Q61 - You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What wireshark filter will show the connections from the snort machine to kiwi syslog machine?

1. tcp.dstport==514 && ip.dst==192.168.0.150
2. tcp.srcport==514 && ip.src==192.168.0.99
3. tcp.dstport==514 && ip.dst==192.168.0.0/16
4. tcp.srcport==514 && ip.src==192.168.150

Q62 - Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

1. Restore a random file.
2. Perform a full restore.
3. Read the first 512 bytes of the tape.
4. Read the last 512 bytes of the tape.

Q63 - What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin?

1. c:\compmgmt.msc
2. c:\gpedit
3. c:\ncpa.cpl
4. c:\services.msc

Q64 - What is the role of test automation in security testing?

1. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
2. It is an option but it tends to be very expensive.
3. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
4. Test automation is not usable in security due to the complexity of the tests.

Q65 - Which of the following programming languages is most vulnerable to buffer overflow attacks?

1. Perl
2. C++
3. Python
4. Java

Q66 - You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

1. hping2 host.domain.com
2. hping2 --set-ICMP host.domain.com
3. hping2 -i host.domain.com
4. hping2 -1 host.domain.com

Q67 - Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

1. tcptrace
2. tcptraceroute
3. Nessus
4. OpenVAS

Q68 - Which protocol is used for setting up secured channels between two devices, typically in VPNs?

1. IPSEC
2. PEM
3. SET
4. PPP

Q69 - What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hours to restore OS and Software and needs further 4 hours to restore the database from the last backup to the new hard disk? Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

1. $440
2. $100
3. $1320
4. $146

Q70 - A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am. Which of the following programming languages would most likely be used?

1. PHP
2. C#
3. Python
4. ASP.NET

Q71 - As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?

1. Terms of Engagement
2. Project Scope
3. Non-Disclosure Agreement
4. Service Level Agreement

Q72 - When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

1. OWASP is for web applications and OSSTMM does not include web applications.
2. OSSTMM is gray box testing and OWASP is black box testing.
3. OWASP addresses controls and OSSTMM does not.
4. OSSTMM addresses controls and OWASP does not.

Q73 - Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?

1. Password protected files
2. Hidden folders
3. BIOS password
4. Full disk encryption.

Q74 - The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

1. RST
2. ACK
3. SYN-ACK
4. SYN

Q75 - Which protocol is used for setting up secure channels between two devices, typically in VPNs?

1. PPP
2. IPSEC
3. PEM
4. SET

Q76 - What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

1. Residual risk
2. Inherent risk
3. Deferred risk
4. Impact risk

Q77 - Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

1. SNMPUtil
2. SNScan
3. SNMPScan
4. Solarwinds IP Network Browser
5. NMap

Q78 - Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

1. USER, NICK
2. LOGIN, NICK
3. USER, PASS
4. LOGIN, USER

Q79 - An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

1. Wireshark
2. Ettercap
3. Aircrack-ng
4. Tcpdump

Q80 - Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?

1. a port scanner
2. a vulnerability scanner
3. a virus scanner
4. a malware scanner

Q81 - Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

1. Omnidirectional antenna
2. Dipole antenna
3. Yagi antenna
4. Parabolic grid antenna

Q82 - What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?

1. Blue Book
2. ISO 26029
3. Common Criteria
4. The Wassenaar Agreement

Q83 - Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

1. Switch then acts as hub by broadcasting packets to all machines on the network
2. The CAM overflow table will cause the switch to crash causing Denial of Service
3. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
4. Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Q84 - A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?

1. Scanning
2. Reconnaissance
3. Escalation
4. Enumeration

Q85 - Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

1. WebDav
2. SQL Slammer
3. MS Blaster
4. MyDoom

Q86 - Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?

Code:

Output:
Segmentation fault

1. C#
2. Python
3. Java
4. C++

Q87 - You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

1. Install Cryptcat and encrypt outgoing packets from this server.
2. Install and use Telnet to encrypt all outgoing traffic from this server.
3. Use Alternate Data Streams to hide the outgoing packets from this server.
4. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.

Q88 - If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?

1. -sP
2. -P
3. -r
4. -F

Q89 - The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

1. Private
2. Public
3. Shared
4. Root

Q90 - Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

1. Ping of death
2. SYN flooding
3. TCP hijacking
4. Smurf attack