Q1. A company’s security states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?
A. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
B. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
C. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
D. Attempts by attacks to access the user and password information stores in the company's SQL database.
Answer: C
Q2. A common cryptographically tool is the use of XOR. XOR the following binary value: 10110001
00111010
A. 10001011
B. 10011101
C. 11011000
D. 10111100
Answer: A
Q3. Which of the following is component of a risk assessment?
A. Logical interface
B. DMZ
C. Administrative safeguards
D. Physical security
Answer: C
Q4. The phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the“landscape” looks like.
What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?
A. Network Mapping
B. Gaining access
C. Footprinting
D. Escalating privileges
Answer: C
Q5. The NMAP command above performs which of the following?
A. A ping scan
B. A trace sweep
C. An operating system detect
D. A port scan
Answer: A
Q6. While using your bank’s online servicing you notice the following stringin the URL bar: “http://www.MyPersonalBank/Account?
Id=368940911028389&Damount=10980&Camount=21”
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.
What type of vulnerability is present on this site?
A. SQL injection
B. XSS Reflection
C. Web Parameter Tampering
D. Cookie Tampering
Answer: C
Q7. What is the process of logging, recording, and resolving events that take place in an organization?
A. Metrics
B. Security Policy
C. Internal Procedure
D. Incident Management Process
Answer: D
Q8. Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
A. Kismet
B. Netstumbler
C. Abel
D. Nessus
Answer: A
Q9. This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attach along with some optimizations like Korek attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
Which of the following tools is being described?
A. Wificracker
B. WLAN-crack
C. Airguard
D. Aircrack-ng
Answer: D
Q10. During a blackbox pen test you attempt to pass IRC traffic over post 80/TCP from a compromised web enabled host. The traffic gets blocked; however outbound HTTP traffic is unimpeded.
What type of firewall is inspecting outbound traffic?
A. Circuit
B. Packet Filtering
C. Application
D. Stateful
Answer: C