Q1. A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing inconcluding the Operating System (OS) version installed. Considering the NMAP result below, which of the follow is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report

for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80 /tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tec open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

A. The host is likely a printer.

B. The host is likely a router.

C. The host is likely a Linux machine.

D. The host is likely a Windows machine.

View Answer

Q2. In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known wardriving.

Which algorithm is this referring to?

A. Wired Equivalent Privacy (WEP)

B. Temporal Key Integrity Protocol (TRIP)

C. Wi-Fi Protected Access (WPA)

D. Wi-Fi Protected Access 2(WPA2)

View Answer

Q3. Which of these options is the most secure procedure for strong backup tapes?

A. In a climate controlled facility offsite

B. Inside the data center for faster retrieval in afireproof safe

C. In a cool dry environment

D. On a different floor in the same building

View Answer

Q4. Which of the followingtypes of firewalls ensures that the packets are part of the established session?

A. Switch-level firewall

B. Stateful inspection firewall

C. Application-level firewall

D. Circuit-level firewall

View Answer

Q5. env x= ‘(){ :;};echo exploit ‘ bash –c ‘cat/etc/passwd

What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?

A. Add new user to the passwd file

B. Display passwd contents to prompt

C. Change all password in passwd

D. Remove the passwd file.

View Answer

Q6. Which of the following describes the characteristics of a Boot Sector Virus?

A. Overwrites the original MBR and only executes the new virus code

B. Modifies directory table entries so that directory entries point to the virus code instead of the actual program

C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

D. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

View Answer

Q7. While using your bank’s online servicing you notice the following stringin the URL bar: “http://www.MyPersonalBank/Account?

Id=368940911028389&Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.

What type of vulnerability is present on this site?

A. SQL injection

B. XSS Reflection

C. Web Parameter Tampering

D. Cookie Tampering

View Answer

Q8. The configuration allows a wired or wireless network interface controller to pass all trafice it receives to thecentral processing unit (CPU), rather than passing only the frames that the controller is intended to receive.

Which of the following is being described?

A. WEM

B. Multi-cast mode

C. Promiscuous mode

D. Port forwarding

View Answer

Q9. Perspective clients wantto see sample reports from previous penetration tests. What should you do next?

A. Share full reports, not redacted.

B. Share full reports, with redacted.

C. Decline but, provide references.

D. Share reports, after NDA is signed.

View Answer

Q10. You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from the server will not be caught by a Network Based Intrusion Detection System (NIDS).

Which is the best way to evade the NIDS?

A. Out of band signaling

B. Encryption

C. Alternate Data Streams

D. Protocol Isolation

View Answer