TEST 1

1-
Which of the following terms refers to the existence of a weakness, design flaw, or implementation
error that can lead to an unexpected event compromising the security of the system?

Vulnerability

Exploit

Zero-Day Attack

Hacking

2-
Which of the following terms refers to gaining access to one network and/or computer and then
using the same to gain access to multiple networks and computers that contain desirable
information?

Kill Chain

Doxing

Daisy Chaining

Social Engineering

3-
Ransomware encrypts the files and locks systems, thereby leaving the system in an unusable state.
The compromised user has to pay ransom to the attacker to unlock the system and get the files
decrypted. Petya delivers malicious code can that even destroy the data with no scope of recovery.
What is this malicious code called?

Bot

Honeypot

Vulnerability

Payload

4-
Which of the following statements correctly defines a zero-day attack?
An attack that exploits vulnerabilities before the software developer releases a patch for the
vulnerability.

An attack that exploits an application even if there are zero vulnerabilities.

An attack that exploits vulnerabilities after the software developer releases a patch for the
vulnerability.

An attack that could not exploit vulnerabilities even though the software developer has not released
a patch.

5-
Which fundamental element of information security refers to an assurance that the information is
accessible only to those authorized to have access?

Confidentiality

Integrity

Availability

Authenticity

6-
Jonathan, a solutions architect with a start-up, was asked to redesign the company’s web
infrastructure to meet the growing customer demands. He proposed the following architecture to
the management:

What is Jonathan’s primary objective?

Ensuring integrity of the application servers

Ensuring high availability

Proper user authentication

Ensuring confidentiality of the data

7-
Arturo is the leader of information security professionals of a small financial corporation that has a
few branch offices in Africa. The company suffered an attack of USD 10 million through an
interbanking system. The CSIRT explained to Arturo that the incident occurred because 6 months ago
the hackers came in from the outside through a small vulnerability, then they did a lateral movement
to the computer of a person with privileges in the interbanking system. Finally, the hackers got
access and did the fraudulent transactions.
What is the most accurate name for the kind of attack in this scenario?

Internal Attack

Backdoor

APT

External Attack

8-
Highlander, is a medical insurance company with several regional company offices in North America.
Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office,
anti-malware/virus software, and an insurance application developed by a contractor. All the
software updates and patches are managed by the IT department of Highlander, Incorporated. Group
policies are used to lock down the desktop computers, including the use of Applocker to restrict the
installation of any third-party applications.
There are one hundred employees who work from their home offices. Employees who work from
home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-
based domain service, which is synchronized with the corporate internal domain service. The
computers are updated and patched through the cloud-based domain service. Applocker is not used
to restrict the installation of third-party applications.
The database that hosts the information collected from the insurance application is hosted on a
cloud-based file server, and their email server is hosted on Office 365. Other files created by
employees get saved to a cloud-based file server, and the company uses work folders to synchronize
offline copies back to their devices.
Based on the knowledge of the network topology and trends in network security, what would be the
primary target of a hacker trying to compromise Highlander?

Personal Laptops

Cloud Based File Server

Company Desktops
Personal Smartphones

9-
Highlander, Incorporated, is a medical insurance company with several regional company offices in
North America. Employees, when in the office, utilize desktop computers that have Windows 10,
Microsoft Office, anti-malware/virus software, and an insurance application developed by a
contractor. All the software updates and patches are managed by the IT department of Highlander,
Incorporated. Group policies are used to lock down the desktop computers, including the use of
Applocker to restrict the installation of any third-party applications.

There are one hundred employees who work from their home offices. Employees who work from
home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-
based domain service, which is synchronized with the corporate internal domain service. The
computers are updated and patched through the cloud-based domain service. Applocker is not used
to restrict the installation of third-party applications.

The laptops utilize direct access to automatically connect their machines to the Highlander,
Incorporated, network when they are not in the regional offices. The laptops are set up to use IPsec
when communicating with the cloud-based file server. The protocol that they have chosen is
Authentication Header (AH).

The database that hosts the information collected from the insurance application is hosted on a
cloud-based file server, and their email server is hosted on Office 365. Other files created by
employees get saved to a cloud-based file server, and the company uses work folders to synchronize
offline copies back to their devices.

Based on the knowledge of the network topology, which of the main elements of information
security has Highlander, Incorporated, NOT addressed in its plans for its laptops?

Authenticity

Availability

Confidentiality

Integrity

10-
James has published personal information about all senior executives of Essential Securities Bank on
his blog website. He has collected all this information from multiple social media websites and
publicly accessible databases. What is this known as?

Social Engineering
Impersonation

Phishing

Doxing

11-
A newly discovered flaw in a software application would be considered as which kind of security
vulnerability?

Time-to-check to time-to-use flaw

Zero-day vulnerability

HTTP header injection vulnerability

Input validation flaw

12-
An e-commerce site was put into a live environment and the programmers failed to remove the
secret entry point (bits of code embedded in programs) that was used during the application
development to quickly gain access at a later time, often during the testing or debugging phase.

What is this secret entry point known as?

SQL injection

Honey pot

Trap door

SDLC process

13-
Which of the following attack vectors is a network attack in which an unauthorized person gains
access to a network and stays there undetected for a long period of time? The intention of this attack
is to steal data rather than to cause damage to the network or organization.

Botnet

Advanced Persistent Threats

Insider Attack

Mobile Threats
14-
Which of the following is a network based threat?

Arbitrary code execution

Input validation flaw

Session hijacking

Buffer overflow

15-
Ron, a customer support intern, exploited default configurations and settings of the off-the-shelf
libraries and code used in the company’s CRM platform. How will you categorize this attack?

Mis-configuration attack

Operating System attack

Shrink-wrap code attack

Application-level attack

16-
Highlander, Incorporated, is a medical insurance company with several regional company offices in
North America. Employees, when in the office, utilize desktop computers that have Windows 10,
Microsoft Office, anti-malware/virus software, and an insurance application developed by a
contractor. All of the software updates and patches are managed by the IT department of
Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the
use of Applocker to restrict the installation of any third-party applications.
There are one hundred employees who work from their home offices. Employees who work from
home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-
based domain service, which is synchronized with the corporate internal domain service. The
computers are updated and patched through the cloud-based domain service. Applocker is not used
to restrict the installation of third-party applications.
The database that hosts the information collected from the insurance application is hosted on a
cloud-based file server, and their email server is hosted on Office 365. Other files created by
employees get saved to a cloud-based file server, and the company uses work folders to synchronize
offline copies back to their devices.
A competitor learns that employees use their own personal smartphones to communicate with other
employees of Highlander, Incorporated.
Which information security attack vector should the competitor use to gather information over a
long period of time from the phones, without the victim being aware that he or she has been
compromised?
Advanced Persistent Threat

Botnet

Viruses and Worms

Mobile Threats

17-
Which of the following malware types restricts access to the computer system’s files and folders, and
demands a payment to the malware creator(s) in order to remove the restrictions?

Spyware

Trojan Horse

Ransomeware

Adware

18-
Which of the following techniques is used to distribute malicious links via some communication
channel such as mails to obtain private information from the victims?

Phishing

Piggybacking

Dumpster diving

Vishing

19-
Which of the following can be categorized as a host-based threat?

Man-in-the-Middle attack

IDS bypass

Privilege escalation

Distributed Denial-of Service

20-
Which of the following category of information warfare is a sensor-based technology that directly
corrupts technological systems?

Command and control warfare (C2 warfare)

Electronic warfare

Economic warfare

Intelligence-based warfare

21-
Yancey is a network security administrator for a large electric company. This company provides
power for over 100,000 people in Las Vegas. Yancey has worked for his company for more than 15
years and has become very successful. One day, Yancey comes into work and finds out that the
company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and
decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the
company once he has left. Yancey does not care if his actions land him in jail for 30 or more years; he
just wants the company to pay for what they are doing to him. What would Yancey be considered?

Since he does not care about going to jail, he would be considered a black hat.

Because Yancey works for the company currently, he would be a white hat.

Yancey would be considered a suicide hacker.

Yancey is a hacktivist hacker since he is standing up to a company that is downsizing.

22-
What is the correct order of steps in the system hacking cycle?

Executing Applications -> Gaining Access -> Covering Tracks -> Escalating Privileges -> Hiding Files

Covering Tracks -> Hiding Files -> Escalating -> Privileges -> Executing Applications -> Gaining Access

Escalating Privileges -> Gaining Access -> Executing Applications -> Covering Tracks -> Hiding Files

Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks

23-
Which of the following terms refers to unskilled hackers who compromise systems by running scripts,
tools, and software developed by real hackers? They usually focus on the quantity of attacks rather
than the quality of the attacks that they initiate.
Suicide Hackers

Script Kiddies

Gray Hats

Hacktivist

24-
What is the objective of a reconnaissance phase in a hacking life-cycle?

Gaining access to the target system with admin/root level privileges.

Identifying specific vulnerabilities in the target network.

Gaining access to the target system and network.

Gathering as much information as possible about the target.

25-
Which of the following is an active reconnaissance technique?

Performing dumpster diving

Collecting information about a target from search engines

Collecting contact information from yellow pages

Scanning a system by using tools to detect open ports

26-
Anonymous, a known hacker group, claim to have taken down 20,000 Twitter accounts linked to
Islamic State in response to the Paris attacks that left 130 people dead. How can you categorize this
attack by Anonymous?

Social engineering

Cracking

Spoofing

Hacktivism
27-
Highlander, Incorporated, is a medical insurance company with several regional company offices in
North America. Employees, when in the office, utilize desktop computers that have Windows 10,
Microsoft Office, anti-malware/virus software, and an insurance application developed by a
contractor. All of the software updates and patches are managed by the IT department of
Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the
use of Applocker to restrict the installation of any third-party applications.

There are one hundred employees who work from their home offices. Employees who work from
home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-
based domain service, which is synchronized with the corporate internal domain service. The
computers are updated and patched through the cloud-based domain service. Applocker is not used
to restrict the installation of third-party applications.

The protocol that they have chosen is Authentication Header (AH).

The database that hosts the information collected from the insurance application is hosted on a
cloud-based file server, and their email server is hosted on Office 365. Other files created by
employees get saved to a cloud-based file server and the company uses work folders to synchronize
offline copies back to their devices.

A competitor has finished the reconnaissance and scanning phases of their attack. They are going to
try to gain access to the Highlander, Incorporated, laptops. Which would be the most likely level to
gain access?

Operating System

Hardware Level

Application Level

Network Level

28-
Individuals who promote security awareness or a political agenda by performing hacking are known
as:

Cyber terrorists

Hacktivist

Script kiddies
Suicide hackers

29-
In which of the following hacking phases does an attacker try to detect listening ports to find
information about the nature of services running on the target machine?

Scanning

Clearing Tracks

Gaining access

Maintaining access

30-
In which of the following hacking phases does an attacker use steganography and tunneling
techniques to hide communication with the target for continuing access to the victim’s system and
remain unnoticed and uncaught?

Clearing Track

Reconnaissance

Scanning

Gaining Access

31-
Which of the following can an administrator do to verify that a tape backup can be recovered in its
entirety?

Read the first 512 bytes of the tape.

Read the last 512 bytes of the tape.

Restore a random file.

Perform a full restore.

32-
A network administrator is promoted as chief security officer at a local university. One of his new
responsibilities is to manage the implementation of an RFID card access system to a new server room
on campus. The server room will house student enrollment information that is securely backed up to
an off-site location.
During a meeting with an outside consultant, the chief security officer explains that he is concerned
that the existing security controls have not been designed properly. Currently, the network
administrator is responsible for approving and issuing RFID card access to the server room, as well as
reviewing the electronic access logs on a weekly basis.
Which of the following is an issue with the situation?

An inadequate disaster recovery plan

Undue influence

Segregation of duties

Lack of experience

33-
How can a policy help improve an employee’s security awareness?

By implementing written security procedures, enabling employee security training, and promoting
the benefits of security

By decreasing an employee's vacation time, addressing ad hoc employment clauses, and ensuring
that managers know employee strengths

By using informal networks of communication, establishing secret passing procedures, and

immediately terminating employees

By sharing security secrets with employees, enabling employees to share secrets, and establishing a
consultative helpline

34-
Which of the following is one of the four critical components of an effective risk assessment?

Logical interface.

Administrative safeguards.

Physical security.

DMZ.

35-
Which type of access control is used on a router or firewall to limit network activity?

Rule-based.

Role-based.

Mandatory.

Discretionary.

36-
Low humidity in a data center can cause which of the following problems?

Airborne contamination

Heat

Corrosion

Static electricity

37-
A consultant is hired to do a physical penetration test at a large financial company. On the first day of
his assessment, the consultant goes to the company’s building dressed as an electrician and waits in
the lobby for an employee to pass through the main access gate, and then the consultant follows the
employee behind to get into the restricted area. Which type of attack did the consultant perform?

Social engineering

Tailgating

Shoulder surfing

Mantrap

38-
Which type of scan is used on the eye to measure the layer of blood vessels?

Facial recognition scan

Signature kinetics scan

Retinal scan
Iris scan

39-
Highlander, Incorporated, is a medical insurance company with several regional company offices in
North America. There are various types of employees working in the company, including technical
teams, sales teams, and work-from-home employees. Highlander takes care of the security patches
and updates of official computers and laptops; however, the computers or laptops of the work-from-
home employees are to be managed by the employees or their ISPs. Highlander employs various
group policies to restrict the installation of any third-party applications.
As per Highlander’s policy, all the employees are able to utilize their personal smartphones to access
the company email in order to respond to requests for updates. Employees are responsible for
keeping their phones up to date with the latest patches. The phones are not used to directly connect
to any other resources in the Highlander, Incorporated, network. The database that hosts the
information collected from the insurance application is hosted on a cloud-based file server, and their
email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file
server, and the company uses work folders to synchronize offline copies back to their devices.
Highlander, Incorporated, is concerned about their defense in depth. The scope of their concern is
especially the users with mobile phones.
In order to provide appropriate security, which layer of defense in depth should they focus the most
attention on?

Physical.

Perimeter.

Internal Network.

Policies, Procedures, and Awareness.

40-
Which of the following policies provides the guidelines on the processing, storage and transmission
of sensitive information?

Network Security Policy.

Information Protection Policy.

Server Security Policy.

Acceptable Use Policy.

41-
A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company
almost two months ago but has yet to get paid. The customer is suffering from financial problems,
and the CEH is worried that the company will go out of business and end up not paying. What actions
should the CEH take?
Follow proper legal procedures against the company to request payment.

Threaten to publish the penetration test results if not paid.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Tell other customers of the financial problems with payments from this company.

42-
A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into
her husband’s email account in order to find proof so she can take him to court. What is the ethical
response?

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Say yes; do the job for free.

Say yes; the friend needs help to gather evidence.

Say no; the friend is not the owner of the account.

43-
A computer technician is using the latest version of a word-processing software and discovers that a
particular sequence of characters is causing the entire computer to crash. The technician researches
the bug and discovers that no one else has experienced the problem. What is the appropriate next
step?

Create a document that will crash the computer when opened and send it to friends.

Ignore the problem completely and let someone else deal with it.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

44-
Which of the following tasks DOES NOT fall under the scope of ethical hacking?

Pen testing

Defense-in-depth implementation
Vulnerability scanning

Risk assessment

45-
Stephany is the leader of an information security team of a global corporation that has several
branch offices around the world. In the past six months, the company has suffered several security
incidents. The CSIRT explains to Stephany that the incidents have something in common: the source
IP addresses of all the incidents are from one of the new branches. A lot of the outsourcing staff
come to this office to connect their computers to the LAN.
What is the most accurate security control to implement to resolve the primary source of the
incidents?

Internal Firewall

Antimalware application

Awareness to employees

Network access control (NAC)

46-
Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to
scan the internal network to find vulnerabilities without the authorization of his boss; he tries to
perform an attack and gain access to an AIX server to show the results to his boss. What kind of role
is shown in the scenario?

Annoying employee

Gray Hat hacker

White Hat hacker

Black Hat hacker

47-
Why is ethical hacking necessary? (Select two.)

Ethical hackers are responsible for incident handling and response in the organization.
Ethical hackers try to find if all the components of information systems are adequately protected,
updated, and patched

Ethical hackers try to find what an intruder can see on the system under evaluation.

Ethical hackers are responsible for selecting security solutions and try to verify the ROI of security
systems.

48-
Highlander, Incorporated, decides to hire an ethical hacker to identify vulnerabilities at the regional
locations and ensure system security.
What is the main difference between a hacker and an ethical hacker when they are trying to
compromise the regional offices?

Ethical Hackers have the permission of upper management.

Hackers have more sophisticated tools.

Ethical hackers have the permission of the regional server administrators.

Hackers don’t have any knowledge of the network before they compromise the network.

49-
You have been hired to do an ethical hacking (penetration Testing) for a company. Which is the first
thing you should do in this process?

Escalating Privileges

Network information gathering

Acquiring Target

Perimeter Testing

50-
A security consultant is trying to bid on a large contract that involves penetration testing and
reporting. The company accepting bids wants proof of work, so the consultant prints out several
audits that they have performed for previous companies. Which of the following is likely to occur as a
result?

The consultant may expose vulnerabilities of other companies.

The company accepting bids will want the same type of format of testing.
The company accepting bids will hire the consultant because of the great work performed.

The consultant will ask for money on the bid because of great work.

1-
Passive reconnaissance involves collecting information through which of the following?

Social engineering

Traceroute analysis

Email tracking

Publicly accessible sources

2-
A penetration tester was hired to perform a penetration test for a bank. The tester began searching
for IP ranges owned by the bank, performing lookups on the bank’s DNS servers, reading news
articles online about the bank, watching the bank employees time in and out, searching the bank’s
job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the
bank’s corporate office. What phase of the penetration test is the tester currently in?

Active information gathering

Information reporting

Passive information gathering

Vulnerability assessmen

3-
Which of the following technique is used to gather information about the target without direct
interaction with the target?

Scanning

Active Footprinting

Enumeration

Passive Footprinting

4-
A pen tester was hired to perform penetration testing on an organization. The tester was asked to
perform passive footprinting on the target organization.
Which of the following techniques comes under passive footprinting?

Performing traceroute analysis

Querying published name servers of the target

Performing social engineering

Finding the top-level domains (TLDs) and sub-domains of a target through web services

5-
Which of the following is a network threat?

Arbitrary code execution

Privilege escalation

Session hijacking

SQL injection

6-
Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and
was following the CEH methodology to perform the penetration testing. He is assigned a project for
information gathering on a client’s network. He started penetration testing and was trying to find out
the company’s sub-domains to get information about the different departments and business units.
Smith was unable to find any information.
What should Smith do to get the information he needs?

Smith should use online services such as netcraft.com to find the company’s sub-domains

Smith should use WayBackMachine in Archive.org to find the company’s sub-domains

Smith should use website mirroring tools such as HTTrack Website Copier to find the company’s sub-
domains

Smith should use email tracking tools such as eMailTrackerPro to find the company’s sub-domains

7-
Which of the following countermeasure helps organizations to prevent information disclosure
through banner grabbing?
Configure IIS

Implement VPN

Configure web servers

TCP/IP and IPSec

8-
Which of the following database is used to delete the history of the target website?

WhoIs Lookup database

archive.org

Implement VPN

TCP/IP and IPSec filters

9-
Sean works as a professional ethical hacker and penetration tester. He is assigned a project for
information gathering on a client’s network. He started penetration testing and was trying to find out
the company’s internal URLs, looking for any information about the different departments and
business units. Sean was unable find any information.
What should Sean do to get the information he needs?

Sean should use Sublist3r tool

Sean should use website mirroring tools

Sean should use WayBackMachine in Archive.org

Sean should use email tracking tools

10-
InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day
of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to
collect the sensitive information.
What is Sean trying to do?

Trying to attempt social engineering using phishing

Trying to attempt social engineering by eavesdropping

Trying to attempt social engineering by dumpster diving

Trying to attempt social engineering by shoulder surfing

11-
Which results will be returned with the following Google search query?
site:target.com -site:Marketing.target.com accounting

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

Results matching all words in the query

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Results from matches on the site marketing.target.com that are in the domain target.com but do not
include the word accounting

12-
You are doing a research on SQL injection attacks. Which of the following combination of Google
operators will you use to find all Wikipedia pages that contain information about SQL, injection
attacks or SQL injection techniques?

site:Wikipedia.org intitle:“SQL Injection”

allinurl: Wikipedia.org intitle:“SQL Injection”

site:Wikipedia.org related:“SQL Injection”

SQL injection site:Wikipedia.org

13-
Information gathered from social networking websites such as Facebook, Twitter, and LinkedIn can
be used to launch which of the following types of attacks?

Distributed denial of service attack

Smurf attack

SQL injection attack

Social engineering attack

14-
Which Google search query can you use to find mail lists dumped on pastebin.com?
allinurl: pastebin.com intitle:*@*.com:*

site:pastebin.com intext:*@*.com:*

allinurl: pastebin.com intitle:”mail lists”

cache: pastebin.com intitle:*@*.com:*

15-
Which Google search query will search for any configuration files a target certifiedhacker.com may
have?

site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp |

intext:cfg | intext:txt | intext:ora | intext:ini

site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf |

filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini

site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext:reg || ext:inf || ext:rdp || ext:cfg ||

ext:txt || ext:ora || ext:ini

allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt
| ext:ora | ext:ini

16-
What is the output returned by search engines when extracting critical details about a target from
the Internet?

Advanced search operators

Search Engine Results Pages (‘SERPs’)

Operating systems, location of web servers, users and passwords

Open ports and Services

17-
Which of the following techniques is used to create complex search engine queries?

Yahoo Search

Bing Search

DuckDuckGo
Google hacking

18-
Sean works as a penetration tester in ABC firm. He was asked to gather information about the target
company. Sean begins with social engineering by following the steps:
● Secretly observes the target to gain critical information
● Looks at employee’s password or PIN code with the help of binoculars or a low-power
telescope
Based on the above description, identify the social engineering technique.

Shoulder surfing

Dumpster diving

Tailgating

Phishing

19-
Which one of the following is a Google search query used for VoIP footprinting to extract Cisco
phone details?

intitle:"D-Link VoIP Router" "Welcome"

inurl:/voice/advanced/ intitle:Linksys SPA configuration

inurl:”ccmuser/logon.asp”

inurl:”NetworkConfiguration” cisco

20-
Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN
client passwords ?

inurl:/remote/login?lang=en

"Config" intitle:"Index of" intext:vpn

"[main]" "enc_GroupPwd=" ext:txt

filetype:pcf "cisco" "GroupPwd"

21-
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the
nslookup interactive mode for the search. Which command should the hacker type into the
command shell to request the appropriate records?

Request type=ns

Set type=ns

Transfer type=ns

Locate type=ns

22-
Which of the following tools consists of a publicly available set of databases that contain personal
information of domain owners?

WHOIS lookup tools

Web spidering tools

Metadata extraction tools

Traceroute tools

23-
What is the outcome of the command “nc -l -p 2222 | nc 10.1.0.43 1234”?

Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222.

Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43
port 1234.

Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port
2222.

24-
What information is gathered about the victim using email tracking tools?

Targeted contact data, extracts the URL and meta tag for website promotion.
Information on an organization’s web pages since their creation.

Username of the clients, operating systems, email addresses, and list of software.

Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information.

25-
Which of the following tools allows an attacker to extract information such as sender identity, mail
server, sender’s IP address, location, and so on?

Metadata Extraction Tools

Email Tracking Tools

Web Updates Monitoring Tools

Website Mirroring Tools

26-
Which of the following is a query and response protocol used for querying databases that store the
registered users or assignees of an Internet resource, such as a domain name, an IP address block, or
an autonomous system?

DNS Lookup

TCP/IP

Traceroute

WhoIs Lookup

27-
Which of the following regional internet registries (RIRs) provides services related to the technical
coordination and management of Internet number resources in Canada, the United States, and many
Caribbean and North Atlantic islands?

APNIC

AFRINIC

ARIN

LACNIC

28-
Which of the following DNS record type helps in DNS footprinting to determine domain’s mail server?

CNAME

MX

NS

29-
Which of the following utility uses the ICMP protocol concept and Time to Live (‘TTL’) field of IP
header to find the path of the target host in the network?

TCP/IP

Traceroute

DNS Lookup

WhoIs

30-
Which of the following tools are useful in extracting information about the geographical location of
routers, servers and IP devices in a network?

WhoIs Lookup tools

Traceroute tools

Email Tracking Tools

DNS Lookup tools²