 |
 |
|
|
Which of the following is a strong post designed to stop a car?
Gate
Fence
Bollard
Reinforced rebar
SHOW ANSWERWhich of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?
Key registry
Recovery agent
Directory
Key escrow
SHOW ANSWERA hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?
Banner Grabbing
IDLE/IPID Scanning
SSDP Scanning
UDP Scanning
SHOW ANSWERWhich of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?
Teardrop
SYN flood
Smurf attack
Ping of death
SHOW ANSWERWhat are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
Legal, performance, audit
Audit, standards based, regulatory
Contractual, regulatory, industry
Legislative, contractual, standards based
SHOW ANSWERIn which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?
Chosen-plaintext attack
Ciphertext-only attack
Adaptive chosen-plaintext attack
Known-plaintext attack
SHOW ANSWERWhich of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server? The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value
My Doom
Astacheldraht
R-U-Dead-Yet?(RUDY)
LOIC
SHOW ANSWERYou are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words, you are trying to penetrate an otherwise impenetrable system. How would you proceed?
Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information
Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"
Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques
SHOW ANSWERWhat is the algorithm used by LM for Windows2000 SAM?
MD4
DES
SHA
SSL
SHOW ANSWERA Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?
Public key
Private key
Modulus length
Email server certificate
SHOW ANSWERWhich command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?
ping 192.168.2.
ping 192.168.2.255
for %V in (1 1 255) do PING 192.168.2.%V
for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"
SHOW ANSWERHow do employers protect assets with security policies pertaining to employee surveillance activities?
Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.
Employers use informal verbal communication channels to explain employee monitoring activities to employees.
Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.
Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.
SHOW ANSWERWhich type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?
SYN scan
ACK scan
RST scan
Connect scan
FIN scan
SHOW ANSWER> NMAP -sn 192.168.11.200-215 The NMAP command above performs which of the following?
A ping scan
A trace sweep
An operating system detect
A port scan
SHOW ANSWER
