: C

**Question 489:**

What is the outcome of the command "nc -l -p 2222 | nc 10.1.0.43 1234"?

A. Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43
port 1234.

B. Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port
2222.

C. Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222.

D. Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

Answer: A

**Question 490:**

One of your team members has asked you to analyze the following SOA record. What is the TTL?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)
A. 200303028

B. 3600

C. 604800

D. 2400

E. 60

F. 4800

Answer: D

**Question 492:**

Which one of the following Google advanced search operators allows an attacker to restrict the results
to those websites in the given domain?

A. [cache:]

B. [site:]

C. [inurl:]

D. [link:]

Answer: B

**Question 495:**

While performing online banking using a Web browser, Kyle receives an email that contains an image of
a well-crafted art. Upon clicking the image, a new tab on the web browser opens and shows an
animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all
his funds on the bank were gone. What Web browser-based security vulnerability got exploited by the
hacker?

A. Clickjacking

B. Web Form Input Validation

C. Cross-Site Request Forgery

D. Cross-Site Scripting

Answer: C

**Question 498:**
A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the
ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP
ID:0 and Seq:0. What can you infer from this information?

A. The packets were sent by a worm spoofing the IP addresses of 47 infected sites

B. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

C. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

D. 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and
Seq 0

Answer: B

**Question 1:**

Which of the following is a detective control?

A. Smart card authentication

B. Security policy

C. Audit trail

D. Continuity of operations plan

Answer: C

**Question 2:**

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

A. Cross-site scripting

B. SQL injection

C. VPath injection

D. XML denial ofservice issues

Answer: D

**Question 3:**

Which of the following is considered as one of the most reliable forms of TCP scanning?

A. TCP Connect/Full Open Scan

B. Half-open Scan

C. NULL Scan

D. Xmas Scan

Answer: A

**Question 4:**

Why would you consider sending an email to an address that you know does not exist within the
company you are performing a Penetration Test for?

A. To determine who is the holder of the root account

B. To perform a DoS

C. To create needless SPAM

D. To illicit a response back that will reveal information about email servers and how they treat
undeliverable mail

E. To test for virus protection

Answer: D

**Question 5:**

......is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the
premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless
version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone
to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the
passwords of unsuspecting users by either snooping the communication link or by phishing, which
involves setting up a fraudulent web site and luring people there.

Fill in the blank with appropriate choice.

A. Collision Attack

B. Evil Twin Attack

C. Sinkhole Attack

D. Signal Jamming Attack

Answer: B

**Question 6:**
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection
by the network's IDS?

A. Timing options to slow the speed that the port scan is conducted

B. Fingerprinting to identify which operating systems are running on the network

C. ICMP ping sweep to determine which hosts on the network are not available

D. Traceroute to control the path of the packets sent during the scan

Answer: A

**Question 7:**

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with
that of the file server. She then intercepted his traffic destined for the server, changed it the way she
wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

A. A sniffing attack

B. A spoofing attack

C. A man in the middle attack

D. A denial of service attack

Answer: C

**Question 8:**

Matthew received an email with an attachment named "YouWon$10Grand.zip." The zip file contains a
file named "HowToClaimYourPrize.docx.exe." Out of excitement and curiosity, Matthew opened the said
file.

Without his knowledge, the file copies itself to Matthew's APPDATA\IocaI directory and begins to
beacon to a Command-and-control server to download additional malicious binaries. What type of
malware has Matthew encountered?

A. Key-logger

B. Trojan

C. Worm

D. Macro Virus

Answer: B
**Question 9:**

Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a
sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types
of vulnerability.

What is this style of attack called?

A. zero-day

B. zero-hour

C. zero-sum

D. no-day

Answer: A

**Question 10:**

A network security administrator is worried about potential man-in-the-middle attacks when users
access a corporate web site from their workstations. Which of the following is the best remediation
against this type of attack?

A. Implementing server-side PKI certificates for all connections

B. Mandating only client-side PKI certificates for all connections

C. Requiring client and server PKI certificates for all connections

D. Requiring strong authentication for all DNS queries

Answer: C

**Question 11:**

What is not a PCI compliance recommendation?

A. Limit access to card holder data to as few individuals as possible.

B. Use encryption to protect all transmission of card holder data over any public network.

C. Rotate employees handling credit card transactions on a yearly basis to different departments.

D. Use a firewall between the public network and the payment card data.

Answer: C
**Question 12:**

When you are testing a web application, it is very useful to employ a proxy tool to save every request
and response. You can manually test every request and analyze the response to find vulnerabilities. You
can test parameter and headers manually to get more precise results than if using web vulnerability
scanners.

What proxy tool will help you find web vulnerabilities?

A. Burpsuite

B. Maskgen

C. Dimitry

D. Proxychains

Answer: A

**Question 13:**

Which of the following algorithms provides better protection against brute force attacks by using a 160-
bit message digest?

A. MD5

B. SHA-1

C. RC4

D. MD4

Answer: B

**Question 14:**

During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of
the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of packet
inspection is the firewall conducting?

A. Host

B. Stateful

C. Stateless

D. Application

Answer: C
**Question 15:**

Which tool allows analysts and pen testers to examine links between data using graphs and link
analysis?

A. Maltego

B. Cain & Abel

C. Metasploit

D. Wireshark

Answer: A

**Question 16:**

This configuration allows NIC to pass all traffic it receives to the Central Processing Unit (CPU), instead of
passing only the frames that the controller is intended to receive. Select the option that BEST describes
the above statement.

A. Multi-cast mode

B. WEM

C. Promiscuous mode

D. Port forwarding

Answer: C

**Question 17:**

Yancey is a network security administrator for a large electric company. This company provides power
for over 100,000 people in Las Vegas. Yancey has worked for his company for over 15 years and has
become very successful. One day, Yancey comes in to work and finds out that the company will be
downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic
bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left.
Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to
pay for what they are doing to him.

What would Yancey be considered?

A. Yancey would be considered a Suicide Hacker

. Yancey would be considered an Insider Threat

C. Yancey would be considered a Hacktivist

D. Yancey would be considered a "Script Kiddie"

Answer: B

**Question 18:**

Which encryption algorithm is the most widely used symmetric algorithm?

A. AES

B. RSA

C. ECC

D. DES

Answer: A

**Question 19:**

What kind of attack is being described in the statement below?

"An attacker listens to the communication between two parties and steals sensitive information such as
login credentials and credit card numbers."

A. Man-in-the-Middle (MitM) Attack

B. Distributed Denial of Service (DDoS) Attack

C. SQL Injection Attack

D. Cross-site Scripting (XSS) Attack

Answer: A

**Question 20:**

Which of the following statements about biometric authentication is true?

A. Biometric authentication methods cannot be revoked or changed.

B. Biometric data is always stored in the original form.

C. Biometric authentication is considered one of the least secure authentication methods.

D. Biometric authentication methods are susceptible to replay attacks.

Answer: A
**Question 21:**

What is the primary purpose of an Intrusion Detection System (IDS)?

A. To block all incoming network traffic

B. To replace firewalls in a network

C. To identify unauthorized access or misuse of a computer system

D. To encrypt sensitive data during transmission

Answer: C

**Question 22:**

Which of the following is an example of two-factor authentication?

A. Username and password

B. Smart card and PIN

C. Public key and private key

D. CAPTCHA and biometric scan

Answer: B

**Question 23:**

A security professional is configuring a new wireless network. What action would best improve the
network's security?

A. Disabling encryption to allow for easier device connections.

B. Enabling WEP encryption to secure the network.

C. Enabling WPA3 encryption with a strong passphrase.

D. Broadcasting the network's SSID to simplify network discovery.

Answer: C

**Question 24:**

Which type of malware is designed to spread from one computer to another by attaching itself to files or
software?
A. Spyware

B. Worm

C. Trojan

D. Ransomware

Answer: B

**Question 25:**

Which of the following is NOT a good practice for creating strong passwords?

A. Using a combination of uppercase and lowercase letters.

B. Including personal information like birthdates or names.

C. Incorporating special characters and numbers.

D. Making the password as short as possible for easy recall.

Answer: B

1. How can you determine if an LM hash you extracted contains a password that is less than 8 characters
long?

A. There is no way to tell because a hash cannot be reversed

B. The right most portion of the hash is always the same

C. The hash always starts with AB923D

D. The left most portion of the hash is always the same

E. A portion of the hash will be all 0's

Answer: B

2. Which of the following guidelines or standards is associated with the credit card industry?

A. Control Objectives for Information and Related Technology (COBIT)

B. Sarbanes-Oxley Act (SOX)

C. Health Insurance Portability and Accountability Act (HIPAA)

D. Payment Card Industry Data Security Standards (PCI DSS)

 Answer: D

3. Identify the correct terminology that defines the above statement.

A. Vulnerability Scanning

B. Penetration Testing

C. Security Policy Implementation

D. Designing Network Security

Answer: B

4. An attacker tries to do banner grabbing on a remote web server and executes the following
command.

Service detection performed. Please report any incorrect results at http://nmap.org/submit/.

Nmap done: 1 IP address (1 host up) scanned in 6.42 seconds

What did the hacker accomplish?

A. nmap can't retrieve the version number of any running remote service.

B. The hacker successfully completed the banner grabbing.

C. The hacker should've used nmap -O host.domain.com.

D. The hacker failed to do banner grabbing as he didn't get the version of the Apache web server.

Answer: B

5. What is the main difference between a "Normal" SQL Injection and a "Blind" SQL Injection
vulnerability?

A. The request to the web server is not visible to the administrator of the vulnerable application.

B. The attack is called "Blind" because, although the application properly filters user input, it is still
vulnerable to code injection.

C. The successful attack does not show an error message to the administrator of the affected
application.

D. The vulnerable application does not display errors with information about the injection results to
the attacker.

Answer: D
6. Fingerprinting an Operating System helps a cracker because:

A. It defines exactly what software you have installed

B. It opens a security-delayed window based on the port being scanned

C. It doesn't depend on the patches that have been applied to fix existing security holes

D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

Answer: D

7. You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a
sequence number?

A. TCP

B. UDP

C. ICMP

D. UPX

Answer: A

8. First thing you do every office day is to check your email inbox. One morning, you received an email
from your best friend and the subject line is quite strange. What should you do?

A. Delete the email and pretend nothing happened.

B. Forward the message to your supervisor and ask for her opinion on how to handle the situation.

C. Forward the message to your company's security response team and permanently delete the
message from your computer.

D. Reply to the sender and ask them for more information about the message contents.

Answer: C

9. During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web
enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of
firewall is inspecting outbound traffic?

A. Application

B. Circuit
 C. Stateful

D. Packet Filtering

Answer: A

10. Neil notices that a single address is generating traffic from its port 500 to port 500 of several other
machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned.
As a security professional, what would you infer from this scan?

A. It is a network fault and the originating machine is in a network loop

B. It is a worm that is malfunctioning or hardcoded to scan on port 500

C. The attacker is trying to detect machines on the network which have SSL enabled

D. The attacker is trying to determine the type of VPN implementation and checking for IPSec

Answer: D

11. Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

A. Configure the Web Server to deny requests involving "hex encoded" characters

B. Create rules in IDS to alert on strange Unicode requests

C. Use SSL authentication on Web Servers

D. Enable Active Scripts Detection at the firewall and routers

Answer: B

12. Which of the following does proper basic configuration of snort as a network intrusion detection
system require?

A. Limit the packets captured to the snort configuration file.

B. Capture every packet on the network segment.

C. Limit the packets captured to a single segment.

D. Limit the packets captured to the /var/log/snort directory.

Answer: A
13. Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are
within what phase of the Incident Handling Process?

A. Preparation phase

B. Containment phase

C. Recovery phase

D. Identification phase

Answer: A

14. Which of the following BEST describes how Address Resolution Protocol (ARP) works?

A. It sends a reply packet for a specific IP, asking for the MAC address

B. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP

C. It sends a request packet to all the network elements, asking for the domain name from a specific IP

D. It sends a request packet to all the network elements, asking for the MAC address from a specific IP

Answer: D

15. It is a short-range wireless communication technology that allows mobile phones, computers and
other devices to connect and communicate. This technology intends to replace cables connecting
portable devices with high regards to security.

A. Bluetooth

B. Radio-Frequency Identification

C. WLAN

D. InfraRed

Answer: A

Here are 15 questions selected from the provided list along with their correct answers:

**Question 601:**

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name
Servers, host names, MX records, CNAME records, glue records, zone serial number, TimeToLive (TTL)
records, etc) for a Domain. What do you think Tess King is trying to accomplish?

A. A zone harvesting
B. A zone transfer

C. A zone update

D. A zone estimate

Answer: B

**Question 602:**

Which of the following is a protocol specifically designed for transporting event messages?

A. SYSLOG

B. SMS

C. SNMP

D. ICMP

Answer: A

**Question 603:**

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the
following attack scenarios will compromise the privacy of her data?

A. None of these scenarios compromise the privacy of Alice's data

B. Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server
successfully resists Andrew's attempt to access the stored data

C. Hacker Harry breaks into the cloud server and steals the encrypted data

D. Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

Answer: D

**Question 604:**

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's
access-list as below:

You are hired to conduct security testing on their network.

You successfully brute-force the SNMP community string using an SNMP crack tool.

The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router. How would you proceed?
A. Use the Cisco's TFTP default password to connect and download the configuration file

B. Run a network sniffer and capture the returned traffic with the configuration file from the router

C. Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router
masking your IP address

D. Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Answer: B D

**Question 605:**

In order to prevent particular ports and applications from getting packets into an organization, what
does a firewall check?

A. Network layer headers and the session layer port numbers

B. Presentation layer headers and the session layer port numbers

C. Application layer port numbers and the transport layer headers

D. Transport layer port numbers and application layer headers

Answer: D

**Question 606:**

You have successfully gained access to your client's internal network and successfully comprised a Linux
server which is part of the internal IP network. You want to know which Microsoft Windows
workstations have file sharing enabled. Which port would you see listening on these Windows machines
in the network?

A. 445

B. 3389

C. 161

D. 1433

Answer: A

**Question 607:**

The following are types of Bluetooth attack EXCEPT ?

A. Bluejacking
B. Bluesmaking

C. Bluesnarfing

D. Bluedriving

Answer: D

**Question 608:**

Destination unreachable administratively prohibited messages can inform the hacker to what?

A. That a circuit level proxy has been installed and is filtering traffic

B. That his/her scans are being blocked by a honeypot or jail

C. That the packets are being malformed by the scanning software

D. That a router or other packet-filtering device is blocking traffic

E. That the network is functioning normally

Answer: D

**Question 609:**

A possibly malicious sequence of packets that were sent to a web server has been captured by an
Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to
determine whether these packets are indeed malicious. What tool are you going to use?

A. Intrusion Prevention System (IPS)

B. Vulnerability scanner

C. Protocol analyzer

D. Network sniffer

Answer: C

**Question 610:**

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened
that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP
result below, which of the following is likely to be installed on the target machine by the OS?

A. The host is likely a Windows machine.

B. The host is likely a Linux machine.

C. The host is likely a router.

D. The host is likely a printer.

Answer: D

**Question 611:**

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

A. Results matching all words in the query

B. Results matching "accounting" in domain target.com but not on the site Marketing.target.com

C. Results from matches on the site marketing.target.com that are in the domain target.com but do not
include the word accounting

D. Results for matches on target.com and Marketing.target.com that include the word "accounting"

Answer: B

**Question 612:**

What is the most common method to exploit the "Bash Bug" or "ShellShock" vulnerability?

A. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment
variable to a vulnerable Web server

B. Manipulate format strings in text fields

C. SSH

D. SYN Flood

Answer: A

**Question 613:**

It is an entity or event with the potential to adversely impact a system through unauthorized access,
destruction, disclosure, denial of service, or modification of data. Which of the following terms best
matches the definition?

A. Threat

B. Attack

C. Vulnerability
D. Risk

Answer: A

**Question 1:**

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as
realistic as possible; therefore, they did not provide any information besides the company name. What
should be the first step in security testing the client?

A. Reconnaissance

B. Enumeration

C. Scanning

D. Escalation

Answer: A

**Question 2:**

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose
port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice's machine. From the
command prompt, she types the following command. What is Eve trying to do?

A. Eve is trying to connect as a user with Administrator privileges

B. Eve is trying to enumerate all users with Administrative privileges

C. Eve is trying to carry out a password crack for user Administrator

D. Eve is trying to escalate the privilege of the null user to that of Administrator

Answer: C

**Question 3:**

You are the Systems Administrator for a large corporate organization. You need to monitor all network
traffic on your local network for suspicious activities and receive notifications when an attack is
occurring. Which tool would allow you to accomplish this goal?

A. Network-based IDS

B. Firewall

C. Proxy

D. Host-based IDS
Answer: A

**Question 4:**

An attacker uses a communication channel within an operating system that is neither designed nor
intended to transfer information. What is the name of the communications channel?

A. Classified

B. Overt

C. Encrypted

D. Covert

Answer: D

**Question 5:**

What does the -oX flag do in an Nmap scan?

A. Perform an express scan

B. Output the results in truncated format to the screen

C. Perform an Xmas scan

D. Output the results in XML format to a file

Answer: D

**Question 6:**

In many states, sending spam is illegal. Thus, spammers have techniques to try and ensure that no one
knows they sent the spam out to thousands of users at a time. Which of the following best describes
what spammers use to hide the origin of these types of e-mails?

A. A blacklist of companies that have their mail server relays configured to allow traffic only to their
specific domain name.

B. Mail relaying, which is a technique of bouncing e-mail from internal to external mail servers
continuously.

C. A blacklist of companies that have their mail server relays configured to be wide open.

D. Tools that will reconfigure a mail server's relay component to send the e-mail back to the spammers
occasionally.

Answer: B
**Question 7:**

What is correct about digital signatures?

A. A digital signature cannot be moved from one signed document to another because it is the hash of
the original document encrypted with the private key of the signing party.

B. Digital signatures may be used in different documents of the same type.

C. A digital signature cannot be moved from one signed document to another because it is a plain hash
of the document content.

D. Digital signatures are issued once for each user and can be used everywhere until they expire.

Answer: A

**Question 8:**

Null sessions are unauthenticated connections (not using a username or password) to an NT or 2000
system. Which TCP and UDP ports must you filter to check null sessions on your network?

A. 137 and 139

B. 137 and 443

C. 139 and 443

D. 139 and 445

Answer: D

**Question 9:**

Backing up data is a security must. However, it also has a certain level of risks when mishandled. Which
of the following is the greatest threat posed by backups?

A. A backup is the source of Malware or illicit information

B. A backup is incomplete because no verification was performed

C. A backup is unavailable during disaster recovery

D. An unencrypted backup can be misplaced or stolen

Answer: D

**Question 10:**
What is the best description of SQL Injection?

A. It is an attack used to gain unauthorized access to a database.

B. It is an attack used to modify code in an application.

C. It is a Man-in-the-Middle attack between your SQL Server and Web App Server.

D. It is a Denial of Service Attack.

Answer: A

**Question 11:**

A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0, and
192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?

A. NMAP -P 192.168.1-5.

B. NMAP -P 192.168.0.0/16

C. NMAP -P 192.168.1.0,2.0,3.0,4.0,5.0

D. NMAP -P 192.168.1/17

Answer: A

**Question 12:**

Which of the following will perform an Xmas scan using NMAP?

A. nmap -sA 192.168.1.254

B. nmap -sP 192.168.1.254

C. nmap -sX 192.168.1.254

D. nmap -sV 192.168.1.254

Answer: C

**Question 13:**

____ is a set of extensions to DNS that provides DNS clients (resolvers) origin authentication of DNS data
to reduce the threat of DNS poisoning, spoofing, and similar attacks types.

A. DNSSEC

B. Zone transfer
C. Resource transfer

D. Resource records

Answer: A

**Question 14:**

Which definition among those given below best describes a covert channel?

A. A server program using a port that is not well known.

B. Making use of a protocol in a way it is not intended to be used.

C. It is the multiplexing taking place on a communication link.

D. It is one of the weak channels used by WEP which makes it insecure

Answer: B

**Question 15:**

Which of the following is a restriction being enforced in "white box testing?"

A. Only the internal operation of a system is known to the tester

B. The internal operation of a system is completely known to the tester

C. The internal operation of a system is only partly accessible to the tester

D. Only the external operation of a system is accessible to the tester

Answer: B

**Question 16:**

An unauthorized individual enters a building following an employee through the employee entrance
after the lunch rush. What type of breach has the individual just performed?

A. Reverse Social Engineering

B. Tailgating

C. Piggybacking

D. Announced

Answer: B
**Question 17:**

A company has hired a security administrator to maintain and administer Linux and Windows-based
systems. Written in the nightly report file is the following:

Firewall log files are at the expected value of 4 MB. The current time

is 12 am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log
files have shrunk in size again. Which of the following actions should the security administrator take?

A. Log the event as suspicious activity and report this behavior to the incident response team
immediately.

B. Log the event as suspicious activity, call a manager, and report this as soon as possible.

C. Run an anti-virus scan because it is likely the system is infected by malware.

D. Log the event as suspicious activity, continue to investigate, and act according to the site's security
policy.

Answer: D

**Question 18:**

Which of the following identifies the three modes in which Snort can be configured to run?

A. Sniffer, Packet Logger, and Network Intrusion Detection System

B. Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System

C. Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System

D. Sniffer, Packet Logger, and Host Intrusion Prevention System

Answer: A

**Question 19:**

Which of the following statements about a zone transfer is correct? (Choose three.)

A. A zone transfer is accomplished with DNS

B. A zone transfer is accomplished with the nslookup service

C. A zone transfer passes all zone information that a DNS server maintains

D. A zone transfer passes all zone information that an nslookup server maintains

E. A zone transfer can be prevented by blocking all inbound TCP port 53 connections
F. Zone transfers cannot occur on the Internet

Answer: A, C, E

**Question 20:**

A well-intentioned researcher discovers a vulnerability on the website of a major corporation. What

should he do?

A. Ignore it.

B. Try to sell the information to a well-paying party on the dark web.

C. Notify the website owner so that corrective action can be taken as soon as possible to patch the
vulnerability.

D. Exploit the vulnerability without harming the website owner so that attention can be drawn to the
problem.

Answer: C

**Question 1:**

You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the
machines has 2 connections, one wired and the other wireless. When you verify the configuration of this
Windows system you find two static routes.

route add 10.0.0.0 mask 255.0.0.0 10.0.0.1

route add 0.0.0.0 mask 255.0.0.0 199.168.0.1

What is the main purpose of those static routes?

A. Both static routes indicate that the traffic is external with different gateway.

B. The first static route indicates that the internal traffic will use an external gateway and the second
static route indicates that the traffic will be rerouted.

C. Both static routes indicate that the traffic is internal with different gateway.

D. The first static route indicates that the internal addresses are using the internal gateway and the
second static route indicates that all the traffic that is not internal must go to an external gateway.

Answer: D
**Question 2:**

Which of the following statements regarding ethical hacking is incorrect?

A. Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities
in an organization's systems.

B. Testing should be remotely performed offsite.

C. An organization should use ethical hackers who do not sell vendor hardware/software or other
consulting services.

D. Ethical hacking should not involve writing to or modifying the target systems.

Answer: A

**Question 3:**

Low humidity in a data center can cause which of the following problems?

A. Heat

B. Corrosion

C. Static electricity

D. Airborne contamination

Answer: C

**Question 4:**

Seth is starting a penetration test from inside the network. He hasn't been given any information about
the network. What type of test is he conducting?

A. Internal Whitebox

B. External, Whitebox

C. Internal, Blackbox

D. External, Blackbox

Answer: C

**Question 5:**

Which type of scan measures a person's external features through a digital video camera?

A. Iris scan
B. Retinal scan

C. Facial recognition scan

D. Signature kinetics scan

Answer: C

**Question 6:**

A security policy will be more accepted by employees if it is consistent and has the support of

A. coworkers.

B. executive management.

C. the security officer.

D. a supervisor.

Answer: B

**Question 7:**

This international organization regulates billions of transactions daily and provides security guidelines to
protect personally identifiable information (PII). These security controls provide a baseline and prevent
low-level hackers sometimes known as script kiddies from causing a data breach.

Which of the following organizations is being described?

A. Payment Card Industry (PCI)

B. Center for Disease Control (CDC)

C. Institute of Electrical and Electronics Engineers (IEEE)

D. International Security Industry Organization (ISIO)

Answer: A

**Question 8:**

When purchasing a biometric system, one of the considerations that should be reviewed is the
processing speed. Which of the following best describes what it is meant by processing?

A. The amount of time it takes to convert biometric data into a template on a smart card.

B. The amount of time and resources that are necessary to maintain a biometric system.
C. The amount of time it takes to be either accepted or rejected from when an individual provides
Identification and authentication information.

D. How long it takes to set up individual user accounts.

Answer: C

**Question 9:**

While performing online banking using a Web browser, a user receives an email that contains a link to
an interesting Web site. When the user clicks on the link, another Web browser session starts and
displays a video of cats playing a piano. The next business day, the user receives what looks like an email
from his bank, indicating that his bank account has been accessed from a foreign country. The email asks
the user to call his bank and verify the authorization of a funds transfer that took place.

What Web browser-based security vulnerability was exploited to compromise the user?

A. Cross-Site Request Forgery

B. Cross-Site Scripting

C. Clickjacking

D. Web form input validation

Answer: C

**Question 10:**

A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you.
During the interview, they asked you to show sample reports from previous penetration tests. What
should you do?

A. Share reports, after NDA is signed

B. Share full reports, not redacted

C. Decline but provide references

D. Share full reports with redactions

Answer: C

**Question 11:**

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

A. She is encrypting the file.

B. She is using John the Ripper to view the contents of the file.

C. She is using FTP to transfer the file to another hacker named John.

D. She is using John the Ripper to crack the passwords in the secret.txt file.

Answer: D

**Question 12:**

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company
A and B are working together in developing a product that will generate a major competitive advantage
for them.

Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a
spoofing attack on the DNS server of company B, company C gains access to outgoing emails from
company B. How do you prevent DNS spoofing?

A. Install DNS logger and track vulnerable packets

B. Disable DNS timeouts

C. Install DNS Anti-spoofing

D. Disable DNS Zone Transfer

Answer: C

**Question 13:**

Which of the following is considered an exploit framework and has the ability to perform automated
attacks on services, ports, applications and unpatched security flaws in a computer system?

A. Wireshark

B. Maltego

C. Metasploit

D. Nessus

Answer: C

**Question 14:**

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting
the chosen service call interruptions when they are being run?
A. Cavity virus

B. Polymorphic virus

C. Tunneling virus

D. Stealth virus

Answer: D

**Question 15:**

There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering
the process. A term describes when two pieces of data result in the same value is?

A. Collision

B. Collusion

C. Polymorphism

D. Escrow

Answer: A

**Question 16:**

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In
the network the servers are in the addresses 192.168.1.122, 192.168.1.123, and 192.168.1.124.

An attacker is trying to find those servers but he cannot see them in his scanning. The command he is
using is:

nmap 192.168.

1.64/26

What should he do?

A. Change his IP to 192.168.1.65 and repeat the scan

B. Change the scan target to 192.168.1.121/24

C. Change the scan type to XMAS scan

D. Change the scan target to 192.168.1.0/24

Answer: A
**Question 17:**

You are performing a security audit on a corporate network. You want to identify any unencrypted
passwords that are being sent on the network. What protocol would you monitor to capture this type of
data?

A. HTTPS

B. TCP

C. IPsec

D. POP3

Answer: B

**Question 18:**

In the context of IT and information security, what does the acronym CIA stand for?

A. Central Intelligence Agency

B. Confidentiality, Integrity, Availability

C. Computer Industry Almanac

D. Cybersecurity and Infrastructure Agency

Answer: B

**Question 19:**

Which of the following encryption algorithms is symmetric in nature?

A. RSA

B. AES

C. ECC

D. Diffie-Hellman

Answer: B

**Question 20:**

You are working in an organization that handles sensitive financial data. The management is concerned
about the security of data at rest and wants to ensure that all the stored data is encrypted. What would
be an appropriate solution?
A. Implementing firewalls and intrusion detection systems.

B. Requiring employees to use strong, unique passwords.

C. Performing regular security training for employees.

D. Using full disk encryption on all computers and storage devices.

Answer: D