Académique Documents
Professionnel Documents
Culture Documents
When Penetration Testing a wireless network, you attempt to crack the WPA2 password
of the Secure Military Base. However due to the password complexity used by the wifi
Network, cracking passwords takes a very long time. What are the shorter methods you
could try to attempt to secure access to the Wireless Access Point.
A. Wifi Rogue Access Point
B. Wifi Relay Attack
C. Wifi Jamming
D. Wifi WPS pin cracking
2.
In the context of the file deletion process, which of the following statement holds true?
A. Secure delete programs work by completely overwriting the file in one go
B. While booting, the machine may create temporary files that can delete evidence
C. When files are deleted, the data is overwritten and the cluster marked as available
D. The longer disk is in use, the less likely it is that deleted files will be overwritten
3.
You are planning to conduct a penetration testing through an Intrusion Detection system
for a (DMZ) Demilitarized Zone. What would be your primary engangement strategy to
evade IDS detection in your testing engagement.
A. Focus the attack through the SSL to evade the IDS detection
B. Prior before attacking the DMZ you should fragment your traffic
C. Send a large number of Traffic and simulate a denial of service while sneaking into
your traffic into the DMZ
D. Tunnel your I.P address to a remote I.P address before attacking the DMZ
4.
An ISIS militant laptop was seized at the Los Angeles Airport. The forensic Investigator
have discovered that the terrorist has been communicating with his leader though a series
of messages.
What is the name of the technique used by the terrorist?
A. Data didding
B. Encryption
C. Steganography
D. Covert Channel
5.
What is the common security principle used in Linux operation to assign rights via Role
Based Control
A. Bastille
B. Iptables
C. Apparmour
D. Selinux
6.
7.
8.
9.
Hackers constantly strive on finding new vulnerabilities. What is the process of finding
new vulnerabilities?
A. Fuzzing
B. Shell coding
C. Reverse Engineering
D. Debugging
10. You have been called to conduct a penetration test on a highly secure Military facility by
the National Security Agency. The scope of the project involves a series of test which
involves the testing of Military Database and application. What us the first phase of
security testing that you should accomplish prior before engaging on this project
A. Conduct a project feasibility Analysis
B. Passive reconnaissance activity
C. All of the above
D. Review and accept the non-disclosure agrement
11. Which one of the following design elements include during the development of the
application would help to prevent uninteded or malicious data from being entered into
data entry fields that are visible at the client?
A. Race condition
B. Exception and error handling
C. Privilege escalation
D. Sensitive data storage
E. Input validation and sanitation filtering
12. An application server inside the perimeter has been issuing sporadic exception messages,
and it has been slow to respond to information requests. What mitigation strategy might
work best?
A. Identifying vulnerabilities and Threats
B. Code review and testing
C. Sanboxing new applications
D. Host hardening
E. Training and awareness
13. If you are getting ready to conduct a security review for your company, which mitigation
strategy is most likely your starting point?
A. Indentifying vulnerabilities and threats
B. Training and awareness
C. Host hardening
D. Sandboxing new application
19. Penetration testing (also called pen testing) is the practice of testing a computer system,
network,or Web application to find vulnerabilities that an attacker could exploit. Which
of the followingareas can be exploited in a penetration test? Each correct answer
represents a complete solution.Choose all that apply.
A. Kernel flaws
B. Information system architectures
C. Race conditions
D. File and directory permissions
E. Buffer overflows
F. Trojan horses
G. Social engineering
20. Which of the following techniques is used when a system performs the penetration
testing with theobjective of accessing unauthorized information residing inside a
computer?
A. Biometrician
B. Van Eck Phreaking
C. Port scanning
D. Phreaking
21. You work as a security manager for BlueWell Inc. You are performing the external
vulnerabilitytesting, or penetration testing to get a better snapshot of your organizations
security posture.Which of the following penetration testing techniques will you use for
searching paper disposalareas for unshredded or otherwise improperly disposed-of
reports?
A. Sniffing
B. Scanning and probing
C. Dumpster diving
D. Demon dialing
22. Management can expect penetration tests to provide all of the following EXCEPT
A. identification of security flaws
B. demonstration of the effects of the flaws
C. a method to correct the security flaws.
D. verification of the levels of existing infiltration resistance
23. Which one of the following is a characteristic of a penetration testing project?
A. The project is open-ended until all known vulnerabilities are identified.
29. Penetration tests are sometimes called white hat attacks because in a pen test, the good
guys areattempting to break in. What are the different categories of penetration testing?
Each correctanswer represents a complete solution. Choose all that apply.
A. Open-box
B. Closed-box
C. Zero-knowledge test
D. Full-box
E. Full-knowledge test
F. Partial-knowledge test
30. Which of the following is an example of penetration testing?
A. Implementing NIDS on a network
B. Implementing HIDS on a computer
C. Simulating an actual attack on a network
D. Configuring firewall to block unauthorized traffic
31. A penetration test performed as part of evaluating network security:
A. provides assurance that all vulnerabilities are discovered.
B. should be performed without warning the organizations management.
C. exploits the existing vulnerabilities to gain unauthorized access.
D. would not damage the information assets when performed at network perimeters.
32. The difference between a vulnerability assessment and a penetration test is that a
vulnerabilityassessment:
A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration
testing intends to exploit the vulnerabilities to probe the damage that could result
from the vulnerabilities.
B. and penetration tests are different names for the same activity.
C. is executed by automated tools, whereas penetration testing is a totally manual
process.
D. is executed by commercial tools, whereas penetration testing is executed by public
processes.
33. An IS auditor doing penetration testing during an audit of internet connections would:
A. evaluate configurations.
B. examine security settings.
C. ensure virus-scanning software is in use.
D. use tools and techniques available to a hacker.
41. SNMP is a protocol used to query hosts, servers, and devices about performance or
health status data. Hackers have used this protocol for a long time to gather great amount
of information about remote hosts. Which of the following features makes this possible?
A. It uses TCP as the underlying protocol
B. It uses a community string sent as clear text
C. It is susceptible to sniffing
D. It is used by ALL devices on the market
42. Which of the following keyloggers cannot be detected by anti-virus or anti-spyware
products?
A. Stealth keylogger
B. Hardware keylogger
C. Software keylogger
D. Covert keylogger
43. While probing an organization you discover that they have a wireless network. From
your attempts to connect to the WLAN you determine that they are using MAC filtering
by using ACLs on the access points. What would be the easiest way to circumvent this
and connect to the WLAN?
A. Steal a client computer and use it to access the wireless network
B. Attempt to brute force the access point and update or delete the MAC ACLs
C. Sniff traffic off the WLAN and spoof your MAC address to the one that you have
D. captured
E. Attempt to crack the WEP key using Airsnort
44. A simple compiler technique used by programmers is to add a terminator canary word
containing four letters NULL (000), CR (0x0d), LF (0x0a) and EOF (0xff) so that most
string operations are terminated. If the canary word has been altered when the function
returns, and the program responds by emitting an intruder alert into syslog, and then halts
what does it indicate?
A. A buffer overflow attack has been attempted
B. A buffer overflow attack has already occurred
C. The system has crashed
D. An intrusion detection system has been triggered
E. A firewall has been breached and this is logged
45. While attempting to discover the remote operating system on the target computer, you
receive the following results from an nmap scan:
Starting
nmap
V.
3.10ALPHA9
www.insecure.org/nmap/
Iowa. She states that she needs the receptionists network username and password to
troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the
company, requested this information. After hearing the name of the CEO, the
receptionist gave Julia all the information she asked for.What principal of social
engineering did Julia use?
A. A.Reciprocation
B. B.Friendship/Liking
C. C.Social Validation
D. D.Scarcity
49. Pauls company is in the process of undergoing a complete security audit including
logical and physical security testing. After all logical tests were performed; it is now time
for the physical round to begin. None of the employees are made aware of this round of
testing. The security-auditing firm sends in a technician dressed as an electrician. He
waits outside in the lobby for some employees to get to work and follows behind them
when they access the restricted areas. After entering the main office, he is able to get into
the server room telling the IT manager that there is a problem with the outlets in that
room. What type of attack has the technician performed?
A. Fuzzing
B. Tailgating
C. Man trap attack
D. Backtrapping
50. Which of the following is a reason to perform a penetration test?
A. A.To passively test security controls within the enterprise
B. B.To provide training to white hat attackers
C. C.To identify all vulnerabilities and weaknesses within the enterprise
D. D.To determine the impact of a threat against the enterprise