Q1. Which of the following isthe greatest threat posed by backups?

A. An un-encrypted backup can be misplaced or stolen

B. A back is incomplete because no verification was performed.

C. A backup is the source of Malware or illicit information.

D. A backup is unavailable duringdisaster recovery.

View Answer

Q2. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

A. Inherent Risk

B. ResidualRisk

A. C. Deferred Risk

D. Impact Risk

View Answer

Q3. Which of the following is component of a risk assessment?

A. Logical interface

B. DMZ

C. Administrative safeguards

D. Physical security

View Answer

Q4. Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file is a file named “Court_Notice_21206.docx.exe” disguised as a word document.Upon execution, a windows appears stating, “This word document is corrupt.” In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries. What type of malware has Jesse encountered?

A. Trojan

B. Worm

C. Key-Logger

D. Micro Virus

View Answer

Q5. An incident investigator asks to receive a copy of the event from all firewalls, prosy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs the sequence of many of the logged events do not match up.

What is the most likely cause?

A. The network devices are not all synchronized

B. The securitybreach was a false positive.

C. The attack altered or erased events from the logs.

D. Proper chain of custody was not observed while collecting the logs.

View Answer

Q6. The purpose of a is to deny network access to local area networks and other information assets by unauthorized wireless devices.

A. Wireless Access Point

B. Wireless Analyzer

C. Wireless Access Control list

D. Wireless Intrusion Prevention System

View Answer

Q7. Which of the following is not a Bluetooth attack?

A. Bluejacking

B. Bluedriving

C. Bluesnarfing

D. Bluesmaking

View Answer

Q8. The phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the“landscape” looks like.

What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

A. Network Mapping

B. Gaining access

C. Footprinting

D. Escalating privileges

View Answer

Q9. When you return to your desk after a lunch break, you notice a strange email in your inbox. The senders is someone you did business with recently but the subject line has strange characters in it.

What should you do?

A. Forward the message to your company’s security response team and permanently delete the message from your computer.

B. Delete the email and pretend nothing happened.

C. Forward the message to your supervisor andask for her opinion on how to handle the situation.

D. Reply to the sender and ask them for more information about the message contents.

View Answer

Q10. Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

A. Jack the ripper

B. nessus

C. tcpdump

D. ethereal

View Answer