Q1. Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
A. Kismet
B. Netstumbler
C. Abel
D. Nessus
Answer: A
Q2. You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from the server will not be caught by a Network Based Intrusion Detection System (NIDS).
Which is the best way to evade the NIDS?
A. Out of band signaling
B. Encryption
C. Alternate Data Streams
D. Protocol Isolation
Answer: B
Q3. Which regulationdefines security and privacy controls for Federal information systems and organizations?
A. HIPAA
B. EU Safe Harbor
C. PCI-DSS
D. NIST-800-53
Answer: D
Q4. An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, digital Subscriber Line (DSL), wireless data services, and virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is most likely able to handle this requirement?
A. DIAMETER
B. Kerberos
C. RADIUS
A. D. TACACS+
Answer: D
Q5. What is the process of logging, recording, and resolving events that take place in an organization?
A. Metrics
B. Security Policy
C. Internal Procedure
D. Incident Management Process
Answer: D
Q6. As a Certified Ethical hacker, you were contracted by aprivate firm to conduct an external security assessment through penetration testing.
What document describes the specified of the testing, the associated violations, and essentially protects both the organization’s interest and your li abilities as a tester?
A. Term of Engagement
B. Non-Disclosure Agreement
C. Project Scope
D. Service Level Agreement
Answer: B
Q7. Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening port on the targeted system.
If a scanned port is open, what happens?
A. The port will ignore the packets.
B. The port will send an RST.
C. The port will send an ACK.
D. The port will send a SYN.
Answer: A
Q8. An attacker changes the profile information of a particular user on a target website (the victim). The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker’s database.
<frame src=http://www/vulnweb.com/updataif.php Style=”display:none”></iframe> What is this type of attack (that can use either HTTP GET or HRRP POST) called?
A. Cross-Site Request Forgery
B. Cross-Site Scripting
C. SQL Injection
D. Browser Hacking
Answer: A
Q9. PGP, SSL, and IKE are all examples of which type of cryptography?
A. Hash Algorithm
B. Secret Key
C. Public Key
D. Digest
Answer: : C
Q10. You have successfully gained access to your client’s internal network and successfully comprised a linux server which is part of the internal IP network. You want to know which
Microsoft Windows workstation have the sharing enabled.
Which port would you see listeningon these Windows machines in the network?
A. 1443
B. 3389
C. 161
D. 445
Answer: D