Q421 - During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

1. The tester must capture the WPA2 authentication handshake and then crack it.
2. The tester must use the tool inSSIDer to crack it using the ESSID of the network.
3. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.
4. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

Q422 - What is the main disadvantage of the scripting languages as opposed to compiled programming languages?

1. Scripting languages are hard to learn.
2. Scripting languages are not object-oriented.
3. Scripting languages cannot be used to create graphical user interfaces.
4. Scripting languages are slower because they require an interpreter to run the code.

Q423 - A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

1. Man trap
2. Tailgating
3. Shoulder surfing
4. Social engineering

Q424 - You are about to be hired by a well-known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank's interest and your liabilities as a tester?

1. Service Level Agreement
2. Non-Disclosure Agreement
3. Terms of Engagement
4. Project Scope

Q425 - A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

1. IP Security (IPSEC)
2. Multipurpose Internet Mail Extensions (MIME)
3. Pretty Good Privacy (PGP)
4. Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Q426 - MX record priority increases as the number increases. (True/False.)

1. True
2. False

Q427 - Which of the following is a low-tech way of gaining unauthorized access to systems?

1. Social Engineering
2. Sniffing
3. Eavesdropping
4. Scanning

Q428 - Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well. In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)

1. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.
2. Hire more computer security monitoring personnel to monitor computer systems and networks.
3. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.
4. Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Q429 - What statement is true regarding LM hashes?

1. LM hashes consist in 48 hexadecimal characters.
2. LM hashes are based on AES128 cryptographic standard.
3. Uppercase characters in the password are converted to lowercase.
4. LM hashes are not generated when the password length exceeds 15 characters.

Q430 - What information should an IT system analysis provide to the risk assessor?

1. Management buy-in
2. Threat statement
3. Security architecture
4. Impact analysis

Q431 - An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

1. Timing attack
2. Replay attack
3. Memory trade-off attack
4. Chosen plain-text attack

Q432 - International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

1. guidelines and practices for security controls.
2. financial soundness and business viability metrics.
3. standard best practice for configuration management.
4. contract agreement writing standards.

Q433 - Which of the following is the primary objective of a rootkit?

1. It opens a port to provide an unauthorized service
2. It creates a buffer overflow
3. It replaces legitimate programs
4. It provides an undocumented opening in a program

Q434 - The "gray box testing" methodology enforces what kind of restriction?

1. The internal operation of a system is only partly accessible to the tester.
2. The internal operation of a system is completely known to the tester.
3. Only the external operation of a system is accessible to the tester.
4. Only the internal operation of a system is known to the tester.

Q435 - An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database. < iframe src="http://www.vulnweb.com/updateif.php" style="display:none" > What is this type of attack (that can use either HTTP GET or HTTP POST) called?

1. Cross-Site Request Forgery
2. Cross-Site Scripting
3. SQL Injection
4. Browser Hacking

Q436 - Which of the following tools are used for enumeration? (Choose three.)

1. SolarWinds
2. USER2SID
3. Cheops
4. SID2USER
5. DumpSec

Q437 - A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

1. Issue the pivot exploit and set the meterpreter.
2. Reconfigure the network settings in the meterpreter.
3. Set the payload to propagate through the meterpreter.
4. Create a route statement in the meterpreter.

Q438 - Which of the following describes the characteristics of a Boot Sector Virus?

1. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
2. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
3. Modifies directory table entries so that directory entries point to the virus code instead of the actual program
4. Overwrites the original MBR and only executes the new virus code

Q439 - In order to have an anonymous Internet surf, which of the following is best choice?

1. Use SSL sites when entering personal information
2. Use Tor network with multi-node
3. Use shared WiFi
4. Use public VPN

Q440 - A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable". Which web applications vulnerability did the analyst discover?

1. Cross-site request forgery
2. Command injection
3. Cross-site scripting
4. SQL injection

Q441 - You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions. Which command-line utility are you most likely to use?

1. Grep
2. Notepad
3. MS Excel
4. Relational Database

Q442 - A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

1. Ignore the problem completely and let someone else deal with it.
2. Create a document that will crash the computer when opened and send it to friends.
3. Find an underground bulletin board and attempt to sell the bug to the highest bidder.
4. Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Q443 - Which of the following is an application that requires a host application for replication?

1. Micro
2. Worm
3. Trojan
4. Virus

Q444 - An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces. Which of the following is the most likely reason for lack of management or control packets?

1. The wireless card was not turned on.
2. The wrong network card drivers were in use by Wireshark.
3. On Linux and Mac OS X, only 802.11 headers are received in promiscuous mode.
4. Certain operating systems and adapters do not collect the management or control packets.

Q445 - An attacker scans a host with the below command. Which three flags are set? (Choose three.)
#nmap -sX host.domain.com

1. This is ACK scan. ACK flag is set
2. This is Xmas scan. SYN and ACK flags are set
3. This is Xmas scan. URG, PUSH and FIN are set
4. This is SYN scan. SYN flag is set

Q446 - You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

1. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account
2. Package the Sales.xls using Trojan wrappers and telnet them back your home computer
3. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques
4. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Q447 - A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

1. Spoofing an IP address
2. Tunneling scan over SSH
3. Tunneling over high port numbers
4. Scanning using fragmented IP packets

Q448 - A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?

1. Cupp
2. Nessus
3. Cain and Abel
4. John The Ripper Pro

Q449 - Which of the following is an example of IP spoofing?

1. SQL injections
2. Man-in-the-middle
3. Cross-site scripting
4. ARP poisoning

Q450 - A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

1. The gateway is not routing to a public IP address.
2. The computer is using an invalid IP address.
3. The gateway and the computer are not on the same network.
4. The computer is not using a private IP address.