Q1. What is the process of logging, recording, and resolving events that take place in an organization?

A. Metrics

B. Security Policy

C. Internal Procedure

D. Incident Management Process

View Answer

Q2. Which of the following parameters describe LM Hash: I – The maximum password length is 14 characters.

II – There are no distinctions between uppercase and lowercase.

III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.

A. I

B. I and II

C. II

D. I, II and III

View Answer

Q3. An attacker changes the profile information of a particular user on a target website (the victim). The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker’s database.

<frame src=http://www/vulnweb.com/updataif.php Style=”display:none”></iframe> What is this type of attack (that can use either HTTP GET or HRRP POST) called?

A. Cross-Site Request Forgery

B. Cross-Site Scripting

C. SQL Injection

D. Browser Hacking

View Answer

Q4. This international organizationregulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.

Which of the following organizations is being described?

A. Payment Card Industry (PCI)

A. B. International Security Industry Organization (ISIO)

C. Institute of Electrical and Electronics Engineers (IEEE)

D. Center for Disease Control (CDC)

View Answer

Q5. You are performing a penetration test. You achieved access via a bufferoverflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account.

What should you do?

A. Do not transfer the money but steal the bitcoins.

B. Report immediately to the administrator.

A. C. Transfer money from the administrator’s account to another account.

D. Do not report it and continue the penetration test.

View Answer

Q6. Which of the following incident handling process phases is responsible for defining rules, creating a back-up plan, and testing the plans for an enterprise?

A. Preparation phase

A. B. Recovery phase

C. Identification phase

D. Containment phase

View Answer

Q7. This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attach along with some optimizations like Korek attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Which of the following tools is being described?

A. Wificracker

B. WLAN-crack

C. Airguard

D. Aircrack-ng

View Answer

Q8. Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

A. Kismet

B. Netstumbler

C. Abel

D. Nessus

View Answer

Q9. You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

Which command would you use?

A. c:\services.msc

B. c:\ncpa.cp

C. c:\compmgmt.msc

D. c:\gpedit

View Answer

Q10. Jimmy is standing outside a secure entrance to a facility. He is pretending to having a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it beginsto close.

What just happened?

A. Masquading

B. Phishing

C. Whaling

D. Piggybacking

View Answer