A major difference between a hacker and an ethical hacker is the:
Code of ethics to which each subscribes.
Breaking the trust the client has placed in the ethical hacker can lead to the:
Questioning of other details, such as the results of the test
During the planning phase of a penetration test, the aim should be to:
Determine why a penetration test and its associated tasks are necessary.
Planning, discovery, attack, and reporting are considered:
Ethical hacking steps.
What type of penetration testing is most often used when an organization wants to closely simulate how an attacker views a system?
Which of the following is NOT considered one of the three types of controls you can use in risk mitigation?
Which of the following refers to a piece of software, a tool, or a technique that targets or takes advantage of a vulnerability?
Which of the following refers to the structured and methodical means of investigating, uncovering, attacking, and reporting on a target system’s strengths and vulnerabilities?
Which of the following tests includes anything that targets equipment or facilities and can also include actions against people, such as social engineering-related threats?
Which of the following tests is designed to simulate an attack against technology from either the inside or the outside depending on the goals and intentions of the client?
A hierarchical system of servers and services specifically designed to translate IP addresses into domain names (forward lookups) as well as the reverse (reverse lookups) is called:
Domain Name Service (DNS).
Blocking everything and allowing only what is needed is known as:
the deny-all principle.
Repeaters, hubs, bridges, and switches are part of:
Physical or Network Access Layer equipment
The act of a third party covertly monitoring Internet and telephone conversations is called:
Which of the following is a connectionless protocol that offers speed and low overhead as its primary advantage?
User Datagram Protocol
Which of the following is a largely obsolete protocol that was originally designed for use in connections established by modems?
Serial Line Interface Protocol
Which of the following is method of separating a network into segments for better management and performance?
Which of the following offers the greatest level of security for wireless networks?
Wi-Fi Protected Access 2 (WPA2)
Which of the following regulates the flow of traffic between different networks?
Which routing protocol calculates the best path to a target network by one or more metrics such as delay, speed, or bandwidth?
A hash algorithm can be compromised with a collision, which occurs when two separate and different messages or inputs pass through the hashing process and generate:
the same value.
Cryptography provides an invaluable service to security by providing all of the following except:
the ability to hack into systems and remain undetected.
In using symmetric encryption to encrypt a given piece of information, there are two different mechanisms an algorithm can use, either:
a stream cipher or a block cipher.
The main function or capability of certificate authorities (CAs) is to:
generate key pairs and bind a user’s identity to the public key.
To create a digital signature, two steps take place that result in the actual signature that is sent with data. In the first step, the message or information to be sent is passed through a hashing algorithm that creates a hash to:
private key as the key in the encryption process.
What type of encryption uses the same key to encrypt and to decrypt information?
Which of the following is used to bring trust, integrity, and security to electronic transactions?
Public key infrastructure
Which of the following terms refers to functions employed in asymmetric encryption that are easy to compute in one direction, but tough to compute in the other?
Which of the following terms refers to the ability to verify that information has not been altered and has remained in the form originally intended by the creator?
Which password attack method tries every possible sequence of keys until the correct one is found?
Brute-force password attack
Automated methods for obtaining network range information:
are faster than manual methods.
Countermeasures an organization can take to thwart footprinting of the organization’s Web site include all of the following except:
adding unnecessary information to the Web site to throw attackers off the trail.
Countermeasures that an organization can take regarding protecting domain information include:
employing a commonly available proxy service to block the access of sensitive domain data.
Google hacking can be thwarted to a high degree by:
sanitizing information that is available publicly whenever possible.
The manual method of obtaining network range information requires the attacker to visit at least one or more of the Regional Internet Registries (RIRs), which are responsible for:
management, distribution, and registration of public IP addresses within their respective assigned regions.
Which of the following is NOT one of the Internet sources that hackers use to gather information about a company or its employees?
Internet protocol resources
Which of the following is specifically designed to passively gain information about a target?
Which of the following refers to a software program used to determine the path a data packet traverses to get to a specific IP address?
Which of the following refers to is the protocol designed to query databases to look up and identify the registrant of a domain name?
Which step(s) in the information-gathering process does footprinting cover?
Gathering information and determining the network range
An attacker using friendliness, trust, impersonation, and empathy, to get a victim to do what they want him or her to do is participating in:
An attacker who sets up such a realistic persona that the victim volunteers information is participating in:
reverse social engineering.
Attackers observing victims as they enter codes at a bank cash machine or a gas pump are participating in:
Which of the following gives Facebook users flexibility as to who is allowed to see which portions of a profile?
Limited Profile Settings
Common scams used in social media include all of the following EXCEPT:
reaching out to users to raise money for a legitimate charity.
Which of the following is NOT considered a common mistake that people make when using social media?
Posting so little personal information that others do not want to “follow” or “friend” them
Which of the following is NOT considered a sensible guideline to follow when using social networking sites?
Posting so little personal information that others do not want to “follow” or “friend” them
Which of the following is true regarding account passwords?
Passwords should have at least one number and one special character.
Which of the following statements is NOT true regarding over-sharing of company activities?
a. Over-sharing of company activities typically is conducted by disgruntled employees who are intentionally trying to harm their company.
Which of the following statements is NOT true regarding social engineering?
Social engineering has different goals and objectives than other types of hacking.
Which of the following is NOT a network mapping tool?
A technique that has existed for more than 25 years as a footprinting tool and involves the use of modems is called:
The practice of identifying the operating system of a networked device through either passive or active techniques is called:
Which of the following excels at allowing the security professional to find services that have been redirected from standard ports?
Which of the following is a form of OS fingerprinting that involves actively requesting information from the target system?
Which of the following is a method of identifying the OS of a targeted computer or device in which no traffic or packets are injected into the network and attackers simply listen to and analyze existing traffic?
Which of the following is a Windows-based port scanner designed to scan TCP and UDP ports, perform ping scans, run Whois queries, and use Traceroute?
Which of the following is the process of locating wireless access points and gaining information about the configuration of each?
Which of the following reveals telling information such as version and service data that will help an attacker?
Which of the following techniques is not used to locate network access points, but to reveal the presence of access points to others?
A form of offline attack that functions much like a dictionary attack, but with an extra level of sophistication, is a:
An attacker can deprive the system owner of the ability to detect the activities that have been carried out by:
Cain and Abel, John the Ripper, Pandora, and Pwdump3 are examples of:
Precomputed hashes are used in an attack type known as a:
Shoulder surfing, keyboard sniffing, and social engineering are considered:
The database on the local Windows system that is used to store user account information is called:
the Security Account Manager (SAM)
The unique ID that is assigned to each user account in Windows that identifies the account or group is called a(n):
security identifier (SID)
Which of the following are considered passive online attacks?
Packet sniffing, or man-in-the-middle and replay attacks
Which of the following is NOT true regarding the use of a packet sniffer?
Packet sniffing involves the attacker capturing traffic from both ends of the communication between two hosts.
Which of the following refers to a utility designed to detect Simple Network Management Protocol (SNMP)-enabled devices on a network and locate and identify devices that are vulnerable to SNMP attacks?
Common database vulnerabilities include all of the following EXCEPT:
strong audit log settings.
Common forms of distributed denial of service (DDoS) attacks include all of the following EXCEPT:
Exploitative behaviors against Web applications include all of the following EXCEPT:
NGSSquirreL and AppDetective are:
pieces of software for performing audits on databases.
Offloading services from the local intranet to the Internet itself can be done by the use of:
Security issues that can arise in cloud computing that are above and beyond those with standard environments include all of the following EXCEPT:
SQLPing and SQLRecon are:
tools for locating rogue or unknown database installations.
The categories of Web application vulnerabilities include all of the following EXCEPT:
Typical categories of databases include all of the following EXCEPT:
Web applications that require a user to log on prior to gaining access can track information relating to improper or incorrect logons; this information typically lists entries such as all of the following EXCEPT:
entry of a valid user ID and password.
What type of attack relies on a variation of the input validation attack but has the goal of going after a user instead of the application or data.
Cross-site scripting (XSS)
Which category of risk inherent with Web servers includes risks such as the ability to steal information from a server, run scripts or executables remotely, enumerate servers, and carry out denial of service (DoS) attacks?
Defects and misconfiguration risks
Which class of individuals is primarily concerned with the security of the Web server because it can provide an easy means of getting into the local network?
Which class of individuals works the most with the server and is primarily concerned with access to content and services?
Which of the following is a hierarchical, structured format for storing information for later retrieval, modification, management, and other purposes?
Which of the following is NOT considered a vulnerability of Web servers?
Poor end-user training
Which of the following refers to a language used to interact with databases, making it possible to access, manipulate, and change data?
Structured Query Language (SQL)
Which of the following refers to encryption using short keys or keys that are poorly designed and implemented that can allow an attacker to decrypt data easily and gain unauthorized access to the information?
Weak ciphers or encoding algorithms
Which of the following statements is NOT true regarding Structured Query Language (SQL) injections?
They are specific to only one vendor’s database and cannot force the application to reveal restricted information.
Which of the following statements is NOT true regarding the protection of databases?
Very few tools are available to locate, audit, and ultimately protect databases.
A process where communications are redirected to different ports than they would normally be destined for is called:
A section of the hard drive record responsible for assisting in locating the operating system to boot the computer is called the:
master boot records (MBRs).
A software development kit specifically designed to facilitate the design and development of Trojans is called a:
Trojan construction kit.
The part of a hard drive or removable media that is used to boot programs is called the:
Which of the following is a malware program designed to replicate without attaching to or infecting other files on a host system?
Which of the following is a next-generation Trojan tool that was designed to accept customized, specially designed plug-ins?
Back Orifice (BO2K)
Which of the following is a remote access Trojan authored entirely in Delphi that uses TCP port 26097 by default?
Let Me Rule
Which of the following is a U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?
Trusted Computer System Evaluation Criteria (TCSEC)
Which of the following is malware that looks legitimate but hides a payload that does something unwanted?
Which of the following is NOT a type of malware?
Which of the following is NOT one of the key goals of a backdoor?
To obtain a Trojan construction kit
Which of the following laws was originally passed to address federal computer-related offenses and the cracking of computer systems?
The Computer Fraud and Abuse Act of 1986
Which of the following statements is NOT true about dictionary-based virus detection?
This method can detect both viruses that it knows about and those it does not know about.
Which of the following terms refers to any software that is inherently hostile, intrusive, or annoying in its operation?
Which of the following types of malware is a piece of code or software that spreads from system to system by attaching itself to other files and is activated when the file is accessed?
Which of the following types of viruses infects and operates through the use of a programming language built into applications such as Microsoft Office in the form of Visual Basic for Applications (VBA)?
Which of the following types of viruses infects using multiple attack vectors, including the boot sector and executable files on the hard drive?
Which of the following types of viruses is a piece of code or software designed to lie in wait on a system until a specified event occurs?
Which of the following types of viruses is designed to change their code and “shape” to avoid detection by virus scanners, which would look for a specific virus code and not the new version?
Which one of the following is NOT a goal of Trojans?
A group of infected systems that are used to collectively attack another system is called a:
All of the following are commonly used tools to perform session hijacking EXCEPT:
Botnets are used to perform all of the following attacks EXCEPT:
passive session hijacking.
Countermeasures that can be used to defeat sniffing include all of the following EXCEPT:
Media Access Control (MAC) flooding.
Media Access Control (MAC) flooding and Address Resolution Protocol (ARP) poisoning are:
methods of bypassing a switch to perform sniffing.
What type of sniffing takes place on networks such as those that have a hub as the connectivity device?
Which of the following is NOT one of the steps an attacker must perform to conduct a successful session hijacking?
Inject packets into the network prior to the authentication process.
Which of the following statements is NOT true regarding Address Resolution Protocol (ARP) poisoning?
It cannot be used to alter data in transmission or tap Voice over IP (VoIP) phone calls.
Which of the following statements is NOT true regarding passive session hijacking?
In passive session hijacking, the attacker assumes the role of the party he has displaced.
With a hub connectivity device in place, all traffic can be seen by all other stations, which can be also referred to as all stations being on the same:
A piece of media that contains a complete and bootable operating system is called a(n):
One of the bigger benefits of a Live CD is that a user can boot a computer off a Live CD:
without making any alterations to the existing operating system on the computer.
Which of the following are used to specify filenames or other targets that fine-tune the action of the command in Linux?
Which of the following is NOT a common use of live distributions?
Which of the following is NOT one of the more common distributions of Linux?
Which of the following Linux commands is used to copy files from location to location?
Which of the following Linux commands is used to display the current location of the user within the Linux directory structure?
Which of the following Linux commands is used to remove or delete empty directories from the Linux filesystem?
Which of the following statements is NOT true about Kali Linux?
It is designed to be used as a desktop replacement operating system.
Which of the following will happen after using a Live CD, ejecting the media, and rebooting the system from the hard drive?
A setup created by wireless networking technologies that are designed to extend or replace wired networks is called:
wireless local area network (WLAN).
The 802.11n standard uses a new method of transmitting signals, which can transmit multiple signals across multiple antennas. This new method of transmitting signals is called:
multiple input and multiple output (MIMO).
The Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of standards, which range from 802.11a to 802.11n are known collectively in standard jargon as:
Which of the following is a capability implemented through Bluetooth technology, designed to reach a maximum range on average of 10 meters or 30 feet?
Personal area network (PAN)
Which of the following is NOT a countermeasure to threats against wireless LANs?
Which of the following is used to make calls or send text messages from the targeted device?
Which of the following is used to uniquely identify a network, thereby ensuring that clients can locate the correct wireless local area network (WLAN) that they should be attaching to?
Service set identifier (SSID)
Which of the following technologies emerged for the first time in 1998 and was designed to be a short-range networking technology that could connect different devices together?
Which of the following was NOT a benefit of the 802.11a over 802.11b?
Lower cost of equipment
Which one of the following is the strongest authentication technology for protecting wireless networks?
Wi-Fi Protected Access version 2 (WPA2)
A device that prevents entry into designated areas by motor vehicle traffic is called a:
A measurement of the percentage of individuals who have gained access but should not have been granted such is called:
false acceptance rate (FAR).
A mechanical or electronic device designed to secure, hold, or close items operated by a key, combination, or keycard is a:
When considering closed circuit TV as a security measure, the focal length must be considered. What is focal length?
The camera’s effectiveness in viewing objects from a horizontal and vertical view
Which of the following allows the placing of telephone calls over computer networks and the Internet?
Voice over IP (VoIP)
Which of the following is a disadvantage of alarms?
False alarms tied to the police may result in fines.
Which of the following is a type of smash-and-grab burglary in which a heavy vehicle is driven through the windows or doors of a closed shop, usually one selling electronics or jewelry, to quickly rob it?
Which of the following lock types are smart and programmable?
Which of the following types of lighting is randomly turned on to create an impression of activity?
Which type of token does NOT require that the card be inserted or slid through a reader?
Information or physical remnants collected from a crime scene and used to determine the extent of a crime and potentially prove a case in court is called:
The capacity of a system to keep functioning in the face of hardware or software failure is called:
The phase of incident response that involves determining which evidence is relevant to the investigation and which is not is called:
analysis and tracking.
The process of tracking and carefully processing evidence from collection to trial to the return to its owner is called:
creating a paper trail.
Which of the following defines how the organization will maintain what is accepted as normal day-to-day business in the event of a security incident or other events disruptive to the business?
Business continuity plan
Which of the following documents states how personnel and assets will be safeguarded in the event of a disaster?
Debriefing and feedback
Which of the following is NOT a commonly accepted rule of evidence?
Which of the following phases has the goal of determining what was done right, what was done wrong, and how to improve?
Debriefing and feedback
Which of the following tests of a disaster recovery plan involves practicing backup and restore operations, incident response, communication and coordination of efforts, and alternative site usage in such a way that normal business operations are not adversely affected?
Which of the following types of evidence is received as the result of testimony or interview of an individual regarding something he or she directly experienced?
A group of computers or a network configured to attract attackers is called a(n):
Any activity that should not be but is occurring on an information system is called:
The primary components of a host-based intrusion detection system (HIDS) are:
the command console and the monitoring agent software.
The principle that individuals will be given only the level of access that is appropriate for their specific job role or function is called:
Which of the following controls fit in the area of policy and procedure?
Which of the following is a firewall best able to control?
Which of the following is commonly known as misuse detection because it attempts to detect activities that may be indicative of misuse or intrusions?
Which of the following options for firewall implementation has a region of the network or zone that is sandwiched between two firewalls?
Demilitarized zone (DMZ)
Which of the following provides the ability to monitor a network, host, or application, and report back when suspicious activity is detected?
Intrusion detection system (IDS)
Which of the following statements is NOT true about firewall policy?
A policy is not necessary if the firewall is configured in the way the administrator wants.