Q181 - Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?

1. Bootrom Exploit
2. iBoot Exploit
3. Sandbox Exploit
4. Userland Exploit

Q182 - Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:
invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24
TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!
Obviously, it is not going through. What is the issue here?

1. OS Scan requires root privileges
2. The nmap syntax is wrong.
3. The outgoing TCP/IP fingerprinting is blocked by the host firewall
4. This is a common behavior for a corrupted nmap application

Q183 - What did the following commands determine?

1. That the Joe account has a SID of 500
2. These commands demonstrate that the guest account has NOT been disabled
3. These commands demonstrate that the guest account has been disabled
4. That the true administrator is Joe
5. Issued alone, these commands prove nothing

Q184 - Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

1. A biometric system that bases authentication decisions on behavioral attributes.
2. A biometric system that bases authentication decisions on physical attributes.
3. An authentication system that creates one-time passwords that are encrypted with secret keys.
4. An authentication system that uses passphrases that are converted into virtual passwords.

Q185 - WPA2 uses AES for wireless data encryption at which of the following encryption levels?

1. 64 bit and CCMP
2. 128 bit and CRC
3. 128 bit and CCMP
4. 128 bit and TKIP

Q186 - While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

1. Block port 25 at the firewall.
2. Shut off the SMTP service on the server.
3. Force all connections to use a username and password.
4. Switch from Windows Exchange to UNIX Sendmail.
5. None of the above.

Q187 - You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

1. 0x60
2. 0x80
3. 0x70
4. 0x90

Q188 - A virus that attempts to install itself inside the file it is infecting is called?

1. Tunneling virus
2. Cavity virus
3. Polymorphic virus
4. Stealth virus

Q189 - Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

1. NMAP -PN -A -O -sS 192.168.2.0/24
2. NMAP -P0 -A -O -p1-65535 192.168.0/24
3. NMAP -P0 -A -sT -p0-65535 192.168.0/16
4. NMAP -PN -O -sS -p 1-1024 192.168.0/8

Q190 - Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a scanned port is open, what happens?

1. The port will ignore the packets.
2. The port will send an RST.
3. The port will send an ACK.
4. The port will send a SYN.

Q191 - Which type of security feature stops vehicles from crashing through the doors of a building?

1. Turnstile
2. Bollards
3. Mantrap
4. Receptionist

Q192 - Which of the following programs is usually targeted at Microsoft Office products?

1. Polymorphic virus
2. Multipart virus
3. Macro virus
4. Stealth virus

Q193 - An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this?

1. g++ hackersExploit.cpp -o calc.exe
2. g++ hackersExploit.py -o calc.exe
3. g++ -i hackersExploit.pl -o calc.exe
4. g++ --compile -i hackersExploit.cpp -o calc.exe

Q194 - An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

1. Protocol analyzer
2. Intrusion Prevention System (IPS)
3. Network sniffer
4. Vulnerability scanner

Q195 - A server has been infected by a certain type of Trojan. The hacker intended to utilize it to send and host junk mails. What type of Trojan did the hacker use?

1. Turtle Trojans
2. Ransomware Trojans
3. Botnet Trojan
4. Banking Trojans

Q196 - The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. Also he needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router nobody can access to the ftp and the permitted hosts cannot access to the Internet. According to the next configuration what is happening in the network?

1. The ACL 110 needs to be changed to port 80
2. The ACL for FTP must be before the ACL 110
3. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router
4. The ACL 104 needs to be first because is UDP

Q197 - What results will the following command yield: 'NMAP -sS -O -p 123-153 192.168.100.3'?

1. A stealth scan, opening port 123 and 153
2. A stealth scan, checking open ports 123 to 153
3. A stealth scan, checking all open ports excluding ports 123 to 153
4. A stealth scan, determine operating system, and scanning ports 123 to 153

Q198 - What does a type 3 code 13 represent? (Choose two.)

1. Echo request
2. Destination unreachable
3. Network unreachable
4. Administratively prohibited
5. Port unreachable
6. Time exceeded

Q199 - Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

1. Role Based Access Control (RBAC)
2. Discretionary Access Control (DAC)
3. Windows authentication
4. Single sign-on

Q200 - A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?

1. -sO
2. -sP
3. -sS
4. -sU

Q201 - The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

What is most likely taking place?

1. Ping sweep of the 192.168.1.106 network
2. Remote service brute force attempt
3. Port scan of 192.168.1.106
4. Denial of service attack on 192.168.1.106

Q202 - Company XYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of Company XYZ. The employee of Company XYZ is aware of your test. Your email message looks like this:
From: jim_miller@companyxyz.com
To: michelle_saunders@companyxyz.com
Subject: Test message
Date: 4/3/2017 14:37
The employee of Company XYZ receives your email message. This proves that Company XYZ's email gateway doesn't prevent what?

1. Email Phishing
2. Email Masquerading
3. Email Spoofing
4. Email Harvesting

Q203 - Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

1. BA810DBA98995F1817306D272A9441BB
2. 44EFCE164AB921CQAAD3B435B51404EE
3. 0182BD0BD4444BF836077A718CCDF409
4. CEC52EB9C8E3455DC2265B23734E0DAC
5. B757BF5C0D87772FAAD3B435B51404EE
6. E52CAC67419A9A224A3B108F3FA6CB6D

Q204 - A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly handles a wide range of invalid input?

1. Mutating
2. Randomizing
3. Fuzzing
4. Bounding

Q205 - SOAP services use which technology to format information?

1. SATA
2. PCI
3. XML
4. ISDN

Q206 - Which type of sniffing technique is generally referred as MiTM attack?

1. Password Sniffing
2. ARP Poisoning
3. Mac Flooding
4. DHCP Sniffing

Q207 - When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?

1. AH Tunnel mode
2. AH promiscuous
3. ESP transport mode
4. ESP confidential

Q208 - You're doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?

1. Scan servers with Nmap
2. Physically go to each server
3. Scan servers with MBSA
4. Telent to every port on each server

Q209 - Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

1. Whisker
2. tcpsplice
3. Burp
4. Hydra

Q210 - A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

1. Information reporting
2. Vulnerability assessment
3. Active information gathering
4. Passive information gathering