Q391 - What is a successful method for protecting a router from potential smurf attacks?

1. Placing the router in broadcast mode
2. Enabling port forwarding on the router
3. Installing the router outside of the network's firewall
4. Disabling the router from accepting broadcast ping messages

Q392 - Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

1. Blind SQLi
2. DMS-specific SQLi
3. Classic SQLi
4. Compound SQLi

Q393 - Your company performs penetration tests and security assessments for small and mediumsized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking. What should you do?

1. Immediately stop work and contact the proper legal authorities.
2. Copy the data to removable media and keep it in case you need it.
3. Confront the client in a respectful manner and ask her about the data.
4. Ignore the data and continue the assessment until completed as agreed.

Q394 - Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

1. Heartbleed Bug
2. POODLE
3. SSL/TLS Renegotiation Vulnerability
4. Shellshock

Q395 - Which of the following is not a Bluetooth attack?

1. Bluedriving
2. Bluejacking
3. Bluesmacking
4. Bluesnarfing

Q396 - Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication, which option below offers that?

1. A new username and password
2. A fingerprint scanner and his username and password.
3. Disable his username and use just a fingerprint scanner.
4. His username and a stronger password.

Q397 - Which of the following is considered an acceptable option when managing a risk?

1. Reject the risk.
2. Deny the risk.
3. Mitigate the risk.
4. Initiate the risk.

Q398 - Which of the following examples best represents a logical or technical control?

1. Security tokens
2. Heating and air conditioning
3. Smoke and fire alarms
4. Corporate security policy

Q399 - A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

1. if (billingAddress = 50) {update field} else exit
2. if (billingAddress != 50) {update field} else exit
3. if (billingAddress >= 50) {update field} else exit
4. if (billingAddress <= 50) {update field} else exit

Q400 - A distributed port scan operates by:

1. Blocking access to the scanning clients by the targeted host
2. Using denial-of-service software against a range of TCP ports
3. Blocking access to the targeted host by each of the distributed scanning clients
4. Having multiple computers each scan a small number of ports, then correlating the results

Q401 - The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

1. A. Have the network team document the reason why the rule was implemented without prior manager approval.
2. Monitor all traffic using the firewall rule until a manager can approve it.
3. Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.
4. Immediately roll back the firewall rule until a manager can approve it

Q402 - Sam is working as s pen-tester in an organization in Houston. He performs penetration testing on IDS in order to find the different ways an attacker uses to evade the IDS. Sam sends a large amount of packets to the target IDS that generates alerts, which enable Sam to hide the real traffic. What type of method is Sam using to evade IDS?

1. Denial-of-Service
2. False Positive Generation
3. Insertion Attack
4. Obfuscating

Q403 - What is the best defense against privilege escalation vulnerability?

1. Patch systems regularly and upgrade interactive login privileges at the system administrator level.
2. Run administrator and applications on least privileges and use a content registry for tracking.
3. Run services with least privileged accounts and implement multi-factor authentication and authorization.
4. Review user roles and administrator privileges for maximum utilization of automation services.

Q404 - A botnet can be managed through which of the following?

1. IRC
2. E-Mail
3. Linkedin and Facebook
4. A vulnerable FTP server

Q405 - Under the "Post-attack Phase and Activities", it is the responsibility of the tester to restore the systems to a pre-test state. Which of the following activities should not be included in this phase? (see exhibit) Exhibit:

1. III
2. IV
3. III and IV
4. All should be included.

Q406 - The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?

1. Accept
2. Mitigate
3. Delegate
4. Avoid

Q407 - Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

1. Protect the payload and the headers
2. Authenticate
3. Encrypt
4. Work at the Data Link Layer

Q408 - A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below:
According to the section from the report, which of the following choice is true?

1. MAC Spoof attacks cannot be performed.
2. Possibility of SQL Injection attack is eliminated.
3. A stateful firewall can be used between intranet (LAN) and DMZ.
4. There is access control policy between VLANs.

Q409 - You want to analyze packets on your wireless network. Which program would you use?

1. Wireshark with Airpcap
2. Airsnort with Airpcap
3. Wireshark with Winpcap
4. Ethereal with Winpcap

Q410 - Bluetooth uses which digital modulation technique to exchange information between paired devices?

1. PSK (phase-shift keying)
2. FSK (frequency-shift keying)
3. ASK (amplitude-shift keying)
4. QAM (quadrature amplitude modulation)

Q411 - Which of these is capable of searching for and locating rogue access points?

1. HIDS
2. WISS
3. WIPS
4. NIDS

Q412 - Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

1. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111
2. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
3. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet
4. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

Q413 - Which type of antenna is used in wireless communication?

1. Omnidirectional
2. Parabolic
3. Uni-directional
4. Bi-directional

Q414 - You are the Network Admin, and you get a compliant that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?

1. Traffic is Blocked on UDP Port 53
2. Traffic is Blocked on UDP Port 80
3. Traffic is Blocked on UDP Port 54
4. Traffic is Blocked on UDP Port 80

Q415 - How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender's identity?

1. Hash value
2. Private key
3. Digital signature
4. Digital certificate

Q416 - What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

1. Copy the system files from a known good system
2. Perform a trap and trace
3. Delete the files and try to determine the source
4. Reload from a previous backup
5. Reload from known good media

Q417 - Which of the following is optimized for confidential communications, such as bidirectional voice and video?

1. RC4
2. RC5
3. MD4
4. MD5

Q418 - In the context of Windows Security, what is a 'null' user?

1. A user that has no skills
2. An account that has been suspended by the admin
3. A pseudo account that has no username and password
4. A pseudo account that was created for security administration purpose

Q419 - A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

1. -sO
2. -sP
3. -sS
4. -sU

Q420 - In Risk Management, how is the term "likelihood" related to the concept of "threat?"

1. Likelihood is the probability that a threat-source will exploit a vulnerability.
2. Likelihood is a possible threat-source that may exploit a vulnerability.
3. Likelihood is the likely source of a threat that could exploit a vulnerability.
4. Likelihood is the probability that a vulnerability is a threat-source.