Question 21: Correct
What is correct about digital signatures?
A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key ofthe signing party.(Correct)
B. Digital signatures may be used in different documents of the same type.
C. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
D. Digital signatures are issued once for each user and can be used everywhere until they expire.
Question 22: Correct
A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?
A. Semicolon
B. Single quote(Correct)
C. Exclamation mark
D. Double quote
Question 23: Correct
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
A. The WAP does not recognize the client’s MAC address(Correct)
B. The client cannot see the SSID of the wireless network
C. Client is configured for the wrong channel
D. The wireless client is not configured to use DHCP
Question 24: Correct
Which of the following programs is usually targeted at Microsoft Office products?
A. Polymorphic virus
B. Multipart virus
C. Macro virus(Correct)
D. Stealth virus
Question 25: Correct
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?
Code:
#include <string.h> int main(){ char buffer[8]; strcpy(buffer, ""11111111111111111111111111111"");
}
Output:
Segmentation fault
A. C#
B. Python
C. Java
D. C++(Correct)
Question 26: Correct
What does a firewall check to prevent particular ports and applications from getting packets into an organization?
A. Transport layer port numbers and application layer headers(Correct)
B. Presentation layer headers and the session layer port numbers
C. Network layer headers and the session layer port numbers
D. Application layer port numbers and the transport layer headers
Question 27: Correct
John the Ripper is a technical assessment tool used to test the weakness of which of the following?
A. Usernames
B. File permissions
C. Firewall rulesets
D. Passwords(Correct)
Question 28: Correct
Scenario:
1. Victim opens the attacker’s web site.
2. Attacker sets up a web site which contains interesting and attractive content like ‘Do you want to make $1000 in a day?’.
3. Victim clicks to the interesting and attractive content url.
4. Attacker creates a transparent ‘iframe’ in front of the url which victim attempt to click, so victim thinks that he/she clicks to the ‘Do you want to make $1000 ina day?’ url but actually he/she clicks to the content or url that exists in the transparent ‘iframe’ which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?
A. Session Fixation
B. HTML Injection
C. HTTP Parameter Pollution
D. Clickjacking Attack(Correct)
Question 29: Correct
Which of the following Nmap commands will produce the following output?
Larger image
A. nmap -sT -sX -Pn -p 1-65535 192.168.1.1
B. nmap -sN -Ps -T4 192.168.1.1
C. nmap -sS -sU -Pn -p 1-65535 192.168.1.1(Correct)
D. nmap -sS -Pn 192.168.1.1
Question 30: Correct
As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?
A. request smtp 25
B. tcp.port eq 25(Correct)
C. smtp port
D. tcp.contains port 25
Question 31: Correct
An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order should he perform these steps?
A. The sequence does not matter. Both steps have to be performed against all hosts.
B. First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.
C. First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time.(Correct)
D. The port scan alone is adequate. This way he saves time.
Question 32: Correct
Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication; which option below offers that?
A. A fingerprint scanner and his username and password(Correct)
B. His username and a stronger password
C. A new username and password
D. Disable his username and use just a fingerprint scanner
Question 33: Correct
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?
A. Perform a vulnerability scan of the system.
B. Determine the impact of enabling the audit feature.(Correct)
C. Perform a cost/benefit analysis of the audit feature.
D. Allocate funds for staffing of audit log review.
Question 34: Correct
An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?
A. Use fences in the entrance doors.
B. Install a CCTV with cameras pointing to the entrance doors and the street.(Correct)
C. Use an IDS in the entrance doors and install some of them near the corners.
D. Use lights in all the entrance doors and along the company’s perimeter.
Question 35: Correct
Look at the following output. What did the hacker accomplish?
Larger image
A. The hacker used who is to gather publicly available records for the domain.
B. The hacker used the "fierce" tool to brute force the list of available domains.
C. The hacker listed DNS records on his own domain.
D. The hacker successfully transferred the zone and enumerated the hosts.(Correct)
Iron titanium
ReplyDeleteIron titanium ring titanium has great qualities. The titanium tubing most exciting product of our original Iron titanium ion color core, it has a very high heat titanium shift knob range. The iron core is crafted titanium quartz meaning to create a solid