Ethical Hacking Cert Prep-Final Exam
Instructions
Final Exam… This exam consists of 60 multiple choice questions and 8 essay questions. You have 180 minutes to complete the exam. Questions will appear to you one at a time.
Question 1
Confidentiality, integrity, and availability are all security components. Which technique ensures integrity
UPS
Encryption
Hashing
IDS/IPS
Question 2
What distinguishes the ethical hacker from the “cracker” if two hackers attempt to break the network resource security of a company and one is regarded as an ethical hacker, whereas the other is not?
The ethical hacker always receives written permission before testing.
The ethical hacker always attempts black-box testing.
The cracker always attempts white-box testing.
The cracker posts results to the internet.
Question 3
With elevated privileges on the resources, which type of attack is generally carried out as an inside attacker?
Active reconnaissance
Black box
Gray box
White box
Question 4
To converge more in-depth information on the targets, which stage of an ethical hack would the attacker actively apply tools and techniques
Scanning and enumeration
Gaining access
Active reconnaissance
Passive reconnaissance
Question 5
A security colleague is puzzled by a recent event. An attacker successfully gained access to a workstation in the business and stole important data. Following the heist, a complete vulnerability scan was performed, and nothing was revealed. Which of the following best describes what occurred?
The attacker took advantage of a zero-day vulnerability on the machine.
The attacker performed the attack on the machine itself.
The attacker performed a denial of service attack
The attacker probably did not compromise the device.
Question 6
Which of the following best describes the role that CSIRT – US Computer Security Incident Response Team provides?
Vulnerability measurement and assessment for the Department of Defense
Pentest registration for public and private sector.
A reliable and consistent point of contact for all incident response services for associates of the Department of Homeland Security.
Internet response services for all internet providers
Question 7
Which of the following is the correct broadcast address for the subnet if you are examining a host with an IP address of 52.93.24.42/20 and want to determine the broadcast address for the subnet?
52.0.0.255
52.93.31.255
52.93.0.255
52.93.32.255
Question 8
To quickly identify live targets on a subnet, which of the following commands would you use?
nmap -sn 172.19.24.0/24
nmap -WV 172.19.24.0/24
nmap -O 172.19.24.0/24
nmap -A 172.19.24.0/24
Question 9
Which of the following best describes active sniffing?
It requires you to hold up a port and let packets go through the port
Passive sniffing is easier to detect than active sniffing
Active sniffing is easier to detect than passive sniffing
Active sniffing is not used in penetration testing again.
Question 10
At Layer 5 of the OSI model, which of the following works?
Circuit-level firewall
Packet-filtering firewall
Application-level firewall
Stateful firewall
Question 11
Which of the following is an example of a passive online password attack?
Sniffing subnet traffic to intercept a password
Running John the Ripper on a stolen copy of the SAM
Sending a specially crafted PDF for the user to open
Downloading a sniffer packet
Ethical Hacking Cert Prep-Final Exam-Question 12
Which of the following is the most likely attempting to mitigate against if a security administrator sets the HttpOnly flag in cookies?
CSRF
SQL Injection
MiTM
XSS
Question 13
If you wanted a lightweight protocol to send real-time data over, which of these would you use?
TCP
JTP
UDP
ICMP
Question 14
The cloud computing model is geared toward software development is which of the following?
SaaS
IaaS
PaaS
FaaS
Question 15
From a malware infection, which is not a recommended step in recovering?
Delete system restore points
Remove the system from the network
Back up the hard drive
Reinstall from original media
Question 1
Within physical security, lighting, locks, fences, and guards are all examples of __________ measures.
Exterior
Operational
Physical
Technical
Question 17
Phishing, pop-ups, and IRC channel use are all examples of which type of social engineering attack?
Environmental based
Physical base
Computer based
Human based
Question 18
To control or mitigate against static electricity in a computer room, which of the following is not a method used?
A humidity control system
Anti-static wrist straps
Positive pressure
Proper electrical grounding
Question 19
Which of the following tests is often faster and less expensive, but is more vulnerable to false reporting and contract violations?
Manual
Automatic
Internal
External
Question 20
Scanning is performed at which phase of a penetration test?
Pre-attack
Reconnaissance
Anti-forensics
Post-attack
Question 21
When an attack by a hacker is politically motivated, the hacker is said to be participating in ______.
Black-hat hacking
Policalism
Gray-hat hacking
Hacktivism
Question 22
As a member of the pen test team, you begin by searching for IP ranges held by the target organization and determining their network range. You also look at job listings, news stories, and the organization’s website. During the first week of the exam, you also observe when personnel arrive and go from work, as well as rummage through the trash outside the building for helpful information.
Passive
None of the above
Active
Reconnaissance
Question 23
To find the names and addresses of employees or technical points of contact, which footprinting tool or technique can be used?
NSLookup
Traceroute
Http go
Whois
Question 24
Which of the following statement is true regarding port scanning?
Port scanning is designed to identify potential vulnerabilities on the system
None
Port scanning’s primary goal helps identify live targets on the network
Port scanning’s primary goal is to identify traffic to and from the system
Question 25
The best describes a honeypot is which of the following?
Its primary function involves virus and malware protection
It is used to gather information about potential network attacks
It is used to analyze traffic for detection signatures
It is used to filter traffic from screened subnets
Ethical Hacking Cert Prep-Final Exam-Question 26
When an IDS does not suitably identify a malicious packet entering the network, what takes place?
True positive
False positive
True negative
False negative
Question 27
The best definition of steganography is which of the following?
It is used to hide information within existing files
It is a penetration testing tool
It is used to analyze hidden data
It is used to reveal information within existing file
Question 28
Which of the following is the best choice in the security principle that applies to cloud security if there are many benefits to cloud computing?
Job rotation
Separation of duties
Least privilege
Need to know
Question 29
Without human interaction, which of the following propagates?
Trojan
MiTM
Worm
Virus
Question 30
Which is used within the PKI system to distribute a public key, therefore authenticating the user’s identity to the recipient?
Private key
Digital signature
Digital certificate
Public key
Question 31
Joe encrypts and sends a message for Bob using a PKI system. What method does Bob use to decrypt the message when he receives it?
Bob’s private key
Bob’s public key
Joe’s private key
Joe’s public key
Question 32
Employee background checks, device risk assessments, and key management and storage rules are all examples of __________ measures in physical security.
Physical
Operational
Mental
Technical
Question 33
Which of the following attacks is it attempting to protect against if your organization installs mantraps in the entranceway?
Dumpster diving
Shoulder surfing
Mantrapping
Tailgating
Question 34
Which of the following methods would be the best option for testing the effectiveness of user training in the environment in the situation that a security staff is preparing for a security audit and wants to know if additional security training for the end user would be beneficial?
Application code review
Vulnerability scanning
Sniffing Social engineering
Question 35
Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?
SOX
CFAA
PCI-DSS
GLBA
Question 36
| Firewalls, whether hardware or software, are only as effective as their __________? |
Manufacturer
Ports
Configuration
Cost
Question 37
| A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees? |
Geographical information, entry control systems, employee routines, and vendor traffic
Operating systems, applications, security policies, and network mapping
Contact names, phone numbers, email addresses, fax numbers, and addresses
Intellectual property, critical business functions, and management hierarchy
Question 38
You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?
Black box
Gray box
White box
Gray hat
Question 39
| Which of the following best describes a feature of symmetric encryption? |
Uses only one algorithm type.
Uses only one key to encrypt and decrypt
Does not work well for bulk encryption of less sensitive data.
Does not require the exchange of the shared secret key.
Question 40
| A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used? |
Port scan
Decoy scan
Network scan
System scan
Question 41
You have just captured the following packet using Wireshark and the filter shown. Which of the following is the captured password?
watson
watson-p
St@y0ut!@
p@ssw0rd
Question 42
| Which of the following is a tool for cracking Windows login passwords using rainbow tables? |
Creamer
Wireshark
Ophcrack
Snort
Ethical Hacking Cert Prep-Final Exam-Question 43
| Which of the following best describes a honeypot? |
All answers provided are correct.
A honeypot is a substitute for an IDS or firewall and protects a system.
A honeypot’s purpose is to look like a legitimate network resource.
Virtual honeypots can only simulate one entity on a single device.
Question 44
| You are analyzing the web applications in your company and have newly discovered vulnerabilities. You want to launch a denial-of-service (DoS) attack against the web server. Which of the following tools would you most likely use? |
Burpsuite
WebInspect
Metasploit
Integrity
Question 45
| Which of the following techniques involves adding random bits of data to a password before it is stored as a hash? |
Pass the hash
Key logging
Password salting
Password sniffing
Question 46
| The following are countermeasures you would take against a web application attack:
· Secure remote administration and connectivity testing. · Perform extensive input validation. · Configure the firewall to deny ICMP traffic. · Stop data processed by the attacker from being executed. Which of the following attacks would these countermeasures prevent? |
CSRF
DoS attacks
Directory traversal
MiTM
Question 47
| Which of the following types of web server attacks is characterized by altering or vandalizing a website’s appearance in an attempt to humiliate, discredit, or annoy the victim? |
Website politicking
Website vandalism
Website defacement
Website salting
Question 48
| Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn’t want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe’s workstation? |
Apply multifactor authentication on the computer.
Change the default account names and passwords.
Configure a screensaver that requires a password.
Set a strong password, that require special characters.
Question 49
| Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system? |
War driving
Banner grabbing
Firewalking
War dialing
Question 50
| Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network? |
ARP Poisoning
MAC flooding
Port mirroring
MAC spoofing
Question 51
4 / 4 pts
While performing a penetration test, you captured a few HTTP POST packets using Wireshark. After examining the selected packet, which of the following concerns or recommendations will you include in your report
Passwords are being sent in clear text
The checksum is unverified
None of the answers provided are correct.
Keep-alive connections are being used.
Question 52
| Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked? |
As long as you are not bombarding the system, the packet segments float by without concern.
This scan will help you to determine whether the firewall is stateful or stateless and whether or not the ports are open.
It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.
None of the answers provided are correct.
Ethical Hacking Cert Prep-Final Exam-Question 53
| Which of the following best describes what SOX does? |
Defines the security standards for any organization that handles cardholder information.
Implements accounting and disclosure requirements that increase transparency.
Defines how federal government data, operations, and assets are handled.
Defines standards that ensure medical information is kept safe.
Question 54
| Karen received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report? |
Port scanner
Antivirus scanner
Vulnerability scanner
Threat scanner
Question 55
| Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows? |
PCI-DSS
HIPAA
CSIRT
FISMA
Question 56
| In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker’s assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses? |
Internal assessment
External assessment
Passive assessment
Vulnerability assessment
Question 57
| Which of the following assessment types can monitor and alert on attacks but cannot stop them? |
Active
Host based
Client based
Passive
Question 58
| This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done? |
Open service
Application flaw
Default settings
Buffer overflow
Question 59
| Which key area in the mobile device security model is supported by device designers requiring passwords, biometrics, and two-factor authentication methods? |
Decryption
Access control
Digital signing
Encryption
Question 60
| Which of the following documents details exactly what can be tested during a penetration test? |
Scope of work
Rule of Engagement
Service level agreement
Master service agreement
Question 61
Briefly differentiate between dumpster diving and shoulder surfing.
Your Answer:
Question 62
| Explain how the OSI model can help you define a better methodology for performing your pentesting. |
Your Answer:
Question 63
| Which phase of penetration testing do you think is the most important? In which phase would you spend the most time? Why? |
Your Answer:
Question 64
| Briefly define and differential between vulnerabilities, threats, risks and controls. |
Your Answer:
Question 65
| You are conducting an ethical hacking exercise on your CEO’s laptop and you find child pornographic content in their device. What would you do? Explain why you would do what you did. |
Your Answer:
Question 66
Not yet graded / 10 pts
| Define and explain the different stages of a penetration testing exercise. |
Your Answer:
Question 67
| Briefly define social engineering and give 2 concrete examples of social engineering. |
Your Answer:
Question 68
What do you understand by Advanced Persistent Threat? Define and explain with concrete examples.
Your Answer:
Answer Preview-Ethical Hacking Cert Prep-Final Exam-INT-2681
