 |
 |
|
|
Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?
[cache:]
[site:]
[inurl:]
[link:]
SHOW ANSWERWhich of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?
CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.
CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.
CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.
CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.
SHOW ANSWERWhich specific element of security testing is being assured by using hash?
Authentication
Integrity
Confidentiality
Availability
SHOW ANSWERWhich of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming?
Bluesmacking
Bluesniffing
Bluesnarfing
Bluejacking
SHOW ANSWERWhile performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser opens and shows an animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all his funds on the bank was gone. What Web browser-based security vulnerability got exploited by the hacker?
Clickjacking
Web Form Input Validation
Cross-Site Request Forgery
Cross-Site Scripting
SHOW ANSWERWhich of the following is the most important phase of ethical hacking wherein you need to spend considerable amount of time?
Gaining access
Escalating privileges
Network mapping
Footprinting
SHOW ANSWERVlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn't log out from emails or other social media accounts, and etc. After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons. Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?
Warning to those who write password on a post it note and put it on his/her desk
Developing a strict information security policy
Information security awareness training
Conducting a one to one discussion with the other employees about the importance of information security
SHOW ANSWERA specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?
The packets were sent by a worm spoofing the IP addresses of 47 infected sites
ICMP ID and Seq numbers were most likely set by a tool and not by the operating system
All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number
13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0
SHOW ANSWERXOR is a common cryptographic tool. 10110001 XOR 00111010 is?
10111100
11011000
10011101
10001011
SHOW ANSWERDuring a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?
The web application does not have the secure flag set.
The session cookies do not have the HttpOnly flag set.
The victim user should not have an endpoint security solution.
The victim's browser must have ActiveX technology enabled.
SHOW ANSWERWhich of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?
Chosen-Cipher text Attack
Ciphertext-only Attack
Timing Attack
Rubber Hose Attack
SHOW ANSWERWhich of the following is a detective control?
Smart card authentication
Security policy
Audit trail
Continuity of operations plan
SHOW ANSWERWhich of the following is a common Service Oriented Architecture (SOA) vulnerability?
Cross-site scripting
SQL injection
VPath injection
XML denial of service issues
SHOW ANSWERWhich of the following is considered as one of the most reliable forms of TCP scanning?
TCP Connect/Full Open Scan
Half-open Scan
NULL Scan
Xmas Scan
SHOW ANSWER
