-
Notifications
You must be signed in to change notification settings - Fork 0
/
CEH_test.py
10283 lines (10271 loc) · 462 KB
/
CEH_test.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# questions from https://ceh.cagy.org (2020)
def setup():
print("Welcome to the CEH quiz.\n\nDuring questions, enter 'q' or CTRL-C to stop, and enter multi-choice answers together like 'abc'.\n\nGood luck!")
randomise = input("\n\nDo you want questions to be in random order? y/N\n> ")
if "y" in randomise:
randomise = True
import random
random.shuffle(questions)
else:
randomise = False
answers_on_the_fly = input("Do you want your answers checked as you go? Y/n\n> ")
if "n" in answers_on_the_fly:
answers_on_the_fly = False
else:
answers_on_the_fly = True
return randomise, answers_on_the_fly
questions = [
{
"question": "Which solution can be used to emulate real services such as ftp, mail, etc and capture login attempts and related information? They're often used to study hacker\u2019s activities. ",
"num": "1",
"correct_answer": "a",
"answers": {
"a": "Honeypot",
"b": "Layer 4 switch",
"c": "Core server",
"d": "Firewall"
}
},
{
"question": "Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.\n\nHow will you defend against hardware keyloggers when using public computers and Internet Kiosks?\n(Select 3 answers)",
"num": "2",
"correct_answer": "acd",
"answers": {
"a": "Alternate between typing the login credentials and typing characters somewhere else in the focus window",
"b": "Type a wrong password first, later type the correct password on the login page defeating the keylogger recording",
"c": "Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.",
"d": "The next key typed replaces selected text portion. E.g. if the password is \"secret\", one could type \"s\",then some dummy keys \"asdfsd\".\r\nThen these dummies could be selected with mouse, and next character from the password \"e\" is typed, which replaces the dummies \"asdfsd\""
}
},
{
"question": "What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?",
"num": "3",
"correct_answer": "c",
"answers": {
"a": "Passive",
"b": "Reflective",
"c": "Active",
"d": "Distributive"
}
},
{
"question": "What is the command used to create a binary log file using tcpdump?",
"num": "4",
"correct_answer": "a",
"answers": {
"a": "tcpdump -w ./log",
"b": "tcpdump -r log",
"c": "tcpdump -vde logtcpdump -vde ? log",
"d": "tcpdump -l /var/log/"
}
},
{
"question": "Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?",
"num": "5",
"correct_answer": "d",
"answers": {
"a": "Cavity virus",
"b": "Polymorphic virus",
"c": "Tunneling virus",
"d": "Stealth virus"
}
},
{
"question": "A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network.\nWhich attack could the hacker use to sniff all of the packets in the network?",
"num": "6",
"correct_answer": "b",
"answers": {
"a": "Fraggle",
"b": "MAC Flood",
"c": "Smurf",
"d": "Tear Drop"
}
},
{
"question": "Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?",
"num": "7",
"correct_answer": "d",
"answers": {
"a": "Netstat WMI Scan",
"b": "Silent Dependencies",
"c": "Consider unscanned ports as closed",
"d": "Reduce parallel connections on congestion"
}
},
{
"question": "When you are testing a web application, it is very useful to employ a proxy tool to save every request and response.\nYou can manually test every request and analyze the response to find vulnerabilities.\nYou can test parameter and headers manually to get more precise results than if using web vulnerability scanners.\nWhat proxy tool will help you find web vulnerabilities?",
"num": "8",
"correct_answer": "a",
"answers": {
"a": "Burpsuite",
"b": "Proxy chains",
"c": "Dimitry",
"d": "Maskgen"
}
},
{
"question": "Firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. A firewall examines all traffic routed between the two networks to see if it meets certain criteria.\nPacket filter is one of the categories of firewall.\nPacket filtering firewall works at which of these layers of the OSI model? ",
"num": "9",
"correct_answer": "a",
"answers": {
"a": "Network layer",
"b": "Physical layer",
"c": "Session layer",
"d": "Application layer"
}
},
{
"question": "Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. Stuxnet attack was an unprecedented style of attack because it used four types of this vulnerability. What is this style of attack called?",
"num": "10",
"correct_answer": "b",
"answers": {
"a": "zero-sum",
"b": "zero-day",
"c": "no-day",
"d": "zero-hour"
}
},
{
"question": "What is the correct command to run Netcat on a server using port 56 that spawns command shell when connected?",
"num": "11",
"correct_answer": "d",
"answers": {
"a": "nc -port 56 -s cmd.exe",
"b": "nc -p 56 -p -e shell.exe",
"c": "nc -r 56 -c cmd.exe",
"d": "nc -L 56 -t -e cmd.exe"
}
},
{
"question": "To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.\nWhat term is commonly used when referring to this type of testing?",
"num": "12",
"correct_answer": "c",
"answers": {
"a": "Mutating",
"b": "Randomizing",
"c": "Fuzzing",
"d": "Bounding"
}
},
{
"question": "What does ICMP (type 11, code 0) denote?",
"num": "13",
"correct_answer": "c",
"answers": {
"a": "Source Quench",
"b": "Destination Unreachable",
"c": "Time Exceeded",
"d": "Unknown Type"
}
},
{
"question": "Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used\nto secure data from specific threats, but it does not secure the application from coding errors. It can provide\ndata privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a\ngood example of a programming error that Bob can use to explain to the management how encryption will\nnot address all their security concerns?\n ",
"num": "14",
"correct_answer": "a",
"answers": {
"a": "Bob can explain that using a weak key management technique is a form of programming error",
"b": "Bob can explain that using passwords to derive cryptographic keys is a form of a programming error",
"c": "Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique",
"d": "Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error"
}
},
{
"question": "Leesa is the senior security analyst for a publicly traded company. The IT department recently rolled out an intranet for company use only with information ranging from training, to holiday schedules, to human resources data. Leesa wants to make sure the site is not accessible from outside and she also wants to ensure the site is Sarbanes-Oxley (SOX) compliant. Leesa goes to a public library as she wants to do some Google searching to verify whether the company's intranet is accessible from outside and has been indexed by Google. Leesa wants to search for a website title of \"intranet\" with part of the URL containing the word \"intranet\" and the words \"human resources\" somewhere in the webpage. What Google search will accomplish this?",
"num": "15",
"correct_answer": "c",
"answers": {
"a": "related:intranet allinurl:intranet:\"human resources\"",
"b": "cache:\"human resources\" inurl:intranet(SharePoint)",
"c": "intitle:intranet inurl:intranet+intext:\"human resources\"",
"d": "site:\"human resources\"+intext:intranet intitle:intranet"
}
},
{
"question": "Penetration testing is a method of actively evaluating the security of an information system or network by simulating an attack from a malicious source.\nWhich of the following technique is used to simulate an attack from someone who is unfamiliar with the system?",
"num": "16",
"correct_answer": "a",
"answers": {
"a": "Black box pen testing",
"b": "White box pen testing",
"c": "Grey box pen testing",
"d": "Maintaining Access",
"e": "Announced pen testing"
}
},
{
"question": "Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up.\nThe IP address of the Cisco switch is 172.16.0.45.\nWhat command can Charlie use to attempt this task?",
"num": "17",
"correct_answer": "a",
"answers": {
"a": "Charlie can use the command ping -l 56550 172.16.0.45 -t.",
"b": "Charlie can try using the command ping 56550 172.16.0.45.",
"c": "By using the command ping 172.16.0.45 Charlie would be able to lockup the router",
"d": "He could use the command ping -4 56550 172.16.0.45."
}
},
{
"question": "This kind of malware is installed by criminals on your computer so they can lock it from a remote location. This malware generates a popup window, webpage, or\nemail warning from what looks like an official authority such as the FBI. It explains your computer has been locked because of possible illegal activities and\ndemands payment before you can access your files and programs again. Which term best matches this definition?\n\nCorrect Answer:",
"num": "18",
"correct_answer": "a",
"answers": {
"a": "Ransomware",
"b": "Adware",
"c": "Riskware",
"d": "Spyware"
}
},
{
"question": "Under the \"Post-attack Phase and Activities,\" it is the responsibility of the tester to restore the systems to a pre-test state.\n\nWhich of the following activities should not be included in this phase?\nI. Removing all files uploaded on the system\nII. Cleaning all registry entries\nIII. Removing all tools and maintaining backdoor for reporting\nIV. Mapping of network state",
"num": "19",
"correct_answer": "a",
"answers": {
"a": "III",
"b": "III and IV",
"c": "IV",
"d": "All should be included"
}
},
{
"question": "Oregon Corp is fighting a litigation suit with Scamster Inc.\nOregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information.\nWhat would you call this kind of activity?",
"num": "20",
"correct_answer": "c",
"answers": {
"a": "CI Gathering",
"b": "Scanning",
"c": "Dumpster Diving",
"d": "Garbage Scooping"
}
},
{
"question": "Which utility will tell you in real time which ports are listening or in another state?",
"num": "21",
"correct_answer": "d",
"answers": {
"a": "Netview",
"b": "Loki",
"c": "Nmap",
"d": "TCPView"
}
},
{
"question": "Address Resolution Protocol (ARP) is a protocol for mapping an IP address to a physical machine address that is recognized in the local network.\nARP Spoofing involves constructing a large number of forged ARP request and reply packets to overload:",
"num": "22",
"correct_answer": "a",
"answers": {
"a": "Switch",
"b": "Router",
"c": "Hub",
"d": "Bridge"
}
},
{
"question": "Which of the following activities is not considered to be anti-forensics?",
"num": "23",
"correct_answer": "a",
"answers": {
"a": "Data sanitizing",
"b": "Trail obfuscation",
"c": "Artifact wiping",
"d": "Data hiding"
}
},
{
"question": "The TJ Max breach happened in part because this type of weak wireless security was implemented.",
"num": "24",
"correct_answer": "c",
"answers": {
"a": "WiFi Protected Access (WPA)",
"b": "TKIP",
"c": "Wired Equivalent Privacy (WEP)",
"d": "WPA2"
}
},
{
"question": "It is a short-range wireless communication technology intended to replace the cables connecting portable or fixed devices while maintaining high levels of security.\nIt allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection.\nWhich of the following terms best matches the definition?",
"num": "25",
"correct_answer": "a",
"answers": {
"a": "Bluetooth",
"b": "WLAN",
"c": "InfraRed",
"d": "Radio-Frequency identification"
}
},
{
"question": "Perspective clients want to see sample reports from previous penetration tests. What should you do next?",
"num": "26",
"correct_answer": "a",
"answers": {
"a": "Decline, just provide the details of the components that will be there in the report.",
"b": "Share full reports, not redacted.",
"c": "Decline, just provide references.",
"d": "Share sample reports with redactions after NDA is signed."
}
},
{
"question": "_____________ is a type of symmetric-key encryption algorithm that transforms a fixed-length block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.",
"num": "27",
"correct_answer": "b",
"answers": {
"a": "Stream Cipher",
"b": "Block Cipher",
"c": "Bit Cipher",
"d": "Hash Cipher"
}
},
{
"question": "The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?",
"num": "28",
"correct_answer": "b",
"answers": {
"a": "Physical",
"b": "Procedural",
"c": "Technical",
"d": "Compliance"
}
},
{
"question": "How do you defend against Privilege Escalation?",
"num": "29",
"correct_answer": "abce",
"answers": {
"a": "Use encryption to protect sensitive data",
"b": "Restrict the interactive logon privileges",
"c": "Run services as unprivileged accounts",
"d": "Allow security settings of IE to zero or Low",
"e": "Run users and applications on the least privileges"
}
},
{
"question": "An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems,\nDigital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.\nWhich AAA protocol is most likely able to handle this requirement?",
"num": "30",
"correct_answer": "a",
"answers": {
"a": "RADIUS",
"b": "Kerberos",
"c": "DIAMETER",
"d": "TACACS+"
}
},
{
"question": "What two conditions must a digital signature meet?",
"num": "31",
"correct_answer": "b",
"answers": {
"a": "Has to be legible and neat.",
"b": "Has to be unforgeable, and has to be authentic.",
"c": "Must be unique and have special characters.",
"d": "Has to be the same number of characters as a physical signature and must be unique."
}
},
{
"question": "A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information.\nThe billing address field used is limited to 50 characters.\nWhat pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?",
"num": "32",
"correct_answer": "d",
"answers": {
"a": "if (billingAddress = 50) {update field} else exit",
"b": "if (billingAddress != 50) {update field} else exit",
"c": "if (billingAddress >= 50) {update field} else exit",
"d": "if (billingAddress <= 50) {update field} else exit"
}
},
{
"question": "You are footprinting an organization and gathering competitive intelligence. You visit the company's website for contact information and telephone numbers but do not find them listed there. You know they had the entire staff directory listed on their website 12 months ago but now it is not \n here. Is there any way you can retrieve information from a website that is outdated?",
"num": "33",
"correct_answer": "c",
"answers": {
"a": "Visit Google's search engine and view the cached copy",
"b": "Crawl the entire website and store them into your computer",
"c": "Visit Archive.org web site to retrieve the Internet archive of the company's website",
"d": "Visit the company's partners and customers website for this information"
}
},
{
"question": "An attacker has been successfully modifying the purchase price of items purchased on the company's web site.\nThe security administrators verify the web server and Oracle database have not been compromised directly.\nThey have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this.\nWhat is the mostly likely way the attacker has been able to modify the purchase price?",
"num": "34",
"correct_answer": "b",
"answers": {
"a": "By using SQL injection",
"b": "By changing hidden form values",
"c": "By using cross site scripting",
"d": "By utilizing a buffer overflow attack"
}
},
{
"question": "which one of these BEST describes a Buffer Overflow attack that allows access to a remote system?",
"num": "35",
"correct_answer": "c",
"answers": {
"a": "The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information",
"b": "The attacker overwhelms a system or application, causing a crash and bringing the server down to cause an outage",
"c": "The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.",
"d": "The attacker attempts to have the receiving server run a payload using programming commonly found on web servers"
}
},
{
"question": "Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami.\nKevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person.\nKevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company.\nKevin logs into his email account online and gets the following URL after successfully logged in:\nhttp://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22\n\nKevin changes the URL to:\nhttp://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22\n\nKevin is trying to access her email account to see if he can find out any information.\nWhat is Kevin attempting here to gain access to Katy's mailbox?",
"num": "36",
"correct_answer": "c",
"answers": {
"a": "This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access",
"b": "By changing the mailbox's name in the URL, Kevin is attempting directory transversal",
"c": "Kevin is trying to utilize query string manipulation to gain access to her email account",
"d": "He is attempting a path-string attack to gain access to her mailbox"
}
},
{
"question": "Which of the following are types of buffer overflow?",
"num": "37",
"correct_answer": "c",
"answers": {
"a": "Heap-based",
"b": "Stack-based",
"c": "Both Stack-based and Heap-based",
"d": "Dynamic-based"
}
},
{
"question": "Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?",
"num": "38",
"correct_answer": "b",
"answers": {
"a": "ICMP Echo scanning",
"b": "SYN/FIN scanning using IP fragments",
"c": "ACK flag probe scanning",
"d": "IPID scanning"
}
},
{
"question": "The term that is best described as a process of replacing unwanted bits in an image and its source files with the secret data is known as_____.",
"num": "39",
"correct_answer": "b",
"answers": {
"a": "Forensic Analysis",
"b": "Steganography",
"c": "Network Analysis",
"d": "Cryptography"
}
},
{
"question": "How can telnet be used to fingerprint a web server?",
"num": "40",
"correct_answer": "a",
"answers": {
"a": "telnet webserverAddress 80 HEAD / HTTP/1.0",
"b": "telnet webserverAddress 80 PUT / HTTP/1.0",
"c": "telnet webserverAddress 80 HEAD / HTTP/2.0",
"d": "telnet webserverAddress 80 PUT / HTTP/2.0"
}
},
{
"question": "A virus is a self-replicating program that produces its own code by attaching copies of it into other executable codes.\n\nWhich of the following virus evade the anti-virus software by intercepting its requests to the operating system?",
"num": "41",
"correct_answer": "a",
"answers": {
"a": "Stealth/Tunneling virus",
"b": "Cluster virus",
"c": "Macro virus",
"d": "System or boot sector virus"
}
},
{
"question": "Which of the following lists are valid data-gathering activities associated with a risk assessment?",
"num": "42",
"correct_answer": "a",
"answers": {
"a": "Threat identification, vulnerability identification, control analysis",
"b": "Threat identification, response identification, mitigation identification",
"c": "Attack profile, defense profile, loss profile",
"d": "System profile, vulnerability identification, security determination"
}
},
{
"question": "How would you describe an attack where an attacker attempts to deliver the payload over multiple packets\nover long periods of time with the purpose of defeating simple pattern matching in IDS systems without\nsession reconstruction? A characteristic of this attack would be a continuous stream of small packets.",
"num": "43",
"correct_answer": "c",
"answers": {
"a": "Session Hijacking",
"b": "Session Stealing",
"c": "Session Splicing",
"d": "Session Fragmentation"
}
},
{
"question": "Which of the following is the successor of SSL?",
"num": "44",
"correct_answer": "d",
"answers": {
"a": "GRE",
"b": "IPSec",
"c": "RSA",
"d": "TLS"
}
},
{
"question": "Which of the following Wi-Fi chalking method refers to drawing symbols in public places to advertise open Wi-Fi networks?",
"num": "45",
"correct_answer": "c",
"answers": {
"a": "WarWalking",
"b": "WarFlying",
"c": "WarChalking ",
"d": "WarDriving"
}
},
{
"question": "SOAP services use which technology to format information?",
"num": "46",
"correct_answer": "c",
"answers": {
"a": "SATA",
"b": "PCI",
"c": "XML",
"d": "ISDN"
}
},
{
"question": "Choose one of the following pseudo codes to describe this statement:\n\"If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data.\"",
"num": "47",
"correct_answer": "d",
"answers": {
"a": "If (I > 200) then exit (1)",
"b": "If (I < 200) then exit (1)",
"c": "If (I <= 200) then exit (1)",
"d": "If (I >= 200) then exit (1)"
}
},
{
"question": "How is sniffing broadly categorized?",
"num": "48",
"correct_answer": "a",
"answers": {
"a": "Active and passive",
"b": "Broadcast and unicast",
"c": "Unmanaged and managed",
"d": "Filtered and unfiltered"
}
},
{
"question": "Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?",
"num": "49",
"correct_answer": "b",
"answers": {
"a": "MD5",
"b": "SHA-1",
"c": "RC4",
"d": "MD4"
}
},
{
"question": "After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?",
"num": "50",
"correct_answer": "d",
"answers": {
"a": "Disable Key Services",
"b": "Create User Account",
"c": "Disable IPTables",
"d": "Download and Install Netcat"
}
},
{
"question": "An attacker is attempting to telnet into a corporation's system in the DMZ.\nThe attacker doesn't want to get caught and is spoofing his IP address.\nAfter numerous tries he remains unsuccessful in connecting to the system.\nThe attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2.\nHe is still unable to connect to the target system.\nWhat could be the reason?",
"num": "51",
"correct_answer": "c",
"answers": {
"a": "The firewall is blocking port 23 to that system",
"b": "He needs to use an automated tool to telnet in",
"c": "He cannot spoof his IP and successfully use TCP",
"d": "He is attacking an operating system that does not reply to telnet even when open"
}
},
{
"question": "What does FIN in TCP flag define?",
"num": "52",
"correct_answer": "b",
"answers": {
"a": "Used to abort a TCP connection abruptly",
"b": "Used to close a TCP connection",
"c": "Used to acknowledge receipt of a previous packet or transmission",
"d": "Used to indicate the beginning of a TCP connection"
}
},
{
"question": "You are attempting to man-in-the-middle a session.\nWhich protocol will allow you to guess a sequence number?",
"num": "53",
"correct_answer": "b",
"answers": {
"a": "ICMP",
"b": "TCP",
"c": "UPX",
"d": "UPD"
}
},
{
"question": "Which type of antenna is used in wireless communication?",
"num": "54",
"correct_answer": "a",
"answers": {
"a": "Omnidirectional",
"b": "Parabolic",
"c": "Uni-directional",
"d": "Bi-directional"
}
},
{
"question": "You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack.\nThe CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk. What is one of the first things you should do when given the job?",
"num": "55",
"correct_answer": "a",
"answers": {
"a": "Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.",
"b": "Interview all employees in the company to rule out possible insider threats",
"c": "Establish attribution to suspected attackers",
"d": "Start the Wireshark application to start sniffing network traffic."
}
},
{
"question": "Hampton is the senior security analyst for the city of Columbus in Ohio. His primary responsibility is to ensure that all physical and logical aspects of the city's computer network are secure from all angles. Bill is an IT technician that works with Hampton in the same IT department. Bill's primary responsibility is to keep PC's and servers up to date and to keep track of all the agency laptops that the company owns and lends out to its employees. After Bill setup a wireless network for the agency, Hampton made sure that everything was secure. He instituted encryption, rotating keys, turned off SSID broadcasting, and enabled MAC filtering. According to agency policy, only company laptops are allowed to use the wireless network, so Hampton entered all the MAC addresses for those laptops into the wireless security utility so that only those laptops should be able to access the wireless network.\nHampton does not keep track of all the laptops, but he is pretty certain that the agency only purchases Dell laptops. Hampton is curious about this because he notices Bill working on a Toshiba laptop one day and saw that he was on the Internet. Instead of jumping to conclusions, Hampton decides to talk to Bill's \n boss and see if they had purchased a Toshiba laptop instead of the usual Dell. Bill's boss said no, so now Hampton is very curious to see how Bill is accessing the Internet. Hampton does site surveys every couple of days, and has yet to see any outside wireless network signals inside the company's building.\nHow was Bill able to get Internet access without using an agency laptop?",
"num": "56",
"correct_answer": "a",
"answers": {
"a": "Bill spoofed the MAC address of Dell laptop",
"b": "Bill connected to a Rogue access point",
"c": "Toshiba and Dell laptops share the same hardware address",
"d": "Bill brute forced the Mac address ACLs"
}
},
{
"question": "What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?",
"num": "57",
"correct_answer": "d",
"answers": {
"a": "Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.",
"b": "To get messaging programs to function with this algorithm requires complex configurations.",
"c": "It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.",
"d": "It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message."
}
},
{
"question": "How do you defend against ARP Spoofing? Select three.",
"num": "58",
"correct_answer": "acd",
"answers": {
"a": "Use ARPWALL system and block ARP spoofing attacks",
"b": "Tune IDS Sensors to look for large amount of ARP traffic on local subnets",
"c": "Use private VLANS",
"d": "Place static ARP entries on servers, workstation and routers"
}
},
{
"question": "TCP SYN Flood attack uses the three-way handshake mechanism.\n1. An attacker at system A sends a SYN packet to victim at system \n2. System B sends a SYN/ACK packet to victim A.\n3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B.\nIn this case client B is waiting for an ACK packet from client A.\nThis status of client B is called ____________",
"num": "59",
"correct_answer": "b",
"answers": {
"a": "\"half-closed\"",
"b": "\"half open\"",
"c": "\"full-open\"",
"d": "\"xmas-open\""
}
},
{
"question": "In order to have an anonymous Internet surf, which of the following is best choice?",
"num": "60",
"correct_answer": "b",
"answers": {
"a": "Use SSL sites when entering personal information",
"b": "Use Tor network with multi-node",
"c": "Use shared WiFi",
"d": "Use public VPN"
}
},
{
"question": "The purpose of a _______is to deny network access to local area networks and other information assets by unauthorized wireless devices.\n",
"num": "61",
"correct_answer": "d",
"answers": {
"a": "Wireless Analyzer",
"b": "Wireless Jammer",
"c": "Wireless Access Point",
"d": "Wireless Access Control List"
}
},
{
"question": "Which of the following identifies the three modes in which Snort can be configured to run?",
"num": "62",
"correct_answer": "a",
"answers": {
"a": "Sniffer, Packet Logger, and Network Intrusion Detection System",
"b": "Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System",
"c": "Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System",
"d": "Sniffer, Packet Logger, and Host Intrusion Prevention System"
}
},
{
"question": "An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack.\nThe engineer wants to compile the newest C++ exploit and name it calc.exe.\nWhich command would the engineer use to accomplish this?",
"num": "63",
"correct_answer": "a",
"answers": {
"a": "g++ hackersExploit.cpp -o calc.exe",
"b": "g++ hackersExploit.py -o calc.exe",
"c": "g++ -i hackersExploit.pl -o calc.exe",
"d": "g++ --compile i hackersExploit.cpp -o calc.exe"
}
},
{
"question": "Steve scans the network for SNMP enabled devices. Which port number Steve should scan?",
"num": "64",
"correct_answer": "b",
"answers": {
"a": "150",
"b": "161",
"c": "169",
"d": "69"
}
},
{
"question": "Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses.\nHe planned the attack carefully and carried out the attack at the appropriate moment.\nMeanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked.\nAs a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access the resources of the company.\nThis process involves human interaction to fix it.\nWhat kind of Denial of Service attack was best illustrated in the scenario above?",
"num": "65",
"correct_answer": "c",
"answers": {
"a": "Simple DDoS attack",
"b": "DoS attacks which involves flooding a network or system",
"c": "DoS attacks which involves crashing a network or system",
"d": "DoS attacks which is done accidentally or deliberately"
}
},
{
"question": "Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP).\nWhich of the following is an incorrect definition or characteristics of the protocol?",
"num": "66",
"correct_answer": "b",
"answers": {
"a": "Based on XML",
"b": "Only compatible with the application protocol HTTP",
"c": "Exchanges data between web services",
"d": "Provides a structured model for messaging"
}
},
{
"question": "Which of the following problems can be solved by using Wireshark?",
"num": "67",
"correct_answer": "b",
"answers": {
"a": "Resetting the administrator password on multiple systems",
"b": "Troubleshooting communication resets between two systems",
"c": "Tracking version changes of source code",
"d": "Checking creation dates on all webpages on a server"
}
},
{
"question": "Which of the following descriptions is true about a static NAT?",
"num": "68",
"correct_answer": "d",
"answers": {
"a": "A static NAT uses a many-to-many mapping.",
"b": "A static NAT uses a one-to-many mapping.",
"c": "A static NAT uses a many-to-one mapping.",
"d": "A static NAT uses a one-to-one mapping."
}
},
{
"question": "Which of the following is a protocol that is prone to a man-in-the-middle (MITM) attack and maps a 32-bit address to a 48-bit address?",
"num": "69",
"correct_answer": "b",
"answers": {
"a": "ICPM",
"b": "ARP",
"c": "RARP",
"d": "ICMP"
}
},
{
"question": "An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem?",
"num": "70",
"correct_answer": "d",
"answers": {
"a": "Install patches",
"b": "Setup a backdoor",
"c": "Install a zombie for DDOS",
"d": "Cover your tracks"
}
},
{
"question": "The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software.\nWhat item is the primary concern on OWASP\u2019s Top Ten Project Most Critical Web Application Security Risks?",
"num": "71",
"correct_answer": "b",
"answers": {
"a": "Cross Site Scripting",
"b": "Injection",
"c": "Path disclosure",
"d": "Cross Site Request Forgery"
}
},
{
"question": "Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient\u2019s consent, similar to email spamming?",
"num": "72",
"correct_answer": "d",
"answers": {
"a": "Bluesmacking",
"b": "Bluesniffing",
"c": "Bluesnarfing",
"d": "Bluejacking"
}
},
{
"question": "Your company has blocked all the ports via external firewall and only allows port 80/443 to connect to the Internet.\nYou want to use FTP to connect to some remote server on the Internet.\nHow would you accomplish this?",
"num": "73",
"correct_answer": "a",
"answers": {
"a": "Use HTTP Tunneling",
"b": "Use Proxy Chaining",
"c": "Use TOR Network",
"d": "Use Reverse Chaining"
}
},
{
"question": "You have invested millions of dollars for protecting your corporate network. You have the best IDS, firewall with strict rules and routers with no configuration errors.\nWhich of the following techniques practiced by an attacker exploits human behavior to make your network vulnerable to attacks? ",
"num": "74",
"correct_answer": "a",
"answers": {
"a": "Social Engineering",
"b": "Buffer overflow",
"c": "Denial of Service",
"d": "SQL injection"
}
},
{
"question": "Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find Some information about the target they are attempting to penetrate.\nHow would you call this type of activity?",
"num": "75",
"correct_answer": "a",
"answers": {
"a": "Dumpster Diving",
"b": "Scanning",
"c": "CI Gathering",
"d": "Garbage Scooping"
}
},
{
"question": "Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?",
"num": "76",
"correct_answer": "c",
"answers": {
"a": "Omnidirectional antenna",
"b": "Dipole antenna",
"c": "Yagi antenna",
"d": "Parabolic grid antenna"
}
},
{
"question": "An individual who aims to bring down critical infrastructure for a \"cause\" and is not worried about facing 30 years in jail for their action.",
"num": "77",
"correct_answer": "b",
"answers": {
"a": "Black Hat",
"b": "Suicide Hacker",
"c": "Gray Hat",
"d": "White Hat"
}
},
{
"question": "A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system.\nThe alert was generated because a large number of packets were coming into the network over ports 20 and 21.\nDuring analysis, there were no signs of attack on the FTP servers.\nHow should the administrator classify this situation?",
"num": "78",
"correct_answer": "d",
"answers": {
"a": "True negatives",
"b": "False negatives",
"c": "True positives",
"d": "False positives"
}
},
{
"question": "Which of the following program infects the system boot sector and the executable files at the same time?",
"num": "79",
"correct_answer": "d",
"answers": {
"a": "Stealth virus",
"b": "Polymorphic virus",
"c": "Macro virus",
"d": "Multipartite Virus"
}
},
{
"question": "Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?",
"num": "80",
"correct_answer": "a",
"answers": {
"a": "Ping of death",
"b": "SYN flooding",
"c": "TCP hijacking",
"d": "Smurf attack"
}
},
{
"question": "Which of the following protocols are susceptible to sniffing? ",
"num": "81",
"correct_answer": "d",
"answers": {
"a": "SNMP",
"b": "FTP",
"c": "NNTP",
"d": "Telnet"
}
},
{
"question": "Which regulation defines security and privacy controls for Federal information systems and organizations?",
"num": "82",
"correct_answer": "d",
"answers": {
"a": "EU Safe Harbor",
"b": "PCI-DSS",
"c": "HIPAA",
"d": "NIST-800-53"
}
},
{
"question": "The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and",
"num": "83",
"correct_answer": "a",
"answers": {
"a": "non-repudiation.",
"b": "operability.",
"c": "security.",
"d": "usability."
}
},
{
"question": "NTP allows you to set the clocks on your systems very accurately, to within 100ms and sometimes-even 10ms.\nKnowing the exact time is extremely important for enterprise security.\nVarious security protocols depend on an accurate source of time information in order to prevent \"playback\" attacks.\nThese protocols tag their communications with the current time, to prevent attackers from replaying the same communications, e.g., a login/password interaction or even an entire communication, at a later date.\nOne can circumvent this tagging, if the clock can be set back to the time the communication was recorded.\nAn attacker attempts to try corrupting the clocks on devices on your network.\nYou run Wireshark to detect the NTP traffic to see if there are any irregularities on the network.\n\nWhat port number you should enable in Wireshark display filter to view NTP packets?",
"num": "84",
"correct_answer": "c",
"answers": {
"a": "TCP Port 124",
"b": "UDP Port 125",
"c": "UDP Port 123",
"d": "TCP Port 126"
}
},
{
"question": "Which devices are causing difficulty for security administrators in the workplace to maintain secure networks?",
"num": "85",
"correct_answer": "d",
"answers": {
"a": "copiers",
"b": "laptops",
"c": "scanners",
"d": "Employees' personal devices"
}
},
{
"question": "Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?",
"num": "86",
"correct_answer": "b",
"answers": {
"a": "NMAP -PN -A -O -sS 192.168.2.0/24",
"b": "NMAP -P0 -A -O -p1-65535 192.168.0/24",
"c": "NMAP -P0 -A -sT -p0-65535 192.168.0/16",
"d": "NMAP -PN -O -sS -p 1-1024 192.168.0/8"
}
},
{
"question": "During a black box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host.\nThe traffic gets blocked; however, outbound HTTP traffic is unimpeded.\nWhat type of firewall is inspecting outbound traffic?",
"num": "87",
"correct_answer": "d",
"answers": {
"a": "Packet Filtering",
"b": "Application",
"c": "Circuit",
"d": "Stateful"
}
},
{
"question": "Which form of steganography generally includes a replication of an image so that any document source can be authenticated in a partial manner?",
"num": "88",
"correct_answer": "c",
"answers": {
"a": "BMP tagging",
"b": "Time stamp",
"c": "Digital watermarking",
"d": "Date stamp"
}
},
{
"question": "Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?",
"num": "89",
"correct_answer": "a",
"answers": {
"a": "They provide a repeatable framework.",
"b": "Anyone can run the command line scripts.",
"c": "They are available at low cost.",
"d": "They are subject to government regulation."
}