Q481 - A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank?

1. Place a front-end web server in a demilitarized zone that only handles external web traffic
2. Require all employees to change their passwords immediately
3. Move the financial data to another server on the same IP subnet
4. Issue new certificates to the web servers from the root certificate authority

Q482 - What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

1. 110
2. 135
3. 139
4. 161
5. 445
6. 1024

Q483 - In Trojan terminology, what is a covert channel?

1. A channel that transfers information within a computer system or network in a way that violates the security policy
2. A legitimate communication path within a computer system or network for transfer of data
3. It is a kernel operation that hides boot processes and services to mask detection
4. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Q484 - To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

1. Harvesting
2. Windowing
3. Hardening
4. Stealthing

Q485 - What tool should you use when you need to analyze extracted metadata from files you collected when you were in the initial stage of penetration test (information gathering)?

1. Armitage
2. Dimitry
3. Metagoofil
4. cdpsnarf

Q486 - While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. What specific octet within the subnet does the technician see?

1. 10.10.10.10
2. 127.0.0.1
3. 192.168.1.1
4. 192.168.168.168

Q487 - Which of the following is NOT an ideal choice for biometric controls?

1. Iris patterns
2. Fingerprints
3. Height and weight
4. Voice

Q488 - In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

1. Port Scanning
2. Hacking Active Directory
3. Privilege Escalation
4. Shoulder-Surfing

Q489 - Which of the following is designed to verify and authenticate individuals taking part in a data exchange within an enterprise?

1. SOA
2. Single-Sign On
3. PKI
4. Biometrics

Q490 - One of your team members has asked you to analyze the following SOA record. What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

1. 200303028
2. 3600
3. 604800
4. 2400
5. 60
6. 4800

Q491 - Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

1. [cache:]
2. [site:]
3. [inurl:]
4. [link:]

Q492 - Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

1. A. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.
2. CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.
3. CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.
4. CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Q493 - Which specific element of security testing is being assured by using hash?

1. Authentication
2. Integrity
3. Confidentiality
4. Availability

Q494 - Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming?

1. Bluesmacking
2. Bluesniffing
3. Bluesnarfing
4. Bluejacking

Q495 - While performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser opens and shows an animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all his funds on the bank was gone. What Web browser-based security vulnerability got exploited by the hacker?

1. Clickjacking
2. Web Form Input Validation
3. Cross-Site Request Forgery
4. Cross-Site Scripting

Q496 - Which of the following is the most important phase of ethical hacking wherein you need to spend considerable amount of time?

1. Gaining access
2. Escalating privileges
3. Network mapping
4. Footprinting

Q497 - Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn't log out from emails or other social media accounts, and etc.
After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.
Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

1. Warning to those who write password on a post it note and put it on his/her desk
2. Developing a strict information security policy
3. Information security awareness training
4. Conducting a one to one discussion with the other employees about the importance of information security

Q498 - A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

1. The packets were sent by a worm spoofing the IP addresses of 47 infected sites
2. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system
3. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number
4. 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

Q499 - XOR is a common cryptographic tool. 10110001 XOR 00111010 is?

1. 10111100
2. 11011000
3. 10011101
4. 10001011

Q500 - During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

1. The web application does not have the secure flag set.
2. The session cookies do not have the HttpOnly flag set.
3. The victim user should not have an endpoint security solution.
4. The victim's browser must have ActiveX technology enabled.

Q501 - Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce. Basic example to understand how cryptography works is given below:

Which of the following choices is true about cryptography?

1. Algorithm is not the secret, key is the secret.
2. Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext.
3. Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way.
4. Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.

Q502 - Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?

1. Chosen-Cipher text Attack
2. Ciphertext-only Attack
3. Timing Attack
4. Rubber Hose Attack

Q503 - Which of the following is a detective control?

1. Smart card authentication
2. Security policy
3. Audit trail
4. Continuity of operations plan

Q504 - Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

1. Cross-site scripting
2. SQL injection
3. XPath injection
4. XML denial of service issues

Q505 - Which of the following is considered as one of the most reliable forms of TCP scanning?

1. TCP Connect/Full Open Scan
2. Half-open Scan
3. NULL Scan
4. Xmas Scan

Q506 - Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

1. To determine who is the holder of the root account
2. To perform a DoS
3. To create needless SPAM
4. To illicit a response back that will reveal information about email servers and how they treat undeliverable mail
5. To test for virus protection

Q507 - ___________ is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there. Fill in the blank with appropriate choice.

1. Collision Attack
2. Evil Twin Attack
3. Sinkhole Attack
4. Signal Jamming Attack

Q508 - Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?

1. Timing options to slow the speed that the port scan is conducted
2. Fingerprinting to identify which operating systems are running on the network
3. ICMP ping sweep to determine which hosts on the network are not available
4. Traceroute to control the path of the packets sent during the scan

Q509 - Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on?

1. A sniffing attack
2. A spoofing attack
3. A man in the middle attack
4. A denial of service attack

Q510 - Matthew received an email with an attachment named "YouWon$10Grand.zip." The zip file contains a file named "HowToClaimYourPrize.docx.exe." Out of excitement and curiosity, Matthew opened the said file. Without his knowledge, the file copies itself to Matthew's APPDATA\IocaI directory and begins to beacon to a Command-and-control server to download additional malicious binaries. What type of malware has Matthew encountered?

1. Key-logger
2. Trojan
3. Worm
4. Macro Virus