Q121 - Emil uses nmap to scan two hosts using this command.
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:
What is his conclusion?

1. Host 192.168.99.7 is an iPad.
2. He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7.
3. Host 192.168.99.1 is the host that he launched the scan from.
4. Host 192.168.99.7 is down.

Q122 - What is GINA?

1. Gateway Interface Network Application
2. GUI Installed Network Application CLASS
3. Global Internet National Authority (G-USA)
4. Graphical Identification and Authentication DLL

Q123 - After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

1. SHA1
2. Diffie-Helman
3. RSA
4. AES

Q124 - A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

1. Use port security on his switches.
2. Use a tool like ARPwatch to monitor for strange ARP activity.
3. Use a firewall between all LAN segments.
4. If you have a small network, use static ARP entries.
5. Use only static IP addresses on all PC's.

Q125 - A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?

1. Botnet Trojan
2. Turtle Trojans
3. Banking Trojans
4. Ransomware Trojans

Q126 - You have initiated an active operating system fingerprinting attempt with nmap against a target system:

What operating system is the target host running based on the open ports shown above?

1. Windows XP
2. Windows 98 SE
3. Windows NT4 Server
4. Windows 2000 Server

Q127 - In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities.
Example:
allintitle: root passwd

1. Maintaining Access
2. Gaining Access
3. Reconnaissance
4. Scanning and Enumeration

Q128 - A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

1. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
2. Attempts by attackers to access the user and password information stored in the company's SQL database.
3. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
4. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

Q129 - Which of the following are well known password-cracking programs?

1. L0phtcrack
2. NetCat
3. Jack the Ripper
4. Netbus
5. John the Ripper

Q130 - One of your team members has asked you to analyze the following SOA record. What is the version?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

1. 200303028
2. 3600
3. 604800
4. 2400
5. 60
6. 4800

Q131 - LM hash is a compromised password hashing function. Which of the following parameters describe LM Hash:?
I - The maximum password length is 14 characters.
II - There are no distinctions between uppercase and lowercase.
III - It's a simple algorithm, so 10,000,000 hashes can be generated per second.

1. I
2. I, II, and III
3. II
4. I and II

Q132 - Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

1. -T0
2. -T5
3. -O
4. -A

Q133 - Which of the following program infects the system boot sector and the executable files at the same time?

1. Stealth virus
2. Polymorphic virus
3. Macro virus
4. Multipartite Virus

Q134 - If you are to determine the attack surface of an organization, which of the following is the BEST thing to do?

1. Running a network scan to detect network services in the corporate DMZ
2. Reviewing the need for a security clearance for each employee
3. Using configuration management to determine when and where to apply security patches
4. Training employees on the security policy regarding social engineering

Q135 - Which is the first step followed by Vulnerability Scanners for scanning a network?

1. TCP/UDP Port scanning
2. Firewall detection
3. OS Detection
4. Checking if the remote host is alive

Q136 - While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site:
< script >alert(" Testing Testing Testing ")
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text:
"Testing Testing Testing". Which vulnerability has been detected in the web application?

1. Buffer overflow
2. Cross-site request forgery
3. Distributed denial of service
4. Cross-site scripting

Q137 - Which system consists of a publicly available set of databases that contain domain name registration contact information?

1. WHOIS
2. IANA
3. CAPTCHA
4. IETF

Q138 - A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

1. Libpcap
2. Awinpcap
3. Winprom
4. Winpcap

Q139 - You perform a scan of your company's network and discover that TCP port 123 is open. What services by default run on TCP port 123?

1. Telnet
2. POP3
3. Network Time Protocol
4. DNS

Q140 - What does the option * indicate?

1. s
2. t
3. n
4. a

Q141 - Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

1. tcpdump
2. nessus
3. etherea
4. Jack the ripper

Q142 - Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

1. Disable unused ports in the switches
2. Separate students in a different VLAN
3. Use the 802.1x protocol
4. Ask students to use the wireless network

Q143 - While performing ping scans into a target network you get a frantic call from the organization's security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization's IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?

1. Scan more slowly.
2. Do not scan the broadcast IP.
3. Spoof the source IP address.
4. Only scan the Windows systems.

Q144 - While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?

1. The port will send an ACK
2. The port will send a SYN
3. The port will ignore the packets
4. The port will send an RST

Q145 - Which of the following techniques will identify if computer files have been changed?

1. Network sniffing
2. Permission sets
3. Integrity checking hashes
4. Firewall alerts

Q146 - Which tool would be used to collect wireless packet data?

1. NetStumbler
2. John the Ripper
3. Nessus
4. Netcat

Q147 - You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

1. Event logs on the PC
2. Internet Firewall/Proxy log
3. IDS log
4. Event logs on domain controller

Q148 - The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

1. Asymmetric
2. Confidential
3. Symmetric
4. Non-confidential

Q149 - Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

1. Time Keeper
2. NTP
3. PPP
4. OSPP

Q150 - Which command line switch would be used in NMAP to perform operating system detection?

1. -OS
2. -sO
3. -sP
4. -O