QUESTION NO: 0
What is the BEST alternative if you discover that a rootkit has been installed on one of your
computers?
A.Copy the system files from a known good system
B.Perform a trap and trace
C.Delete the files and try to determine the source
D.Reload from a previous backup
E.Reload from known good media
QUESTION NO: 1
Why would you consider sending an email to an address that you know does not exist within
the company you are performing a Penetration Test for?
A.To determine who is the holder of the root account
B.To perform a DoS
C.To create needless SPAM
D.To illicit a response back that will reveal information about email servers and how they
treat undeliverable mail
E.To test for virus protection
QUESTION NO: 2
jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's
wireless network without a password. However. Jane has a long, complex password on her
router. What attack has likely occurred?
A.Wireless sniffing
B.Piggybacking
C.Evil twin
D.Wardriving
QUESTION NO: 3
Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing
for the attack, he attempts to enter the target network using techniques such as sending
spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these
techniques, he successfully deployed malware on the target system to establish an outbound
connection. What is the APT lifecycle phase that Harry is currently executing?
A.Preparation
B.Cleanup
C.Persistence
D.initial intrusion
QUESTION NO: 4
Steven connected his iPhone to a public computer that had been infected by Clark, an
attacker. After establishing the connection with the public computer, Steven enabled iTunes
WI-FI sync on the computer so that the device could continue communication with that
computer even after being physically disconnected. Now, Clark gains access to Steven's
iPhone through the infected computer and is able to monitor and read all of Steven's activity
on the iPhone, even after the device is out of the communication zone.
Which of the following attacks is performed by Clark in above scenario?
A.IOS trustjacking
B.lOS Jailbreaking
C.Exploiting SS7 vulnerability
D.Man-in-the-disk attack
�QUESTION NO: 5
Your organization has signed an agreement with a web hosting provider that requires you to
take full responsibility of the maintenance of the cloud-based resources. Which of the
following models covers this?
A.Platform as a service
B.Software as a service
C.Functions as a
D.service Infrastructure as a service
QUESTION NO: 6
Dorian Is sending a digitally signed email to Polly, with which key is Dorian signing this
message and how is Poly validating It?
A.Dorian is signing the message with his public key. and Poly will verify that the message
came from Dorian by using Dorian's private key.
B.Dorian Is signing the message with Polys public key. and Poly will verify that the message
came from Dorian by using Dorian's public key.
C.Dorian is signing the message with his private key. and Poly will verify that the message
came from Dorian by using Dorian's public key.
D.Dorian is signing the message with Polys private key. and Poly will verify mat the message
came from Dorian by using Dorian's public key.
QUESTION NO: 7
Which Nmap switch helps evade IDS or firewalls?
A.-n/-R
B.-0N/-0X/-0G
C.-T
D.-D
QUESTION NO: 8
Garry is a network administrator in an organization. He uses SNMP to manage networked
devices from a remote location. To manage nodes in the network, he uses MIB. which
contains formal descriptions of all network objects managed by SNMP. He accesses the
contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or
by entering the DNS library name and Lseries.mlb. He is currently retrieving information from
an MIB that contains object types for workstations and server services. Which of the following
types of MIB is accessed by Garry in the above scenario?
A.LNMIB2.MIB
B.WINS.MIB
C.DHCP.MIS
D.MIB_II.MIB
QUESTION NO: 9
Which of the following options represents a conceptual characteristic of an anomaly-based
IDS over a signature-based IDS?
A.Produces less false positives
B.Can identify unknown attacks
C.Requires vendor updates for a new threat
D.Cannot deal with encrypted network traffic
�QUESTION NO: 10
You are a Network Security Officer. You have two machines. The first machine
(192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog
installed. You perform a syn scan in your network, and you notice that kiwi syslog is not
receiving the alert message from snort. You decide to run wireshark in the snort machine to
check if the messages are going to the kiwi syslog machine. What Wireshark filter will show
the connections from the snort machine to kiwi syslog machine?
A.tcp.srcport= = 514 && ip.src= = 192.168.0.99
B.tcp.srcport= = 514 && ip.src= = 192.168.150
C.tcp.dstport= = 514 && ip.dst= = 192.168.0.99
D.tcp.dstport= = 514 && ip.dst= = 192.168.0.150
QUESTION NO: 11
The establishment of a TCP connection involves a negotiation called three-way handshake.
What type of message does the client send to the server in order to begin this negotiation?
A.ACK
B.SYN
C.RST
D.SYN-ACK
QUESTION NO: 12
Samuel a security administrator, is assessing the configuration of a web server. He noticed
that the server permits SSlv2 connections, and the same private key certificate is used on a
different server that allows SSLv2 connections. This vulnerability makes the web server
vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?
A. DROWN attack
B. Padding oracle attack
C. Side-channel attack
D. DUHK attack
QUESTION NO: 13
Scenario: Joe turns on his home computer to access personal online banking. When he
enters the URL www.bank.com. the website is displayed, but it prompts him to re-enter his
credentials as if he has never visited the site before. When he examines the website URL
closer, he finds that the site is not secure and the web address appears different. What type
of attack he is experiencing?.
A.Dos attack
B.DHCP spoofing
C.ARP cache poisoning
D.DNS hijacking
QUESTION NO: 14
Mirai malware targets loT devices. After infiltration, it uses them to propagate and create
botnets that then used to launch which types of attack?
A.MITM attack
B.Birthday attack
C.DDoS attack
D.Password attack
�QUESTION NO: 15
A company's security policy states that all Web browsers must automatically delete their
HTTP browser cookies upon terminating. What sort of security breach is this policy
attempting to mitigate?
A.Attempts by attackers to access the user and password information stored in the
company's SQL database.
B.Attempts by attackers to access Web sites that trust the Web browser user by stealing the
user's authentication credentials.
C.Attempts by attackers to access password stored on the user's computer without the
user's knowledge.
D.Attempts by attackers to determine the user's Web browser usage patterns, including
when sites were visited and for how long.
QUESTION NO: 16
The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as
dictionary attacks and key recovery attacks. For this purpose, the security team started
implementing cutting-edge technology that uses a modern key establishment protocol called
the simultaneous authentication of equals (SAE), also known as dragonfly key exchange,
which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by
Debry Inc.?
A.WEP
B.WPA
C.WPA2
D.WPA3
QUESTION NO: 17
George, an employee of an organization, is attempting to access restricted websites from an
official computer. For this purpose, he used an anonymizer that masked his real IP address
and ensured complete and continuous anonymity for all his online activities. Which of the
following anonymizers helps George hide his activities?
A.https://www.baidu.com
B.https://www.guardster.com
C.https://www.wolframalpha.com
D.https://karmadecay.com
QUESTION NO: 18
When you are testing a web application, it is very useful to employ a proxy tool to save every
request and response. You can manually test every request and analyze the response to find
vulnerabilities. You can test parameter and headers manually to get more precise results
than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?
A.Maskgen
B.Dimitry
C.Burpsuite
D.Proxychains
QUESTION NO: 19
Identify the correct terminology that defines the above statement.
A.Vulnerability Scanning
B.Penetration Testing
C.Security Policy Implementation
D.Designing Network Security
�QUESTION NO: 20
Roma is a member of a security team. She was tasked with protecting the internal network of
an organization from imminent threats. To accomplish this task, Roma fed threat intelligence
into the security devices in a digital format to block and identify inbound and outbound
malicious traffic entering the organization's network.
Which type of threat intelligence is used by Roma to secure the internal network?
A.Technical threat intelligence
B.Operational threat intelligence
C.Tactical threat intelligence
D.Strategic threat intelligence
QUESTION NO: 21
To create a botnet. the attacker can use several techniques to scan vulnerable machines.
The attacker first collects Information about a large number of vulnerable machines to create
a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list
to the newly compromised machines. The scanning process runs simultaneously. This
technique ensures the spreading and installation of malicious code in little time.
Which technique is discussed here?
A.Hit-list-scanning technique
B.Topological scanning technique
C.Subnet scanning technique
D.Permutation scanning technique
QUESTION NO: 22
How can you determine if an LM hash you extracted contains a password that is less than 8
characters long?
A.There is no way to tell because a hash cannot be reversed
B.The right most portion of the hash is always the same
C.The hash always starts with AB923D
D.The left most portion of the hash is always the same
E.A portion of the hash will be all 0's
QUESTION NO: 23
User A is writing a sensitive email message to user B outside the local network. User A has
chosen to use PKI to secure his message and ensure only user B can read the sensitive
email. At what layer of the OSI layer does the encryption and decryption of the message take
place?
A.Application
B.Transport
C.Session
D.Presentation
QUESTION NO: 24
An LDAP directory can be used to store information similar to a SQL database. LDAP uses a
_____ database structure instead of SQL's _____ structure. Because of this, LDAP has difficulty
representing many-to-one relationships.
A.Relational, Hierarchical
B.Strict, Abstract
C.Hierarchical, Relational
D.Simple, Complex
�QUESTION NO: 25
_________ is a type of phishing that targets high-profile executives such as CEOs, CFOs,
politicians, and celebrities who have access to confidential and highly valuable information.
A.Spear phishing
B.Whaling
C.Vishing
D.Phishing
QUESTION NO: 26
Which of the following algorithms can be used to guarantee the integrity of messages being
sent, in transit, or stored?
A.symmetric algorithms
B.asymmetric algorithms
C.hashing algorithms
D.integrity algorithms
QUESTION NO: 27
Which of the following programs is usually targeted at Microsoft Office products?
A.Polymorphic virus
B.Multipart virus
C.Macro virus
D.Stealth virus
QUESTION NO: 28
What is the purpose of DNS AAAA record?
A.Authorization, Authentication and Auditing record
B.Address prefix record
C.Address database record
D.IPv6 address resolution record
QUESTION NO: 29
In order to tailor your tests during a web-application scan, you decide to determine which
web-server version is hosting the application. On using the sV flag with Nmap. you obtain the
following response:
80/tcp open http-proxy Apache Server 7.1.6
what Information-gathering technique does this best describe?
A.WhOiS lookup
B.Banner grabbing
C.Dictionary attack
D.Brute forcing
QUESTION NO: 30
Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his
company's network infrastructure to identify security loopholes. In this process, he started to
circumvent the network protection tools and firewalls used in the company. He employed a
technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST
or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust
the network resources. What is the attack technique used by Jude for finding loopholes in the
above scenario?
A.UDP flood attack
B.Ping-of-death attack
C.Spoofed session flood attack
�D.Peer-to-peer attack
QUESTION NO: 31
David is a security professional working in an organization, and he is implementing a
vulnerability management program in the organization to evaluate and control the risks and
vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes
on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of
the vulnerability-management life cycle is David currently in?
A.verification
B.Risk assessment
C.Vulnerability scan
D.Remediation
QUESTION NO: 32
Which of the following web vulnerabilities would an attacker be attempting to exploit if they
delivered the following input?
<!DOCTYPE blah [ < IENTITY trustme SYSTEM "file:///etc/passwd" > ] >
A.XXE
B.SQLi
C.IDOR
D.XXS
QUESTION NO: 33
Juliet, a security researcher in an organization, was tasked with checking for the authenticity
of images to be used in the organization's magazines. She used these images as a search
query and tracked the original source and details of the images, which included photographs,
profile pictures, and memes. Which of the following footprinting techniques did Rachel use to
finish her task?
A.Reverse image search
B.Meta search engines
C.Advanced image search
D.Google advanced search
QUESTION NO: 34
Which of the following describes the characteristics of a Boot Sector Virus?
A.Modifies directory table entries so that directory entries point to the virus code instead of
the actual program.
B.Moves the MBR to another location on the RAM and copies itself to the original location of
the MBR.
C.Moves the MBR to another location on the hard disk and copies itself to the original
location of the MBR.
D.Overwrites the original MBR and only executes the new virus code.
QUESTION NO: 35
Which of the following is the BEST way to defend against network sniffing?
A.Using encryption protocols to secure network communications
B.Register all machines MAC Address in a Centralized Database
C.Use Static IP Address
D.Restrict Physical Access to Server Rooms hosting Critical Servers
QUESTION NO: 36
You have the SOA presented below in your Zone.
�Your secondary servers have not been able to contact your primary server to synchronize
information. How long will the secondary servers attempt to contact the primary server before
it considers that zone is dead and stops responding to queries?
collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)
A.One day
B.One hour
C.One week
D.One month
QUESTION NO: 37
Clark, a professional hacker, was hired by an organization lo gather sensitive Information
about its competitors surreptitiously. Clark gathers the server IP address of the target
organization using Whole footprinting. Further, he entered the server IP address as an input
to an online tool to retrieve information such as the network range of the target organization
and to identify the network topology and operating system used in the network. What is the
online tool employed by Clark in the above scenario?
A.AOL
B.ARIN
C.DuckDuckGo
D.Baidu
QUESTION NO: 38
How does a denial-of-service attack work?
A.A hacker prevents a legitimate user (or group of users) from accessing a service
B.A hacker uses every character, word, or letter he or she can think of to defeat
authentication
C.A hacker tries to decipher a password by using a system, which subsequently crashes the
network
D.A hacker attempts to imitate a legitimate user by confusing a computer or even another
person
QUESTION NO: 39
A large mobile telephony and data network operator has a data center that houses network
elements. These are essentially large computers running on Linux. The perimeter of the data
center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?
A.Network elements must be hardened with user ids and strong passwords. Regular security
tests and audits should be performed.
B.As long as the physical access to the network elements is restricted, there is no need for
additional measures.
C.There is no need for specific security measures on the network elements as long as
firewalls and IPS systems exist.
D.The operator knows that attacks and down time are inevitable and should have a backup
site.
QUESTION NO: 40
Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated
tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read, and
export sensitive information shared between connected devices. To perform this attack, Clark
executed various btlejack commands. Which of the following commands was used by Clark
to hijack the connections?
A.btlejack-f 0x129f3244-j
�B.btlejack -c any
C.btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s
D.btlejack -f 0x9c68fd30 -t -m 0x1 fffffffff
QUESTION NO: 41
You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using
social engineering, you come to know that they are enforcing strong passwords. You
understand that all users are required to use passwords that are at least 8 characters in
length. All passwords must also use 3 of the 4 following categories: lower case letters, capital
letters, numbers and special characters. With your existing knowledge of users, likely user
account names and the possibility that they will choose the easiest passwords possible, what
would be the fastest type of password cracking attack you can run against these hash values
and still get results?
A.Online Attack
B.Dictionary Attack
C.Brute Force Attack
D.Hybrid Attack
QUESTION NO: 42
Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless
communications. He installed a fake communication tower between two authentic endpoints
to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between
the user and real tower, attempting to hijack an active session, upon receiving the users
request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a
malicious website. What is the attack performed by Bobby in the above scenario?
A.Wardriving
B.KRACK attack
C.jamming signal attack
D.aLTEr attack
QUESTION NO: 43
Which access control mechanism allows for multiple systems to use a central authentication
server (CAS) that permits users to authenticate once and gain access to multiple systems?
A.Role Based Access Control (RBAC)
B.Discretionary Access Control (DAC)
C.Single sign-on
D.Windows authentication
QUESTION NO: 44
Attacker Rony installed a rogue access point within an organization's perimeter and
attempted to intrude into its internal network. Johnson, a security auditor, identified some
unusual traffic in the internal network that is aimed at cracking the authentication mechanism.
He immediately turned off the targeted network and tested for any weak and outdated
security mechanisms that are open to attack. What is the type of vulnerability assessment
performed by johnson in the above scenario?
A.Host-based assessment
B.Wireless network assessment
C.Application assessment
D.Distributed assessment
QUESTION NO: 45
Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to
�gather as much information as possible. Using this technique, he gathers domain information
such as the target domain name, contact details of its owner, expiry date, and creation date.
With this information, he creates a map of the organization's network and misleads domain
owners with social engineering to obtain internal details of its network. What type of
footprinting technique is employed by Richard?
A.VPN footprinting
B.Email footprinting
C.VoIP footprinting
D.Whois footprinting
QUESTION NO: 46
Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128,192, or 256
bits into a software program, which involves 32 rounds of computational operations that
include substitution and permutation operations on four 32-bit word blocks using 8-variable Sboxes
with 4-bit entry and 4-bit exit. Which of the following algorithms includes all the above
features and can be integrated by Tony into the software program?
A.TEA
B.CAST-128
C.RC5
D.serpent
QUESTION NO: 47
Based on the following extract from the log of a compromised machine, what is the hacker
really trying to steal?
A.har.txt
B.SAM file
C.wwwroot
D.Repair file
QUESTION NO: 48
The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and
UDP traffic in the host
10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other
traffic. After he applied his ACL configuration in the router, nobody can access the ftp, and
the permitted hosts cannot access the Internet. According to the next configuration, what is
happening in the network?
access-list 102 deny tcp any any
access-list 104 permit udp host 10.0.0.3 any
access-list 110 permit tcp host 10.0.0.2 eq www any
access-list 108 permit tcp any eq ftp any
A.The ACL 104 needs to be first because is UDP
B.The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router
C.The ACL for FTP must be before the ACL 110
D.The ACL 110 needs to be changed to port 80
QUESTION NO: 49
A Security Engineer at a medium-sized accounting firm has been tasked with discovering
how much information can be obtained from the firm's public facing web servers. The
engineer decides to start by using netcat to port 80.
The engineer receives this output:
HTTP/1.1 200 OK
�Server: Microsoft-IIS/6
Expires: Tue, 17 Jan 2011 01:41:33 GMT
Date: Mon, 16 Jan 2011 01:41:33 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last Modified: Wed, 28 Dec 2010 15:32:21 GMT
ETag:"b0aac0542e25c31:89d"
Content-Length: 7369
Which of the following is an example of what the engineer performed?
A.Banner grabbing
B.SQL injection
C.Whois database query
D.Cross-site scripting
QUESTION NO: 50
An organization decided to harden its security against web-application and web-server
attacks. John, a security personnel in the organization, employed a security scanner to
automate web-application security testing and to guard the organization's web infrastructure
against web-application threats. Using that tool, he also wants to detect XSS, directory
transversal problems, fault injection, SQL injection, attempts to execute commands, and
several other attacks. Which of the following security scanners will help John perform the
above task?
A.AlienVault®OSSIM
B.Syhunt Hybrid
C.Saleae Logic Analyzer
D.Cisco ASA
