CEH Practical Exam Solutions Part 5/5

MCQ CEH Practical Exam Solutions

402. Which security control role does encryption meet?
A. Preventative
B. Detective
C. Offensive
D. Defensive

403. Which of the following is the successor of SSL?
A. TLS
B. RSA
C. GRE
D. IPSec

404. Advanced encryption standard is an algorithm used for which of the following?
A. Data integrity
B. Key discovery
C. Bulk data encryption
D. Key recovery

405. Which type of cryptography does SSL, IKE and PGP belongs to?
A. Secret Key
B. Hash Algorithm
C. Digest
D. Public Key

406. Which of the following is a symmetric cryptographic standard?
A. DSA
B. PKI
C. RSA
D. 3DES

407. Which of the following is designed to verify and authenticate individuals taking part in a data exchange within an enterprise?
A. SOA
B. Single-Sign On
C. PKI
D. Biometrics

408. Which of the following is a characteristic of Public Key Infrastructure (PKI)?
A. Public-key cryptosystems are faster than symmetric-key cryptosystems.
B. Public-key cryptosystems distribute public-keys within digital signatures.
C. Public-key cryptosystems do not require a secure key distribution channel.
D. Public-key cryptosystems do not provide technical non-repudiation via digital signatures.

409. Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?
A. RSA 1024 bit strength
B. AES 1024 bit strength
C. RSA 512 bit strength
D. AES 512 bit strength

410. Which service in a PKI will vouch for the identity of an individual or company?
A. KDC
B. CA
C. CR
D. CBC

411. Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?
A. The root CA is the recovery agent used to encrypt data when a user’s certificate is lost.
B. The root CA stores the user’s hash value for safekeeping.
C. The root CA is the trusted root that issues certificates.
D. The root CA is used to encrypt email messages to prevent unintended disclosure of data.

412. Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?
A. Poly key exchange
B. Cross certification
C. Poly key reference
D. Cross-site exchange

413. Which element of Public Key Infrastructure (PKI) verifies the applicant?
A. Certificate authority
B. Validation authority
C. Registration authority
D. Verification authority

414. A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?
A. Public key
B. Private key
C. Modulus length
D. Email server certificate

415. A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?
A. Implementing server-side PKI certificates for all connections
B. Mandating only client-side PKI certificates for all connections
C. Requiring client and server PKI certificates for all connections
D. Requiring strong authentication for all DNS queries

416. Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?
A. Key registry
B. Recovery agent
C. Directory
D. Key escrow

417. Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?


A. Certificate issuance
B. Certificate validation
C. Certificate cryptography
D. Certificate revocation

418. XOR is a common cryptographic tool. 10110001 XOR 00111010 is?
A. 10111100
B. 11011000
C. 10011101
D. 10001011

419. A hacker was able to sniff packets on a company’s wireless network. The following information was discovered:
The Key 10110010 01001011
The Cyphertext 01100101 01011010
Using the Exclusive OR, what was the original message?
A. 00101000 11101110
B. 11010111 00010001
C. 00001101 10100100
D. 11110010 01011011

420. The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?
A. Asymmetric
B. Confidential
C. Symmetric
D. Non-confidential

421. What is the difference between the AES and RSA algorithms?
A. Both are asymmetric algorithms, but RSA uses 1024-bit keys.
B. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
C. Both are symmetric algorithms, but AES uses 256-bit keys.
D. AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data.

422. What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?
A. Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.
B. To get messaging programs to function with this algorithm requires complex configurations.
C. It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.
D. It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

423. The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?
A. Multiple keys for non-repudiation of bulk data
B. Different keys on both ends of the transport medium
C. Bulk encryption for data transmission over fiber
D. The same key on each end of the transmission medium

424. Which of the following is an example of an asymmetric encryption implementation?
A. SHA1
B. PGP
C. 3DES
D. MD5

425. A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?
A. IP Security (IPSEC)
B. Multipurpose Internet Mail Extensions (MIME)
C. Pretty Good Privacy (PGP)
D. Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

426. To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?
A. Recipient’s private key
B. Recipient’s public key
C. Master encryption key
D. Sender’s public key

427. Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?
A. Scalability
B. Speed
C. Key distribution
D. Security

428. In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes
Keyed Hashing
Double Hashing
Salting
Key Stretching

429. This asymmetry cipher is based on factoring the product of two large prime numbers.
What cipher is described above?
A. RSA
B. SHA
C. RC5
D. MD5

430. During the process of encryption and decryption, what keys are shared?
Public keys
Public and private keys
Private keys
User passwords

431. Which of the following Secure Hashing Algorithm (SHA) provides better protection against brute force attacks by producing a 160-bit digest from a message with a maximum length of (264 – 1) bits and resembles the MD5 algorithm?
SHA-0
SHA-2
SHA-1
SHA-3

432. After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?
A. SHA1
B. Diffie-Helman
C. RSA
D. AES

433. Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?
A. 768 bit key
B. 1025 bit key
C. 1536 bit key
D. 2048 bit key

434. Which cipher encrypts the plain text digit (bit or byte) one by one?
A. Classical cipher
B. Block cipher
C. Modern cipher
D. Stream cipher

435. An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?
A. Timing attack
B. Replay attack
C. Memory trade-off attack
D. Chosen plain-text attack

436. In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?
Adaptive chosen-plaintext attack
Known-plaintext attack
Chosen-plaintext attack
Ciphertext-only attack

437. An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?
A. Birthday attack
B. Plaintext attack
C. Meet in the middle attack
D. Chosen ciphertext attack

438. Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture?
Ciphertext-only Attack
Rubber Hose Attack
Chosen-Cipher text Attack
Timing Attack

439. Which of the following cryptography attack methods is usually performed without the use of a computer?
A. Ciphertext-only attack
B. Chosen key attack
C. Rubber hose attack
D. Rainbow table attack

440. What is correct about digital signatures?
A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
B. Digital signatures may be used in different documents of the same type.
C. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
D. Digital signatures are issued once for each user and can be used everywhere until they expire.

441. What two conditions must a digital signature meet?
Must be unique and have special characters.
Has to be legible and neat.
Has to be unforgeable, and has to be authentic.
Has to be the same number of characters as a physical signature and must be unique.

442. Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
Basic example to understand how cryptography works is given below:
SECURE (plain text)
+1 (+1 next letter. for example, the letter “”T”” is used for “”S”” to encrypt.)
TFDVSF (encrypted text)
+ = logic => Algorithm
1 = Factor => Key
Which of the following choices true about cryptography?
Algorithm is not the secret, key is the secret.
Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.
Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext
Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way.

443. Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?
A. It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.
B. If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.
C. Hashing is faster compared to more traditional encryption algorithms.
D. Passwords stored using hashes are non-reversible, making finding the password much more difficult.

444. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?
A. Sender’s public key
B. Receiver’s private key
C. Receiver’s public key
D. Sender’s private key

445. When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?
A. The key entered is a symmetric key used to encrypt the wireless data.
B. The key entered is a hash that is used to prove the integrity of the wireless data.
C. The key entered is based on the Diffie-Hellman method.
D. The key is an RSA key used to encrypt the wireless data.

446. You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?
Ans: A web server facing the Internet, an application server on the internal network, a database server on the internal network

447. In the software security development life cycle process, threat modeling occurs in which phase?
A. Design
B. Requirements
C. Verification
D. Implementation

448. What is the main disadvantage of the scripting languages as opposed to compiled programming languages?
A. Scripting languages are hard to learn.
B. Scripting languages are not object-oriented.
C. Scripting languages cannot be used to create graphical user interfaces.
D. Scripting languages are slower because they require an interpreter to run the code.

449. What is the role of test automation in security testing?
It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
Test automation is not usable in security due to the complexity of the tests
It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies
It is an option but it tends to be very expensive

450. Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?
A. Service Oriented Architecture
B. Object Oriented Architecture
C. Lean Coding
D. Agile Process

451. Which of the following is a common Service Oriented Architecture (SOA) vulnerability?
A. Cross-site scripting
B. SQL injection
C. VPath injection
D. XML denial of service issues

452. Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?
Based on XML
Provides a structured model for messaging
Exchanges data between web services
Only compatible with the application protocol HTTP

453. SOAP services use which technology to format information?
A. SATA
B. PCI
C. XML
D. ISDN

454. A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly handles a wide range of invalid input?
A. Mutating
B. Randomizing
C. Fuzzing
D. Bounding

455. Which of the following is an adaptive SQL injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?
Dynamic Testing (Analyze dynamic code behavior)
Function Testing (QA, Black box based on software specifications)
Fuzzing Testing
Static Testing (Review, Walkthrough without executing code)

456. Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?
Third party running the code
Fuzzy-testing the code
String validating the code
Sandboxing the code

457. Which of the following is a restriction being enforced in “white box testing?”


A. Only the internal operation of a system is known to the tester
B. The internal operation of a system is completely known to the tester
C. The internal operation of a system is only partly accessible to the tester
D. Only the external operation of a system is accessible to the tester

458. The “gray box testing” methodology enforces what kind of restriction?
A. The internal operation of a system is only partly accessible to the tester.
B. The internal operation of a system is completely known to the tester.
C. Only the external operation of a system is accessible to the tester.
D. Only the internal operation of a system is known to the tester.

459. The “black box testing” methodology enforces what kind of restriction?
A. The internal operation of a system is only partly accessible to the tester.
B. The internal operation of a system is completely known to the tester.
C. Only the external operation of a system is accessible to the tester.
D. Only the internal operation of a system is known to the tester.

460. A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems.
What kind of test is being performed?
A. white box
B. grey box
C. red box
D. black box

461. What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?
Black-box
Announced
Grey-box
White-box

462. Seth is starting a penetration test from inside the network. He hasn’t been given any information about the network. What type of test is he conducting?


Internal, Whitebox
Internal, Blackbox
External,Blackbox
External, Whitebox

463. Risks = Threats x Vulnerabilities is referred to as the:
A. Risk equation
B. Threat assessment
C. BIA equation
D. Disaster recovery formula

464. In Risk Management, how is the term “likelihood” related to the concept of “threat?”
A. Likelihood is the probability that a threat-source will exploit a vulnerability.
B. Likelihood is a possible threat-source that may exploit a vulnerability.
C. Likelihood is the likely source of a threat that could exploit a vulnerability.
D. Likelihood is the probability that a vulnerability is a threat-source.

465. What kind of risk will remain even if all theoretically possible safety measures would be applied?
A. Residual risk
B. Inherent risk
C. Impact risk
D. Deferred risk

466. If the final set of security controls does not eliminate all risk in a system, what could be done next?
A. Continue to apply controls until there is zero risk.
B. Ignore any remaining risk.
C. If the residual risk is low enough, it can be accepted.
D. Remove current controls since they are not completely effective.

467. One of the Forbes 500 companies has been subjected to a large scale attack. You are one of the shortlisted pen testers that they may hire. During the interview with the CIO, he emphasized that he wants to totally eliminate all risks. What is one of the first things you should do when hired?
A. Interview all employees in the company to rule out possible insider threats.
B. Establish attribution to suspected attackers.
C. Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.
D. Start the Wireshark application to start sniffing network traffic.

468. What information should an IT system analysis provide to the risk assessor?
A. Management buy-in
B. Threat statement
C. Security architecture
D. Impact analysis

469. The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?
A. Accept
B. Mitigate
C. Delegate
D. Avoid

470. Which of the following is considered an acceptable option when managing a risk?
A. Reject the risk.
B. Deny the risk.
C. Mitigate the risk.
D. Initiate the risk.

471. Which of the following is a component of a risk assessment?
A. Administrative safeguards
B. Physical security
C. DMZ
D. Logical interface

472. On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service. What is the name of the process by which you can determine those critical businesses?
Business Impact Analysis (BIA)
Disaster Recovery Planning (DRP)
Emergency Plan Response (EPR)
Risk Mitigation

473. Which of the following lists are valid data-gathering activities associated with a risk assessment?
A. Threat identification, vulnerability identification, control analysis
B. Threat identification, response identification, mitigation identification
C. Attack profile, defense profile, loss profile
D. System profile, vulnerability identification, security determination

474. The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500. EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss Expectancy (ALE).
A. $62.5
B. $250
C. $125
D. $65.2
4/0.5=8 500/8=62.6

475. What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hours to restore OS and Software and needs further 4 hours to restore the database from the last backup to the new hard disk? Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).
A. $440
B. $100
C. $1320
D. $146
The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE).Suppose than an asset is valued at $100,000, and the Exposure Factor (EF) for this asset is 25%. The single loss expectancy (SLE) then, is 25% * $100,000, or $25,000. In our example the ARO is 33%, and the SLE is 300+14*10 (as EF=1). The ALO is thus: 33%*(300+14*10) which equals 146.

476. Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?
Data tier
Presentation tier
Logic tier
Application Layer

477. Which statement best describes a server type under an N-tier architecture?
A. A group of servers at a specific layer
B. A single server with a specific role
C. A group of servers with a unique role
D. A single server at a specific layer

478. Which of the following items is unique to the N-tier architecture method of designing software applications?
A. Application layers can be separated, allowing each layer to be upgraded independently from other layers.
B. It is compatible with various databases including Access, Oracle, and SQL.
C. Data security is tied into each layer and must be updated for all layers when any upgrade is performed.
D. Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

479. What is the benefit of performing an unannounced Penetration Testing?
A. The tester will have an actual security posture visibility of the target network.
B. Network security would be in a “best state” posture.
C. It is best to catch critical infrastructure unpatched.
D. The tester could not provide an honest analysis.

480. Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?
A. Penetration testing
B. Social engineering
C. Vulnerability scanning
D. Access control list reviews

481.Digital signatures are:A. Based on asymmetric cryptography
B. Provide encryption
C. Based on symmetric cryptography
D. The same as electronic signatures 

482. What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you’ve compromised and gained root access to?
A. Install and use Telnet to encrypt all outgoing traffic from this server.
B. Install Cryptcat and encrypt outgoing packets from this server.
C. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.
D. Use Alternate Data Streams to hide the outgoing packets from this server.

483.User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

A. Transport
B. Presentation
C. Application
D. Session
484. Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

A. Brute force attack

B. False-positive
C. Backdoor
D. False-negative

485. A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees don’t like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?
A. tcp.port = 23B. tcp.port == 21
C. tcp.port == 21 || tcp.port == 22
D. tcp.port != 21
486. CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this: From: [email protected] To: [email protected] Subject: Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message. This proves that CompanyXYZ’s email gateway doesn’t prevent what?
A. Email SpoofingB. Email PhishingC. Email HarvestingD. Email Masquerading
487. You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best nmap command you will use?

A. nmap -T4 -F 10.10.0.0/24
B. nmap -T4 -r 10.10.1.0/24
C. nmap -T4 -O 10.10.0.0/24
D. nmap -T4 -q 10.10.0.0/24

488. During a blackbox pentest you attempt to pass IRC traffic over port 80/tcp from a compromised web enabled host. The traffic gets blocked; however outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

A. StatefulB. CircuitC. Packet FilteringD. Application
489. Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
A. PKI
B. single sign on
C. biometrics
D. SOA

490. An ISP needs to authenticate users connecting using analog modems, DSL, wireless data services, and Virtual Private Networks (VPN) over frame relay networks. Which AAA protocol is most likely able to handle this requirement?

A. RADIUSB. TACACS+C. DIAMETERD. Kerberos

491. You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.
[email protected]_server:~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan)
xxxxxxx xxxxxx xxxxxxxxx. QUITTING! What seems to be wrong?

A. OS Scan requires root privileges.
B. The nmap syntax is wrong.
C. This is a common behavior for a corrupted nmap application.
D. The outgoing TCP/IP fingerprinting is blocked by the host firewall.

492. If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?
A. Spoof Scan
B. TCP Connect scan
C. TCP SYN
D. Idle Scan
493. You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System.
What is the best approach?

A. Install Cryptcat and encrypt outgoing packets from this server.
B. Install and use Telnet to encrypt all outgoing traffic from this server.
C. Use Alternate Data Streams to hide the outgoing packets from this server.
D. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems. 
494. You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23. Which of the following IP addresses could be leased as a result of the new configuration?
A. 10.1.255.200B. 10.1.4.254C. 10.1.5.200D. 10.1.4.156
495. You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?
A. Internet Firewall/Proxy logB. IDS logC. Event logs on the PCD. Event logs on domain controller

496. Which of the following is not a Bluetooth attack?
A. Bluedriving
B. Bluejacking
C. Bluesmacking
D. Bluesnarfing 
497. Which IPSEC mode should you use to assure security and confidentiality of data within the same LAN?

A. AH Tunnel ModeB. AH promiscuous modeC. ESP transport modeD. ESP confidential

498 When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open”, but sets the SSID to a 32-character string of random letters and numbers. What is an accurate assessment of this scenario from a security perspective?
A. Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging “security through obscurity”.
B. Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.
C. Javik’s router is still vulnerable to wireless hacking attempts, because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.
D. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.

499. You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: “‘FTP on the network!””;)

A. A Router IPTableB. FTP Server ruleC. A firewall IPTableD. An Intrusion Detection System
500. An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs the sequence of many of the logged events do not match up. What is the most likely cause?

A. The security breach was a false positive.B. The attacker altered or erased events from the logs.C. The network devices are not all synchronizedD. Proper chain of custody was not observed while collecting the logs.
501. When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine.What nmap script will help you with this task?A. http-headersB. http-gitC. http enumD. http-methods 
502. To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?
A. if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
B. if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
C. if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

503. Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

A. Web application firewallB. Packet firewallC. Stateful firewallD. Data-driven firewall

504. Why are containers less secure than VM’s?
A. Host OS on containers has a larger attack surface.B. Containers may fill disk space of the host.C. A compromised container may cause a CPU starvation of the host.D. Containers are attached to the same virtual network.

505. ping -* 6 192.168.0.101outputPinging 192.168.0.101 with 32 bytes of data:Reply from 192.168.0.101: bytes=32 time<1ms TTL=128Reply from 192.168.0.101: bytes=32 time<1ms TTL=128Reply from 192.168.0.101: bytes=32 time<1ms TTL=128Reply from 192.168.0.101: bytes=32 time<1ms TTL=128Reply from 192.168.0.101: bytes=32 time<1ms TTL=128Reply from 192.168.0.101: bytes=32 time<1ms TTL=128Ping statistics for 192.168.0.101: Packets: Sent = 6, Received = 6, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms What does the option * indicate?
A. tB. aC. sD. n
506. Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
A. FTPSB. SFTPC. SSLD. Ipsec
507. What is the process for allowing or blocking a specific port in the Windows firewall? (For example, TCP port 22 inbound)

A. A rule matching these requirements can be created in “Windows Firewall with Advanced Security”, located in the Control Panel.B. The only way to implement a specific rule like this is to use the “netsh” program on the command-line.C. This is not possible without installing third-party software since Windows only allows changing firewall settings for individual applications.D. The firewall rule must be added from within the application that is using that port.

Leave a Comment