Q511 - Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of vulnerability. What is this style of attack called?

1. zero-day
2. zero-hour
3. zero-sum
4. no-day

Q512 - A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

1. Implementing server-side PKI certificates for all connections
2. Mandating only client-side PKI certificates for all connections
3. Requiring client and server PKI certificates for all connections
4. Requiring strong authentication for all DNS queries

Q513 - What is not a PCI compliance recommendation?

1. Limit access to card holder data to as few individuals as possible.
2. Use encryption to protect all transmission of card holder data over any public network.
3. Rotate employees handling credit card transactions on a yearly basis to different departments.
4. Use a firewall between the public network and the payment card data.

Q514 - When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners. What proxy tool will help you find web vulnerabilities?

1. Burpsuite
2. Maskgen
3. Dimitry
4. Proxychains

Q515 - Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

1. MD5
2. SHA-1
3. RC4
4. MD4

Q516 - During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of packet inspection is the firewall conducting?

1. Host
2. Stateful
3. Stateless
4. Application

Q517 - Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

1. Maltego
2. Cain & Abel
3. Metasploit
4. Wireshark

Q518 - This configuration allows NIC to pass all traffic it receives to the Central Processing Unit (CPU), instead of passing only the frames that the controller is intended to receive. Select the option that BEST describes the above statement.

1. Multi-cast mode
2. WEM
3. Promiscuous mode
4. Port forwarding

Q519 - Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?

1. Yancey would be considered a Suicide Hacker
2. Since he does not care about going to jail, he would be considered a Black Hat
3. Because Yancey works for the company currently; he would be a White Hat
4. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Q520 - An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

1. Use fences in the entrance doors.
2. Install a CCTV with cameras pointing to the entrance doors and the street.
3. Use an IDS in the entrance doors and install some of them near the corners.
4. Use lights in all the entrance doors and along the company's perimeter.

Q521 - What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

1. Injecting parameters into a connection string using semicolons as a separator
2. Inserting malicious Javascript code into input parameters
3. Setting a user's session identifier (SID) to an explicit known value
4. Adding multiple parameters with the same name in HTTP requests

Q522 - You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best nmap command you will use?

1. nmap -T4 -F 10.10.0.0/24
2. nmap -T4 -r 10.10.1.0/24
3. nmap -T4 -O 10.10.0.0/24
4. nmap -T4 -q 10.10.0.0/24

Q523 - Suppose you've gained access to your client's hybrid network. On which port should you listen to in order to know which Microsoft Windows workstations has its file sharing enabled?

1. 1433
2. 161
3. 445
4. 3389

Q524 - The company ABC recently discovered that their new product was released by the opposition before their premiere. They contract an investigator who discovered that the maid threw away papers with confidential information about the new product and the opposition found it in the garbage. What is the name of the technique used by the opposition?

1. Hack attack
2. Sniffing
3. Dumpster diving
4. Spying

Q525 - When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. What should you do?

1. A. Forward the message to your company's security response team and permanently delete the message from your computer.
2. Reply to the sender and ask them for more information about the message contents.
3. Delete the email and pretend nothing happened
4. Forward the message to your supervisor and ask for her opinion on how to handle the situation

Q526 - Which of the following is a symmetric cryptographic standard?

1. DSA
2. PKI
3. RSA
4. 3DES

Q527 - In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack?

1. Do not reply to email messages or popup ads asking for personal or financial information
2. Do not trust telephone numbers in e-mails or popup ads
3. Review credit card and bank account statements regularly
4. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks
5. Do not send credit card numbers, and personal or financial information via e-mail

Q528 - ICMP ping and ping sweeps are used to check for active systems and to check

1. if ICMP ping traverses a firewall.
2. the route that the ICMP ping took.
3. the location of the switchport in relation to the ICMP ping.
4. the number of hops an ICMP ping takes to reach a destination.

Q529 - While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model. Which type of firewall is the tester trying to traverse?

1. Packet filtering firewall
2. Application-level firewall
3. Circuit-level gateway firewall
4. Stateful multilayer inspection firewall

Q530 - A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

1. The host is likely a printer.
2. The host is likely a Windows machine.
3. The host is likely a Linux machine.
4. The host is likely a router.

Q531 - DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switches leverages the DHCP snooping database to help prevent man-in-themiddle attacks?

1. Port security
2. A Layer 2 Attack Prevention Protocol (LAPP)
3. Dynamic ARP inspection (DAI)
4. Spanning tree

Q532 - What would you enter, if you wanted to perform a stealth scan using Nmap?

1. nmap -sU
2. nmap -sS
3. nmap -sM
4. nmap -sT

Q533 - Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

1. The victim user must open the malicious link with an Internet Explorer prior to version 8.
2. The session cookies generated by the application do not have the HttpOnly flag set.
3. The victim user must open the malicious link with a Firefox prior to version 3.
4. The web application should not use random tokens.

Q534 - What is the best Nmap command to use when you want to list all devices in the same network quickly after you successfully identified a server whose IP address is 10.10.0.5?

1. nmap -T4 -F 10.10.0.0/24
2. nmap -T4 -q 10.10.0.0/24
3. nmap -T4 -O 10.10.0.0/24
4. nmap -T4 -r 10.10.1.0/24

Q535 - In Wireshark, the packet bytes panes show the data of the current packet in which format?

1. Decimal
2. ASCII only
3. Binary
4. Hexadecimal

Q536 - While doing a Black box pen test via the TCP port (80), you noticed that the traffic gets blocked when you tried to pass IRC traffic from a web enabled host. However, you also noticed that outbound HTTP traffic is being allowed. What type of firewall is being utilized for the outbound traffic?

1. Stateful
2. Application
3. Circuit
4. Packet Filtering

Q537 - What is the correct process for the TCP three-way handshake connection establishment and connection termination?

1. Connection Establishment: FIN, ACK-FIN, ACKConnection Termination: SYN, SYN-ACK, ACK
2. Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: ACK, ACK-SYN, SYN
3. Connection Establishment: ACK, ACK-SYN, SYNConnection Termination: FIN, ACK-FIN, ACK
4. Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: FIN, ACK-FIN, ACK

Q538 - As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?

1. request smtp 25
2. tcp.port eq 25
3. smtp port
4. tcp.contains port 25

Q539 - Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?

1. Service Oriented Architecture
2. Object Oriented Architecture
3. Lean Coding
4. Agile Process

Q540 - What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

1. Firewalking
2. Session hijacking
3. Network sniffing
4. Man-in-the-middle attack