A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?
Scanning
Reconnaissance
Escalation
Enumeration
SHOW ANSWERYou have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?
Install Cryptcat and encrypt outgoing packets from this server.
Install and use Telnet to encrypt all outgoing traffic from this server.
Use Alternate Data Streams to hide the outgoing packets from this server.
Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems
SHOW ANSWERIf you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?
-sP
-P
-r
-F
SHOW ANSWERThe Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?
Private
Public
Shared
Root
SHOW ANSWERWhich of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?
Ping of death
SYN flooding
TCP hijacking
Smurf attack
SHOW ANSWERWhich of the following tools can be used for passive OS fingerprinting?
tcpdump
nmap
ping
tracert
SHOW ANSWERWhich method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?
Penetration testing
Social engineering
Vulnerability scanning
Access control list reviews
SHOW ANSWERYou've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts?
CHNTPW
Cain & Abel
SET
John the Ripper
SHOW ANSWERWhich protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?
UDP 123
UDP 541
UDP 514
UDP 415
SHOW ANSWERWhich of the following tools will scan a network to perform vulnerability checks and compliance auditing?
NMAP
Metasploit
Nessus
BeEF
SHOW ANSWERWhich of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?
Certificate issuance
Certificate validation
Certificate cryptography
Certificate revocation
SHOW ANSWERWhich of the following describes the characteristics of a Boot Sector Virus?
Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
Modifies directory table entries so that directory entries point to the virus code instead of the actual program
Overwrites the original MBR and only executes the new virus code
SHOW ANSWERBob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers. Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?
Hardware, Software, and Sniffing.
Hardware and Software Keyloggers.
Passwords are always best obtained using Hardware key loggers.
Software only, they are the most effective.
SHOW ANSWERThe chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%). What is the closest approximate cost of this replacement and recovery operation per year?
$146
$1320
$440
$100
SHOW ANSWER