Q1. While using your bank’s online servicing you notice the following stringin the URL bar: “http://www.MyPersonalBank/Account?

Id=368940911028389&Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.

What type of vulnerability is present on this site?

A. SQL injection

B. XSS Reflection

C. Web Parameter Tampering

D. Cookie Tampering

View Answer

Q2. Which regulationdefines security and privacy controls for Federal information systems and organizations?

A. HIPAA

B. EU Safe Harbor

C. PCI-DSS

D. NIST-800-53

View Answer

Q3. Which of the following isthe greatest threat posed by backups?

A. An un-encrypted backup can be misplaced or stolen

B. A back is incomplete because no verification was performed.

C. A backup is the source of Malware or illicit information.

D. A backup is unavailable duringdisaster recovery.

View Answer

Q4. A hacker has successfully infected an internet-facing server, which he will then use to send junk mail, take part incoordinated attacks, or host junk email content.

Which sort of trojan infects this server?

A. Botnet Trojan

B. Banking Trojans

C. Ransomware Trojans

D. Turtle Trojans

View Answer

Q5. Perspective clients wantto see sample reports from previous penetration tests. What should you do next?

A. Share full reports, not redacted.

B. Share full reports, with redacted.

C. Decline but, provide references.

D. Share reports, after NDA is signed.

View Answer

Q6. The purpose of a is to deny network access to local area networks and other information assets by unauthorized wireless devices.

A. Wireless Access Point

B. Wireless Analyzer

C. Wireless Access Control list

D. Wireless Intrusion Prevention System

View Answer

Q7. You are tasked to perform a penetration test. While you are performinginformation gathering, you find ab employee list in Google. You find receptionist’s email, and you send her an email changing the source email to her boss’s email ( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected.

What testing method did you use?

A. Piggybacking

B. Tailgating

C. Evesdropping

D. Social engineering

View Answer

Q8. You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

Which command would you use?

A. c:\services.msc

B. c:\ncpa.cp

C. c:\compmgmt.msc

D. c:\gpedit

View Answer

Q9. When you are testing a web application, it is very useful to employ a prosy tool to save every request and response.Nyou can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

What proxy tool will help you find web vulnerabilities?

A. Burpsuite

B. Dimitry

C. Proxychains

D. Maskgen

View Answer

Q10. Which of the following parameters describe LM Hash: I – The maximum password length is 14 characters.

II – There are no distinctions between uppercase and lowercase.

III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.

A. I

B. I and II

C. II

D. I, II and III

View Answer