Q601 - Tess King is using the nslookup command to craft queries to list all DNS information (such asName Servers, host names, MX records, CNAME records, glue records (delegation for child Domains),zone serial number, TimeToLive (TTL) records, etc) for a Domain.What do you think Tess King is trying to accomplish? Select the best answer.

1. A zone harvesting
2. A zone transfer
3. A zone update
4. A zone estimate

Q602 - Which of the following is a protocol specifically designed for transporting event messages?

1. SYSLOG
2. SMS
3. SNMP
4. ICMP

Q603 - Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

1. None of these scenarios compromise the privacy of Alice's data
2. Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew's attempt to access the stored data
3. Hacker Harry breaks into the cloud server and steals the encrypted data
4. Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

Q604 - The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below: You are hired to conduct security testing on their network. You successfully brute-force the SNMP community string using a SNMP crack tool. The access-list configured at the router prevents you from establishing a successful connection. You want to retrieve the Cisco configuration from the router. How would you proceed?

1. Use the Cisco's TFTP default password to connect and download the configuration file
2. Run a network sniffer and capture the returned traffic with the configuration file from the router
3. Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address
4. Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Q605 - In order to prevent particular ports and applications from getting packets into an organization, what does a firewall check?

1. Network layer headers and the session layer port numbers
2. Presentation layer headers and the session layer port numbers
3. Application layer port numbers and the transport layer headers
4. Transport layer port numbers and application layer headers

Q606 - You have successfully gained access to your client's internal network and successfully comprised a Linux server which is part of the internal IP network. You want to know which Microsoft Windows workstations have file sharing enabled. Which port would you see listening on these Windows machines in the network?

1. 445
2. 3389
3. 161
4. 1433

Q607 - The following are types of Bluetooth attack EXCEPT_____?

1. Bluejacking
2. Bluesmaking
3. Bluesnarfing
4. Bluedriving

Q608 - Destination unreachable administratively prohibited messages can inform the hacker to what?

1. That a circuit level proxy has been installed and is filtering traffic
2. That his/her scans are being blocked by a honeypot or jail
3. That the packets are being malformed by the scanning software
4. That a router or other packet-filtering device is blocking traffic
5. That the network is functioning normally

Q609 - A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use?

1. Intrusion Prevention System (IPS)
2. Vulnerability scanner
3. Protocol analyzer
4. Network sniffer

Q610 - A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

1. The host is likely a Windows machine.
2. The host is likely a Linux machine.
3. The host is likely a router.
4. The host is likely a printer.

Q611 - Which results will be returned with the following Google search query?site:target.com -site:Marketing.target.com accounting

1. Results matching all words in the query
2. Results matching "accounting" in domain target.com but not on the site Marketing.target.com
3. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting
4. Results for matches on target.com and Marketing.target.com that include the word "accounting"

Q612 - What is the most common method to exploit the "Bash Bug" or "ShellShock" vulnerability?

1. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server
2. Manipulate format strings in text fields
3. SSH
4. SYN Flood

Q613 - It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?

1. Threat
2. Attack
3. Vulnerability
4. Risk

Q614 - Which of the following cryptography attack methods is usually performed without the useof a computer?

1. Ciphertext-only attack
2. Chosen key attack
3. Rubber hose attack
4. Rainbow table attack

Q615 - Which statement best describes a server type under an N-tier architecture?

1. A group of servers at a specific layer
2. A single server with a specific role
3. A group of servers with a unique role
4. A single server at a specific layer

Q616 - When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

1. Vulnerability scanning
2. Social engineering
3. Application security testing
4. Network sniffing

Q617 - Which statement is TRUE regarding network firewalls preventing Web Application attacks?

1. Network firewalls can prevent attacks because they can detect malicious HTTP traffic.
2. Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.
3. Network firewalls can prevent attacks if they are properly configured.
4. Network firewalls cannot prevent attacks because they are too complex to configure.

Q618 - You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

1. False Negative
2. False Positive
3. True Negative
4. True Positive

Q619 - The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

1. Investigate based on the maintenance schedule of the affected systems.
2. Investigate based on the service level agreements of the systems.
3. Investigate based on the potential effect of the incident.
4. Investigate based on the order that the alerts arrived in.

Q620 - What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

1. Passive
2. Reflective
3. Active
4. Distributive

Q621 - During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?

1. Using the Metasploit psexec module setting the SA / Admin credential
2. Invoking the stored procedure xp_shell to spawn a Windows command shell
3. Invoking the stored procedure cmd_shell to spawn a Windows command shell
4. Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Q622 - What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

1. Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.
2. To get messaging programs to function with this algorithm requires complex configurations.
3. It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.
4. It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Q623 - Nathan is testing some of his network devices. Nathan is using Macof to try and flood theARP cache of these switches.If these switches' ARP cache is successfully flooded, what will be the result?

1. The switches will drop into hub mode if the ARP cache is successfully flooded.
2. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.
3. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.
4. The switches will route all traffic to the broadcast address created collisions.

Q624 - This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

1. Cross-site-scripting attack
2. SQL Injection
3. URL Traversal attack
4. Buffer Overflow attack

Q625 - When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

1. The key entered is a symmetric key used to encrypt the wireless data.
2. The key entered is a hash that is used to prove the integrity of the wireless data.
3. The key entered is based on the Diffie-Hellman method.
4. The key is an RSA key used to encrypt the wireless data

Q626 - For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

1. Sender's public key
2. Receiver's private key
3. Receiver's public key
4. Sender's private key

Q627 - One advantage of an application-level firewall is the ability to

1. filter packets at the network level.
2. filter specific commands, such as http:post.
3. retain state information for each packet.
4. monitor tcp handshaking.

Q628 - Jesse receives an email with an attachment labeled "Court_Notice_21206.zip". Inside the zipfile is a file named "Court_Notice_21206.docx.exe" disguised as a word document. Upon execution, awindow appears stating, "This word document is corrupt." In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries.What type of malware has Jesse encountered?

1. Trojan
2. Worm
3. Macro Virus
4. Key-Logger

Q629 - Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

1. A race condition is being exploited, and the operating system is containing the malicious process.
2. A page fault is occurring, which forces the operating system to write data from the hard drive.
3. Malware is executing in either ROM or a cache memory area.
4. Malicious code is attempting to execute instruction in a non-executable memory region.

Q630 - Insecure direct object reference is a type of vulnerability where the application does notverify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned. Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

1. "GET/restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com"
2. "GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com"
3. "GET/restricted/bank.getaccount('Ned') HTTP/1.1 Host: westbank.com"
4. "GET/restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com"