120:

-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
---------------------

1._________ is a set of extensions to DNS that provide the origin authentication of

DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning,
spoofing, and similar types of attacks.
A. DNSSEC
B. Resource records
C. Resource transfer
D. Zone transfer
Correct Answer: A

2.Email is transmitted across the Internet using the Simple Mail Transport
Protocol. SMTP does not encrypt email, leaving the information in the message
vulnerable to being read by an unauthorized person. SMTP can upgrade a connection
between two mail servers to use TLS. Email transmitted by SMTP over TLS is
encrypted. What is the name of the command used by SMTP to transmit email over TLS?
A. OPPORTUNISTICTLS
B. UPGRADETLS
C. FORCETLS
D. STARTTLS
Correct Answer: D

3.In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

A. Forcing the targeted keystream through a hardware-accelerated device such as an
ASIC.
B. A backdoor placed into a cryptographic algorithm by its creator.
C. Extraction of cryptographic secrets through coercion or torture.
D. Attempting to decrypt ciphertext by making logical assumptions about the
contents of the original plaintext.
Correct Answer: C

4.Which mode of IPSec should you use to assure security and confidentiality of data
within the same LAN?
A. ESP transport mode
B. ESP confidential
C. AH permiscuous
D. AH Tunnel mode
Correct Answer: A

5.An attacker, using a rogue wireless AP, performed an MITM attack and injected an
HTML code to embed a malicious applet in all HTTP connections. When users accessed
any page, the applet ran and exploited many machines. Which one of the following
tools the hacker probably used to inject HTML code?
A. Wireshark
B. Ettercap
C. Aircrack-ng
D. Tcpdump
Correct Answer: B
6.What is the known plaintext attack used against DES which gives the result that
encrypting plaintext with one DES key followed by encrypting it with a second DES
key is no more secure than using a single key?
A. Man-in-the-middle attack
B. Meet-in-the-middle attack
C. Replay attack
D. Traffic analysis attack
Correct Answer: B

7.Which Intrusion Detection System is the best applicable for large environments
where critical assets on the network need extra scrutiny and is ideal for observing
sensitive network segments?
A. Honeypots
B. Firewalls
C. Network-based intrusion detection system (NIDS)
D. Host-based intrusion detection system (HIDS)
Correct Answer: C

8.What does the -oX flag do in an Nmap scan?

A. Perform an eXpress scan
B. Output the results in truncated format to the screen
C. Output the results in XML format to a file
D. Perform an Xmas scan
Correct Answer: C

9.You are attempting to run an Nmap port scan on a web server. Which of the
following commands would result in a scan of common ports with the least amount of
noise in order to evade IDS?
A. nmap -A – Pn
B. nmap -sP -p-65535 -T5
C. nmap -sT -O -T0
D. nmap -A –host-timeout 99 -T1
Correct Answer: C

10.Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol

within the suite provides different functionality. Collective IPsec does everything
except.
A. Protect the payload and the headers
B. Encrypt
C. Work at the Data Link Layer
D. Authenticate
Correct Answer: D

11.An attacker attaches a rogue router in a network. He wants to redirect traffic

to a LAN attached to his router as part of a man-in-the-middle attack. What measure
on behalf of the legitimate admin can mitigate this attack?
A. Make sure that legitimate network routers are configured to run routing
protocols with authentication.
B. Disable all routing protocols and only use static routes
C. Only using OSPFv3 will mitigate this risk.
D. Redirection of the traffic cannot happen unless the admin allows it explicitly.
Correct Answer: A
12.To reach a bank web site, the traffic from workstations must pass through a
firewall. You have been asked to review the firewall configuration to ensure that
workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1
using https. Which of the following firewall rules meets this requirement?
A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port
matches 443) then permit
B. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port
matches 80 or 443) then permit
C. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port
matches 443) then permit
D. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port
matches 443) then permit
Correct Answer: A

13.Which of the following is the BEST way to defend against network sniffing?
A. Using encryption protocols to secure network communications
B. Register all machines MAC Address in a Centralized Database
C. Use Static IP Address
D. Restrict Physical Access to Server Rooms hosting Critical Servers
Correct Answer: A

14.Session splicing is an IDS evasion technique in which an attacker delivers data

in multiple, small sized packets to the target computer, making it very difficult
for an IDS to detect the attack signatures. Which tool can be used to perform
session splicing attacks?
A. tcpsplice
B. Burp
C. Hydra
D. Whisker
Correct Answer: D

15.A regional bank hires your company to perform a security assessment on their
network after a recent data breach. The attacker was able to steal financial data
from the bank by compromising only a single server. Based on this information, what
should be one of your key recommendations to the bank?
A. Place a front-end web server in a demilitarized zone that only handles external
web traffic
B. Require all employees to change their anti-virus program with a new one
C. Move the financial data to another server on the same IP subnet
D. Issue new certificates to the web servers from the root certificate authority
Correct Answer: A

16.During a black-box pen test you attempt to pass IRC traffic over port 80/TCP
from a compromised web enabled host. The traffic gets blocked; however, outbound
HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?
A. Circuit
B. Stateful
C. Application
Correct Answer: B

17.Which of the following tools performs comprehensive tests against web servers,
including dangerous files and CGIs?
A. Nikto
B. John the Ripper
C. Dsniff
D. Snort
Correct Answer: A

18.A technician is resolving an issue where a computer is unable to connect to the

Internet using a wireless access point. The computer is able to transfer files
locally to other machines, but cannot successfully reach the Internet. When the
technician examines the IP address and default gateway they are both on the
192.168.1.0/24. Which of the following has occurred?
A. The computer is not using a private IP address.
B. The gateway is not routing to a public IP address.
C. The gateway and the computer are not on the same network.
D. The computer is using an invalid IP address.
Correct Answer: B

19.If a tester is attempting to ping a target that exists but receives no response
or a response that states the destination is unreachable, ICMP may be disabled and
the network may be using TCP. Which other option could the tester use to get a
response from a host using TCP?
A. Traceroute
B. Hping
C. TCP ping
D. Broadcast ping
Correct Answer: B

20.Which of the following is the structure designed to verify and authenticate the
identity of individuals within the enterprise taking part in a data exchange?
A. SOA
B. biometrics
C. single sign on
D. PKI
Correct Answer: D

21.A new wireless client is configured to join a 802.11 network. This client uses
the same hardware and software as many of the other clients on the network. The
client can see the network, but cannot connect. A wireless packet sniffer shows
that the Wireless Access Point (WAP) is not responding to the association requests
being sent by the wireless client. What is a possible source of this problem?
A. The WAP does not recognize the client’s MAC address
B. The client cannot see the SSID of the wireless network
C. Client is configured for the wrong channel
D. The wireless client is not configured to use DHCP
Correct Answer: A

22.If you want to only scan fewer ports than the default scan using Nmap tool,
which option would you use?
A. -r
B. -F
C. -P
D. -sP
Correct Answer: B

23.User A is writing a sensitive email message to user B outside the local network.
User A has chosen to use PKI to secure his message and ensure only user B can read
the sensitive email. At what layer of the OSI layer does the encryption and
decryption of the message take place?
A. Application
B. Transport
C. Session
D. Presentation
Correct Answer: D

24.Which attack is a man-in-the-middle attack that takes use of fallback

capabilities in TLS clients?
DROWN
FREAK
Heartbleed
POODLE---------------
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
The man-in-the-middle interrupts all TLS client handshake attempts, forcing a
downgrading to a vulnerable SSL version in a POODLE attack.

25.Which of the following is the best attack vector for Joe and Bob to follow if
they are both ethical hackers and have gained access to a folder when Joe has
several encrypted files from the folder, and Bob has found one of them unencrypted?
Known plain text---------------
Cipher text only
Replay
Chosen cipher text
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
The hacker has both plain-text and cipher-text communications in a known plain-text
attack; the plain-text copies are scanned for repeating patterns, which are then
compared to the cipher-text versions. This may be used to decipher the key over
time and with effort.

26.What is the primary consideration for this case that an organization has decided
upon AES with a 256-bit key to secure data exchange?
AES is a weak cypher.
It uses a shared key for encryption.---------------
The key size makes data exchange bulky and complex.
AES is slow.
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
Because AES is a symmetric algorithm, the same key is utilized for both encryption
and decryption.
Before any data exchange, the organization must devise a safe method of
transmitting the key to both parties.

27.The statement is true regarding encryption algorithms is which of the following?

Symmetric algorithms are faster, are good for bulk encryption, but have scalability
problems.---------------
Symmetric algorithms are slower, are good for bulk encryption, and have no
scalability problems.
Symmetric algorithms are faster, are good for bulk encryption, and have no
scalability problems.
Symmetric algorithms are faster but have scalability problems and are not suited
for bulk encryption.
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
Symmetric methods are quick and useful for mass encryption, but they have scaling
issues.

28.Which of the following is not true regarding RC4 if RC4 is a simple, fast
encryption cipher?
RC4 uses block encryption.---------------
RC4 can be used for web encryption.
RC4 is a symmetric encryption cipher.
RC4 can be used for file encryption.
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
RC4 is a basic, fast, and symmetric stream cipher. It can be used for nearly
everything an encryption cipher may be used for (you can even discover it in WEP).

29.Using variable block sizes (from 32 to 128 bits) is which symmetric algorithm in
the following?
MD5
3DES
RC---------------
DES
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
Variable block sizes (from 32 to 128 bits) is used by Rivest Cipher (RC)

30.Producing a 160-bit output value is which hash algorithm of the following?

MD5
SHA-2
SHA-1---------------
Diffie-Hellmann
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
The output value of SHA-1 is 160 bits.

31.A symmetric encryption method that converts a fixedlength amount of plain text
into an encrypted version of the same length is which of the following?
Block---------------
Stream
Bit
Hash
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
Block encryption transforms a fixed-length plain text block into an encrypted block
of the same length.

32.Which of the following tests is often faster and less expensive, but is more
vulnerable to false reporting and contract violations?
Automatic---------------
Internal
External
Manual
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
Automatic testing makes use of a tool suite and is often faster than a
comprehensive manual test.
However, it is susceptible to false negatives and false positives and frequently
exceeds the scope boundary.

33.To check policies and procedures within an organization, which security

assessment is designed?
Security audit---------------
Vulnerability assessment
Pen test
None of the above
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
To verify security policies and procedures in place, a security audit is used.

34.A good choice for an automated penetration test would be which of the following?
(select all that apply.)
nmap
CANVAS---------------
Core Impact---------------
Netcat
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
Both Core Impact and CANVAS are automated, all-in-one test tool suites that can run
a test for a customer.
Other tools, like as Nessus, Retina, SAINT, and Sara, may be used in concert with
them to detect vulnerabilities.

35.Which type of test is Joe performing in the case: Joe is a member of a

penetration testing team and is about to begin a test. The customer provided him
with a system on one of their subnets but did not offer any authentication
information, network diagrams, or other relevant details about the systems.
Internal, black box---------------
External, white box
External, black box
Black box
Internal, white box
Explanation:-----------------------------------------------------------------------
-----------------------------------------------------------------
Joe is on a network-internal system and has no knowledge of the target's network.
As a result, he is conducting an internal, black-box test.

36.Which algorithm is Dan most likely to crack in the case that He intercepted
several encrypted files from an organization during a penetration test. They were
encrypted with different algorithms?
DES---------------
RSA
3DES
AES

37.Which of the following information-sharing policies did John uncover to be

violated if he who is a security specialist, examined the company's website and he
noticed that crucial company information was widely available on the internet?
A printed materials policy
An employee social media policy
An internet policy---------------
A company social media policy

38.Which of the following are involved in cross-site request forgery:

A server making a request to another server without the user’s knowledge
A request sent by a malicious user from a browser to a server
Modification of a request by a proxy between client and server
A browser making a request to a server without the user’s knowledge---------------

39.Clark is a professional hacker. He developed and set many domains referring to

the same server in order to switch between domains fast and avoid detection. In the
preceding situation, identify the adversary's behavior.
Unspecified proxy activities---------------
Data staging
Use of DNS tunneling
use of command-line interface

40.Which of the following best describes MAC spoofing in the case that you have
just discovered that a hacker is trying to penetrate your network using MAC
spoofing?
Driving around in a car and searching for wireless networks that allow MAC
addresses to be captured
The process of sending many Ethernet frames, each containing different source MAC
addresses, to a switch
Changing a hacker's network card to match a legitimate address being used on a
network---------------
Configuring a network card to run in promiscuous mode, allowing MAC addresses to be
captured

41.To masquerade as a legitimate network resource, which of the following is a

physical or virtual network device set up?
Honeypot---------------
Switch
Server
Firewall

42.Which of the following tools would Allen most likely select if he who is the
network administrator, needs a tool that can do network intrusion prevention and
intrusion detection, capture packets, and monitor information?
Nessus
Snort---------------
Nmap
Cain & Abel

43.A penetration tester discovers a vulnerable application and is able to steal the
URL hyperlink session ID of a website. The session ID can be intercepted by the
penetration tester; when the vulnerable application transmits the URL hyperlink to
the website, the session IDs are embedded in the hyperlink. The penetration tester
employs which of the following types of session hijacking countermeasures?
UDP session hijacking
Session fixation attack---------------
TCP/IP session hijacking
Man-in-the-middle attack

44.Which of the following host discovery techniques must Andrew use to perform the
given task if he is an Ethical Hacker who was assigned the task of discovering all
the active devices hidden by a restrictive firewall in the IPv4 range in a given
target network?
UDP scan
arp ping scan---------------
TCP Maimon scan
ACK flag probe scan

45.John, a disgruntled ex-employee of an organization, contacted a professional

hacker to exploit the organization. In the attack process, the professional hacker
installed a scanner on a machine belonging to one of the victims and scanned
several machines on the same network to identify vulnerabilities to perform further
exploitation. What is the type of vulnerability assessment tool employed by John in
the above scenario?
A. Agent-based scanner
B. Network-based scanner
C. Cluster scanner
D. Proxy scanner
Answer : A

46.Joel, a professional hacker, targeted a company and identified the types of

websites frequently visited by its employees. Using this information, he searched
for possible loopholes in these websites and injected a malicious script that can
redirect users from the web page and download malware onto a victim's machine. Joel
waits for the victim to access the infected web application so as to compromise the
victim's machine. Which of the following techniques is used by Joel in the above
scenario?
A. Watering hole attack
B. DNS rebinding attack
C. MarioNet attack
D. Clickjacking attack
Answer : A

47.John wants to send Marie an email that includes sensitive information, and he
does not trust the network that he is connected to. Marie gives him the idea of
using PGP. What should John do to communicate correctly using this type of
encryption?
A. Use his own private key to encrypt the message.
B. Use his own public key to encrypt the message.
C. Use Marie’s private key to encrypt the message.
D. Use Marie’s public key to encrypt the message.
Answer : D

48.You are attempting to run an Nmap port scan on a web server. Which of the
following commands would result in a scan of common ports with the least amount of
noise in order to evade IDS?
A. nmap -A - Pn
B. nmap -sP -p-65535 -T5
C. nmap -sT -O -T0
D. nmap -A --host-timeout 99 -T1
Answer : C

49.Tony is a penetration tester tasked with performing a penetration test. After

gaining initial access to a target system, he finds a list of hashed passwords.
Which of the following tools would not be useful for cracking the hashed passwords?
A. Hashcat
B. John the Ripper
C. THC-Hydra
D. netcat
Answer : B

50.An organization is performing a vulnerability assessment for mitigating threats.

James, a pen tester, scanned the organization by building an inventory of the
protocols found on the organization’s machines to detect which ports are attached
to services such as an email server, a web server, or a database server. After
identifying the services, he selected the vulnerabilities on each machine and
started executing only the relevant tests. What is the type of vulnerability
assessment solution that James employed in the above scenario?
A. Service-based solutions
B. Product-based solutions
C. Tree-based assessment
D. Inference-based assessment
Answer : D

51.Becky has been hired by a client from Dubai to perform a penetration test
against one of their remote offices. Working from her location in Columbus, Ohio,
Becky runs her usual reconnaissance scans to obtain basic information about their
network. When analyzing the results of her Whois search, Becky notices that the IP
was allocated to a location in Le Havre, France. Which regional Internet registry
should Becky go to for detailed information?
A. ARIN
B. LACNIC
C. APNIC
D. RIPE
Answer : A

52.Harry, a professional hacker, targets the IT infrastructure of an organization.

After preparing for the attack, he attempts to enter the target network using
techniques such as sending spear-phishing emails and exploiting vulnerabilities on
publicly available servers. Using these techniques, he successfully deployed
malware on the target system to establish an outbound connection. What is the APT
lifecycle phase that Harry is currently executing?
A. Initial intrusion
B. Persistence
C. Cleanup
D. Preparation
Answer : A

53.Robin, a professional hacker, targeted an organization’s network to sniff all

the traffic. During this process, Robin plugged in a rogue switch to an unused port
in the LAN with a priority lower than any other switch in the network so that he
could make it a root bridge that will later allow him to sniff all the traffic in
the network. What is the attack performed by Robin in the above scenario?
A. ARP spoofing attack
B. STP attack
C. DNS poisoning attack
D. VLAN hopping attack
Answer : B

54.CyberTech Inc. recently experienced SQL injection attacks on its official

website. The company appointed Bob, a security professional, to build and
incorporate defensive strategies against such attacks. Bob adopted a practice
whereby only a list of entities such as the data type, range, size, and value,
which have been approved for secured access, is accepted. What is the defensive
technique employed by Bob in the above scenario?
A. Whitelist validation
B. Output encoding
C. Blacklist validation
D. Enforce least privileges
Answer : A

55.Joe works as an IT administrator in an organization and has recently set up a

cloud computing service for the organization. To implement this service, he reached
out to a telecom company for providing Internet connectivity and transport services
between the organization and the cloud service provider. In the NIST cloud
deployment reference architecture, under which category does the telecom company
fall in the above scenario?
A. Cloud consumer
B. Cloud broker
C. Cloud auditor
D. Cloud carrier
Answer : D

56.John, a professional hacker, targeted an organization that uses LDAP for

accessing distributed directory services. He used an automated tool to anonymously
query the LDAP service for sensitive information such as usernames, addresses,
departmental details, and server names to launch further attacks on the target
organization. What is the tool employed by John to gather information from the LDAP
service?
A. ike-scan
B. Zabasearch
C. JXplorer
D. EarthExplorer
Answer : C

57.Gilbert, a web developer, uses a centralized web API to reduce complexity and
increase the integrity of updating and changing data. For this purpose, he uses a
web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can
improve the overall performance, visibility, scalability, reliability, and
portability of an application. What is the type of web-service API mentioned in the
above scenario?
A. RESTful API
B. JSON-RPC
C. SOAP API
D. REST API
Answer : A
58.To create a botnet, the attacker can use several techniques to scan vulnerable
machines. The attacker first collects information about a large number of
vulnerable machines to create a list. Subsequently, they infect the machines. The
list is divided by assigning half of the list to the newly compromised machines.
The scanning process runs simultaneously. This technique ensures the spreading and
installation of malicious code in little time. Which technique is discussed here?
A. Subnet scanning technique
B. Permutation scanning technique
C. Hit-list scanning technique.
D. Topological scanning technique
Answer : D

59.Sophia is a shopping enthusiast who spends significant time searching for trendy
outfits online. Clark, an attacker, noticed her activities several times and sent a
fake email containing a deceptive page link to her social media page displaying
all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and
logged in to that page using her valid credentials. Which of the following tools is
employed by Clark to create the spoofed email?
A. Evilginx
B. Slowloris
C. PLCinject
D. PyLoris
Answer : A

60.John, a disgruntled ex-employee of an organization, contacted a professional

hacker to exploit the organization. In the attack process, the professional hacker
installed a scanner on a machine belonging to one of the victims and scanned
several machines on the same network to identify vulnerabilities to perform further
exploitation. What is the type of vulnerability assessment tool employed by John in
the above scenario?
A. Agent-based scanner
B. Network-based scanner
C. Cluster scanner
D. Proxy scanner
Answer : A

61.Allen, a professional pen tester, was hired by XpertTech Solutions to perform an

attack simulation on the organization’s network resources. To perform the attack,
he took advantage of the NetBIOS API and targeted the NetBIOS service. By
enumerating NetBIOS, he found that port 139 was open and could see the resources
that could be accessed or viewed on a remote system. He came across many NetBIOS
codes during enumeration. Identify the NetBIOS code used for obtaining the
messenger service running for the logged-in user?
A. <00>
B. <20>
C. <03>
D. <1B>
Answer : C

62.Samuel, a security administrator, is assessing the configuration of a web

server. He noticed that the server permits SSLv2 connections, and the same private
key certificate is used on a different server that allows SSLv2 connections. This
vulnerability makes the web server vulnerable to attacks as the SSLv2 server can
leak key information. Which of the following attacks can be performed by exploiting
the above vulnerability?
A. Padding oracle attack
B. DROWN attack
C. DUHK attack
D. Side-channel attack
Answer : B

63.Clark, a professional hacker, was hired by an organization to gather sensitive

information about its competitors surreptitiously. Clark gathers the server IP
address of the target organization using Whois footprinting. Further, he entered
the server IP address as an input to an online tool to retrieve information such as
the network range of the target organization and to identify the network topology
and operating system used in the network. What is the online tool employed by Clark
in the above scenario?
A. DuckDuckGo
B. AOL
C. ARIN
D. Baidu
Answer : C

64.You are a penetration tester and are about to perform a scan on a specific
server. The agreement that you signed with the client contains the following
specific condition for the scan: “The attacker must scan every port on the server
several times using a set of spoofed source IP addresses.” Suppose that you are
using Nmap to perform this scan. What flag will you use to satisfy this
requirement?
A. The -g flag
B. The -A flag
C. The -f flag
D. The -D flag
Answer : D

65.Jude, a pen tester, examined a network from a hacker’s perspective to identify

exploits and vulnerabilities accessible to the outside world by using devices such
as firewalls, routers, and servers. In this process, he also estimated the threat
of network security attacks and determined the level of security of the corporate
network. What is the type of vulnerability assessment that Jude performed on the
organization?
A. Application assessment
B. External assessment
C. Passive assessment
D. Host-based assessment
Answer : B

66.Widespread fraud at Enron, WorldCom, and Tyco led to the creation of a law that
was designed to improve the accuracy and accountability of corporate disclosures.
It covers accounting firms and third parties that provide financial services to
some organizations and came into effect in 2002. This law is known by what acronym?
A. SOX
B. FedRAMP
C. HIPAA
D. PCI DSS
Answer : A

67.Jude, a pen tester working in Keiltech Ltd., performs sophisticated security

testing on his company's network infrastructure to identify security loopholes. In
this process, he started to circumvent the network protection tools and firewalls
used in the company. He employed a technique that can create forged TCP sessions by
carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process
allowed Jude to execute DDoS attacks that can exhaust the network resources. What
is the attack technique used by Jude for finding loopholes in the above scenario?
A. Spoofed session flood attack
B. UDP flood attack
C. Peer-to-peer attack
D. Ping-of-death attack
Answer : A

68.Jim, a professional hacker, targeted an organization that is operating critical

industrial infrastructure. Jim used Nmap to scan open ports and running services on
systems connected to the organization’s OT network. He used an Nmap command to
identify Ethernet/IP devices connected to the Internet and further gathered
information such as the vendor name, product code and name, device name, and IP
address. Which of the following Nmap commands helped Jim retrieve the required
information?
A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
C. nmap -Pn -sT -p 46824 < Target IP >
D. nmap -Pn -sT -p 102 --script s7-info < Target IP >
Answer : B

69.Richard, an attacker, aimed to hack IoT devices connected to a target network.

In this process, Richard recorded the frequency required to share information
between connected devices. After obtaining the frequency, he captured the original
data when commands were initiated by the connected devices. Once the original data
were collected, he used free tools such as URH to segregate the command sequence.
Subsequently, he started injecting the segregated command sequence on the same
frequency into the IoT network, which repeats the captured signals of the devices.
What is the type of attack performed by Richard in the above scenario?
A. Cryptanalysis attack
B. Reconnaissance attack
C. Side-channel attack
D. Replay attack
Answer : D

70.Which of the following allows attackers to draw a map or outline the target
organization's network infrastructure to know about the actual environment that
they are going to hack?
A. Vulnerability analysis
B. Malware analysis
C. Scanning networks
D. Enumeration
Answer : C

71.Susan, a software developer, wants her web API to update other applications with
the latest information. For this purpose, she uses a user-defined HTTP callback or
push APIs that are raised based on trigger events; when invoked, this feature
supplies data to other applications so that users can instantly receive real-time
information. Which of the following techniques is employed by Susan?
A. Web shells
B. Webhooks
C. REST API
D. SOAP API
Answer : B

72.Which IOS jailbreaking technique patches the kernel during the device boot so
that it becomes jailbroken after each successive reboot?
A. Tethered jailbreaking
B. Semi-untethered jailbreaking
C. Semi-tethered jailbreaking
D. Untethered jailbreaking
Answer : D

73.Stella, a professional hacker, performs an attack on web services by exploiting

a vulnerability that provides additional routing information in the SOAP header to
support asynchronous communication. This further allows the transmission of web-
service requests and response messages using different TCP connections. Which of
the following attack techniques is used by Stella to compromise the web services?
A. Web services parsing attacks
B. WS-Address spoofing
C. SOAPAction spoofing
D. XML injection
Answer : B

74.Clark is a professional hacker. He created and configured multiple domains

pointing to the same host to switch quickly between the domains and avoid
detection. Identify the behavior of the adversary in the above scenario.
A. Unspecified proxy activities
B. Use of command-line interface
C. Data staging
D. Use of DNS tunneling
Answer : B

75.What firewall evasion scanning technique make use of a zombie system that has
low network activity as well as its fragment identification numbers?
A. Packet fragmentation scanning
B. Spoof source address scanning
C. Decoy scanning
D. Idle scanning
Answer : D

76.Which of the following best describes ARP Poisoning?

The process of injecting faulty entries in machines by changing the ARP
cache-------------------
The process of injecting faulty entries in machines by flooding the ARP cache
The process of injecting faulty entries in machines by removing the ARP cache
The process of injecting faulty entries in machines by changing the APR cache
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
ARP Poisoning is the process of injecting faulty entries in machines by changing
the ARP cache.

77.All of the examples below are sniffing techniques, except what?

ARP Poisoning
DHCP Starvation
DAC Flooding-------------------
Spoofing
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
DAC Flooding is not a sniffing technique

78.Which of the following definitions best describe MAC Flooding?

The attacker floods the switch with a few ethernet frames, each with the same MAC
addresses, thus compromising the switch
The attacker floods the switch with a few ethernet frames, each with different MAC
addresses, thus compromising the switch
The attacker floods the switch with a few ethernet frames, each with different DAC
addresses, thus compromising the switch
The attacker floods the switch with a lot of ethernet frames, each with different
MAC addresses, thus compromising the switch-------------------
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
In a MAC Flooding, the attacker floods the switch with a lot of ethernet frames,
each with different MAC addresses, thus compromising the switch.

79.Which of the following is the pathway the threat agent takes to exploit
vulnerability?
A threat vector-------------------
A threat agent
A race condition
A Hazard
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Threat vectors are the routes or the ways that malicious attacks may adopt to pass
through the defences of the system and ultimately infect the network.
Email or Phishing attacks and malicious attachments target the email threat vector.

80.Which of the following is a device that consolidates a lot of security functions

into a single system that may be placed at a single point in the network?
Universal Threat Management
Unidentified Threat Management
Intrusion Detection Systems
Unified Threat Management-------------------
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
A unified threat management (UTM) device is a device that summarizes a lot of
security functions or system into a single system that may be installed at a single
point in the entire network. This UTM would replace the follwoing:- (A) Firewall
(B) Intrusion detection Device (C) Intrusion protection
devices (D) Antivirus protection.

81.Multiple Computers (hosts) in a network being connected through a central hub is

the definition of which of the following?
Ring Network
Bus Network
Mesh Network
Star Network-------------------
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
A star network is defined as an implementation of a node–hub infrastructure in
computer networks.
In a star network, each host is connected directly to a central device which is
called the hub.
In its simplest form, one central hub acts as a channel to transmit and receive
messages.
The star network is categorized as one of the most common and widely used computer
network topologies.

82.International standard organization (ISO) introduced a model of seven layers,

the conceptual model that characterises and standardises the communication
functions of a telecommunication or computing system is called which of the
following system?
Open system interface Model
Open system interconnection Model-------------------
Open source intercommunication Model
Open software interconnection Model
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
The Open Systems Interconnection model (OSI model) is a conceptual and theoretical
model that specifies and standardises the communication transmission and reception
functions of telecommunication equipment or computing system without regard which
type of internal structure and technology is used.
in 1978, the International standard organization (ISO) proposed, initiated and
published OSI model.

83.Which of the following layer in Open Systems Interconnection (OSI) model closest
to the end-user and manages the communication needs of the application?
Physical Layer
Data Link Layer
Application Layer-------------------
Presentation Layer
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
An application layer is an abstraction layer that specifies the shared
communications (transmission and reception) protocols and interface types/methods
used by hosts or computer in a communications network.
It is nearest to the end-user and manages the communication (transmission and
reception) needs of the application.

84.It is a local network topology in which the infrastructure nodes (i.e. bridges,
switches, and other infrastructure devices) being connected directly, dynamically
and non-hierarchically to other nodes as many as possible is the definition for
which of the following?
Bus Network
Mesh Network-------------------
Hybrid Network
Star Network
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
A mesh network which is also known as meshnet is a local network topology in which
the infrastructure nodes (i.e. bridges, hub, switches, and other devices) connect
directly, dynamically and non-hierarchically to as many other nodes, computers, or
other hosts as possible and communicate with one another to route data precisely
and effectively from/to clients.
85.it’s a communication channel (a single network cable) that allows the
communication between multiple computers is the definition of Which of the
following topology?
Star Network
Bus Network-------------------
Mesh Network
Ring Network
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
In a Local Area Network (LAN), a bus topology can be defined as a topology in which
all the nodes, hosts or computers are connected to a single cable.
The cable to which the nodes, hosts or computers connect is called a “backbone”.
If this backbone is broken, the communication in the entire segment fails, it means
that no host is able to communicate.

86.It is a network topology in which each node is connected to exactly two other
nodes, forming a single continuous pathway for signals through each node is the
definition for which of the following?
Star Network
Ring Network-------------------
Bus Network
Mesh Network
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
A ring network is defined as a network topology in which each node, computer or
simply host connects to exactly two other nodes, computer or hosts forming a single
continuous pathway for transmitting and reception of signals through each node i.e.
a ring.
Data passes from node to node, with each node or computer along the way receiving
and transmitting every packet.

87.In the IP header, Which of the following is a 4-bit field and indicates IP
version?
Type of Service
Version-------------------
Total Length
Flags
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
The version field in the IP header indicates that the packet under consideration
includes the version of the IP.
This field shows a value of 4 when IPv4 is configured.
The header length is defined as the length of the header and in 32-bit words, it
has the values between 20 bytes to 60 bytes.

88.In Open Systems Interconnection (OSI) model HyperText Transfer Protocol (HTTP)
is a protocol of which of the following layer?
Application Layer-------------------
Physical Layer
Data Link Layer
Presentation Layer
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
HyperText Transfer Protocol is an application layer protocol which is developed
within the framework of the Internet protocol suite for viewing the web pages.
It develops the relations between the client and the server for resources (pages,
etc.).

89.Which of the following are a 32-bit number that masks an IP address, and divides
the IP address into network address and host address?
Application layer
The router
Subnet Mask-------------------
Broadcasting
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
A Subnet mask is a 32-bit number that masks or hide an IP address, and also divides
the IP address into two parts, one of it is the network address and the other is
the host address. Subnet Mask is created by changing network bits to all “1”s and
changing host bits to all “0”s.

90.Which of the following is a network whose nodes are more than 10 or so miles
apart?
Metropolitan Area Network (MAN)
Wide Area Network (WAN)-------------------
Virtual Local Area Network (VLAN)
Local Area Network (LAN)
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
A Wide Area Network is defined as a network whose nodes (computers or hosts) are
more than 10 or so miles apart from each other.
Any Internet service provider on backbone of the internet would have a WAN.
Additionally, businesses like banks may have WANs where they have network
connections that make connections between their offices located at different
places.

91.Which of the following protocols work well with streaming video and audio?
TCP
UDP-------------------
FTP
HTTP
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
UDP protocol is best in Streaming video and audio and TCP protocol doesn’t work
well for streaming video and audio. One biggest reason is that with UDP, it depends
on the application to do any type of reordering of messages (packets or datagram),
as required.
If a datagram (the PDU for UDP) receives out of order with streaming audio or
video, the application at the receiver side will just destroy it.

92.What wireless discovery option tool identifies poor coverage locations within
the WLAN network, detects interference causes, finds any rogue access points in the
network and is compatible with 802.11a, b, and g?
Kismet at www.kismetwireless.net
WIGLE at www.wigle.net
NetTumbler at www.nettumbler.com
NetStumbler at www.netstumbler.com-------------------
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
The NetStumbler application is a Windows-based tool used to discover WLAN networks
running on 802.11 a/b/g standards.
It helps detect other networks that may cause interference to your network, and it
can also find out poor coverage areas in the WLAN network and helps administrators
set up the network the way it is intended to be.

93.Cloud computing provides users and organization subscribers delivery of

different IT services over a network. Which type of cloud computing is geared
toward software development and provides a development platform that authorizes
subscribers to develop applications without building the infrastructure it would
normally take to develop and launch software?
Infrastructure as a Service
Software as a Service
Platform as a Service-------------------
Hardware as a Service
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Platform as a Service (PaaS) is a cloud computing model where a third-party
provider delivers hardware and software tools to users over the internet.
A PaaS provider hosts the hardware and software on its infrastructure.
As a result, PaaS frees developers from having to install in-house hardware and
software to develop or run a new application.

94.What is this cloud computing regulatory effort, which is a government-wide

program that delivers a systemized approach to security assessment, authorization,
and continuous monitoring of cloud products and services?
Federal Risk and Authorization Management Program (FedRAMP)-------------------
PCI Data Security Standard (PCI DSS)
Cloud Security Alliance (CSA)
Trusted Computing Group (TCG)
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Federal Risk and Authorization Management Program (FedRAMP) warrants agencies to
use modern cloud technologies, with emphasis on security and protection of federal
information, and helps accelerate the adoption of secure cloud solutions.

95.Cloud security is important on the side of the provider, as well as that of the
subscriber. What cloud security tool provides instant visibility and continuous
protection for servers in any combination of data centers, private clouds, and
public clouds?
CloudHalo
CloudSecurity
CloudInspect
CloudPassage Halo-------------------
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
CloudPassage Halo is a unified cloud security platform that automates cloud
computing security controls and compliance across servers, containers, and in any
public, private, hybrid, and multi-cloud environments.

96.What is this worldwide non-profit charitable organization dedicated to improving

the security of software, and to make software security accessible, so that
individuals and organizations can make cultured decisions about true software
security risks?
Open Web Application Security Project (OWASP)-------------------
Internet Engineering Task Force (IETF)
World Wide Web Consortium (W3C)
World Wide Web Security Project (W3SP)
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
The Open Web Application Security Project (OWASP) is an international non-profit
organization focused on web application security.
One of the organization’s principles is that all their materials must be freely
available and easily accessible on its website, making it possible for anyone to
improve their web application security.
The materials they offer include documentation, tools, videos, and forums.

97.Bluetooth is used for connecting devices, usually mobile phones, wirelessly over
a short distance. Since we keep a lot of personal information in our Bluetooth-
enabled devices, it is susceptible to hacking that could pay huge dividends. What
is this type of Bluetooth attack, wherein attackers steal data from a mobile device
due to an open connection, such as remaining in discovery mode?
Bluesnarfing-------------------
Bluesniffing
Bluesmacking
Blueprinting
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Bluesnarfing allows hackers to gain access to data stored on a Bluetooth enabled
phone without alerting the phone’s user of the connection made to the device.
Some of the information that can be accessed includes the phonebook, images, and
calendar.

98.The CIA Triad is a widely used information security model that can guide an
organization’s efforts and policies aimed at keeping its data secure. What is this
part of the CIA Triad, which preserves the authenticity of data over its whole
transit by making sure unauthorized parties are not able to revise it?
Integrity-------------------
Availability
Accuracy
Confidentiality
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Integrity protects information from unauthorized tampering while the data is at
rest or in transit.
In other words, integrity measures secure the data sent from the sender until it
arrives at the recipient with no alteration.

99.A network security zone is a segmented section of a network that contains

systems and components with limited access to the internal network. What is this
network security zone, which is defined as a very restricted zone that strictly
controls direct access from uncontrolled zones?
Intranet Zone
Production Network Zone-------------------
Management Network Zone
Internet DMZ
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Production network zone is a very restricted zone that supports functions to which
access must be strictly controlled; direct access from an uncontrolled network
should not be permitted.
100.Web spiders are an important tool used in footprinting. It is designed to crawl
sites to gather information. How can website owners instruct search engines on how
they should crawl a website?
By typing robots.file to the website
By adding a robotstxt.file to the website
By typing robotstext. file to the root of the website
By adding a robots.txt file to the root of the website-------------------
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Website owners can control search engines on how they should crawl a website by
using a robots.txt file.
When a search engine crawls a website, it requests the robots.txt file first and
then follows the rules within.

101.Footprinting refers to the process of collecting information about the target

system to find ways to penetrate the system. One of the important footprinting task
is to determine the network range. What website can you use to determine the
network range of an IP address?
www.samspade.com
www.arin.net-------------------
www.geektools.com
www.dnsstuff.com
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
If you enter the IP address in http://www.arin.net, the network range, email
address, telephone number, and other necessary information will be shown.

102.The CIA Triad is a widely used information security model that can guide an
organization’s efforts and policies aimed at keeping its data secure. What is this
part of the CIA Triad, which preserves the authenticity of data over its whole
transit by making sure unauthorized parties are not able to revise it?
Availability
Accuracy
Integrity-------------------
Confidentiality
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Integrity protects information from unauthorized tampering while the data is at
rest or in transit.
In other words, integrity measures secure the data sent from the sender until it
arrives at the recipient with no alteration.

103.Regarding Governmental data classifications, the exposure of information

causing serious damage to national security is the definition for which of the
following?
Top secret
Confidential
Secret-------------------
Restricted
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
According to Governmental data classifications, the exposure or intentionally loss
of secret information would cause grave concern and serious damage to national
security.
Access to secret data or information is restricted by law, rule or regulation to
particular groups of people with the necessary security clearance and need to know,
and mishandling of the information or data can incur criminal penalties.

104.Which of the following is the advantage of symmetric key encryption over

asymmetric key encryption?
Easier for implementation
It uses public key and private key
It is faster with better efficiency-------------------
It is more secure as it uses more bits
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
The main advantage or benefit of symmetric encryption with respect to asymmetric
encryption is that it is very efficient and fast for large amounts of data.
The main disadvantage of symmetric encryption is the need to keep the key secret.
In other words, this can be very challenging where decryption and encryption take
place in different areas or locations, requiring the encryption key to be moved.

105.Which of the following cryptosystem combines the convenience of a public-key

cryptosystem with the efficiency of a symmetric-key cryptosystem?
Hybrid Cryptosystem-------------------
Symmetric Key Cryptography
Asymmetric Key Cryptography
Both Symmetric and Asymmetric Key Cryptography
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
In cryptography, a hybrid cryptosystem is explained as follows:-
(A) A cryptosystem that unites the easiness of a public-key cryptosystem with the
effectiveness and efficiency of a symmetric-key cryptosystem
(B) Public-key cryptosystems are more comfortable in that they do not require the
transmitter and receiver to share a common secret to communicate safely and
securely

106.The Data Encryption Standard (DES) is a block cipher uses which of the
following key algorithm?
Symmetric key-------------------
The Data Encryption Standard (DES) does not use any encryption key
Asymmetric key
Both Symmetric and Asymmetric key
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
The Data Encryption Standard (DES) can be explained as follows:-
(A) It is a block cypher that uses symmetric key
(B) This is a long-deprecated encryption standard, but it raises an important
element about cryptography
(C) One of the problems with DES is that it only uses a 56-bit key.

107.Which of the following is sometimes called public-key cryptography?

Hybrid Cryptosystem
Both Symmetric and Asymmetric Key Cryptography
Asymmetric Key Cryptography-------------------
Symmetric Key Cryptography
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Symmetric key cryptography uses a single key for both encryption and decryption at
both side i.e. transmitter and receiver side, whereas asymmetric key cryptography
uses two keys for encryption and decryption.
This is the basic reason for asymmetric key cryptography is sometimes known as
public-key cryptography.
One key is called the private key and the other one is the public key.

108.In Ethical hacking, What is the purpose to use MegaPing?

It is used as antivirus
It is used as Firewall
It is used for port scan-------------------
It is used to counter port attack by the hacker
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
MegaPing is a toolkit which provides essential utilities/tools for IS (Information
System) specialists, IT solution providers the system administrators or
individuals. MegaPing is a tool which also includes the follwoing Scanners:-
(A) Comprehensive Security Scanner
(B) Port scanner (TCP and UDP ports)
(C) IP scanner
(D) NetBIOS scanner
(E) Share Scanner

109.In OpenVAS, You can see the number of network vulnerability tests (NVTs) that
have been enabled in each config. How NVTs are categorized for organizational
purposes?
NVTs are not categorized
NVTs are categorized into divisions
NVTs are categorized into families-------------------
NVTs are categorized into sectors
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
in OpenVAS, there are total of eight scan configs categorized by default.
In OpenVAS, You can see the number of network vulnerability tests (NVTs) that have
been enabled in each config.
NVTs are categorized into families for organizational purposes.

110.Keeping in view of ethical hacking, which of the following idea to be kept in

mind while running a scan in OpenVAS?
The focus should be destroying the security of the organization
The focus should be identifying a remediation plan for any vulnerability
found-------------------
The focus should be on running a scan and then ignoring the results
The focus should be on penetrating in the open port, steal the information and sell
it in open market to earn money
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
One important idea to keep in mind is that once you run a scan, the focus should be
identifying a remediation plan for any vulnerability found.
It is important to note that, if running a scan, getting a number of results, after
getting the vulnerabilities results ignoring them is a worse state.
Ignoring vulnerabilities is the worse thing for a vulnerability scan as both man-
hours and energy wasted but we do nothing to the results.

111.Security Analysis Tool for Auditing Networks (SATAN) was written primarily in
which of the following language?
C ++
JAVA
Perl-------------------
HTML
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Security Analysis Tool for Auditing Networks is abbreviated as SATAN is the very
first scanner which is used to identify vulnerability in the systems.
This is developed by two great computer security analyst Dan Farmer and Wietse
Venema.
This program was written in the language called Perl and SATAN is used as a web
interface.

112.Which of the following technique used to determining systems that are alive?
Port Scan
The vulnerability scanner
Ping Sweeps-------------------
Port identifier
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Ping Sweep is defined as a technique used to recognize if the hosts or computer
systems are alive in the networks using their IP addresses.
A ping sweep is described as when sending ping messages to every computer system or
hosts on the network, thus the “sweep” part.

113.Netstat is a command-line utility that reports the status of TCP/IP and

Ethernet connections. What netstat command will you use if you want to display all
connections and listening ports, with addresses and port numbers in numerical form?
netstat -tcp
netstat --program
netstat --udp
netstat -an-------------------
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Netstat commands display the current network connections, networking protocol
statistics, and a variety of other interfaces.
If you type netstat-an, the system will display all connections and listening ports
in numerical form.

114.Internet Protocol version 4 (IPv4) is the fourth revision of the Internet

Protocol and a widely used protocol in data communication over different kinds of
networks. The three main address types of IPv4 include unicast, multicast, and
broadcast. Which of the following is not a rule involving IPv4 addresses?
If all the bits in the host field are 1's, the address is a broadcast
If all the bits in the host field are set to 0's, that's the network address
If all the bits in the host field are set to 1's, that's the network
address-------------------
Any combination other than these two presents the usable range of addresses in that
network
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Rules about IPv4 addresses include the following:
(1) If all the bits in the host field are 1’s, the address is broadcast.
(2) If all the bits in the host field are set to 0’s, that’s the network address.
(3) Any combination other than these two presents the usable range of addresses in
that network.
115.What is this tool, which works on Windows and Linux versions, and is useful for
pinging sweeps, porting scans, and packet crafting TCP/IP?
Hping1
Hping2-------------------
Hping0
Hping
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Hping2 or Hping3 is a powerful tool that performs the following functions: test
firewall rules, advanced port scanning, path MTU discovery, remote OS
fingerprinting, TCP/IP stack auditing, etc.

116.Microsoft Windows uses cryptographic measures to prevent unauthenticated users

from accessing the system. User’s passwords are stored in a hash format in a
registry hive. Where do Microsoft Windows store authentication credentials and
passwords?
In the SAM file, located in the C:\windows\system32\config
folder-------------------
In the SAM file, located in the C:\windows\system\config folder
In the SAM file, located in the C:\windows\config folder
In the SAM file, located in the C:\windows\system32 folder
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Microsoft Windows stores and manages the local user and group accounts in a
database file called Security Account Manager.
It authenticates local user logons.
The Windows SAM database file resides in C:\Windows\System32\config folder.

117.Sniffing is a process of monitoring and capturing all data packets passing

through a given network. What is this category of sniffing, which can only be done
on networks that implement hubs instead of switches, and it is less direct and
allows a hacker to remain relatively hidden on the network?
Indirect Sniffing
Passive Sniffing-------------------
Direct Sniffing
Active Sniffing
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Passive sniffing only works if your machine’s NIC is part of the same collision
domain as the targets you want to listen to, and the sniffer can sit there
undetected for a long time and spy on the network.

118.A rootkit is a collection of software put in place by an attacker that is

created to conceal system compromise. What type of rootkit uses system-level calls
to hide their existence?
Application Level
Boot Loader Level
Hypervisor Level
Library Level-------------------
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
A library level rootkit is usually referred to as a user-level hook, which replaces
or modifies the functionality of system calls to the Operating System.
119.A honeypot is a system set up as a decoy to lure attackers. Specter, Honeyd,
and KFSensor are examples of which type of honeypot?
Low-Interaction Honeypot-------------------
High-Interaction Honeypot
Complete-Interaction Honeypot
Partial-Interaction Honeypot
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
A low-interaction honeypot reproduces a limited number of services and cannot be
compromised completely.
Examples of these include Specter, Honeyd, and KFSensor.

120.Which of the following is about implementing multiple security controls at

every layer of the OSI reference. It is also about the automation of the security
controls and processes?
Intrusion Detection Systems
Defence in Breadth-------------------
Intrusion Prevention Systems
Defence in Depth
Explanation:-----------------------------------------------------------------------
----------------------------------------------------------------------
Defense in breadth can be defined as implementing multiple system security
enhancement controls/tools at each layer of the OSI reference.
It can also be defined as the automation of security controls, tools, programs and
processes.
A planned, systematic set of multidisciplinary activities or procedure that seek
for effective management, efficient identification and reduce risk of exploitable
vulnerabilities at each and every stage of the system, network, equipment or sub-
component life cycle.