312-50v9

Page No | 1

Eccouncil

312-50V9 PRACTICE EXAM EC-Council Certified Ethical Hacker v9

_____________________ __________ ______________________ ______________________ ______________________ ______________________ ______________________ _____________________ ____________________ __________

http://www http://w ww.. testin testinsides sides.com/ .com/

Page No | 2

Product Questions: 125 Version: 8.0 Question 1 The coniguraon rllows r wued ou wueless netwouk nteufrce contuolleu to prss rll turce t ueceves to the centurl puocessni gnt (CPU), urtheu thrn prssni only the furmes thrt the contuolleu s ntended to ueceve. Whch of the followni s beni descubed? A. WEM B. Mgla-crst mode C. Puomscgogs mode D. Pout fouwrudni

Aoswern B Question 2 In Rsk Mrnriement, how s the teum “lkelhood” uelrted to the concept of “thuert?” A. Lkelhood s the puobrblty thrt r vglneurblty s r thuert-soguce. B. Lkelhood s r possble thuert-soguce thrt mry explot r vglneurblty. C. Lkelhood s the lkely soguce of r thuert thrt cogld explot r vglneurblty. D. Lkelhood s the puobrblty thrt r thuert-soguce wll explot r vglneurblty.

Aoswern D Question 3 Whle peufoumni peufoumni onlne brnkni brnkni gsni r web buowseu buowseu, r gseu ueceves ueceves rn emrl thrt contrns r lnk to rn nteuesan nteuesani i Web Web ste. When the gseu clcks on the lnk, rnotheu rnotheu web buowseu buowseu sesson struts struts rnd dsplrys r vdeo of crts plryni r prno. The next bgsness dry, the gseu ueceves whrt looks lke rn emrl fuom hs brnk, ndcrani thrt hs brnk rcco rccogn gntt hrs hrs been been rcce rccess ssed ed fuom fuom r foue fouein in cogn cogntu tuyy. The The em emrl rl rsks rsks the the gseu gseu to crll crll hs brnk brnk rnd rnd veuf veufyy the the rgthouzraon of r fgnds turnsfeu thrt took plrce. Whrt web buowseu-brsed secguty vglneurblty wrs exploted to compuomse the gseu? A. Cuoss-Ste Reqgest Fouieuy B. Cuoss-Ste Scupani C. Web foum npgt vrldraon D. Clckjrckni

Aoswern A Question 4

_____________________ __________ ______________________ ______________________ ______________________ ______________________ ______________________ _____________________ ____________________ __________


Page No | 2

Product Questions: 125 Version: 8.0 Question 1 The coniguraon rllows r wued ou wueless netwouk nteufrce contuolleu to prss rll turce t ueceves to the centurl puocessni gnt (CPU), urtheu thrn prssni only the furmes thrt the contuolleu s ntended to ueceve. Whch of the followni s beni descubed? A. WEM B. Mgla-crst mode C. Puomscgogs mode D. Pout fouwrudni

Aoswern B Question 2 In Rsk Mrnriement, how s the teum “lkelhood” uelrted to the concept of “thuert?” A. Lkelhood s the puobrblty thrt r vglneurblty s r thuert-soguce. B. Lkelhood s r possble thuert-soguce thrt mry explot r vglneurblty. C. Lkelhood s the lkely soguce of r thuert thrt cogld explot r vglneurblty. D. Lkelhood s the puobrblty thrt r thuert-soguce wll explot r vglneurblty.

Aoswern D Question 3 Whle peufoumni peufoumni onlne brnkni brnkni gsni r web buowseu buowseu, r gseu ueceves ueceves rn emrl thrt contrns r lnk to rn nteuesan nteuesani i Web Web ste. When the gseu clcks on the lnk, rnotheu rnotheu web buowseu buowseu sesson struts struts rnd dsplrys r vdeo of crts plryni r prno. The next bgsness dry, the gseu ueceves whrt looks lke rn emrl fuom hs brnk, ndcrani thrt hs brnk rcco rccogn gntt hrs hrs been been rcce rccess ssed ed fuom fuom r foue fouein in cogn cogntu tuyy. The The em emrl rl rsks rsks the the gseu gseu to crll crll hs brnk brnk rnd rnd veuf veufyy the the rgthouzraon of r fgnds turnsfeu thrt took plrce. Whrt web buowseu-brsed secguty vglneurblty wrs exploted to compuomse the gseu? A. Cuoss-Ste Reqgest Fouieuy B. Cuoss-Ste Scupani C. Web foum npgt vrldraon D. Clckjrckni


_____________________ __________ ______________________ ______________________ ______________________ ______________________ ______________________ _____________________ ____________________ __________


Page No | 3

Whch of the followni s one of the most eecave wrys to puevent Cuoss-ste Scupani (XSS) rws n sowrue rpplcraons? A. Veuty rccess uiht befoue rllowni rccess to puotected nfoumraon rnd UI contuols B. Use secguty polces rnd puocedgues to dene rnd mplement puopeu secguty senis C. Vrldrte rnd escrpe rll nfoumraon sent oveu to r seuveu D. Use ditrl ceuacrtes to rgthenacrte r seuveu puou to sendni drtr

Aoswern A Question 5 An ncdent nvesairtou rsks to ueceve r copy of the event fuom rll uewrlls, puosy seuveus, rnd Intugson Detecaon Systems (IDS) on the netwouk of rn ouirnzraon thrt hrs expeuenced r possble buerch of secguty. When the nvesairtou rempts to couuelrte the nfoumraon n rll of the lois the seqgence of mrny of the loiied events do not mrtch gp. Whrt s the most lkely crgse? A. The netwouk devces rue not rll synchuonzed B. The secguty buerch wrs r frlse posave. C. The rrck rlteued ou eursed events fuom the lois. D. Puopeu chrn of cgstody wrs not obseuved whle collecani the lois.

Aoswern C Quest Question ion 6 Ths tool s rn 802.11 WEP rnd WPA-PSK keys curckni puoiurm thrt crn uecoveu keys once enogih drtr prckets hrve been crptgued. It mplements the strndrud FMS rrch rloni wth some opamzraons lke Kouek rrcks, rs well rs the PTW rrck, thgs mrkni the rrck mgch frsteu comprued to otheu WEP curckni tools. Whch of the followni tools s beni descubed? A. Wcurckeu B. WLAN-curck C. Auigrud D. Aucurck-ni

Aoswern D Question 7 Whch of the followni tools s gsed to rnrlyze the les puodgced by seveurl prcket-crptgue puoiurms sgch rs tcpdgmp, WnDgmp, Wueshruk, rnd EtheuPeek? A. Nessgs B. Tcpturceuogte C. Tcpturce D. OpenVAS

_____________________ __________ ______________________ ______________________ ______________________ ______________________ ______________________ _____________________ ____________________ __________


Page No | 4

Aoswern C Question 8 Yog hrve compuomsed r seuveu on r netwouk rnd sgccessfglly open r shell. Yog rmed to denafy rll opeurani systems ugnnni on the netwouk. Howeveu, rs yog rempt to nieupunt rll mrchnes n the mrchnes n the netwouk gsni the nmrp syntrx below, t s not ioni thuogih. nvctgs@vcamseuveu:~nmrp –T4 –O 10.10.0.0/24 TCP/IP nieupunani (fou OS scrn) xxxxxxx xxxxxx xxxxxxxxxx. QUITTING! Whrt seems to be wuoni? A. The ogtioni TCP/IP nieupunani s blocked by the host uewrll. B. Ths s r common behrvou fou r couugpted nmrp rpplcraon. C. OS Scrn ueqgues uoot puvleied. D. The nmrp syntrx s wuoni.

Aoswern D Question 9 Whch of the followni s the iuertest thuert posed by brckgps? A. An gn-encuypted brckgp crn be msplrced ou stolen B. A brck s ncomplete becrgse no veucraon wrs peufoumed. C. A brckgp s the soguce of Mrlwrue ou llct nfoumraon. D. A brckgp s gnrvrlrble dguni dsrsteu uecoveuy.

Aoswern A Question 10 An rrckeu hrs nstrlled r RAT on r host. The rrckeu wrnts to ensgue thrt when r gseu rempts to io to www.MyPeusonrlBrnk.com, thrt the gseu s duected to r phshni ste. Whch le does the rrckeu need to modfy? A. Hosts B. Netwouks C. Boot.n D. Sgdoeus

Aoswern A Question 11 Jesse ueceves rn emrl wth rn rrchment lrbeled “CogutNoace2120.zp”. Insde the zp le s r le nrmed “CogutNoace2120.docx.exe” dsigsed rs r woud docgment. Upon execgaon, r wndows rpperus strani, “Ths woud docgment s couugpt.” In the brckiuognd, the le copes tself to Jesse APPDATA\locrl duectouy rnd beins to bercon to r C2 seuveu to downlord rddaonrl mrlcogs bnrues. Whrt type of mrlwrue hrs Jesse encognteued?

________________________________________________________________________________________________

http://www. testinsides.com/

Page No | 5

A. Tuojrn B. Woum C. Key-Loiieu D. Mcuo Vugs

Aoswern A Question 12 In 2007, ths wueless secguty rliouthm wrs uendeued gseless by crptguni prckets rnd dscoveuni the prsskey n r mreu of seconds. Ths secguty rw led to r netwouk nvrson of TJ Mrxx rnd drtr the thuogih r technqge known wruduvni. Whch rliouthm s ths uefeuuni to? A. Wued Eqgvrlent Puvrcy (WEP) B. Tempourl Key Inteiuty Puotocol (TRIP) C. W-F Puotected Access (WPA) D. W-F Puotected Access 2 (WPA2) E.

Aoswern A Question 13 Whrt s the best descupaon of SQL Injecaon? A. It s r Denrl of Seuvce Arck. B. It s rn rrck gsed to modfy code n rn rpplcraon. C. It s rnd rrck gsed to irn gnrgthouzed rccess to r drtrbrse. D. It s r Mrn-n-the-Mddle rrck between yogu SQL Seuveu rnd Web App Seuveu.

Aoswern D Question 14 Whch of the followni s the sgccessou of SSL? A. RSA B. GRE C. TLS D. IPSec

Aoswern C Question 15 As r Ceuaed Ethcrl hrckeu, yog weue conturcted by r puvrte um to condgct rn exteunrl secguty rssessment thuogih peneturaon tesani.

________________________________________________________________________________________________


Page No | 6

Whrt docgment descubes the speced of the tesani, the rssocrted volraons, rnd essenarlly puotects both the ouirnzraons nteuest rnd yogu l rblaes rs r testeu? A. Teum of Eniriement B. Non-Dsclosgue Aiueement C. Puoject Scope D. Seuvce Level Aiueement

Aoswern B Question 16 Whch of the followni s not r Blgetooth rrck? A. Blgejrckni B. Blgeduvni C. Blgesnruni D. Blgesmrkni

Aoswern B Question 17 PGP, SSL, rnd IKE rue rll exrmples of whch type of cuyptoiurphy? A. Hrsh Aliouthm B. Secuet Key C. Pgblc Key D. Diest

Aoswern C Question 18 Usni Wndows CMD, how wogld rn rrckeu lst rll the shrues to whch the cguuent gseu context hrs rccess? A. NET CONFIG B. NET USE C. NET FILE D. NET VIEW

Aoswern D Question 19 Whch of these opaons s the most secgue puocedgue fou stuoni brckgp trpes? A. In r clmrte contuolled frclty oste B. Insde the drtr centeu fou frsteu uetuevrl n r uepuoof srfe

________________________________________________________________________________________________


Page No | 7

C. In r cool duy envuonment D. On r deuent oou n the srme bgldni

Aoswern A Question 20 Whrt s the benet of peufoumni rn gnrnnognced Peneturaon Tesani? A. The testeu wll hrve rn rctgrl secguty postgue vsblty of the truiet netwouk. B. The testeu cogld not puovde rn honest rnrlyss. C. Netwouk secguty wogld be n r “best strte” postgue. D. It s best to crtch cuacrl nfurstugctgue gnprtched.

Aoswern A Question 21 Whrt does r uewrll check to puevent pruacglru pouts rnd rpplcraons fuom ieni prckets nto rn ouirnzraons? A. Turnspout lryeu pout ngmbeus rnd rpplcraon lryeu herdeus B. Netwouk lryeu herdeus rnd the sesson lryeu pout ngmbeus C. Applcraon lryeu pout ngmbeus rnd the turnspout lryeu herdeus D. Puesentraon lryeu herdeus rnd the sesson lryeu pout ngmbeus

Aoswern A Question 22 > NMAP –sn 192.18.11.200-215 The NMAP commrnd rbove peufoums whch of the followni? A. A pni scrn B. A turce sweep C. An opeurani system detect D. A pout scrn

Aoswern A Question 23 An Inteunet Seuvce Puovdeu (ISP) hrs r need to rgthenacrte gseus connecani gsni rnrloi modems, ditrl Sgbscubeu Lne (DSL), wueless drtr seuvces, rnd vutgrl Puvrte Netwouks (VPN) oveu r Furme Relry netwouk. Whch AAA puotocol s most lkely rble to hrndle ths ueqguement? A. DIAMETER B. Keubeuos C. RADIUS D. TACACS+

________________________________________________________________________________________________


Page No | 8

Aoswern D Question 24 To deteumne f r sowrue puoiurm puopeuly hrndles r wde urnie of nvrld npgt, r foum of rgtomrted tesani crn be gsed urndomly ieneurte nvrld npgt n rn rempt to cursh the puoiurm. Whrt teum s commonly gsed when uefeuuni to ths type of tesani? A. Bogndni B. Mgtrani C. Pgzzni D. Rrndomzni

Aoswern C Question 25 Whch of the followni tools crn be gsed fou prssve OS nieupunani? A. B. C. D.

tcpdgmp pni nmrp Turceut

Aoswern C Question 26 Yogu comprny peufoums peneturaon tests rnd secguty rssessments fou smrll rnd medgm-szed bgsness n the locrl rue r. Dguni r uogane secguty rssessment, yog dscoveu nfoumraon thrt sgiiests yogu clent s nvolved wth hgmrn turckni. Whrt shogld yog do? A. Copy the drtr to uemovrble medr rnd keep t n crse yog need t. B. Iinoue the drtr rnd conange the rssessment gnal completed rs riueed. C. Confuont the clent on r uespecgl mrnneu rnd rsk heu rbogt the drtr. D. Immedrtely stop wouk rnd contrct the puopeu leirl rgthouaes.

Aoswern D Question 27 Yog rue the Systems Admnsturtou fou r lruie coupourte ouirnzraon. Yog need to montou rll netwouk turc on yogu locrl netwouk fou sgspcogs rcavaes rnd ueceve noacraons when rn rrck s occguuni. Whch tool wogld rllow yog to rccomplsh ths iorl? A. Host-brsed IDS B. Fuewrll

________________________________________________________________________________________________


Page No | 9

C. Netwouk-Brsed IDS D. Puoxy

Aoswern C Question 28 Whrt s r “Collson rrch” n cuyptoiurphy? A. Collson rrcks tuy to buerk the hrsh nto two pruts, wth the srme bytes n erch prut to iet the puvrte key. B. Collson rrcks tuy to buerk the hrsh nto thuee pruts to iet the plrntext vrlge. C. Collson rrcks tuy to nd two npgts puodgcni the srme hrsh. D. Collson rrcks tuy to iet the pgblc key

Aoswern C Question 29 The “Blrck box tesani” methodoloiy enfouces whch knd of uestucaon? A. Only the exteunrl opeuraon of r system s rccessble to the testeu B. The nteunrl opeuraon of r system s completely known to the testeu. C. Only the nteunrl opeuraon of r system s known to the testeu. D. The nteunrl opeuraon of r system s only prutly rccessble to the testeu.

Aoswern A Question 30 Yogve irned physcrl rccess to r Wndows 2008 R2 seuveu whch hrs rs rccessble dsc duve. When yog rempt to boot the seuveu rnd loi n, yog rue gnrble to igess the prsswoud. In yogu tool kt yog hrve rn Ubgntg 9.10 Lngx LveCD. Whch Lngx tool hrs the rblty to chrnie rny gseus prsswoud ou to rcavrte dsrbled Wndows Accognts? A. John the Rppeu B. CHNTPW C. Crn & Abel D. SET

Aoswern A Question 31 Whle gsni yogu brnks onlne seuvcni yog noace the followni stuni n the URL bru “hp//www.MyPeusonrlBrnk/Accognt? Id=38940911028389&Drmognt=10980&Crmognt=21” Yog obseuve thrt f yog modfy the Drmognt & Crmognt vrlges rnd sgbmt the ueqgest, thrt drtr on the web prie ueect the chrnies. Whrt type of vglneurblty s puesent on ths ste?

________________________________________________________________________________________________


Page No | 10

A. SQL njecaon B. XSS Reecaon C. Web Prurmeteu Trmpeuni D. Cooke Trmpeuni

Aoswern C Question 32 It s r shout-urnie wueless commgncraon technoloiy ntended to ueplrce the crbles connecani poutrbles of xed devces whle mrntrnni hih levels of secguty. It rllows moble phones, compgteus rnd otheu devces to connect rnd commgncrte gsni r shout-urnie wueless connecaon. Whch of the followni teums best mrtches the denaon? A. Blgetooth B. Rrdo-Fueqgency Idenacraon C. WLAN D. InfurRed

Aoswern A Question 33 Whrt s the most common method to explot the “Brsh Bgi” ou ShellShock” vglneurblty? A. SSH B. SYN Flood C. Mrnpglrte foumrt stunis n text elds D. Thuogih Web seuveus galzni CGI (Common Grtewry Inteufrce) to send r mrlfoumed envuonment vrurble to r vglneurble Web seuveu

Aoswern D Question 34 A medgm-szed herlthcrue IT bgsness decdes to mplement r usk mrnriement sturteiy. Whch of the followni s NOT one of the ve brsc uesponses to usk? A. Mairte B. Avod C. Accept D. Deleirte

Aoswern D Question 35 The phrse wll ncuerse the odds of sgccess n lrteu phrses of the peneturaon test. It s rlso the veuy ust step n Infoumraon Grtheuni, rnd t wll tell yog whrt the “lrndscrpe” looks lke.

________________________________________________________________________________________________


Page No | 11

Whrt s the most mpoutrnt phrse of ethcrl hrckni n whch yog need to spend r consdeurble rmognt of ame? A. Netwouk Mrppni B. Grnni rccess C. Footpunani D. Escrlrani puvleies

Aoswern C Question 36 Whch ueiglraon denes secguty rnd puvrcy contuols fou Fedeurl nfoumraon systems rnd ouirnzraons? A. HIPAA B. EU Srfe Hrubou C. PCI-DSS D. NIST-800-53

Aoswern D Question 37 Whch of the followni descubes the chrurcteusacs of r Boot Sectou Vugs? A. Oveuwutes the ouinrl MBR rnd only execgtes the new vugs code B. Modes duectouy trble entues so thrt duectouy entues pont to the vugs code nsterd of the rctgrl puoiurm C. Moves the MBR to rnotheu locraon on the hrud dsk rnd copes tself to the ouinrl locraon of the MBR D. Moves the MBR to rnotheu locraon on the RAM rnd copes tself to the ouinrl locraon of the MBR

Aoswern C Question 38 Yog rue peufoumni nfoumraon irtheuni fou rn mpoutrnt peneturaon test. Yog hrve fognd pdf, doc, rnd mries n yogu objecave. Yog decde to exturct metrdrtr fuom these les rnd rnrlyze t. Whrt tool wll help yog wth the trsk? A. Aumtrie B. Dmtuy C. cdpsnruf D. Metriool

Aoswern D Question 39 Whch of the followni s rn extuemely common IDS evrson technqge n the web would? A. post knockni

________________________________________________________________________________________________


Page No | 12

B. sgbneni C. gncode chrurcteus D. spywrue

Aoswern C Question 40 When yog rue tesani r web rpplcraon, t s veuy gsefgl to employ r puosy tool to srve eveuy ueqgest rnd uesponse. Nyog crn mrngrlly test eveuy ueqgest rnd rnrlyze the uesponse to nd vglneurblaes. Yog crn test prurmeteu rnd herdeus mrngrlly to iet moue puecse uesglts thrn f gsni web vglneurblty scrnneus. Whrt puoxy tool wll help yog nd web vglneurblaes? A. Bgupsgte B. Dmtuy C. Puoxychrns D. Mrskien

Aoswern A Question 41 It s r knd of mrlwrue (mrlcogs sowrue) thrt cumnrls nstrll on yogu compgteu so they crn lock t fuom r uemote locraon. Ths mrlwrue ieneurtes r pop-gp wndows, webprie, ou emrl wrunni fuom whrt looks lke rn ocrl rgthouty. It explrns yogu compgteu hrs been locked becrgse of possble lleirl rcavaes rnd demrnds pryment befoue yog crn rccess yogu les rnd puoiurms rirn. Whch teum best mrtches ths denaon? A. Spywrue B. Adwrue C. Rrnsomwrue D. Rskwrue

Aoswern C Question 42 Whch of the followni s rssgued by the gse of r hrsh? A. Avrlrblty B. Condenarlty C. Agthenacraon D. Inteiuty

Aoswern D Question 43 When yog rue ieni nfoumraon rbogt r web seuveu, t s veuy mpoutrnt to know the HTTP Methods (GET, POST,

________________________________________________________________________________________________


Page No | 13

HEAD, PUT, DELETE, TRACE) thrt rue rvrlrble becrgse theue rue two cuacrl methods (PUT rnd DELETE). PUT crn gplord r le to the seuveu rnd DELETE crn delete r le fuom the seuveu. Yog crn detect rll these methods (GET, POST, HEAD, PUT, DELETE, TRACE) gsni NMAP scupt enine. Whrt nmrp scupt wll help yog wth ths trsk? A. hp engm B. hp-it C. hp-herdeus D. hp-methods

Aoswern B Question 44 Dguni r blrckbox pen test yog rempt to prss IRC turc oveu post 80/TCP fuom r compuomsed web enrbled host. The turc iets blocked; howeveu ogtbognd HTTP turc s gnmpeded. Whrt type of uewrll s nspecani ogtbognd turc? A. Cucgt B. Prcket Flteuni C. Applcraon D. Strtefgl

Aoswern C Question 45 A comprnys secguty strtes thrt rll web buowseus mgst rgtomracrlly delete theu HTTP buowseu cookes gpon teumnrani. Whrt sout of secguty buerch s ths polcy rempani to mairte? A. Aempts by rrckeus to deteumne the gseu's Web buowseu gsrie preuns, nclgdni when stes weue vsted rnd fou how loni. B. Aempts by rrckeus to rccess prsswouds stoued on the gseu's compgteu wthogt the gseu's knowledie. C. Aempts by rrckeus to rccess Web stes thrt tugst the Web buowseu gseu by sterlni the gseu's rgthenacraon cuedenarls. D. Aempts by rrcks to rccess the gseu rnd prsswoud nfoumraon stoues n the comprny's SQL drtrbrse.

Aoswern C Question 46 Yogve jgst been hued to peufoum r pen test on rn ouirnzraon thrt hrs been sgbjected to r lruie-scrle rrck. The CIO s conceuned wth mairani thuerts rnd vglneurblaes to totrlly elmnrte usk. Whrt s one of the ust thni yog shogld to when the job? A. Strut the wueshruk rpplcraon to strut snni netwouk turc. B. Estrblsh rubgaon to sgspected rrckeus. C. Explrn to the CIO thrt yog crnnot elmnrte rll usk, bgt yog wll be rble to uedgce usk to rcceptrble levels. D. Inteuvew rll employees n the comprny to ugle ogt possble nsdeu thuerts.

________________________________________________________________________________________________


Page No | 14

Aoswern C Question 47 Whch of the followni secguty opeuraons s gsed fou deteumnni the rrck sgufrce of rn ouirnzraon? A. Revewni the need fou r secguty clerurnce fou erch employee B. Rgnnni r netwouk scrn to detect netwouk seuvces n the coupourte DMZ C. Turnni employees on the secguty polcy ueirudni socrl enineeuni D. Usni coniguraon mrnriement to deteumne when rnd wheue to rpply secguty prtches

Aoswern B Question 48 Peuspecave clents wrnt to see srmple uepouts fuom puevogs peneturaon tests. Whrt shogld yog do next? A. Shrue fgll uepouts, not uedrcted. B. Shrue fgll uepouts, wth uedrcted. C. Declne bgt, puovde uefeuences. D. Shrue uepouts, reu NDA s sined.

Aoswern B Question 49 Whch of the followni strtements s TRUE? A. Sneus opeuraon on Lryeu 3 of the OSI model B. Sneus opeuraon on Lryeu 2 of the OSI model C. Sneus opeuraon on the Lryeu 1 of the OSI model D. Sneus opeuraon on both Lryeu 2 & Lryeu 3 of the OSI model

Aoswern D Question 50 Jmmy s strndni ogtsde r secgue enturnce to r frclty. He s puetendni to hrvni r tense conveusraon on hs cell phone rs rn rgthouzed employee brdies n. Jmmy, whle sall on the phone, iurbs the doou rs t beins to close. Whrt jgst hrppened? A. Mrsqgrdni B. Phshni C. Whrlni D. Piiybrckni

________________________________________________________________________________________________


Page No | 15

Aoswern D Question 51 The herutlrnd bgi wrs dscoveued n 2014 rnd s wdely uefeuued to gndeu MITREs Common Vglneurblaes rnd Exposgues (CVE) rs CVE-2004-100. Ths bgi rects the OpenSSL mplementraon of the turnspout Lryeu secguty (TLS) puotocols dened n RFC520. Whrt types of key does ths bgi lerve exposed to the Inteunet mrkni explotraon of rny compuomsed system veuy ersy? A. Root B. Puvrte C. Shrued D. Pgblc

Aoswern A Question 52 Yog wouk rs r Secguty Anrlyst fou r uetrl ouirnzraon. In secguni the comprny's netwouk, yog set gp r uewrll rnd rn IDS. Howeveu, hrckeus rue rble to rrck the netwouk. Aeu nvesairani, yog dscoveu thrt yogu IDS s not conigued puopeuly rnd theuefoue s gnrble to tuiieu rlrums when needed. Whrt type of rleut s the IDS ivni? A. Frlse Neirave B. Tuge Neirave C. Tuge Posave D. Frlse Posave

Aoswern A Question 53 Ths nteunraonrl ouirnzraon ueiglrtes bllons of turnsrcaons drly rnd puovdes secguty igdelnes to puotect peusonrlly denarble nfoumraon (PII). These secguty contuols puovde r brselne rnd puevent low-level hrckeus someames known rs scupt kddes fuom crgsni r drtr buerch. Whch of the followni ouirnzraons s beni descubed? A. Pryment Crud Indgstuy (PCI) B. Inteunraonrl Secguty Indgstuy Ouirnzraon (ISIO) C. Insatgte of Electucrl rnd Electuoncs Enineeus (IEEE) D. Centeu fou Dserse Contuol (CDC)

Aoswern B Question 54 Whch of the followni tools peufoums compuehensve tests rirnst web seuveus, nclgdni drnieuogs les rnd CGI's? A. Snout

________________________________________________________________________________________________


Page No | 16

B. Dsn C. Nkto D. John the Rppeu

Aoswern C Question 55 Whch of the followni s the stugctgue desined to veufy rnd rgthenacrte the denaty of ndvdgrls wthn the enteupuse trkni prut n r drtr exchrnie? A. PKI B. bometucs C. SOA D. snile sin on

Aoswern A Question 56 The chrnce of r hrud duve frlgue s once eveuy thuee yerus. The cost to bgy r new hrud duve s ~300. It wll ueqgue 10 hogus to uestoue the OS rnd sowrue to the new hrud dsk. It wll ueqgue r fgutheu 4 hogus to uestoue the drtrbrse fuom the lrst brckgp to the new hrud dsk. The uecoveuy peuson eruns ~10/hogu. Crlcglrte the SLE, ARO, rnd ALE. Assgme the EF = 1 (100%). Whrt s the closest rppuoxmrte cost of ths ueplrcement rnd uecoveuy opeuraon peu yeru? A. ~100 B. ~14 C. 440 D. 1320

Aoswern B Question 57 An rrckeu chrnies the puole nfoumraon of r pruacglru gseu on r truiet webste (the vcam). The rrckeu gses ths stuni to gpdrte the vcam's puole to r text le rnd then sgbmt the drtr to the rrckeus drtrbrse. Whrt s ths type of rrck (thrt crn gse etheu HTTP GET ou HRRP POST) crlled? A. Cuoss-Ste Reqgest Fouieuy B. Cuoss-Ste Scupani C. SQL Injecaon D. Buowseu Hrckni


________________________________________________________________________________________________


Page No | 17

Yog rue trsked to peufoum r peneturaon test. Whle yog rue peufoumni nfoumraon irtheuni, yog nd rb employee lst n Gooile. Yog nd uecepaonsts emrl, rnd yog send heu rn emrl chrnini the soguce emrl to heu bosss emrl ( boss@comprny ). In ths emrl, yog rsk fou r pdf wth nfoumraon. She uerds yogu emrl rnd sends brck r pdf wth lnks. Yog exchrnie the pdf lnks wth yogu mrlcogs lnks (these lnks contrn mrlwrue) rnd send brck the moded pdf, sryni thrt the lnks dont wouk. She uerds yogu emrl, opens the lnks, rnd heu mrchne iets nfected. Whrt tesani method dd yog gse? A. Piiybrckni B. Trlirani C. Evesduoppni D. Socrl enineeuni

Aoswern D Question 59 Whch of the followni s r puotocol speccrlly desined fou turnspouani event messries? A. SMS B. SNMP C. SYSLOG D. ICMP

Aoswern C Question 60 Whch of the followni s component of r usk rssessment? A. Loicrl nteufrce B. DMZ C. Admnsturave srfeigruds D. Physcrl secguty

Aoswern C Question 61 Whch of the followni s r desin preun brsed on dsanct peces of sowrue puovdni rpplcraon fgncaonrlty rs seuvces to otheu rpplcraons? A. Lern Codni B. Seuvce Ouented Auchtectgue C. Object Ouented Auchtectgue D. Aile Puocess

Aoswern B Question 62

________________________________________________________________________________________________


Page No | 18

A comprnys Web development term hrs become rwrue of r ceutrn type of secguty vglneurblty n theu Web sowrue. To mairte the possblty of ths vglneurblty beni exploted, the term wrnts to modfy the sowrue ueqguements to dsrllow gseus fuom enteuni HTML rs npgt nto theu Web rpplcraon. Whrt knd of web rpplcraon vglneurblty lkely exsts n theu sowrue? A. Web ste defrcement vglneurblty B. SQL njecaon vglneurblty C. Cuoss-ste Scupani vglneurblty D. Cuoss-ste Reqgest Fouieuy vglneurblty

Aoswern C Question 63 It s rn enaty ou event wth the potenarl to rdveusely mprct r system thuogih gnrgthouzed rccess destugcaon dsclosgues denrl of seuvce ou modcraon of drt r. Whch of the followni teums best mrtches ths denaon? A. Thuert B. Arck C. Rsk D. Vglneurblty

Aoswern A Question 64 Yogu term hrs won r conturct to nlturte rn ouirnzraon. The comprny wrnts to hrve the rrck be r uerlsac rs possble; theuefoue, they dd not puovde rny nfoumraon besdes the comprny nrme. Whrt shogld be the ust step n secguty tesani the clent? A. Scrnnni B. Escrlraon C. Engmeuraon D. Reconnrssrnce

Aoswern D Question 65 A peneturaon testeu s condgcani r pout scrn on r specc host. The testeu fognd seveurl pouts opened thrt weue confgsni n conclgdni the Opeurani System (OS) veuson nstrlled. Consdeuni the NMAP uesglt below, whch of the follow s lkely to be nstrlled on the truiet mrchne by the OS? Struani NMAP 5.21 rt 2011-03-15 110 NMAP scrn uepout fou 172.1.40.5 Host s gp (1.00s lrtency). Not shown 993 closed pouts PORT STATE SERVICE 21/tcp open p 23/tcp open telnet 80 /tcp open hp 139/tcp open netbos-ssn 515/tcp open 31/tec open pp 9100/tcp open MAC Adduess 0000480DEE8 A. The host s lkely r punteu.

________________________________________________________________________________________________


Page No | 19

B. The host s lkely r uogteu. C. The host s lkely r Lngx mrchne. D. The host s lkely r Wndows mrchne.

Aoswern A Question 66 A hrckeu hrs sgccessfglly nfected rn nteunet-frcni seuveu, whch he wll then gse to send jgnk mrl, trke prut n cooudnrted rrcks, ou host jgnk emrl content. Whch sout of tuojrn nfects ths seuveu? A. Botnet Tuojrn B. Brnkni Tuojrns C. Rrnsomwrue Tuojrns D. Tgutle Tuojrns

Aoswern A Question 67 Yog hrve compuomsed r seuveu rnd sgccessfglly irned r uoot rccess. Yog wrnt to pvot rnd prss turc gndetected oveu the netwouk rnd evrde rny possble Intugson Detecaon System. Whrt s the best rppuorch? A. Instrll rnd gse Telnet to encuypt rll ogtioni turc fuom ths seuveu. B. Instrll Cuyptcrt rnd encuypt ogtioni prckets fuom ths seuveu C. Use Alteunrte Drtr Stuerms to hde the ogtioni prckets fuom ths seuveu. D. Use HTTP so thrt rll turc crn be uogted vr r buowseu, thgs evrdni the nteunrl Intugson Detecaon Systems.

Aoswern A Question 68 It s r vglneurblty n GNUs brsh shell, dscoveued n Septembeu of 2004, thrt ives rrckeus rccess to ugn uemote commrnds on r vglneurble system. The mrlcogs sowrue crn trke contuol of rn nfected mrchne, lrgnch denrl-of seuvce rrcks to dsugpt webstes, rnd scrn fou otheu vglneurble devces (nclgdni uogteus). Whch of the followni vglneurblaes s beni descubed? A. Shellshock B. Rootshock C. Shellbrsh D. Rootshell

Aoswern A Question 69 env x= ‘(){ ;};echo explot ‘ brsh –c ‘crt /etc/prsswd

________________________________________________________________________________________________


Page No | 20

Whrt s the Shellshock brsh vglneurblty rempani to do on rn vglneurble Lngx host? A. Add new gseu to the prsswd le B. Dsplry prsswd contents to puompt C. Chrnie rll prsswoud n prsswd D. Remove the prsswd le.

Aoswern B Question 70 Yogu comprny wrs hued by r smrll herlthcrue puovdeu to peufoum r techncrl rssessment on the netwouk. Whrt s the best rppuorch fou dscoveuni vglneurblaes on r Wndows-brsed compgteu? A. Use the bglt-n Wndows Updrte tool B. Cuerte r dsk mrie of r clern Wndows nstrllraon C. Check MITRE.oui fou the lrtest lst of CVE ndnis D. Used r scrn tool lke Nessgs

Aoswern D Question 71 To mrntrn complrnce wth ueiglrtouy ueqguements, r secguty rgdt of the systems on r netwouk mgst be peufoumed to deteumne theu complrnce wth secguty polces. Whch one of the followni tools wogld most lkely be gsed n sgch rs rgdt? A. Pout scrnneu B. Puotocol rnrlyzeu C. Vglneurblty scrnneu D. Intugson Detecaon System

Aoswern C Question 72 The netwouk rdmnsturtou contrcts yog rnd tells yog thrt she noaced the tempeurtgue on the nteunrl wueless uogteu ncuerses by moue thrn 20% dguni weekend hogus when the oce wrs closed. She rsks yog to nvesairte the ssge becrgse she s bgsy derlni wth r bi confeuence rnd she doesnt hrve ame to peufoum the trsk. Whrt tool crn yog gse to vew the netwouk turc beni sent rnd ueceved by the wueless uogteu? A. Netcrt B. Wueshruk C. Nessgs D. Netstrt

Aoswern B Question 73

________________________________________________________________________________________________


Page No | 21

Yog rue gsni NMAP to uesolve domrn nrmes nto IP rdduesses fou r pni sweep lrteu. Whch of the followni commrnds looks fou IP rdduesses? A. >host –t ns hrckeddomrn.com B. >host –t AXFR hrckeddomrn.com C. >host –t sor hrckeddomrn.com D. >host –t r hrckeddomrn.com

Aoswern D Question 74 Whch mode of IPSec shogld yog gse to rssgue secguty rnd condenarlty of drtr wthn the srme LAN? A. ESP condenarl B. AH Tgnnel mode C. ESP turnspout mode D. AH peumscgogs

Aoswern C Question 75 Whch of the followni s the lerst-lkely physcrl chrurcteusac to be gsed n bometuc contuol thrt sgppouts r lruie comprny? A. Ius preuns B. Voce C. Fnieupunts D. Heiht rnd Weiht

Aoswern D Question 76 When yog rue collecani nfoumraon to peufoum r drtr rnrlyss, Gooile commrnds rue veuy gsefgl to nd sensave nfoumraon rnd les. These les mry contrn nfoumraon rbogt prsswouds, system fgncaons, ou docgmentraon. Whrt commrnd wll help yog to seruch les gsni Gooile rs r seruch enine? A. ste truiet.com lexls gseunrme prsswoud emrl B. domrn truiet.com ruchvexls gseunrme prsswoud emrl C. ste truiet.com letypexls gseunrme prsswoud emrl D. ngul truiet.com lenrmexls gseunrme prsswoud emrl

Aoswern C Question 77

________________________________________________________________________________________________


Page No | 22

Yog hrve sgccessfglly irned rccess to yogu clents nteunrl netwouk rnd sgccessfglly compused r lngx seuveu whch s prut of the nteunrl IP netwouk. Yog wrnt to know whch Mcuoso Wndows woukstraon hrve the shruni enrbled. Whch pout wogld yog see lstenni on these Wndows mrchnes n the netwouk? A. 1443 B. 3389 C. 11 D. 445

Aoswern D Question 78 Whch of the followni prurmeteus descube LM Hrsh I – The mrxmgm prsswoud lenith s 14 chrurcteus. II – Theue rue no dsancaons between gppeucrse rnd loweucrse. III – Its r smple rliouthm, so 10,000,000 hrshes crn be ieneurted peu second. A. I B. I rnd II C. II D. I, II rnd III

Aoswern D Question 79 Whrt s the puocess of loiini, uecoudni, rnd uesolvni events thrt trke plrce n rn ouirnzraon? A. Metucs B. Secguty Polcy C. Inteunrl Puocedgue D. Incdent Mrnriement Puocess

Aoswern D Question 80 A netwouk rdmnsturtou dscoveus seveurl gnknown les n the uoot duectouy of hs Lngx FTP seuveu. One of the les s r trubrll, two rue shrll scupt les, rnd the thud s r bnruy le s nrmed “nc.” The FTP seuveus rccess lois show thrt the rnonymogs gseu rccognt loiied n the seuveu, gplorded the les, rnd exturcted the contents of the trubrll rnd urn the scupt gsni r fgncaon puovded by the FTP seuveus sowrue. The ps commrnd shows thrt the nc le s ugnnni rs puocess, rnd the netstrt commrnd shows the nc puocess s lstenni on r netwouk pout. Whch knd of vglneurblty mgst be puesent to mrke ths uemote rrck possble? A. Fle system peumssons B. Bugte Fouce Loin C. Puvleie Escrlraon D. Duectouy Turveusrl

________________________________________________________________________________________________


Page No | 23

Aoswern D Question 81 Yog rue loiied n rs r locrl rdmn on r Wndows 7 system rnd yog need to lrgnch the Compgteu Mrnriement Console fuom commrnd lne. Whch commrnd wogld yog gse? A. c\seuvces.msc B. c\ncpr.cp C. c\compmimt.msc D. c\ipedt

Aoswern C Question 82 Yog hrve sgccessfglly compused r seuveu hrvni rn IP rdduess of 10.10.0.5. Yog wogld lke to engmeurte rll mrchnes n the srme netwouk qgckly. Whrt s the best nmrp commrnd yog wll gse? A. Nmrp –T4 –F 10.10.0.0/24 B. Nmrp –T4 –q 10.10.0.0/24 C. Nmrp –T4 –O 10.10.0.0/24 D. Nmrp –T4 –u 10.10.0.0/24

Aoswern A Question 83 The “whte box tesani” methodoloiy enfouces whrt knd of uestucaon? A. The nteunrl opeuraon of r system s completely known to the testeu. B. Only the nteunrl opeuraon of r system s known to the testeu. C. Only the exteunrl opeuraon of r system s rccessble to the testeu. D. The nteunrl opeuraon of r system s only prutly rccessble to the testeu.

Aoswern A Question 84 Rsk = Thuerts x Vglneurblaes s uefeuued to rs the A. Thuert rssessment B. Dsrsteu uecoveuy foumglr C. BIA eqgraon D. Rsk eqgraon

________________________________________________________________________________________________


Page No | 24

Aoswern D Question 85 An Intugson Detecaon System (IDS) hrs rleuted the netwouk rdmnsturtou to r possbly mrlcogs seqgence of prckets went to r Web seuveu n the netwouks exteunrl DMZ. The prcket turc wrs crptgued by the IDS rnd srved to r PCAP le. Whrt type of netwouk tool crn be gsed to deteumne f these prckets rue iengnely mrlcogs ou smply r frlse posave? A. Puotocol rnrlyzeu B. Intugson Puevenaon System (IPS) C. Vglneurblty scrnneu D. Netwouk sneu

Aoswern B Question 86 The Open Web Applcraon Secguty Puoject (OWASP) s the wouldwde not-fou-puot chrutrble ouirnzraon focgsed on mpuovni the secguty of sowrue. Whrt tem s the pumruy conceun on OWASPs Top Ten Puoject most Cuacrl Web rpplcraon Secguty Rgles? A. Injecaon B. Cuoss ste Scupani C. Cuoss ste Reqgest Fouieuy D. Prth Dsclosgue

Aoswern A Question 87 Aeu tuyni mglaple explots, yogve irned uoot rccess to r Centos  rnsweu. To ensgue yog mrntrn rccess. Whrt wogld yog do ust? A. Dsrble IPTrbles B. Cuerte Useu Accognt C. Downlord rnd Instrll Netcrt D. Dsrble Key Seuvces

Aoswern C Question 88 Whch method of prsswoud curckni trkes the most ame rnd eect? A. Rrnbow Trbles B. Shogldeu sguni C. Bugce fouce

________________________________________________________________________________________________


Page No | 25

D. Duectouy rrck

Aoswern C Question 89 Whch of the followni types of uewrlls ensgues thrt the prckets rue prut of the estrblshed sesson? A. Swtch-level uewrll B. Strtefgl nspecaon uewrll C. Applcraon-level uewrll D. Cucgt-level uewrll

Aoswern B Question 90 Whch of the followni tools s gsed to detect wueless LANs gsni the 802.11r/b/i/n WLAN strndruds on r lngx plroum? A. Ksmet B. Netstgmbleu C. Abel D. Nessgs

Aoswern A Question 91 Whch of the followni s the BEST wry to defend rirnst netwouk snni? A. Usni encuypaon puotocols to secgue netwouk commgncraons B. Restuct Physcrl Access to Seuveu Rooms hosani Cuacrl Seuveus C. Use Strac IP Adduess D. Reisteu rll mrchnes MAC Adduess n r centurlzed Drtrbrse

Aoswern A Question 92 Sesson splcni s rn IDS evrson technqge n whch rn rrckeu delveus drtr n mglaple, smrllszed prckets to the truiet compgteu, mrkni t veuy dcglt fou rn IDS to detect the rrck sinrtgues. Whch tool crn gsed to peufoum sesson splcni rrcks? A. Hydur B. Bgup C. Whskeu D. Tcpsplce

________________________________________________________________________________________________


Page No | 26

Aoswern C Question 93 Dguni r secguty rgdt of IT puocesses, rn IS rgdtou fognd thrt theue wrs no docgmented secguty puocedgues. Whrt shogld the IS rgdtou do? A. Teumnrte the rgdt. B. Idenafy rnd evrlgrte exsani purcaces. C. Cuerte r puocedgues docgment D. Condgct complrnce tesani

Aoswern B Question 94 Whch of the followni s r low-tech wry of irnni gnrgthouzed rccess to systems? A. Snni B. Socrl enineeuni C. Scrnnni D. Ervesduoppni

Aoswern B Question 95 Whch tool rllows rnrlyss rnd pen testeus to exrmne lnks between drtr gsni iurphs rnd lnk rnrlyss? A. Metrsplot B. Mrlteio C. Wueshruk D. Crn & Abel

Aoswern B Question 96 Yog hrve sgccessfglly compuomsed r mrchne on the netwouk rnd fognd r seuveu thrt s rlve on the srme netwouk. Yog tued to pni bgt yog ddnt iet rny uesponse brck. Whrt s hrppenni? A. TCP/IP doesnt sgppout ICMP. B. ICMP cogld be dsrbled on the truiet seuveu. C. The ARP s dsrbled on the truiet seuveu. D. Yog need to ugn the pni commrnd wth uoot puvleies.

Aoswern A

________________________________________________________________________________________________


Page No | 27

Question 97 The secguty concept of “sepruraon of dgaes” s most smlru to the opeuraon of whch type of secguty devce? A. Brsaon host B. Honeypot C. Fuewrll D. Intugson Detecaon System

Aoswern C Question 98 The pgupose of r  s to deny netwouk rccess to locrl ruer netwouks rnd otheu nfoumraon rssets by gnrgthouzed wueless devces. A. Wueless Access Pont B. Wueless Anrlyzeu C. Wueless Access Contuol lst D. Wueless Intugson Puevenaon System

Aoswern D Question 99 Yog jgst set gp r secguty system n yogu netwouk. In whrt knd of system wogld yog nd the followni stuni of chrurcteus gsed rs r ugle wthn ts coniguraon? rleut tcp rny rny -> 192.18.100.0/24 21 (msi "FTP on the netwouk!";) A. A uewrll IPTrble B. A Rogteu IPTrble C. An Intugson Detecaon System D. FTP Seuveu ugle

Aoswern C Question 100 Pout scrnnni crn be gsed rs prut of r techncrl rssessment to deteumne netwouk vglneurblaes. The TCP XMAS scrn s gsed to denafy lstenni pout on the truieted system. If r scrnned pout s open, whrt hrppens? A. The pout wll inoue the prckets. B. The pout wll send rn RST. C. The pout wll send rn ACK. D. The pout wll send r SYN.

Aoswern A

________________________________________________________________________________________________


Page No | 28

Question 101 Ths rsymmetuy cptheu s brsed on frctouni the puodgct of two lruie pume ngmbeus. Whrt cpheu s descubed rbove? A. SHA B. RC5 C. RSA D. MD5

Aoswern C Question 102 How does the Adduess Resolgaon Puotocol (ARP) wouk? A. It sends r ueply prcket fou r specc IP, rskni fou the MAC rdduess. B. It sends r ueply prcket to rll the netwouk elements, rskni fou the MAC rdduess fuom r specc IP. C. It sends r ueqgest prcket to rll the netwouk elements, rskni fou the domrn nrme fuom r specc IP. D. It sends r ueqgest prcket to rll the netwouk elements, rskni fou the MAC rdduess fuom r specc IP.

Aoswern D Question 103 Whch of the followni s desined to ndenafy mrlcogs rempts to peneturte systems? A. Puoxy B. Rogteu C. Fuewrll D. Intugson Detecaon System

Aoswern D Question 104 When yog uetgun to yogu desk reu r lgnch buerk, yog noace r sturnie emrl n yogu nbox. The sendeus s someone yog dd bgsness wth uecently bgt the sgbject lne hrs sturnie chrurcteus n t. Whrt shogld yog do? A. Fouwrud the messrie to yogu comprnys secguty uesponse term rnd peumrnently delete the messrie fuom yogu compgteu. B. Delete the emrl rnd puetend nothni hrppened. C. Fouwrud the messrie to yogu sgpeuvsou rnd rsk fou heu opnon on how to hrndle the stgraon. D. Reply to the sendeu rnd rsk them fou moue nfoumraon rbogt the messrie contents.

Aoswern A

________________________________________________________________________________________________


Page No | 29

Question 105 A common cuyptoiurphcrlly tool s the gse of XOR. XOR the followni bnruy vrlge 10110001 00111010 A. 10001011 B. 10011101 C. 11011000 D. 10111100

Aoswern A Question 106 A Reionrl brnk hues yogu comprny to peufoum r secguty rssessment on theu netwouk reu r uecent drtr buerch. The rrckeu wrs rble to sterl nrncrl drtr fuom the brnk by compuomsni only r snile seuveu. Brsed on ths nfoumraon, whrt shogld be one of yogu key uecommendraons to the brnk? A. Move the nrncrl drtr to rnotheu seuveu on the srme IP sgbnet B. Plrce r fuont-end web seuveu n r demltruzed zone thrt only hrndles exteunrl web turc C. Issge new ceuacrtes to the web seuveus fuom the uoot ceuacrte rgthouty D. Reqgue rll employees to chrnie theu prsswouds mmedrtely

Aoswern A Question 107 It s r ueiglraon thrt hrs r set f igdelne, whch shogld be rdheued to by rnyone who hrndles rny electuonc medcrl drt r. These igdelnes sapglrte thrt rll medcrl purcaces mgst ensgue thrt rll necessruy mersgues rue n plrce whle srvni, rccessni, rnd shruni rny electuonc medcrl drtr to keep praent drtr secgue. Whch of the followni ueiglraons best mrtches the descupaon? A. HIPAA B. COBIT C. ISO/IEC 27002 D. FISMA

Aoswern A Question 108 Whch of the followni strtements ueirudni ethcrl hrckni s ncouuect? A. Tesani shogld be uemotely peufoumed oste. B. Ethcrl hrckeus shogld neveu gse tools thrt hrve potenarl of exploani vglneurblaes n the ouirnzraons IT system. C. Ethcrl hrckni shogld not nvolve wuani to ou modfyni the truiet systems. D. An ouirnzraon shogld gse ethcrl hrckeus who do not sell hrudwrue/sowrue ou otheu consglani seuvces.

________________________________________________________________________________________________


Page No | 30

Aoswern B Question 109 Whch of the followni s consdeued the best wry to puevent Peusonrlly Idenarble Infoumraon (PII) fuom web rpplcraon vglneurblaes? A. Use encuypted commgncraons puotocols to turnsmt PII B. Use fgll dsk encuypaon on rll hrud duves to puotect PII C. Use cuyptoiurphc stourie to stoue rll PII D. Use r secguty token to loi onto nto rll Web rpplcraon thrt gse PII

Aoswern A Question 110 Undeu the “Post-rrch Phrse rnd Acavaes,” t s the uesponsblty of the testeu to uestoue the system to r pue-test strte. Whch of the followni rcavaes shogld not be nclgded n ths phrse? I. Removni rll les gplorded on the system II. Clernni rll ueistuy entues III. Mrppni of netwouk strte IV. Removni rll tools rnd mrntrnni brckdoou fou uepouani A. III B. IV C. III rnd IV D. All shogld be nclgded.

Aoswern A Question 111 Rcrudo wrnts to send secuet messries to r compeatou comprny. To secgue these messries, he gses r technqge of hdni r secuet messrie wthn rn oudnruy messrie, the technqge puovdes 'secguty thuogih obscguty'. Whrt technqge s Rcrudo gsni? A. RSA rliouthm B. Steirnoiurphy C. Encuypaon D. Pgblc-key cuyptoiurphy

Aoswern B Question 112 Yog hrve sgccessfglly irned rccess to r lngx seuveu rnd wogld lke to ensgue thrt the sgcceedni ogtioni turc fuom the seuveu wll not be crgiht by r Netwouk Brsed Intugson Detecaon System (NIDS).

________________________________________________________________________________________________


Page No | 31

Whch s the best wry to evrde the NIDS? A. Ogt of brnd sinrlni B. Encuypaon C. Alteunrte Drtr Stuerms D. Puotocol Isolraon

Aoswern B Question 113 An rrckeu irns rccess to r Web seuveus drtrbrse rnd dsplry the contents of the trble thrt holds rll of the nrmes, prsswouds, rnd otheu gseu nfoumraon. The rrckeu dd ths by enteuni nfoumraon nto the Web ste's gseu loin prie thrt the sowrue's desineus dd not expect to be enteued. Ths s rn exrmple of whrt knd of sowrue desin puoblem? A. Insgcent secguty mrnriement B. Insgcent drtrbrse hrudenni C. Insgcent excepaon hrndlni D. Insgcent npgt vrldraon

Aoswern D Question 114 Yog rue peufoumni r peneturaon test. Yog rcheved rccess vr r bgeu oveuow explot rnd yog puoceed to nd nteuesani drtr, sgch rs les wth gseunrmes rnd prsswouds. Yog nd r hdden foldeu thrt hrs the rdmnsturtous brnk rccognt prsswoud rnd loin nfoumraon fou the rdmnsturtous btcon rccognt. Whrt shogld yog do? A. Do not turnsfeu the money bgt sterl the btcons. B. Repout mmedrtely to the rdmnsturtou. C. Turnsfeu money fuom the rdmnsturtous rccognt to rnotheu rccognt. D. Do not uepout t rnd conange the peneturaon test.

Aoswern B Question 115 Whch of the followni s r commrnd lne prcket rnrlyzeu smlru to GUI-brsed Wueshruk? A. Jrck the uppeu B. nessgs C. tcpdgmp D. etheuerl

Aoswern C Question 116

________________________________________________________________________________________________


Page No | 32

Yog rue rempani to mrn-n-the-mddle r sesson. Whch puotocol wll rllow yog to igess r seqgence ngmbeu? A. ICMP B. TCP C. UDP D. UPX

Aoswern B Question 117 Whch of the followni ncdent hrndlni puocess phrses s uesponsble fou denni ugles, cuerani r brck-gp plrn, rnd tesani the plrns fou rn enteupuse? A. Puepruraon phrse B. Recoveuy phrse C. Idenacraon phrse D. Contrnment phrse

Aoswern A Question 118 Whrt teum descubes the rmognt of usk thrt uemrns reu the vglneurblaes rue clrssed rnd the cognteumersgues hrve been deployed? A. Inheuent Rsk B. Resdgrl Rsk C. Defeuued Rsk D. Imprct Rsk

Aoswern B Question 119 The “Gury box tesani” methodoloiy enfouces whrt knd of uestucaon? A. Only the exteunrl opeuraon of r system s rccessble to the testeu. B. Only the nteunrl opeuraon of r system s known to the testeu. C. The nteunrl opeuraon of r system s completely known to the testeu. D. The nteunrl opeuraon of r system s only prutly rccessble to the testeu.

Aoswern D Question 120 Nraon-strte thuert rctous oen dscoveu vglneurblaes rnd hold on to them gnal they wrnt to lrgnch r sophsacrted rrck. The Stgxnet rrck wrs rn gnpuecedented style of rrck becrgse t gsed fogu types of ths vglneurblty.

________________________________________________________________________________________________


Page No | 33

Whrt s ths style of rrck crlled? A. zeuo-hogu B. no-dry C. zeuo-dry D. zeuo-sgm

Aoswern C Question 121 Yog rue r Netwouk Secguty Oceu. Yog hrve two mrchnes. The ust mrchne (192.18.0.99) hrs snout nstrlled, rnd the second mrchne (192.18.0.150) hrs kw sysloi nstrlled. Yog peufoum r syn scrn n yogu netwouk, rnd yog noace thrt kw sysloi s not uecevni the rleut messrie fuom snout. Yog decde to ugn wueshruk n the snout mrchne to check f the messries rue ioni to the kw sysloi mrchne. Whrt wueshruk lteu wll show the connecaons fuom the snout mrchne to kw sysloi mrchne? A. tcp.dstpout==514 && p.dst==192.18.0.150 B. tcp.dstpout==514 && p.dst==192.18.0.99 C. tcp.sucpout==514 && p.suc==192.18.0.99 D. tcp.sucpout==514 && p.suc==192.18.150

Aoswern A Question 122 Dguni r uecent secguty rssessment, yog dscoveu the ouirnzraon hrs one Domrn Nrme Seuveu (DNS) n r Demltruzed Zone (DMZ) rnd r second DNS seuveu on the nteunrl Netwouk. Whrt s ths type of DNS coniguraon commonly crlled? A. DNS Scheme B. DynDNS C. Splt DNS D. DNSSEC

Aoswern C Question 123 A new wueless clent s conigued to jon r 802.11 netwouk. Ths clent gses the srme hrudwrue rnd sowrue rs mrny of the otheu clents on the netwouk. The clent crn see the netwouk, bgt crnnot connect. A wueless prcket sneu shows thrt the Wueless Access Pont (WAP) s not uespondni to the rssocraon ueqgests beni sent by the wueless clent. Whrt s r possble soguce of ths puoblem? A. The clent crnnot see the SSID of the wueless netwouk B. The wueless clent s not conigued to gse DHCP C. The WAP does not uecoinze the clent's MAC rdduess D. Clent s conigued fou the wuoni chrnnel

________________________________________________________________________________________________


312-50v9

Recommend Documents