Q151 - Which Intrusion Detection System is best applicable for large environments where criticalassets on the network need extra security and is ideal for observing sensitive network segments?

1. Network-based intrusion detection system (NIDS)
2. Host-based intrusion detection system (HIDS)
3. Firewalls
4. Honeypots

Q152 - Which tool can be used to silently copy files from USB devices?

1. USB Grabber
2. USB Dumper
3. USB Sniffer
4. USB Snoopy

Q153 - The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:

What type of activity has been logged?

1. Port scan targeting 192.168.1.103
2. Teardrop attack targeting 192.168.1.106
3. Denial of service attack targeting 192.168.1.103
4. Port scan targeting 192.168.1.106

Q154 - How does a denial-of-service attack work?

1. A hacker prevents a legitimate user (or group of users) from accessing a service
2. A hacker uses every character, word, or letter he or she can think of to defeat authentication
3. A hacker tries to decipher a password by using a system, which subsequently crashes the network
4. A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Q155 - Which type of security document is written with specific step-by-step details?

1. Process
2. Procedure
3. Policy
4. Paradigm

Q156 - On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?

1. Risk Mitigation
2. Emergency Plan Response (EPR)
3. Disaster Recovery Planning (DRP)
4. Business Impact Analysis (BIA)

Q157 - Why would an attacker want to perform a scan on port 137?

1. To discover proxy servers on a network
2. To disrupt the NetBIOS SMB service on the target host
3. To check for file and print sharing on Windows systems
4. To discover information about a target host using NBTSTAT

Q158 - Which of the following is an example of two factor authentication?

1. PIN Number and Birth Date
2. Username and Password
3. Digital Certificate and Hardware Token
4. Fingerprint and Smartcard ID

Q159 - Which of the following is the BEST way to defend against network sniffing?

1. Using encryption protocols to secure network communications
2. Register all machines MAC Address in a Centralized Database
3. Restrict Physical Access to Server Rooms hosting Critical Servers
4. Use Static IP Address

Q160 - Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends "many" IP packets, based on the average number of packets sent by all origins and using some thresholds. In concept, the solution developed by Bob is actually:

1. Just a network monitoring tool
2. A signature-based IDS
3. A hybrid IDS
4. A behavior-based IDS

Q161 - An NMAP scan of a server shows port 25 is open. What risk could this pose?

1. Open printer sharing
2. Web portal data leak
3. Clear text authentication
4. Active mail relay

Q162 - Which of the following problems can be solved by using Wireshark?

1. Tracking version changes of source code
2. Checking creation dates on all webpages on a server
3. Resetting the administrator password on multiple systems
4. Troubleshooting communication resets between two systems

Q163 - What kind of risk will remain even if all theoretically possible safety measures would be applied?

1. Residual risk
2. Inherent risk
3. Impact risk
4. Deferred risk

Q164 - Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges.

1. John
2. Rebecca
3. Sheela
4. Shawn
5. Somia
6. Chang
7. Micah

Q165 - When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack?

1. Attacker generates TCP SYN packets with random destination addresses towards a victim host
2. Attacker floods TCP SYN packets with random source addresses towards a victim host
3. Attacker generates TCP ACK packets with random source addresses towards a victim host
4. Attacker generates TCP RST packets with random source addresses towards a victim host

Q166 - An NMAP scan of a server shows port 69 is open. What risk could this pose?

1. Unauthenticated access
2. Weak SSL version
3. Cleartext login
4. Web portal data leak

Q167 - Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

1. Height and Weight
2. Voice
3. Fingerprints
4. Iris patterns

Q168 - Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

1. Internet Key Exchange (IKE)
2. Oakley
3. IPsec Policy Agent
4. IPsec driver

Q169 - Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

1. Use a scan tool like Nessus
2. Use the built-in Windows Update tool
3. Check MITRE.org for the latest list of CVE findings
4. Create a disk image of a clean Windows installation

Q170 - Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

1. ESP transport mode
2. AH permiscuous
3. ESP confidential
4. AH Tunnel mode

Q171 - Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

1. Nikto
2. Snort
3. John the Ripper
4. Dsniff

Q172 - In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

1. Full Blown
2. Thorough
3. Hybrid
4. BruteDics

Q173 - A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

1. Perform a dictionary attack.
2. Perform a brute force attack.
3. Perform an attack with a rainbow table.
4. Perform a hybrid attack.

Q174 - Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits. What type of attack is outlined in the scenario?

1. Watering Hole Attack
2. Heartbleed Attack
3. Shellshock Attack
4. Spear Phising Attack

Q175 - Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address. What is the first thing that Nedved needs to do before contacting the incident response team?

1. Leave it as it Is and contact the incident response te3m right away
2. Block the connection to the suspicious IP Address from the firewall
3. Disconnect the email server from the network
4. Migrate the connection to the backup email server

Q176 - A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:

Which exploit is indicated by this script?

1. A buffer overflow exploit
2. A chained exploit
3. A SQL injection exploit
4. A denial of service exploit

Q177 - From the two screenshots below, which of the following is occurring?

1. 10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.
2. 10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.
3. 10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.
4. 10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Q178 - What tool can crack Windows SMB passwords simply by listening to network traffic?

1. This is not possible
2. Netbus
3. NTFSDOS
4. L0phtcrack

Q179 - What is the difference between the AES and RSA algorithms?

1. Both are asymmetric algorithms, but RSA uses 1024-bit keys.
2. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
3. Both are symmetric algorithms, but AES uses 256-bit keys.
4. AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data.

Q180 - What port number is used by LDAP protocol?

1. 110
2. 389
3. 464
4. 445