An unauthorized individual enters a building following an employee through the employee entrance afterthe lunch r ...


Which of the following is the best countermeasure to encrypting ransomwares.


If an attacker uses the command SELECT*FROM user WHERE name = ‘x’ AND userid IS NULL; ‘; whichtype of S ...


Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What isthe be ...


An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to goto "www.My ...


Which of the following options represents a conceptual characteristic of an anomaly based IDS over asignature b ...


You are logged in as a local admin on a Windows 7 system and you need to launch the ComputerManagement Console fr ...


Which of the following act requires employer’s standard national numbers to identify them on standard transacti ...


In Wireshark, the packet bytes panes show the data of the current packet in which format.


_________ is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients(resolve ...


PGP, SSL, and IKE are all examples of which type of cryptography.


Which of the following is considered as one of the most reliable forms of TCP scanning.


Which of the following scanning method splits the TCP header into several packets and makes it difficultfor packe ...


Which of the following is the BEST way to defend against network sniffing.


You have successfully gained access to a Linux server and would like to ensure that the succeedingoutgoing traffi ...


What is the purpose of a demilitarized zone on a network.


You need to deploy a new web based software package for your organization. The package requires threeseparate se ...


The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the h ...


When conducting a penetration test, it is crucial to use all means to get all available information about the ta ...


Insecure direct object reference is a type of vulnerability where the application does not verify if the user is ...


Which tool allows analysts and pen testers to examine links between data using graphs and link analysis.


Which of these is capable of searching for and locating rogue access points.


A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer&rsquo ...


Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which ...


You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt ...


What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an aut ...


From the following table, identify the wrong answer in terms of Range (ft).


What would you enter, if you wanted to perform a stealth scan using Nmap.


You are doing an internal security audit and intend to find out what ports are open on all the servers. What is ...


Steve, a scientist who works in a governmental security agency, developed a technological solution to identify p ...


Which Intrusion Detection System is the best applicable for large environments where critical assets on the netw ...


Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library. This ...


Which protocol is used for setting up secure channels between two devices, typically in VPNs.


Which of the following Secure Hashing Algorithm (SHA) produces a 160 bit digest from a message with a maximum l ...


When does the Payment Card Industry Data Security Standard (PCI DSS) require organizations to perform external ...


If a tester is attempting to ping a target that exists but receives no response or a response that states the de ...


Which of the following types of jailbreaking allows user level access but does not allow iboot level access. ...


What is not a PCI compliance recommendation.


The "white box testing" methodology enforces what kind of restriction.


Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pag ...


This tool is an 802.11 WEP and WPA PSK keys cracking program that can recover keys once enough data packets hav ...


The following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110: ...


You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a s ...


Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are requested to ...


What is attempting an injection attack on a web server based on responses to True/False questions called. ...


The establishment of a TCP connection involves a negotiation called three way handshake. What type of message d ...


You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, ...


Which of the following will perform an Xmas scan using NMAP.


Code injection is a form of attack in which a malicious user:


The collection of potentially actionable, overt, and publicly available information is known as


Which one of the following Google advanced search operators allows an attacker to restrict the results to those ...


This asymmetry cipher is based on factoring the product of two large prime numbers. What cipher is described abo ...


Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and ou ...


During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilit ...


In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choos ...


Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspectin ...


Which is the first step followed by Vulnerability Scanners for scanning a network.


Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet facing services, ...


Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the followi ...


A hacker named Jack is trying to compromise a bank’s computer system. He needs to know the operating syste ...


What two conditions must a digital signature meet.


Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the ...


Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the r ...


Which method of password cracking takes the most time and effort.


Which of the following program infects the system boot sector and the executable files at the same time.


You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the ...


You perform a scan of your company’s network and discover that TCP port 123 is open. What services by defa ...


Based on the below log, which of the following sentences are true. Mar 1, 2016, 7:33:28 AM 10.240.250.23 &ndas ...


You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all mach ...


........is an attack type for a rogue Wi Fi access point that appears to be a legitimate one offered on the pre ...


DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache rec ...


You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.16 ...


Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputtin ...


Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, ...


In which of the following password protection technique, random strings of characters are added to the password ...


Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast ...


Which of the following provides a security professional with most information about the system’s security ...


What is the most common method to exploit the “Bash Bug” or “ShellShock" vulnerability.


What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeas ...


A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he us ...


A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access ...


Chandler works as a pen tester in an IT firm in New York. As a part of detecting viruses in the systems, he us ...


An attacker scans a host with the below command. Which three flags are set. (Choose three.) #nmap –sX ho ...


Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of ...


Which component of IPsec performs protocol level functions that are required to encrypt and decrypt the packets ...


An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious ...


You are monitoring the network of your organizations. You notice that: 1. There are huge outbound connections fr ...


Security Policy is a definition of what it means to be secure for a system, organization or other entity. For In ...


Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF ...


Why should the security analyst disable/remove unnecessary ISAPI filters.


Which of the following security policies defines the use of VPN for gaining access to an internal corporate netw ...


To determine if a software program properly handles a wide range of invalid input, a form of automated testing c ...


If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use.


In Risk Management, how is the term "likelihood" related to the concept of "threat. "


Which of the following statements is TRUE.


What is the least important information when you analyze a public IP address in a security alert.


You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try t ...


Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides diffe ...


On performing a risk assessment, you need to determine the potential impacts when some of the critical business ...


Assume a business crucial web site of some company that is used to sell handsets to the customers worldwide. A ...


What type of analysis is performed when an attacker has partial knowledge of inner workings of the application. ...


Bob finished a C programming course and created a small C application to monitor the network traffic and produce ...


Which of the following is a low tech way of gaining unauthorized access to systems.


When tuning security alerts, what is the best approach.


Which regulation defines security and privacy controls for Federal information systems and organizations.


Your company performs penetration tests and security assessments for small and medium sized business in the loc ...


You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet i ...


Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication.


It has been reported to you that someone has caused an information spillage on their computer. You go to the com ...


Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g ...


You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the ...


A virus that attempts to install itself inside the file it is infecting is called.


Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures th ...


Sam is working as a pen tester in an organization in Houston. He performs penetration testing on IDS in order t ...


Cross site request forgery involves:


What does the option * indicate.


An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscr ...


What network security concept requires multiple layers of security controls to be placed throughout an IT infras ...


During the process of encryption and decryption, what keys are shared.


How does the Address Resolution Protocol (ARP) work.


Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN.


A regional bank hires your company to perform a security assessment on their network after a recent data breach. ...


You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax.


If executives are found liable for not properly protecting their company’s assets and information systems, ...


The company ABC recently contract a new accountant. The accountant will be working with the financial statements ...


What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is be ...


What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the recei ...


Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown bel ...


A computer science student needs to fill some information into a secured Adobe PDF job application that was rece ...


A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that we ...


Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kind ...


When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. W ...


An attacker changes the profile information of a particular user (victim) on the target website. The attacker us ...


An attacker with access to the inside network of a small company launches a successful STP manipulation attack. ...


Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that per ...


To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to rev ...


If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used.


There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the pr ...


A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to eval ...


What attack is used to crack passwords by using a precomputed table of hashed passwords.


The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the ...


When you are testing a web application, it is very useful to employ a proxy tool to save every request and res ...


By using a smart card and pin, you are using a two factor authentication that satisfies


Cryptography is the practice and study of techniques for secure communication in the presence of third parties ( ...


What is the difference between the AES and RSA algorithms.


In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey ...


You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 con ...


An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusi ...


An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order sh ...


Look at the following output. What did the hacker accomplish.


Which tier in the N tier application architecture is responsible for moving and processing data between the tie ...


An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to moni ...


Bob learned that his username and password for a popular game has been compromised. He contacts the company and ...


A bank stores and processes sensitive privacy information related to home loans. However, auditing has never bee ...


Which of the following Nmap commands will produce the following output.


As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find an ...


Which of the following programs is usually targeted at Microsoft Office products.


A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as ...


What is correct about digital signatures.


What does a firewall check to prevent particular ports and applications from getting packets into an organizatio ...


Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of ...


John the Ripper is a technical assessment tool used to test the weakness of which of the following.


A tester has been hired to do a web application security test. The tester notices that the site is dynamic and m ...


A large mobile telephony and data network operator has a data center that houses network elements. These are ess ...


Which of the following incident handling process phases is responsible for defining rules, collaborating human w ...


A security analyst is performing an audit on the network to determine if there are any deviations from the secur ...


Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetri ...


Which type of security feature stops vehicles from crashing through the doors of a building.


Which of the following viruses tries to hide from anti virus programs by actively altering and corrupting the c ...


Which of the following is considered an exploit framework and has the ability to perform automated attacks on se ...


You want to analyze packets on your wireless network. Which program would you use.


Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his ...


What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hote ...


In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with ...


What is the role of test automation in security testing.


A hacker has successfully infected an internet facing server which he will then use to send junk mail, take par ...


In order to have an anonymous Internet surf, which of the following is best choice.


In which phase of the ethical hacking process can Google hacking be employed. This is a technique that involve ...


Todd has been asked by the security officer to purchase a counter based authentication system. Which of the fol ...


How can rainbow tables be defeated.


The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network t ...


In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows t ...


Emil uses nmap to scan two hosts using this command: nmap sS T4 O 192.168.99.1 192.168.99.7 He receives th ...


Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS s ...


Which Metasploit Framework tool can help penetration tester for evading Anti virus Systems.


Which of the following is a passive wireless packet analyzer that works on Linux based systems.


Which service in a PKI will vouch for the identity of an individual or company.


What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or Po ...


Seth is starting a penetration test from inside the network. He hasn’t been given any information about th ...


What is the code written for.


You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find ...


An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router a ...


Which system consists of a publicly available set of databases that contain domain name registration contact inf ...


A penetration test was done at a company. After the test, a report was written and given to the company’s ...


In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4.


It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic ...


Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file nam ...


An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS ...


Which results will be returned with the following Google search query. site:target.com site:Marketing.target.c ...


Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error ha ...


As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment ...


When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was a ...


The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities a ...


Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands: What is ...


What is the correct process for the TCP three way handshake connection establishment and connection termination ...


env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’ What is the Shellshock bash ...


Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of ...


A well intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he ...


Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accompli ...


It is a short range wireless communication technology intended to replace the cables connecting portable of fix ...


Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety. ...


A company’s security policy states that all Web browsers must automatically delete their HTTP browser cook ...


To maintain compliance with regulatory requirements, a security audit of the systems on a network must be perf ...


You are tasked to perform a penetration test. While you are performing information gathering, you find an employ ...


Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic ...


A medium sized healthcare IT business decides to implement a risk management strategy. Which of the following i ...


OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the corr ...


Which of the following describes the characteristics of a Boot Sector Virus.


John is an incident handler at a financial institution. His steps in a recent incident are not up to the standar ...


Which of the following is the least likely physical characteristic to be used in biometric control that support ...


While using your bank’s online servicing you notice the following string in the URL bar: “http: // w ...


It is an entity or event with the potential to adversely impact a system through unauthorized access, destructio ...


Which of the following is one of the most effective ways to prevent Cross site Scripting (XSS) flaws in softwar ...


Gavin owns a white hat firm and is performing a website security audit for one of his clients. He begins by run ...


Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’ ...


Elliot is in the process of exploiting a web application that uses SQL as a back end database. He is determined ...


You have successfully logged on a Linux system. You want to now cover your track. Your login attempt may be logg ...


When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someon ...


The "Gray box testing" methodology enforces what kind of restriction.


Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occ ...


The "black box testing" methodology enforces what kind of restriction.


>NMAP –sn 192.168.11.200 215 The NMAP command above performs which of the following.


An LDAP directory can be used to store information similar to a SQL database. LDAP uses a ____ database structur ...


What is the purpose of DNS AAAA record.


Which of the following statements is FALSE with respect to Intrusion Detection Systems.


You are performing a penetration test for a client and have gained shell access to a Windows machine on the inte ...


Which command can be used to show the current TCP/IP connections.


You are performing information gathering for an important penetration test. You have found pdf, doc, and images ...


You have several plain text firewall logs that you must review to evaluate network traffic. You know that in or ...


This phase will increase the odds of success in later phases of the penetration test. It is also the very first ...


When you are collecting information to perform a data analysis, Google commands are very useful to find sensitiv ...


You have successfully gained access to your client’s internal network and successfully comprised a Linux s ...


Which of the following is assured by the use of a hash.


Risks=Threats x Vulnerabilities is referred to as the:


The tools which receive event logs from servers, network equipment, and applications, and perform analysis and ...


You have just been hired to perform a pen test on an organization that has been subjected to a large scale atta ...


The purpose of a _______is to deny network access to local area networks and other information assets by unautho ...


What does the –oX flag do in an Nmap scan.


During an Xmas scan, what indicates a port is closed.


While performing online banking using a Web browser, a user receives an email that contains a link to an interes ...


Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an ...


Which of the following parameters describe LM Hash: I – The maximum password length is 14 characters II ...


Which of the following is not a Bluetooth attack.


The Open Web Application Security Project (OWASP) is the worldwide not for profit charitable organization focu ...


A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are re ...


Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicio ...


During the security audit of IT processes, an IS auditor found that there were no documented security procedures ...


You just set up a security system in your network. In what kind of system would you find the following string of ...


While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then dec ...


What is the process of logging, recording, and resolving events that take place in an organization.


During a black box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled hos ...


The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will ...


Which of the following is an extremely common IDS evasion technique in the web world.


You are attempting to man in the middle a session. Which protocol will allow you to guess a sequence number. ...


What is a “Collision attack” in cryptography.


Which of the following is the successor of SSL.


This international organization regulates billions of transactions daily and provides security guidelines to pro ...


Which of the following DoS tools is used to attack target web applications by starvation of available sessions o ...


WPA2 uses AES for wireless data encryption at which of the following encryption levels.


You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23. Whi ...


Your company was hired by a small healthcare provider to perform a technician assessment on the network. What is ...


You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job which will run t ...


Initiating an attack against targeted business and organizations, threat actors compromise a carefully selected ...


What kind of detection techniques is being used in antivirus software that identifies malware by collecting data ...


Which of these options is the most secure procedure for storing backup tapes.


Which security strategy requires using several, varying methods to protect IT systems against attacks.


Which utility will tell you in real time which ports are listening or in another state.


Which of the following statements regarding ethical hacking is incorrect.


A common cryptographical tool is the use of XOR. XOR the following binary values: 10110001 00111010


Why containers are less secure than virtual machines.


Which of the following is a component of a risk assessment.


Which of the following is the structure designed to verify and authenticate the identity of individuals within t ...


Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing. ...


Jim’s company regularly performs backups of their critical servers. But the company cannot afford to send ...


A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You ...


What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DE ...


What is the minimum number of network connections in a multihomed firewall.


Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGI ...


Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets ...


DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switc ...


Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, ...


Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal ...


Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following rep ...


When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, H ...


Suppose your company has just passed a security risk assessment exercise. The results display that the risk of t ...


Which of the following Linux commands will resolve a domain name into IP address.


Which of the following is a command line packet analyzer similar to GUI based Wireshark.


User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to ...


Which of the following steps for risk assessment methodology refers to vulnerability identification.


An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of pa ...


CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, ...


Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end to end encryption ...


What is one of the advantages of using both symmetric and asymmetric cryptogrsphy in SSL/TLS.


In the field of cryptanalysis, what is meant by a “rubber hose” attack.


You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, ...


Which of the following tools can be used for passive OS fingerprinting.


Why is a penetration test considered to be more thorough than vulnerability scan.


Which of the following tools is used to detect wireless LANs using the 802.11 a/b/g/n WLAN standards on a linux ...


Which of the following tools is used to analyze the files produced by several packet capture programs such as t ...