Вы находитесь на странице: 1из 12

1.

When Penetration Testing a wireless network, you attempt to crack the WPA2 password
of the Secure Military Base. However due to the password complexity used by the wifi
Network, cracking passwords takes a very long time. What are the shorter methods you
could try to attempt to secure access to the Wireless Access Point.
A. Wifi Rogue Access Point
B. Wifi Relay Attack
C. Wifi Jamming
D. Wifi WPS pin cracking

2.

In the context of the file deletion process, which of the following statement holds true?
A. Secure delete programs work by completely overwriting the file in one go
B. While booting, the machine may create temporary files that can delete evidence
C. When files are deleted, the data is overwritten and the cluster marked as available
D. The longer disk is in use, the less likely it is that deleted files will be overwritten

3.

You are planning to conduct a penetration testing through an Intrusion Detection system
for a (DMZ) Demilitarized Zone. What would be your primary engangement strategy to
evade IDS detection in your testing engagement.
A. Focus the attack through the SSL to evade the IDS detection
B. Prior before attacking the DMZ you should fragment your traffic
C. Send a large number of Traffic and simulate a denial of service while sneaking into
your traffic into the DMZ
D. Tunnel your I.P address to a remote I.P address before attacking the DMZ

4.

An ISIS militant laptop was seized at the Los Angeles Airport. The forensic Investigator
have discovered that the terrorist has been communicating with his leader though a series
of messages.
What is the name of the technique used by the terrorist?
A. Data didding
B. Encryption
C. Steganography
D. Covert Channel

5.

What is the common security principle used in Linux operation to assign rights via Role
Based Control
A. Bastille
B. Iptables
C. Apparmour

D. Selinux
6.

If an employee is suspected of wrong doing in computer crime, what department must be


involved?
A. Security Department
B. HR Department
C. ISMS Audit and Compliance
D. Legal Department

7.

Security awareness training aims to educate users on:


A. How to secure their home computer systems
B. How attackers defeat security safeguards
C. The work performed by the information security organization
D. What they can do to maintain the organizations security posture

8.

A security Administrator of Royal Bank of Scotland detected a remote IP address has


established a connection to one of the Critical Servers Inside the local lan of the bank.
Upon confirming his suspicion on the Firewall and IDS, the administrator decides to
inspect the suspected machine to gain a better understanding of the intrusion.
1) Below are his course of action:
2) Upon inspecting the task manager he did not notice any suspicious files or processes
running.
3) When inspection the network connected and listening ports, none were backdoor or
trojan in nature.
4) Traffic from Sniffer analysis still indicated that the remote IP address is connected to
a SSL connection through the firewall.
From this scenario above what could we infer the possible reason that the traffic is still
persistent.
A. The server background process is binded with a backdoor which has been injected
with a rootkit that makes detection impossible
B. The system has a remote management program which has been specifically written
to evade detection by the hardware or software vendors
C. The covert program is binded with a validservice hence detection was not possible
D. The program running on a UDP protocol connecion and connection is not possible to
be sniffed

9.

Hackers constantly strive on finding new vulnerabilities. What is the process of finding
new vulnerabilities?

A. Fuzzing
B. Shell coding
C. Reverse Engineering
D. Debugging
10. You have been called to conduct a penetration test on a highly secure Military facility by
the National Security Agency. The scope of the project involves a series of test which
involves the testing of Military Database and application. What us the first phase of
security testing that you should accomplish prior before engaging on this project
A. Conduct a project feasibility Analysis
B. Passive reconnaissance activity
C. All of the above
D. Review and accept the non-disclosure agrement
11. Which one of the following design elements include during the development of the
application would help to prevent uninteded or malicious data from being entered into
data entry fields that are visible at the client?
A. Race condition
B. Exception and error handling
C. Privilege escalation
D. Sensitive data storage
E. Input validation and sanitation filtering
12. An application server inside the perimeter has been issuing sporadic exception messages,
and it has been slow to respond to information requests. What mitigation strategy might
work best?
A. Identifying vulnerabilities and Threats
B. Code review and testing
C. Sanboxing new applications
D. Host hardening
E. Training and awareness
13. If you are getting ready to conduct a security review for your company, which mitigation
strategy is most likely your starting point?
A. Indentifying vulnerabilities and threats
B. Training and awareness
C. Host hardening
D. Sandboxing new application

E. Code review and testing


14. What does the acronym POST mean as it relates to a PC?
A. Power On Self Test
B. Pre Operational Situation Test
C. Primary Operating System Test
15. Todd documents several fraud opportunities that the employees have at the financial
institution so that management understands these risks and allocates the funds and
resources for his suggested solutions. Which of the following best describes the control
todd should put into place to be able to carry out fraudulent investigation activity?
A. Split knowledge
B. Rotation of duties
C. Separation of duties
D. Mandatory vacations
16. Forging the source address on an email header to make an email appear as if it came
from somewhere else is called
A. IP Spoofing
B. Email Spoofing
C. SPAM
D. DHCP Starving
17. Penetration testing involves three steps. At which step should an approve penetration test
stop?
A. War Driving
B. Network reconnaissance
C. Network Penetration
D. System Control
E. Denial of system services
F. Network scanning
18. Which of the following penetration testing techniques automatically tests every phone
line in anexchange and tries to locate modems that are attached to the network?
A. Demon dialing
B. Sniffing
C. Social engineering
D. Dumpster diving

19. Penetration testing (also called pen testing) is the practice of testing a computer system,
network,or Web application to find vulnerabilities that an attacker could exploit. Which
of the followingareas can be exploited in a penetration test? Each correct answer
represents a complete solution.Choose all that apply.
A. Kernel flaws
B. Information system architectures
C. Race conditions
D. File and directory permissions
E. Buffer overflows
F. Trojan horses
G. Social engineering
20. Which of the following techniques is used when a system performs the penetration
testing with theobjective of accessing unauthorized information residing inside a
computer?
A. Biometrician
B. Van Eck Phreaking
C. Port scanning
D. Phreaking
21. You work as a security manager for BlueWell Inc. You are performing the external
vulnerabilitytesting, or penetration testing to get a better snapshot of your organizations
security posture.Which of the following penetration testing techniques will you use for
searching paper disposalareas for unshredded or otherwise improperly disposed-of
reports?
A. Sniffing
B. Scanning and probing
C. Dumpster diving
D. Demon dialing
22. Management can expect penetration tests to provide all of the following EXCEPT
A. identification of security flaws
B. demonstration of the effects of the flaws
C. a method to correct the security flaws.
D. verification of the levels of existing infiltration resistance
23. Which one of the following is a characteristic of a penetration testing project?
A. The project is open-ended until all known vulnerabilities are identified.

B. The project schedule is plotted to produce a critical path.


C. The project tasks are to break into a targeted system.
D. The project plan is reviewed with the target audience.
24. Which one of the following is the PRIMARY objective of penetration testing?
A. Assessment
B. Correction
C. Detection
D. Protection
25. Open box testing, in the Flaw Hypothesis Methodology of Penetration Testing applies to
theanalysis of
A. Routers and firewalls
B. Host-based IDS systems
C. Network-based IDS systems
D. General purpose operating systems
26. What is the FIRST step that should be considered in a penetration test?
A. The approval of change control management.
B. The development of a detailed test plan.
C. The formulation of specific management objectives.
D. The communication process among team members.
27. Which of the following are the scanning methods used in penetration testing? Each
correct answerrepresents a complete solution. Choose all that apply.
A. Vulnerability
B. Port
C. Services
D. Network
28. What is it called when a system has apparent flaws that were deliberately available for
penetrationand exploitation?
A. A jail
B. Investigation
C. Enticement
D. Data manipulation
E. Trapping

29. Penetration tests are sometimes called white hat attacks because in a pen test, the good
guys areattempting to break in. What are the different categories of penetration testing?
Each correctanswer represents a complete solution. Choose all that apply.
A. Open-box
B. Closed-box
C. Zero-knowledge test
D. Full-box
E. Full-knowledge test
F. Partial-knowledge test
30. Which of the following is an example of penetration testing?
A. Implementing NIDS on a network
B. Implementing HIDS on a computer
C. Simulating an actual attack on a network
D. Configuring firewall to block unauthorized traffic
31. A penetration test performed as part of evaluating network security:
A. provides assurance that all vulnerabilities are discovered.
B. should be performed without warning the organizations management.
C. exploits the existing vulnerabilities to gain unauthorized access.
D. would not damage the information assets when performed at network perimeters.
32. The difference between a vulnerability assessment and a penetration test is that a
vulnerabilityassessment:
A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration
testing intends to exploit the vulnerabilities to probe the damage that could result
from the vulnerabilities.
B. and penetration tests are different names for the same activity.
C. is executed by automated tools, whereas penetration testing is a totally manual
process.
D. is executed by commercial tools, whereas penetration testing is executed by public
processes.
33. An IS auditor doing penetration testing during an audit of internet connections would:
A. evaluate configurations.
B. examine security settings.
C. ensure virus-scanning software is in use.
D. use tools and techniques available to a hacker.

34. The BEST time to perform a penetration test is after:


A. an attempted penetration has occurred.
B. an audit has reported weaknesses in security controls.
C. various infrastructure changes are made.
D. a high turnover in systems staff.
35. Which of the following is not a result of a penetration test?
A. Modify access control permissions
B. Identify network vulnerabilities
C. Evaluate IDS effectiveness
D. Evaluate incident response procedures
36. If a company deliberately planted a flaw in one of its systems in the hope of detecting an
attempted penetration and exploitation of this flaw, what would this be called?
A. Incident recovery response
B. Entrapment
C. Illegal
D. Enticement
37. Which of the following would NOT be considered a penetration testingtechnique?
A. Sniffing
B. Scanning
C. War dialing
D. Data manipulation
38. A user on your Windows 2000 network has discovered that he can use L0phtcrack to
sniff the SMB exchange which carries user logons. The user is plugged into a hub with
23 other systems. However, he is unable to capture any logons though he knows that
other users are logging on. What do you think is the most likely reason behind this?
A. L0phtcrack only sniffs logons to web servers
B. Kerberos is preventing it
C. There is a NIDS present on that segment
D. Windows logons cannot be sniffed
39. How does a denial-of-service attack work?
A. A hacker uses every character, word, or letter he or she can think of to defeat
authentication
B. A hacker prevents a legitimate user (or group of users) from accessing a service

C. A hacker tries to decipher a password by using a system, which subsequently crashes


the network
D. A hacker attempts to imitate a legitimate user by confusing a computer or even
another person
40. While investigating a claim of a user downloading illegal material, the investigator goes
through the files on the suspects workstation. He comes across a file that is just called
file.txt but when he opens it, he finds the following:
#define MAKE_STR_FROM_RET(x)
((x)&0xff),(((x)&0xff00)>>8),(((x)&0xff0000)>>16),(((x)&0xff000000)>>24) char
infin_loop[]= /* for testing purposes */
\xEB\xFE;
char bsdcode[] = /* Lam3rZ chroot() code by venglin */
\x31\xc0\x50\x50\x50\xb0\x7e\xcd\x80\x31\xdb\x31\xc0\x43
\x43\x53\x4b\x53\x53\xb0\x5a\xcd\x80\xeb\x77\x5e\x31\xc0
\x8d\x5e\x01\x88\x46\x04\x66\x68\xff\xff\x01\x53\x53\xb0
\x88\xcd\x80\x31\xc0\x8d\x5e\x01\x53\x53\xb0\x3d\xcd\x80
\x31\xc0\x31\xdb\x8d\x5e\x08\x89\x43\x02\x31\xc9\xfe\xc9
\x31\xc0\x8d\x5e\x08\x53\x53\xb0\x0c\xcd\x80\xfe\xc9\x75
\xf1\x31\xc0\x88\x46\x09\x8d\x5e\x08\x53\x53\xb0\x3d\xcd
\x80\xfe\x0e\xb0\x30\xfe\xc8\x88\x46\x04\x31\xc0\x88\x46
\x07\x89\x76\x08\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x8d\x56
\x0c\x52\x51\x53\x53\xb0\x3b\xcd\x80\x31\xc0\x31\xdb\x53
\x53\xb0\x01\xcd\x80\xe8\x84\xff\xff\xff\xff\x01\xff\xff\x30
\x62\x69\x6e\x30\x73\x68\x31\x2e\x2e\x31\x31\x76\x65\x6e
\x67\x6c\x69\x6e;
static int magic[MAX_MAGIC],magic_d[MAX_MAGIC];
static char *magic_str=NULL;
int before_len=0;
What can he infer from this file?
A. A picture that has been renamed with a .txt extension
B. An encrypted file
C. A uuencoded file
D. A buffer overflow

41. SNMP is a protocol used to query hosts, servers, and devices about performance or
health status data. Hackers have used this protocol for a long time to gather great amount
of information about remote hosts. Which of the following features makes this possible?
A. It uses TCP as the underlying protocol
B. It uses a community string sent as clear text
C. It is susceptible to sniffing
D. It is used by ALL devices on the market
42. Which of the following keyloggers cannot be detected by anti-virus or anti-spyware
products?
A. Stealth keylogger
B. Hardware keylogger
C. Software keylogger
D. Covert keylogger
43. While probing an organization you discover that they have a wireless network. From
your attempts to connect to the WLAN you determine that they are using MAC filtering
by using ACLs on the access points. What would be the easiest way to circumvent this
and connect to the WLAN?
A. Steal a client computer and use it to access the wireless network
B. Attempt to brute force the access point and update or delete the MAC ACLs
C. Sniff traffic off the WLAN and spoof your MAC address to the one that you have
D. captured
E. Attempt to crack the WEP key using Airsnort
44. A simple compiler technique used by programmers is to add a terminator canary word
containing four letters NULL (000), CR (0x0d), LF (0x0a) and EOF (0xff) so that most
string operations are terminated. If the canary word has been altered when the function
returns, and the program responds by emitting an intruder alert into syslog, and then halts
what does it indicate?
A. A buffer overflow attack has been attempted
B. A buffer overflow attack has already occurred
C. The system has crashed
D. An intrusion detection system has been triggered
E. A firewall has been breached and this is logged
45. While attempting to discover the remote operating system on the target computer, you
receive the following results from an nmap scan:

Starting

nmap

V.

3.10ALPHA9

www.insecure.org/nmap/

Interesting ports on 172.121.12.222:


(The 1592 ports scanned but not shown below are in state: filtered) PortStateService
21/tcpopenftp
25/tcpopensmtp
53/tcpcloseddomain
80/tcpopenhttp
443/tcpopenhttp
Remote operating system guess: Too many signatures match to reliably guess the OS.
Nmap run completed 1 IP address (1 host up) scanned in 277.483 seconds
What would you do next to fingerprint the OS?
A. Perform a tcp traceroute to the system using port 53
B. Run an nmap scan with the -vv option
C. Perform a Firewalk with that system as the target IP
D. Connect to the active services and review the banner information
46. Why is it a good idea to perform a penetration test from the inside?
A. It is easier to hack from the inside
B. It is never a good idea to perform a penetration test from the inside
C. To attack a network from a hackers perspective
D. Because 70% of attacks are from inside the organization
47. Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular
basis, he needs to send PDF documents containing sensitive information through E-mail
to his customers. Bill protects the PDF documents with a password and sends them to
their intended recipients.Why PDF passwords do not offer maximum protection?
A. PDF passwords can easily be cracked by software brute force tools
B. PDF passwords are not considered safe by Sarbanes-Oxley
C. PDF passwords are converted to clear text when sent through E-mail
D. When sent through E-mail, PDF passwords are stripped from the document
completely
48. Julia is a senior security analyst for Berber Consulting group. She is currently working
on a contract for a small accounting firm in Florida. They have given her permission to
perform social engineering attacks on the company to see if their in-house training did
any good. Julia calls the main number for the accounting firm and talks to the
receptionist. Julia says that she is an IT technician from the companys main office in

Iowa. She states that she needs the receptionists network username and password to
troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the
company, requested this information. After hearing the name of the CEO, the
receptionist gave Julia all the information she asked for.What principal of social
engineering did Julia use?
A. A.Reciprocation
B. B.Friendship/Liking
C. C.Social Validation
D. D.Scarcity
49. Pauls company is in the process of undergoing a complete security audit including
logical and physical security testing. After all logical tests were performed; it is now time
for the physical round to begin. None of the employees are made aware of this round of
testing. The security-auditing firm sends in a technician dressed as an electrician. He
waits outside in the lobby for some employees to get to work and follows behind them
when they access the restricted areas. After entering the main office, he is able to get into
the server room telling the IT manager that there is a problem with the outlets in that
room. What type of attack has the technician performed?
A. Fuzzing
B. Tailgating
C. Man trap attack
D. Backtrapping
50. Which of the following is a reason to perform a penetration test?
A. A.To passively test security controls within the enterprise
B. B.To provide training to white hat attackers
C. C.To identify all vulnerabilities and weaknesses within the enterprise
D. D.To determine the impact of a threat against the enterprise

Вам также может понравиться