You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" CEH Practice Test 18 "
0 of 64 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
CEH
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Answered
Review
Question 1 of 64
1. Question
Which of the following configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive?
Correct
Promiscuous mode refers to the special mode of Ethernet hardware that allows a NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (a.k.a. MAC) of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting.
Incorrect
Promiscuous mode refers to the special mode of Ethernet hardware that allows a NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (a.k.a. MAC) of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting.
Unattempted
Promiscuous mode refers to the special mode of Ethernet hardware that allows a NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (a.k.a. MAC) of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting.
Question 2 of 64
2. Question
You were hired to perform a penetration testing and security assessments for small company in the local area. While conducting a routine security assessment, you discovered that your client is involved in human trafficking. What should you do?
Correct
You must report your client immediately if they are involved in any illegal activities.
Incorrect
You must report your client immediately if they are involved in any illegal activities.
Unattempted
You must report your client immediately if they are involved in any illegal activities.
Question 3 of 64
3. Question
Using a smart card and a PIN as a two-factor authentication satisfies which of the following?
Correct
Smart card = Something you have
PIN = Something you know
Incorrect
Smart card = Something you have
PIN = Something you know
Unattempted
Smart card = Something you have
PIN = Something you know
Question 4 of 64
4. Question
David was hired to do penetration testing in a bank. He was able to gain access to the system via a buffer overflow exploit. Upon further investigation, he found a folder filled with usernames and passwords. This includes the administrator’s bank account password and login information to his bitcoin account. What should David do?
Correct
Immediately report the findings to the administrator to avoid future damages.
Incorrect
Immediately report the findings to the administrator to avoid future damages.
Unattempted
Immediately report the findings to the administrator to avoid future damages.
Question 5 of 64
5. Question
Which of the following tools can be used in password cracking of Server Message Block (SMB)?
Correct
L0phtCrack is a Windows password recovery tool that can be used by cybercriminals with the dictionary, brute force, and hybrid password-cracking attacks. SMBRelay is a Server Message Block (SMB) server that is used to grab usernames and password hashes from inbound SMB traffic.
Incorrect
L0phtCrack is a Windows password recovery tool that can be used by cybercriminals with the dictionary, brute force, and hybrid password-cracking attacks. SMBRelay is a Server Message Block (SMB) server that is used to grab usernames and password hashes from inbound SMB traffic.
Unattempted
L0phtCrack is a Windows password recovery tool that can be used by cybercriminals with the dictionary, brute force, and hybrid password-cracking attacks. SMBRelay is a Server Message Block (SMB) server that is used to grab usernames and password hashes from inbound SMB traffic.
Question 6 of 64
6. Question
Which of the following does not belong to the group?
Correct
Phases of Ethical Hacking
1. Reconnaissance
2. Scanning and Enumeration
3. Gaining Access
4. Maintaining Access
5. Clearing and Covering Tracks
Incorrect
Phases of Ethical Hacking
1. Reconnaissance
2. Scanning and Enumeration
3. Gaining Access
4. Maintaining Access
5. Clearing and Covering Tracks
Unattempted
Phases of Ethical Hacking
1. Reconnaissance
2. Scanning and Enumeration
3. Gaining Access
4. Maintaining Access
5. Clearing and Covering Tracks
Question 7 of 64
7. Question
Which of the following is the best way to prevent network sniffing?
Correct
Aside from refraining from using public networks, encryption is the best bet for protecting the network from potential packet sniffers.
Incorrect
Aside from refraining from using public networks, encryption is the best bet for protecting the network from potential packet sniffers.
Unattempted
Aside from refraining from using public networks, encryption is the best bet for protecting the network from potential packet sniffers.
Question 8 of 64
8. Question
Which type of security document is written with specific step-by-step details?
Correct
A security procedure is a set sequence of necessary activities that performs a specific security task or function. Procedures are normally designed as a series of steps to be followed as a consistent and repetitive approach or cycle to accomplish a result.
Incorrect
A security procedure is a set sequence of necessary activities that performs a specific security task or function. Procedures are normally designed as a series of steps to be followed as a consistent and repetitive approach or cycle to accomplish a result.
Unattempted
A security procedure is a set sequence of necessary activities that performs a specific security task or function. Procedures are normally designed as a series of steps to be followed as a consistent and repetitive approach or cycle to accomplish a result.
Question 9 of 64
9. Question
Which of the following is/are known weaknesses of Windows LAN Manager (LM)?
Correct
The LM hash is computed as follows.
1. The user’s password as an OEM string is converted to uppercase.
2. This password is either null-padded or truncated to 14 bytes.
3. The “fixed-length” password is split into two 7-byte halves.
4. These values are used to create two DES keys, one from each 7-byte half.
5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values.
6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. The hashes themself are sent in clear text over the network instead of sending the password in cleartext.
Incorrect
The LM hash is computed as follows.
1. The user’s password as an OEM string is converted to uppercase.
2. This password is either null-padded or truncated to 14 bytes.
3. The “fixed-length” password is split into two 7-byte halves.
4. These values are used to create two DES keys, one from each 7-byte half.
5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values.
6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. The hashes themself are sent in clear text over the network instead of sending the password in cleartext.
Unattempted
The LM hash is computed as follows.
1. The user’s password as an OEM string is converted to uppercase.
2. This password is either null-padded or truncated to 14 bytes.
3. The “fixed-length” password is split into two 7-byte halves.
4. These values are used to create two DES keys, one from each 7-byte half.
5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values.
6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. The hashes themself are sent in clear text over the network instead of sending the password in cleartext.
Question 10 of 64
10. Question
This type of IDS (Intrusion Detection System) can monitor and automatically defend against attacks.
Correct
An active Intrusion Detection System (IDS) is also known as Intrusion Detection and Prevention System (IDPS). It is configured to automatically block suspected attacks without any intervention required by an operator.
Incorrect
An active Intrusion Detection System (IDS) is also known as Intrusion Detection and Prevention System (IDPS). It is configured to automatically block suspected attacks without any intervention required by an operator.
Unattempted
An active Intrusion Detection System (IDS) is also known as Intrusion Detection and Prevention System (IDPS). It is configured to automatically block suspected attacks without any intervention required by an operator.
Question 11 of 64
11. Question
Brian is working as a Security Analyst in a large manufacturing company. The company owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, he discovered a high number of outbound connections from one of the company’s internal IP to a blacklisted public IP. Upon further investigating, the internal communicating devices are already compromised. What kind of attack is being described in the scenario?
Correct
Botnet refers to the group of hijacked or infected computers, servers, mobile devices, and IoT (Internet of Things) devices that are being controlled by a hacker. Botnets are used to carry out malicious activities such as account credential leakage, unauthorized access and clicking of ads, sending spam emails, and participating in DDoS (Distributed Denial of Service) attacks.
Incorrect
Botnet refers to the group of hijacked or infected computers, servers, mobile devices, and IoT (Internet of Things) devices that are being controlled by a hacker. Botnets are used to carry out malicious activities such as account credential leakage, unauthorized access and clicking of ads, sending spam emails, and participating in DDoS (Distributed Denial of Service) attacks.
Unattempted
Botnet refers to the group of hijacked or infected computers, servers, mobile devices, and IoT (Internet of Things) devices that are being controlled by a hacker. Botnets are used to carry out malicious activities such as account credential leakage, unauthorized access and clicking of ads, sending spam emails, and participating in DDoS (Distributed Denial of Service) attacks.
Question 12 of 64
12. Question
This has been used by government authorities before as their methods of information discovery?
Correct
Correct Answer:
A. Wiretapping
Explanation:
Wiretapping is a well-established method used by law enforcement and intelligence agencies to intercept electronic communications. It involves monitoring a communication channel, such as a phone line or network cable, to capture the transmitted data (voice conversations, emails, etc.). This data can then be analyzed to gather information.
It has been used by government authorities as a method of information discovery. Wiretapping refers to the interception and monitoring of private communications, such as telephone conversations, without the consent of the parties involved. This technique has been historically used by law enforcement and intelligence agencies to gather information and evidence for investigations.
Incorrect Answers:
B. Spoofing: Spoofing involves creating fake identities or data to deceive a system or user. While it can be used to gain unauthorized access to information, it’s not typically the primary method for government information discovery through network monitoring. Spoofing is a technique where the attacker impersonates another entity, such as a website or email address, to deceive the victim. While spoofing can be used for information gathering, it is not the same as wiretapping.
C. SMB Signing: SMB signing is a security mechanism used in the Server Message Block (SMB) protocol to ensure data integrity during file sharing. It’s not directly related to information discovery by government authorities. signing is a security feature that provides authentication and integrity for SMB communications. It is not a method of information discovery used by government authorities.
Additional Notes:
The legality of wiretapping can vary depending on the jurisdiction and the specific circumstances.
There are strict regulations governing how and when government agencies can use wiretapping for information gathering.
By understanding these methods, ethical hackers can better identify potential vulnerabilities and develop security measures to protect sensitive information.
Incorrect
Correct Answer:
A. Wiretapping
Explanation:
Wiretapping is a well-established method used by law enforcement and intelligence agencies to intercept electronic communications. It involves monitoring a communication channel, such as a phone line or network cable, to capture the transmitted data (voice conversations, emails, etc.). This data can then be analyzed to gather information.
It has been used by government authorities as a method of information discovery. Wiretapping refers to the interception and monitoring of private communications, such as telephone conversations, without the consent of the parties involved. This technique has been historically used by law enforcement and intelligence agencies to gather information and evidence for investigations.
Incorrect Answers:
B. Spoofing: Spoofing involves creating fake identities or data to deceive a system or user. While it can be used to gain unauthorized access to information, it’s not typically the primary method for government information discovery through network monitoring. Spoofing is a technique where the attacker impersonates another entity, such as a website or email address, to deceive the victim. While spoofing can be used for information gathering, it is not the same as wiretapping.
C. SMB Signing: SMB signing is a security mechanism used in the Server Message Block (SMB) protocol to ensure data integrity during file sharing. It’s not directly related to information discovery by government authorities. signing is a security feature that provides authentication and integrity for SMB communications. It is not a method of information discovery used by government authorities.
Additional Notes:
The legality of wiretapping can vary depending on the jurisdiction and the specific circumstances.
There are strict regulations governing how and when government agencies can use wiretapping for information gathering.
By understanding these methods, ethical hackers can better identify potential vulnerabilities and develop security measures to protect sensitive information.
Unattempted
Correct Answer:
A. Wiretapping
Explanation:
Wiretapping is a well-established method used by law enforcement and intelligence agencies to intercept electronic communications. It involves monitoring a communication channel, such as a phone line or network cable, to capture the transmitted data (voice conversations, emails, etc.). This data can then be analyzed to gather information.
It has been used by government authorities as a method of information discovery. Wiretapping refers to the interception and monitoring of private communications, such as telephone conversations, without the consent of the parties involved. This technique has been historically used by law enforcement and intelligence agencies to gather information and evidence for investigations.
Incorrect Answers:
B. Spoofing: Spoofing involves creating fake identities or data to deceive a system or user. While it can be used to gain unauthorized access to information, it’s not typically the primary method for government information discovery through network monitoring. Spoofing is a technique where the attacker impersonates another entity, such as a website or email address, to deceive the victim. While spoofing can be used for information gathering, it is not the same as wiretapping.
C. SMB Signing: SMB signing is a security mechanism used in the Server Message Block (SMB) protocol to ensure data integrity during file sharing. It’s not directly related to information discovery by government authorities. signing is a security feature that provides authentication and integrity for SMB communications. It is not a method of information discovery used by government authorities.
Additional Notes:
The legality of wiretapping can vary depending on the jurisdiction and the specific circumstances.
There are strict regulations governing how and when government agencies can use wiretapping for information gathering.
By understanding these methods, ethical hackers can better identify potential vulnerabilities and develop security measures to protect sensitive information.
Question 13 of 64
13. Question
Which of the following provides the difference between an anomaly-based IDS over a signature-based IDS?
Correct
A signature-based IDS can only detect known attacks for which a signature has previously been created.
Incorrect
A signature-based IDS can only detect known attacks for which a signature has previously been created.
Unattempted
A signature-based IDS can only detect known attacks for which a signature has previously been created.
Question 14 of 64
14. Question
A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a password for the forms or a new document, the student decides to write a script that pulls passwords from a list of commonly used passwords instead. He will use this to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting?
Correct
A dictionary attack is a brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords.
Incorrect
A dictionary attack is a brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords.
Unattempted
A dictionary attack is a brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords.
Question 15 of 64
15. Question
Which of the following is/are types of honeypot deployments?
Correct
Pure, low-interaction, and high-interaction are types of honeypot deployments.
Incorrect
Pure, low-interaction, and high-interaction are types of honeypot deployments.
Unattempted
Pure, low-interaction, and high-interaction are types of honeypot deployments.
Question 16 of 64
16. Question
This type of IDS (Intrusion Detection System) can monitor and alert on attacks, but cannot stop them.
Correct
A passive IDS is a system that’s configured to only monitor and analyze network traffic activity and alert an operator to potential vulnerabilities and attacks. A passive IDS is not capable of performing any protective or corrective functions on its own.
Incorrect
A passive IDS is a system that’s configured to only monitor and analyze network traffic activity and alert an operator to potential vulnerabilities and attacks. A passive IDS is not capable of performing any protective or corrective functions on its own.
Unattempted
A passive IDS is a system that’s configured to only monitor and analyze network traffic activity and alert an operator to potential vulnerabilities and attacks. A passive IDS is not capable of performing any protective or corrective functions on its own.
Question 17 of 64
17. Question
Which of the following does not below to the group?
Correct
Cross-site scripting, Broken Authentication, and Injection belong to the OWASP Top 10 Web Application Security Risks.
Incorrect
Cross-site scripting, Broken Authentication, and Injection belong to the OWASP Top 10 Web Application Security Risks.
Unattempted
Cross-site scripting, Broken Authentication, and Injection belong to the OWASP Top 10 Web Application Security Risks.
Question 18 of 64
18. Question
Rick works as a penetration tester at SIA University. Which type of virus detection method is used if he uses a detection method where the anti-virus executes the malicious codes on a VM to simulate CPU and memory activities?
Correct
The code emulation method of malware detection scans a file’s behavior by emulating its execution in a virtual (emulated) environment.
Incorrect
The code emulation method of malware detection scans a file’s behavior by emulating its execution in a virtual (emulated) environment.
Unattempted
The code emulation method of malware detection scans a file’s behavior by emulating its execution in a virtual (emulated) environment.
Question 19 of 64
19. Question
This type of attack poses as an authorized AP by beaconing the WLAN’s SSID to lure users.
Correct
Evil Twin is a wireless AP that pretends to be a legitimate AP by imitating another network name. It poses a clear and present danger to wireless users on private and public WLANs.
Incorrect
Evil Twin is a wireless AP that pretends to be a legitimate AP by imitating another network name. It poses a clear and present danger to wireless users on private and public WLANs.
Unattempted
Evil Twin is a wireless AP that pretends to be a legitimate AP by imitating another network name. It poses a clear and present danger to wireless users on private and public WLANs.
Question 20 of 64
20. Question
John received a distraught call from his company’s security team. They told him that they are under a denial of service attack. Coincidentally, John is performing a ping scan into a target network and when he stopped his scan, the smurf attack event stops showing too on the IDS monitor. What should John do to avoid triggering this event in the IDS?
Correct
Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time.
Incorrect
Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time.
Unattempted
Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time.
Question 21 of 64
21. Question
This security policy defines the use of VPN for gaining access to an internal corporate network.
Correct
Remote-Access Policy (RAP) contains a set of rules that define authorized connections. It defines who can have remote access, the access medium, and remote access security controls. This policy is essential in larger organizations since most employees are now working from home.
Incorrect
Remote-Access Policy (RAP) contains a set of rules that define authorized connections. It defines who can have remote access, the access medium, and remote access security controls. This policy is essential in larger organizations since most employees are now working from home.
Unattempted
Remote-Access Policy (RAP) contains a set of rules that define authorized connections. It defines who can have remote access, the access medium, and remote access security controls. This policy is essential in larger organizations since most employees are now working from home.
Question 22 of 64
22. Question
Which of the following types of FTP allows a user to access a certain directory and its contents (even without permission) as long as the user knows the correct path and file name.
Correct
Blind FTP, also known as anonymous FTP, allows users to go directly to a specific directory as long as they use the correct path and file name.
Incorrect
Blind FTP, also known as anonymous FTP, allows users to go directly to a specific directory as long as they use the correct path and file name.
Unattempted
Blind FTP, also known as anonymous FTP, allows users to go directly to a specific directory as long as they use the correct path and file name.
Question 23 of 64
23. Question
This risk will remain even after applying all the theoretically possible safety measures?
Correct
According to ISO 27001, residual risk is “the risk remaining after risk treatment”.
Incorrect
According to ISO 27001, residual risk is “the risk remaining after risk treatment”.
Unattempted
According to ISO 27001, residual risk is “the risk remaining after risk treatment”.
Question 24 of 64
24. Question
This tool is used by cybercriminals in achieving a connection to a remote computer and then executing a Trojan on it?
Correct
PsExec or psexec.exe is a command-line utility built for Windows. It allows administrators to run programs on local and more commonly remote computers.
Incorrect
PsExec or psexec.exe is a command-line utility built for Windows. It allows administrators to run programs on local and more commonly remote computers.
Unattempted
PsExec or psexec.exe is a command-line utility built for Windows. It allows administrators to run programs on local and more commonly remote computers.
Question 25 of 64
25. Question
Which of the following is/are NOT an example of a Denial of Service (DoS) attack?
Correct
Denial of service, or DoS, is an attack on a computer or network which makes it inaccessible to the user. Some popular DoS attacks are SYN flood, ICMP flood, and smurf.
Incorrect
Denial of service, or DoS, is an attack on a computer or network which makes it inaccessible to the user. Some popular DoS attacks are SYN flood, ICMP flood, and smurf.
Unattempted
Denial of service, or DoS, is an attack on a computer or network which makes it inaccessible to the user. Some popular DoS attacks are SYN flood, ICMP flood, and smurf.
Question 26 of 64
26. Question
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 15?
Correct
· DH Group 1: 768-bit group
· DH Group 2: 1024-bit group
· DH Group 5: 1536-bit group
· DH Group 14: 2048-bit group
· DH Group 15: 3072-bit group
Incorrect
· DH Group 1: 768-bit group
· DH Group 2: 1024-bit group
· DH Group 5: 1536-bit group
· DH Group 14: 2048-bit group
· DH Group 15: 3072-bit group
Unattempted
· DH Group 1: 768-bit group
· DH Group 2: 1024-bit group
· DH Group 5: 1536-bit group
· DH Group 14: 2048-bit group
· DH Group 15: 3072-bit group
Question 27 of 64
27. Question
Janine is a Linux administrator from SIA Global Security. She was hired by a large financial company to investigate the recent suspicious logins on a Linux server occurring during non-business hours. After further checking, Janine realizes the system time on the Linux server is wrong by more than twelve hours. What protocol has stopped working on Linux servers which affected the synchronization of time?
Correct
Network Time Protocol (NTP) is a protocol used to synchronize computer clock times in a network.
Incorrect
Network Time Protocol (NTP) is a protocol used to synchronize computer clock times in a network.
Unattempted
Network Time Protocol (NTP) is a protocol used to synchronize computer clock times in a network.
Question 28 of 64
28. Question
Which of the following tool can be used in performing session splicing attacks?
Correct
A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets with small payloads. A whisker is an evasion tool that crafts packets with small payloads referred to as session splicing.
Incorrect
A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets with small payloads. A whisker is an evasion tool that crafts packets with small payloads referred to as session splicing.
Unattempted
A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets with small payloads. A whisker is an evasion tool that crafts packets with small payloads referred to as session splicing.
Question 29 of 64
29. Question
Which of the following is the phase where the actual ethical hacking takes place. This involves attacking one device and controlling it to perform another attack on another device connected in the same network.
Correct
The third phase of ethical hacking known as Gaining access. This is the phase where the actual ethical hacking takes place. The system weaknesses or vulnerabilities found in phases one and two were exploited by the hacker to obtain access to the system.
Incorrect
The third phase of ethical hacking known as Gaining access. This is the phase where the actual ethical hacking takes place. The system weaknesses or vulnerabilities found in phases one and two were exploited by the hacker to obtain access to the system.
Unattempted
The third phase of ethical hacking known as Gaining access. This is the phase where the actual ethical hacking takes place. The system weaknesses or vulnerabilities found in phases one and two were exploited by the hacker to obtain access to the system.
Question 30 of 64
30. Question
Which of the following encryption levels does WPA2 use AES for wireless data encryption?
Correct
WPA2 is an updated version of WPA that uses AES encryption and long passwords to create a secured network. CCMP, also known as AES CCMP is the security standard used with WPA2 wireless networks. CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks.
Incorrect
WPA2 is an updated version of WPA that uses AES encryption and long passwords to create a secured network. CCMP, also known as AES CCMP is the security standard used with WPA2 wireless networks. CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks.
Unattempted
WPA2 is an updated version of WPA that uses AES encryption and long passwords to create a secured network. CCMP, also known as AES CCMP is the security standard used with WPA2 wireless networks. CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks.
Question 31 of 64
31. Question
Which of the following belongs to OWASP Top 10 Web Application Security Risks?
Correct
Cross-site scripting, Broken Authentication, and Injection belong to the OWASP Top 10 Web Application Security Risks.
Incorrect
Cross-site scripting, Broken Authentication, and Injection belong to the OWASP Top 10 Web Application Security Risks.
Unattempted
Cross-site scripting, Broken Authentication, and Injection belong to the OWASP Top 10 Web Application Security Risks.
Question 32 of 64
32. Question
Which of the following can be used by cybercriminals to hide secret data within a text file?
Correct
Snow.exe is a steganography tool that can be used to embed and mask secret data within simple text files. Since spaces and tabs are usually not visible in text viewers, where the file will likely open, messages can be effectively sneaked in without cluing in an unguarded observer.
Incorrect
Snow.exe is a steganography tool that can be used to embed and mask secret data within simple text files. Since spaces and tabs are usually not visible in text viewers, where the file will likely open, messages can be effectively sneaked in without cluing in an unguarded observer.
Unattempted
Snow.exe is a steganography tool that can be used to embed and mask secret data within simple text files. Since spaces and tabs are usually not visible in text viewers, where the file will likely open, messages can be effectively sneaked in without cluing in an unguarded observer.
Question 33 of 64
33. Question
This tool is specifically designed to find potential exploits in Microsoft Windows products?
Correct
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for IT professionals and helps small and medium-sized businesses determine their security state per Microsoft security recommendations and offers specific remediation guidance. It is a standalone security and vulnerability scanner designed to provide a streamlined method for identifying common security misconfigurations and missing security updates.
Incorrect
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for IT professionals and helps small and medium-sized businesses determine their security state per Microsoft security recommendations and offers specific remediation guidance. It is a standalone security and vulnerability scanner designed to provide a streamlined method for identifying common security misconfigurations and missing security updates.
Unattempted
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for IT professionals and helps small and medium-sized businesses determine their security state per Microsoft security recommendations and offers specific remediation guidance. It is a standalone security and vulnerability scanner designed to provide a streamlined method for identifying common security misconfigurations and missing security updates.
Question 34 of 64
34. Question
Which of the following are characteristics of a strong password commonly found in a password policy? Select all that applies.
Correct
A password policy encourages users to use strong passwords and update them properly to enhance a web server’s security.
Incorrect
A password policy encourages users to use strong passwords and update them properly to enhance a web server’s security.
Unattempted
A password policy encourages users to use strong passwords and update them properly to enhance a web server’s security.
Question 35 of 64
35. Question
This security policy ensures that updates to policies, procedures, and configurations are controlled and documented.
Correct
Change Management Policy refers to a process of making changes to IT, software development, and security services or operations. This policy aims to increase the awareness and understanding of proposed changes across an organization and ensure these changes are conducted methodically to minimize any unfavorable impact on services and customers.
Incorrect
Change Management Policy refers to a process of making changes to IT, software development, and security services or operations. This policy aims to increase the awareness and understanding of proposed changes across an organization and ensure these changes are conducted methodically to minimize any unfavorable impact on services and customers.
Unattempted
Change Management Policy refers to a process of making changes to IT, software development, and security services or operations. This policy aims to increase the awareness and understanding of proposed changes across an organization and ensure these changes are conducted methodically to minimize any unfavorable impact on services and customers.
Question 36 of 64
36. Question
Password stealing is a cyberattack that allows cybercriminals to utilize user credentials that can cause significant data losses from the system. Which of the following is/are NOT a type of password attack?
Correct
Password hashing is a password encryption method done before its storage so that the system password databases cannot easily be decrypted.
Incorrect
Password hashing is a password encryption method done before its storage so that the system password databases cannot easily be decrypted.
Unattempted
Password hashing is a password encryption method done before its storage so that the system password databases cannot easily be decrypted.
Question 37 of 64
37. Question
Theon logged in as a local admin on a Windows 7 system and needs to launch the Services Manager from command line. Which of the following command will he use?
Correct
To open the Services Manager from command line just type services.msc in your run box or at the command line.
Incorrect
To open the Services Manager from command line just type services.msc in your run box or at the command line.
Unattempted
To open the Services Manager from command line just type services.msc in your run box or at the command line.
Question 38 of 64
38. Question
This happens when an application fails to secure the stored or in-transit sensitive information or personally identifiable information (PII) against hackers.
Correct
Sensitive data exposure happens when an application fails to secure the stored or in-transit sensitive information such as account credentials, credit card numbers, Social Security Numbers, financial and healthcare information, and other personally identifiable information (PII) against hackers.
Incorrect
Sensitive data exposure happens when an application fails to secure the stored or in-transit sensitive information such as account credentials, credit card numbers, Social Security Numbers, financial and healthcare information, and other personally identifiable information (PII) against hackers.
Unattempted
Sensitive data exposure happens when an application fails to secure the stored or in-transit sensitive information such as account credentials, credit card numbers, Social Security Numbers, financial and healthcare information, and other personally identifiable information (PII) against hackers.
Question 39 of 64
39. Question
This is an extremely common IDS evasion technique in the web world?
Correct
Unicode attacks can be effective against applications that understand them. Unicode evasion is also referred to as UTF-8 evasion. Non-Unicode character encodings are known as overlong characters, and may be signs of an attempted attack.
Incorrect
Unicode attacks can be effective against applications that understand them. Unicode evasion is also referred to as UTF-8 evasion. Non-Unicode character encodings are known as overlong characters, and may be signs of an attempted attack.
Unattempted
Unicode attacks can be effective against applications that understand them. Unicode evasion is also referred to as UTF-8 evasion. Non-Unicode character encodings are known as overlong characters, and may be signs of an attempted attack.
Question 40 of 64
40. Question
Which access control mechanism uses a central authentication server (CAS) that permits users to authenticate only once but gain access to multiple systems?
Correct
Single sign-on (SSO) is an authentication method that allows users to securely authenticate with multiple applications and websites by using just one set of credentials.
Incorrect
Single sign-on (SSO) is an authentication method that allows users to securely authenticate with multiple applications and websites by using just one set of credentials.
Unattempted
Single sign-on (SSO) is an authentication method that allows users to securely authenticate with multiple applications and websites by using just one set of credentials.
Question 41 of 64
41. Question
Which of the following can be used in protecting a router from potential smurf attacks?
Correct
To prevent smurf attacks, you can:
1. Disable IP-directed broadcasts on your router.
2. Reconfigure your operating system to disallow ICMP responses to IP broadcast requests.
3. Reconfigure the perimeter firewall to disallow pings originating from outside your network.
Incorrect
To prevent smurf attacks, you can:
1. Disable IP-directed broadcasts on your router.
2. Reconfigure your operating system to disallow ICMP responses to IP broadcast requests.
3. Reconfigure the perimeter firewall to disallow pings originating from outside your network.
Unattempted
To prevent smurf attacks, you can:
1. Disable IP-directed broadcasts on your router.
2. Reconfigure your operating system to disallow ICMP responses to IP broadcast requests.
3. Reconfigure the perimeter firewall to disallow pings originating from outside your network.
Question 42 of 64
42. Question
While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?
Correct
TCP XMAS scan is used to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with all possible flags set in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets.
Incorrect
TCP XMAS scan is used to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with all possible flags set in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets.
Unattempted
TCP XMAS scan is used to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with all possible flags set in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets.
Question 43 of 64
43. Question
Which of the following is/are NOT an example of active reconnaissance?
Correct
Active reconnaissance is the opposite of passive reconnaissance wherein the information is gathered by directly engaging with the potential target. This may be done via manual testing or automated scanning using tools such as Nmap, ping, traceroute, and netcat.
Incorrect
Active reconnaissance is the opposite of passive reconnaissance wherein the information is gathered by directly engaging with the potential target. This may be done via manual testing or automated scanning using tools such as Nmap, ping, traceroute, and netcat.
Unattempted
Active reconnaissance is the opposite of passive reconnaissance wherein the information is gathered by directly engaging with the potential target. This may be done via manual testing or automated scanning using tools such as Nmap, ping, traceroute, and netcat.
Question 44 of 64
44. Question
What style of attack is discussed in this scenario: Cybercriminals discover vulnerabilities and hold on to them until they want to launch a sophisticated attack.
Correct
A zero-day attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users.
Incorrect
A zero-day attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users.
Unattempted
A zero-day attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users.
Question 45 of 64
45. Question
This scanning method splits the TCP header into several packets which makes it difficult for packet filters to detect the purpose of the packet?
Correct
IP fragmentation occurs when packets are broken up into smaller pieces (fragments) so they can pass through a link at a smaller maximum transmission unit than the original or larger packet size. IP fragmentation can cause problems when fragments are affected by packet loss and cause excessive retransmissions. This can cause performance issues. To recover the loss of a fragment, protocols, like TCP, retransmit fragments in order to reassemble them. Fragmented traffic can also be crafted to evade intrusion detection systems and be used maliciously.
Incorrect
IP fragmentation occurs when packets are broken up into smaller pieces (fragments) so they can pass through a link at a smaller maximum transmission unit than the original or larger packet size. IP fragmentation can cause problems when fragments are affected by packet loss and cause excessive retransmissions. This can cause performance issues. To recover the loss of a fragment, protocols, like TCP, retransmit fragments in order to reassemble them. Fragmented traffic can also be crafted to evade intrusion detection systems and be used maliciously.
Unattempted
IP fragmentation occurs when packets are broken up into smaller pieces (fragments) so they can pass through a link at a smaller maximum transmission unit than the original or larger packet size. IP fragmentation can cause problems when fragments are affected by packet loss and cause excessive retransmissions. This can cause performance issues. To recover the loss of a fragment, protocols, like TCP, retransmit fragments in order to reassemble them. Fragmented traffic can also be crafted to evade intrusion detection systems and be used maliciously.
Question 46 of 64
46. Question
A firewall checks which of the following to prevent particular ports and applications from getting packets into an organization?
Correct
Correct Answer:
B. Port numbers of application layer and headers of the transport layer.
Explanation:
Firewalls are crucial security components that filter incoming and outgoing network traffic based on predefined security policies. To achieve this, they perform various inspections on data packets as they traverse the firewall. Here’s how the correct answer elements work in this process:
Port Numbers (Application Layer): These are unique identifiers assigned to specific applications or services. By analyzing the port number within a packet’s header, the firewall can determine the type of traffic (e.g., web traffic on port 80, email on port 25). Firewalls can then use this information to allow or block traffic based on permitted application usage within an organization.
Transport Layer Headers (Transport Layer): These headers reside within the transport layer (TCP or UDP) of the OSI (Open Systems Interconnection) model. They provide vital information for establishing and maintaining communication between devices, such as:
Source and destination port numbers (reinforcing the application identification)
Sequence numbers (ensuring data integrity)
Control flags (regulating data flow)
By examining both the port number and relevant transport layer header information, a firewall can make more informed decisions about allowing or blocking traffic.
Incorrect Answers:
A. Headers of presentation layer and port numbers of the session layer:
The presentation layer deals with data formatting, not directly involved in firewall filtering.
Session layer manages connections but doesn’t typically define ports like the application layer.
C. Port numbers of Transport layer and headers of the application layer: This reverses the correct association of port numbers and header information.
D. Headers of presentation layer and port numbers of the session layer: This repeats the incorrect aspects of option A.
In conclusion, understanding how firewalls utilize port numbers and transport layer headers empowers ethical hackers to assess network security effectiveness and identify potential vulnerabilities.
Incorrect
Correct Answer:
B. Port numbers of application layer and headers of the transport layer.
Explanation:
Firewalls are crucial security components that filter incoming and outgoing network traffic based on predefined security policies. To achieve this, they perform various inspections on data packets as they traverse the firewall. Here’s how the correct answer elements work in this process:
Port Numbers (Application Layer): These are unique identifiers assigned to specific applications or services. By analyzing the port number within a packet’s header, the firewall can determine the type of traffic (e.g., web traffic on port 80, email on port 25). Firewalls can then use this information to allow or block traffic based on permitted application usage within an organization.
Transport Layer Headers (Transport Layer): These headers reside within the transport layer (TCP or UDP) of the OSI (Open Systems Interconnection) model. They provide vital information for establishing and maintaining communication between devices, such as:
Source and destination port numbers (reinforcing the application identification)
Sequence numbers (ensuring data integrity)
Control flags (regulating data flow)
By examining both the port number and relevant transport layer header information, a firewall can make more informed decisions about allowing or blocking traffic.
Incorrect Answers:
A. Headers of presentation layer and port numbers of the session layer:
The presentation layer deals with data formatting, not directly involved in firewall filtering.
Session layer manages connections but doesn’t typically define ports like the application layer.
C. Port numbers of Transport layer and headers of the application layer: This reverses the correct association of port numbers and header information.
D. Headers of presentation layer and port numbers of the session layer: This repeats the incorrect aspects of option A.
In conclusion, understanding how firewalls utilize port numbers and transport layer headers empowers ethical hackers to assess network security effectiveness and identify potential vulnerabilities.
Unattempted
Correct Answer:
B. Port numbers of application layer and headers of the transport layer.
Explanation:
Firewalls are crucial security components that filter incoming and outgoing network traffic based on predefined security policies. To achieve this, they perform various inspections on data packets as they traverse the firewall. Here’s how the correct answer elements work in this process:
Port Numbers (Application Layer): These are unique identifiers assigned to specific applications or services. By analyzing the port number within a packet’s header, the firewall can determine the type of traffic (e.g., web traffic on port 80, email on port 25). Firewalls can then use this information to allow or block traffic based on permitted application usage within an organization.
Transport Layer Headers (Transport Layer): These headers reside within the transport layer (TCP or UDP) of the OSI (Open Systems Interconnection) model. They provide vital information for establishing and maintaining communication between devices, such as:
Source and destination port numbers (reinforcing the application identification)
Sequence numbers (ensuring data integrity)
Control flags (regulating data flow)
By examining both the port number and relevant transport layer header information, a firewall can make more informed decisions about allowing or blocking traffic.
Incorrect Answers:
A. Headers of presentation layer and port numbers of the session layer:
The presentation layer deals with data formatting, not directly involved in firewall filtering.
Session layer manages connections but doesn’t typically define ports like the application layer.
C. Port numbers of Transport layer and headers of the application layer: This reverses the correct association of port numbers and header information.
D. Headers of presentation layer and port numbers of the session layer: This repeats the incorrect aspects of option A.
In conclusion, understanding how firewalls utilize port numbers and transport layer headers empowers ethical hackers to assess network security effectiveness and identify potential vulnerabilities.
Question 47 of 64
47. Question
Which of the following tools can be used for passive OS fingerprinting?
Correct
The passive operating system fingerprinting is a feature built into both the pf and tcpdump tools.
Incorrect
The passive operating system fingerprinting is a feature built into both the pf and tcpdump tools.
Unattempted
The passive operating system fingerprinting is a feature built into both the pf and tcpdump tools.
Question 48 of 64
48. Question
Which of the following is the correct process for the TCP three-way handshake connection establishment?
The Open Web Application Security Project or OWASP Foundation addresses the need to secure web applications by providing which of the following services?
Correct
The Open Web Application Security Project or OWASP is a non-profit foundation dedicated to providing unbiased, practical, and cost-effective information about application security.
OWASP’s Top 10 Security Vulnerabilities provides a ranking of the top ten most critical web application security risks. It offers insights to developers and security professionals on the most prevalent vulnerabilities that are commonly found in web applications so they may incorporate the report’s findings and recommendations into their security practices.
Incorrect
The Open Web Application Security Project or OWASP is a non-profit foundation dedicated to providing unbiased, practical, and cost-effective information about application security.
OWASP’s Top 10 Security Vulnerabilities provides a ranking of the top ten most critical web application security risks. It offers insights to developers and security professionals on the most prevalent vulnerabilities that are commonly found in web applications so they may incorporate the report’s findings and recommendations into their security practices.
Unattempted
The Open Web Application Security Project or OWASP is a non-profit foundation dedicated to providing unbiased, practical, and cost-effective information about application security.
OWASP’s Top 10 Security Vulnerabilities provides a ranking of the top ten most critical web application security risks. It offers insights to developers and security professionals on the most prevalent vulnerabilities that are commonly found in web applications so they may incorporate the report’s findings and recommendations into their security practices.
Question 50 of 64
50. Question
This process can determine the potential impacts when some of the critical business processes of the company interrupt its service.
Correct
A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment.
Incorrect
A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment.
Unattempted
A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment.
Question 51 of 64
51. Question
Password cracking software applications can reverse the hashing process to recover passwords.
Correct
Hash functions are not reversible.
Incorrect
Hash functions are not reversible.
Unattempted
Hash functions are not reversible.
Question 52 of 64
52. Question
This is a critical procedure that an ethical hacker must perform after being brought into an organization?
Correct
A contract and non-disclosure agreement (NDA) is usually signed between the ethical hacker and the organization. This ensures the legality of what they are doing and that both parties are protected.
Incorrect
A contract and non-disclosure agreement (NDA) is usually signed between the ethical hacker and the organization. This ensures the legality of what they are doing and that both parties are protected.
Unattempted
A contract and non-disclosure agreement (NDA) is usually signed between the ethical hacker and the organization. This ensures the legality of what they are doing and that both parties are protected.
Question 53 of 64
53. Question
This type of antenna is used in wireless communication.
Correct
An omnidirectional antenna is a wireless transmitting/receiving antenna that radiates or intercepts radio-frequency (RF) electromagnetic fields equally well in all horizontal directions in a flat, two-dimensional (2D) geometric plane. Omnidirectional antennas are used in most consumer RF wireless devices, including cellular telephone sets and wireless routers.
Incorrect
An omnidirectional antenna is a wireless transmitting/receiving antenna that radiates or intercepts radio-frequency (RF) electromagnetic fields equally well in all horizontal directions in a flat, two-dimensional (2D) geometric plane. Omnidirectional antennas are used in most consumer RF wireless devices, including cellular telephone sets and wireless routers.
Unattempted
An omnidirectional antenna is a wireless transmitting/receiving antenna that radiates or intercepts radio-frequency (RF) electromagnetic fields equally well in all horizontal directions in a flat, two-dimensional (2D) geometric plane. Omnidirectional antennas are used in most consumer RF wireless devices, including cellular telephone sets and wireless routers.
Question 54 of 64
54. Question
Which type of sniffing technique is generally referred to as Man-in-The-Middle (MiTM) attack?
Correct
ARP poisoning, also known as ARP flooding is a technique used to attack a local-area network (LAN). It allows an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether. The attack can only be used on networks that make use of the Address Resolution Protocol (ARP) and not another method of address resolution.
Incorrect
ARP poisoning, also known as ARP flooding is a technique used to attack a local-area network (LAN). It allows an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether. The attack can only be used on networks that make use of the Address Resolution Protocol (ARP) and not another method of address resolution.
Unattempted
ARP poisoning, also known as ARP flooding is a technique used to attack a local-area network (LAN). It allows an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether. The attack can only be used on networks that make use of the Address Resolution Protocol (ARP) and not another method of address resolution.
Question 55 of 64
55. Question
Which IPsec mode should you implement when your utmost priority is security and confidentiality of data within the same LAN?
Correct
Correct Answer:
C. ESP confidential
ESP (Encapsulating Security Payload) provides both authentication and encryption. In “confidential” mode, ESP encrypts the payload (data) while maintaining data integrity. This mode ensures confidentiality within the same LAN.
Explanation:
IPSec (Internet Protocol Security) offers two main encryption modes: Authentication Header (AH) and Encapsulating Security Payload (ESP). When prioritizing data confidentiality within a LAN, ESP confidential mode is the most suitable choice:
AH (Authentication Header):
Provides data integrity by adding a digital signature to the packet header.
Doesn’t encrypt the data payload, making it unsuitable for confidentiality requirements.
ESP (Encapsulating Security Payload):
Encrypts the entire data payload, ensuring confidentiality of the transmitted information.
Offers optional integrity checking through an additional header.
Mode Selection:
AH Tunnel Mode: Primarily used for remote network connections, not ideal for securing data within the same LAN.
AH Promiscuous Mode: A less common mode not typically used in standard IPSec implementations.
ESP Transport Mode: Encrypts the data payload but leaves the header unencrypted. While it offers confidentiality, it might not be suitable if header information also needs protection.
ESP Confidential Mode: Encrypts both the data payload and the header, providing the highest level of security and confidentiality for traffic within your LAN.
By choosing ESP confidential mode, you ensure that the data exchanged between devices on your LAN remains confidential, even if someone manages to capture the network traffic.
Incorrect
Correct Answer:
C. ESP confidential
ESP (Encapsulating Security Payload) provides both authentication and encryption. In “confidential” mode, ESP encrypts the payload (data) while maintaining data integrity. This mode ensures confidentiality within the same LAN.
Explanation:
IPSec (Internet Protocol Security) offers two main encryption modes: Authentication Header (AH) and Encapsulating Security Payload (ESP). When prioritizing data confidentiality within a LAN, ESP confidential mode is the most suitable choice:
AH (Authentication Header):
Provides data integrity by adding a digital signature to the packet header.
Doesn’t encrypt the data payload, making it unsuitable for confidentiality requirements.
ESP (Encapsulating Security Payload):
Encrypts the entire data payload, ensuring confidentiality of the transmitted information.
Offers optional integrity checking through an additional header.
Mode Selection:
AH Tunnel Mode: Primarily used for remote network connections, not ideal for securing data within the same LAN.
AH Promiscuous Mode: A less common mode not typically used in standard IPSec implementations.
ESP Transport Mode: Encrypts the data payload but leaves the header unencrypted. While it offers confidentiality, it might not be suitable if header information also needs protection.
ESP Confidential Mode: Encrypts both the data payload and the header, providing the highest level of security and confidentiality for traffic within your LAN.
By choosing ESP confidential mode, you ensure that the data exchanged between devices on your LAN remains confidential, even if someone manages to capture the network traffic.
Unattempted
Correct Answer:
C. ESP confidential
ESP (Encapsulating Security Payload) provides both authentication and encryption. In “confidential” mode, ESP encrypts the payload (data) while maintaining data integrity. This mode ensures confidentiality within the same LAN.
Explanation:
IPSec (Internet Protocol Security) offers two main encryption modes: Authentication Header (AH) and Encapsulating Security Payload (ESP). When prioritizing data confidentiality within a LAN, ESP confidential mode is the most suitable choice:
AH (Authentication Header):
Provides data integrity by adding a digital signature to the packet header.
Doesn’t encrypt the data payload, making it unsuitable for confidentiality requirements.
ESP (Encapsulating Security Payload):
Encrypts the entire data payload, ensuring confidentiality of the transmitted information.
Offers optional integrity checking through an additional header.
Mode Selection:
AH Tunnel Mode: Primarily used for remote network connections, not ideal for securing data within the same LAN.
AH Promiscuous Mode: A less common mode not typically used in standard IPSec implementations.
ESP Transport Mode: Encrypts the data payload but leaves the header unencrypted. While it offers confidentiality, it might not be suitable if header information also needs protection.
ESP Confidential Mode: Encrypts both the data payload and the header, providing the highest level of security and confidentiality for traffic within your LAN.
By choosing ESP confidential mode, you ensure that the data exchanged between devices on your LAN remains confidential, even if someone manages to capture the network traffic.
Question 56 of 64
56. Question
What tool can crack Windows SMB passwords simply by listening to network traffic?
Correct
L0phtCrack 7 is a state-of-the-art tool for password auditing and recovery that serves to guide organizational policies and procedures. uses a variety of sources and methods to retrieve passwords from the operating system.
Incorrect
L0phtCrack 7 is a state-of-the-art tool for password auditing and recovery that serves to guide organizational policies and procedures. uses a variety of sources and methods to retrieve passwords from the operating system.
Unattempted
L0phtCrack 7 is a state-of-the-art tool for password auditing and recovery that serves to guide organizational policies and procedures. uses a variety of sources and methods to retrieve passwords from the operating system.
Question 57 of 64
57. Question
Which element of security testing is being assured by using hash?
Correct
Cryptography plays a major role in ensuring data integrity. Commonly used methods to protect data integrity include hashing the data you receive and comparing it with the hash of the original message.
Incorrect
Cryptography plays a major role in ensuring data integrity. Commonly used methods to protect data integrity include hashing the data you receive and comparing it with the hash of the original message.
Unattempted
Cryptography plays a major role in ensuring data integrity. Commonly used methods to protect data integrity include hashing the data you receive and comparing it with the hash of the original message.
Question 58 of 64
58. Question
This TCP/IP protocol is used in matching an IP address to MAC addresses on a network interface card (NIC).
Correct
Address Resolution Protocol (ARP) is one protocol of the TCP/IP protocol suite that is used to resolve an IP address to its matching MAC address.
Incorrect
Address Resolution Protocol (ARP) is one protocol of the TCP/IP protocol suite that is used to resolve an IP address to its matching MAC address.
Unattempted
Address Resolution Protocol (ARP) is one protocol of the TCP/IP protocol suite that is used to resolve an IP address to its matching MAC address.
Question 59 of 64
59. Question
Which of the following account authentications is/are supported by SSH-2 protocol?
Correct
SSH-2 protocol supports Publickey, Host-based, and Password-based authentication types. SSH-1 supports a wider range of account authentication types, including RSA only, RhostsRSA, Rhosts (RSH-style), TIS, and Kerberos authentication types.
Incorrect
SSH-2 protocol supports Publickey, Host-based, and Password-based authentication types. SSH-1 supports a wider range of account authentication types, including RSA only, RhostsRSA, Rhosts (RSH-style), TIS, and Kerberos authentication types.
Unattempted
SSH-2 protocol supports Publickey, Host-based, and Password-based authentication types. SSH-1 supports a wider range of account authentication types, including RSA only, RhostsRSA, Rhosts (RSH-style), TIS, and Kerberos authentication types.
Question 60 of 64
60. Question
This is a client-server tool used to evade firewall inspection?
Correct
Tcp-over-DNS is a tool that can be utilized in evading firewall inspection.
Incorrect
Tcp-over-DNS is a tool that can be utilized in evading firewall inspection.
Unattempted
Tcp-over-DNS is a tool that can be utilized in evading firewall inspection.
Question 61 of 64
61. Question
Which of the following is an example of two-factor authentication?
Correct
Two-factor authentication (2FA) is a security process in which users provide two out of three different authentication factors to verify themselves. The three authentication factors are something you have (smartcard ID), something you know, and something you are (Fingerprint).
Incorrect
Two-factor authentication (2FA) is a security process in which users provide two out of three different authentication factors to verify themselves. The three authentication factors are something you have (smartcard ID), something you know, and something you are (Fingerprint).
Unattempted
Two-factor authentication (2FA) is a security process in which users provide two out of three different authentication factors to verify themselves. The three authentication factors are something you have (smartcard ID), something you know, and something you are (Fingerprint).
Question 62 of 64
62. Question
Which of the following is/are an example of a Denial of service (DoS) attack?
Correct
Denial of service, or DoS, is an attack on a computer or network which makes it inaccessible to the user. Some popular DoS attacks are SYN flood, ICMP flood, and smurf.
Incorrect
Denial of service, or DoS, is an attack on a computer or network which makes it inaccessible to the user. Some popular DoS attacks are SYN flood, ICMP flood, and smurf.
Unattempted
Denial of service, or DoS, is an attack on a computer or network which makes it inaccessible to the user. Some popular DoS attacks are SYN flood, ICMP flood, and smurf.
Question 63 of 64
63. Question
A cybercriminal wishes to use a netbus Trojan on the Windows program to break into the targeted machine. Which of the following tools will help the cybercriminal execute his plan?
Correct
A wrapper is a tool used to combine a harmful executable file with a harmless executable file.
Incorrect
A wrapper is a tool used to combine a harmful executable file with a harmless executable file.
Unattempted
A wrapper is a tool used to combine a harmful executable file with a harmless executable file.
Question 64 of 64
64. Question
Jacob is a network administrator at SIA University. He realized that most of the students are connecting their laptops in the wired network to have Internet access. Ethernet ports in the campus are available for professors and authorized visitors only. He discovered this when the IDS alerted for malware activities in the network. What should he do to mitigate this problem?
Correct
802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network.
Incorrect
802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network.
Unattempted
802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network.
X
Use Page numbers below to navigate to other practice tests