An IT employee got a call from one of our best customers. The caller wanted to know about the company’s network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which tool could the tester use to get a response from a host using TCP?

How can telnet be used to fingerprint a web server?

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause?

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

An attacker gains access to a Web servers database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web sites user login page that the softwares designers did not expect to be entered. This is an example of what kind of software design problem?

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation.

What command will help you to search files using Google as a search engine?

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?

Which of the following is a protocol specifically designed for transporting event messages?

Which of the following is the successor of SSL?

What is a “Collision attack” in cryptography?

Advanced encryption standard is an algorithm used for which of the following?

In order to have an anonymous Internet surf, which of the following is best choice?

A penetration test was done at a company. After the test, a report was written and given to the companys IT authorities. A section from the report is shown below:

a.Access List should be written between VLANs.

b.Port security should be enabled for the intranet.

c.A security solution which filters data packets should be set between intranet (LAN) and DMZ.

d.A WAF should be used in front of the web applications.

According to the section from the report, which of the following choice is true?

You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions.

Which command-line utility are you most likely to use?

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASPs Top Ten Project Most Critical Web Application Security Risks?

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file is a file named “Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This word document is corrupt.” In the background, the file copies itself to Jesse APPDATAlocal directory and begins to beacon to a C2 server to download additional malicious binaries.

What type of malware has Jesse encountered?

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities.

Example: allintitle: root passwd

Which of the following is the greatest threat posed by backups?

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

Which of the following is not a Bluetooth attack?

What statement is true regarding LM hashes?

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.

Based on this information, what should be one of your key recommendations to the bank?

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named “nc.” The FTP servers access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP servers software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to “www.MyPersonalBank.com”, that the user is directed to a phishing site.

Which file does the attacker need to modify?

An IT employee got a call from one of our best customers. The caller wanted to know about the companys network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides security through obscurity.
What technique is Ricardo using?

Bob received this text message on his mobile phone: ““Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]””. Which statement below is true?

env x=(){ :;};echo exploit bash -c cat /etc/passwd
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.

Which tool can be used to perform session splicing attacks?

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

Which of the following security operations is used for determining the attack surface of an organization?

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the companys external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

What proxy tool will help you find web vulnerabilities?

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it.

What tool will help you with the task?

How does the Address Resolution Protocol (ARP) work?

Emil uses nmap to scan two hosts using this command.

nmap -sS -T4 -O 192.168.99.1 192.168.99.7

He receives this output:

Nmap scan report for 192.168.99.1 Host is up (0.00082s latency). Not shown: 994 filtered ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 53/tcp open domain 80/tcp open http 161/tcp closed snmp MAC Address: B0:75:D5:33:57:74 (ZTE) Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 – 2.6.33 Network Distance: 1 hop

Nmap scan report for 192.168.99.7 Host is up (0.000047s latency). All 1000 scanned ports on 192.168.99.7 are closed Too many fingerprints match this host to give specific OS details Network Distance: 0 hops

What is his conclusion?

The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

Which of the following parameters enables NMAPs operating system detection feature?

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive.

Which of the following is being described?

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

Which of the following describes the characteristics of a Boot Sector Virus?

Which of the following tools can be used for passive OS fingerprinting?

Smart cards use which protocol to transfer the certificate in a secure manner?

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous penetration tests. What should you do?