Q271 - A hacker is an intelligent individual with excellent computer skills and the ability to explore acomputer's software and hardware without the owner's permission. Their intention can either be tosimply gain knowledge or to illegally make changes. Which of the following class of hacker refers toan individual who works both offensively and defensively at various times?

1. Suicide Hacker
2. Black Hat
3. White Hat
4. Gray Hat

Q272 - Fingerprinting VPN firewalls is possible with which of the following tools?

1. Angry IP
2. Nikto
3. Ike-scan
4. Arp-scan

Q273 - What is a "Collision attack" in cryptography?

1. Collision attacks try to find two inputs producing the same hash.
2. Collision attacks try to break the hash into two parts, with the same bytes in each part to get theprivate key.
3. Collision attacks try to get the public key.
4. Collision attacks try to break the hash into three parts to get the plaintext value.

Q274 - It is a short-range wireless communication technology intended to replace the cablesconnecting portable of fixed devices while maintaining high levels of security. It allows mobilephones, computers and other devices to connect and communicate using a short-range wirelessconnection. Which of the following terms best matches the definition?

1. A. Bluetooth
2. Radio-Frequency Identification
3. WLAN
4. InfraRed

Q275 - What is a NULL scan?

1. A scan in which all flags are turned off
2. A scan in which certain flags are off
3. A scan in which all flags are on
4. A scan in which the packet size is set to zero
5. A scan with an illegal packet size

Q276 - An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

1. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat < machine A IP > 1234
2. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat < machine A IP > 1234
3. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat < machine A IP > 1234 -pw password
4. Use cryptcat instead of netcat

Q277 - This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

1. footprinting
2. network mapping
3. gaining access
4. escalating privileges

Q278 - In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

1. Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.
2. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.
3. Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addresses.
4. Vulnerabilities in the application layer are greatly different from IPv4.

Q279 - Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?

1. Cain
2. John the Ripper
3. Nikto
4. Hping

Q280 - Which initial procedure should an ethical hacker perform after being brought into an organization?

1. Begin security testing.
2. Turn over deliverables.
3. Sign a formal contract with non-disclosure.
4. Assess what the organization is trying to protect.

Q281 - What is the main security service a cryptographic hash provides?

1. Integrity and ease of computation
2. Message authentication and collision resistance
3. Integrity and collision resistance
4. Integrity and computational in-feasibility

Q282 - A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

1. Paros Proxy
2. BBProxy
3. BBCrack
4. Blooover

Q283 - Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

1. Shellshock
2. Rootshell
3. Rootshock
4. Shellbash

Q284 - You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict?

1. Botnet Attack
2. Spear Phishing Attack
3. Advanced Persistent Threats
4. Rootkit Attack

Q285 - What is the least important information when you analyze a public IP address in a security alert?

1. ARP
2. Whois
3. DNS
4. Geolocation

Q286 - How can telnet be used to fingerprint a web server?

1. telnet webserverAddress 80 HEAD / HTTP/1.0
2. telnet webserverAddress 80 PUT / HTTP/1.0
3. telnet webserverAddress 80 HEAD / HTTP/2.0
4. telnet webserverAddress 80 PUT / HTTP/2.0

Q287 - If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

1. Hping
2. Traceroute
3. TCP ping
4. Broadcast ping

Q288 - Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

1. Truecrypt
2. Sub7
3. Nessus
4. Clamwin

Q289 - An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

1. ARP Poisoning
2. Smurf Attack
3. DNS spoofing
4. MAC Flooding

Q290 - After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

1. Create User Account
2. Disable Key Services
3. Disable IPTables
4. Download and Install Netcat

Q291 - If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

1. SDLC process
2. Honey pot
3. SQL injection
4. Trap door

Q292 - The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?

1. The buffer overflow attack has been neutralized by the IDS
2. The attacker is creating a directory on the compromised machine
3. The attacker is attempting a buffer overflow attack and has succeeded
4. The attacker is attempting an exploit that launches a command-line shell

Q293 - Security and privacy of/on information systems are two entities that requires lawful regulations. Which of the following regulations defines security and privacy controls for Federal information systems and organizations?

1. NIST SP 800-53
2. PCI-DSS
3. EU Safe Harbor
4. HIPAA

Q294 - A circuit level gateway works at which of the following layers of the OSI Model?

1. Layer 5 - Application
2. Layer 4 - TCP
3. Layer 3 - Internet protocol
4. Layer 2 - Data link

Q295 - You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

1. All three servers need to be placed internally
2. A web server facing the Internet, an application server on the internal network, a database server on the internal network
3. A web server and the database server facing the Internet, an application server on the internal network
4. All three servers need to face the Internet so that they can communicate between themselves

Q296 - What is the purpose of a demilitarized zone on a network?

1. To scan all traffic coming through the DMZ to the internal network
2. To only provide direct access to the nodes within the DMZ and protect the network behind it
3. To provide a place to put the honeypot
4. To contain the network devices you wish to protect

Q297 - Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?

1. Scalability
2. Speed
3. Key distribution
4. Security

Q298 - A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

1. Threaten to publish the penetration test results if not paid.
2. Follow proper legal procedures against the company to request payment.
3. Tell other customers of the financial problems with payments from this company.
4. Exploit some of the vulnerabilities found on the company webserver to deface it.

Q299 - Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

1. Sarbanes-Oxley Act (SOX)
2. Gramm-Leach-Bliley Act (GLBA)
3. Fair and Accurate Credit Transactions Act (FACTA)
4. Federal Information Security Management Act (FISMA)

Q300 - Which of the following Nmap commands will produce the following output?
Output:

1. nmap -sN -Ps -T4 192.168.1.1
2. nmap -sT -sX -Pn -p 1-65535 192.168.1.1
3. nmap -sS -Pn 192.168.1.1
4. nmap -sS -sU -Pn -p 1-65535 192.168.1.1