Q1. You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

A. ICMP

B. TCP

C. UDP

D. UPX

View Answer

Q2. env x= ‘(){ :;};echo exploit ‘ bash –c ‘cat/etc/passwd

What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?

A. Add new user to the passwd file

B. Display passwd contents to prompt

C. Change all password in passwd

D. Remove the passwd file.

View Answer

Q3. You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it.

What tool will help you with the task?

A. Armitage

B. Dimitry

C. cdpsnarf

D. Metagoofil

View Answer

Q4. To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used randomly generate invalid input in an attempt to crash the program.

What term is commonly used when referring to this type of testing?

A. Bounding

B. Mutating

C. Puzzing

D. Randomizing

View Answer

Q5. During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?

A. Terminate the audit.

B. Identify and evaluate existing practices.

C. Create a procedures document

D. Conduct compliance testing

View Answer

Q6. You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?

A. Host-based IDS

B. Firewall

C. Network-Based IDS

D. Proxy

View Answer

Q7. Which of the following incident handling process phases is responsible for defining rules, creating a back-up plan, and testing the plans for an enterprise?

A. Preparation phase

A. B. Recovery phase

C. Identification phase

D. Containment phase

View Answer

Q8. A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing inconcluding the Operating System (OS) version installed. Considering the NMAP result below, which of the follow is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report

for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80 /tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tec open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

A. The host is likely a printer.

B. The host is likely a router.

C. The host is likely a Linux machine.

D. The host is likely a Windows machine.

View Answer

Q9. Which of the following statements regarding ethical hacking is incorrect?

A. Testing should be remotely performed offsite.

B. Ethical hackers should never use tools that have potential of exploiting vulnerabilities in the

organizations IT system.

C. Ethical hacking should not involve writing to or modifying the target systems.

D. An organization should use ethical hackers who do not sell hardware/software or other consulting services.

View Answer

Q10. A company’s security states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

B. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

C. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

D. Attempts by attacks to access the user and password information stores in the company's SQL database.

View Answer