Which of the following statements is TRUE?
Answer : D
What is the benefit of performing an unannounced Penetration Testing?
Answer : A
It is a short-range wireless communication technology intended to replace the cables connecting portables of fixed deviceswhile maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short- range wireless connection.
Which of the following terms best matches the definition?
Answer : A
You have several plain-text firewall logs that you must review to evaluate network traffic.
You know that in order to do this fast and efficiently you must user regular expressions.
Which command-line utility are you most likely to use?
Answer : C
A Regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?
Answer : A
What does a firewall check to prevent particularports and applications from getting packets into an organizations?
Answer : A
You are tasked to perform a penetration test. While you are performinginformation gathering, you find ab employee list in Google. You find receptionists email, and you send her an email changing the source email to her bosss email ( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links dont work. She reads your email, opens the links, and her machine gets infected.
What testing method did you use?
Answer : D
Perspective clients wantto see sample reports from previous penetration tests.
What should you do next?
Answer : B
While using your banks online servicing you notice the following stringin the URL bar: http://www.MyPersonalBank/Account?
Id=368940911028389&Damount=10980&Camount=21
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.
What type of vulnerability is present on this site?
Answer : C
During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?
Answer : B
What isa “Collision attach” in cryptography?
Answer : C
You are a Network Security Officer. You have two machines. The first machine
(192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.
What wireshark filter will show the connections from the snort machineto kiwi syslog machine?
Answer : A
The network administrator contacts you and tells you that she noticed the temperature on the internal wireless router increases by more than 20% during weekend hours when the office was closed. She asks you to investigate the issue because she is busy dealing with a big conference and she doesnt have time to perform the task.
What tool can you use to view the network traffic being sent and received by the wireless router?
Answer : B
Which of the following isthe greatest threat posed by backups?
Answer : A
You have successfully gained access to your clients internal network and successfully comprised a linux server which is part of the internal IP network. You want to know which
Microsoft Windows workstation have the sharing enabled.
Which port would you see listeningon these Windows machines in the network?
Answer : D