EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Question2: A regional bank hires your company to perform a security assessment on their network after a recent data
breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?

Question3: You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

Question4: You are tasked to perform a penetration test. While you are performing information gathering, you find an
employee list in Google. You find the receptionist's email, and you send her an email changing the source
email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads
your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these
links contain malware) and send back the modified pdf, saying that the links don't work. She reads your
email, opens the links, and her machine gets infected. You now have access to the company network.
What testing method did you use?

Question5: Which of the following scanning method splits the TCP header into several packets and makes it difficult
for packet filters to detect the purpose of the packet?

Question6: You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique
wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets
are meant for.
Which of the below scanning technique will you use?

Question7: Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Question8: What type of vulnerability/attack is it when the malicious person forces the user's browser to send an
authenticated request to a server?

Question9: Which of the following programming languages is most susceptible to buffer overflow attacks, due to its
lack of a built-in-bounds checking mechanism?
Code:
#include <string.h>
int main(){
char buffer[8];
strcpy(buffer, ""11111111111111111111111111111"");
}
Output:
Segmentation fault

Question10: Bob learned that his username and password for a popular game has been compromised. He contacts the
company and resets all the information. The company suggests he use two-factor authentication; which
option below offers that?

Question11: Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a
maximum length of (264-1) bits and resembles the MD5 algorithm?

Question12: Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are
requested to accept the offer and you oblige.
After 2 days, Bob denies that he had ever sent a mail.
What do you want to "know" to prove yourself that it was Bob who had send a mail?

Question13: What does a firewall check to prevent particular ports and applications from getting packets into an
organization?

Question14: Which system consists of a publicly available set of databases that contain domain name registration
contact information?

Question15: In Risk Management, how is the term "likelihood" related to the concept of "threat?"

Question16: When you are testing a web application, it is very useful to employ a proxy tool to save every request and
response. You can manually test every request and analyze the response to find vulnerabilities. You can
test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?

Question17: Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a
technique of hiding a secret message within an ordinary message. The technique provides 'security
through obscurity'.
What technique is Ricardo using?

Question18: An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his
router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate
this attack?

Question19: You are performing a penetration test for a client and have gained shell access to a Windows machine on
the internal network. You intend to retrieve all DNS records for the internal domain. If the DNS server is at
192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup
prompt to attempt a zone transfer?

Question20: Your team has won a contract to infiltrate an organization. The company wants to have the attack be as
realistic as possible; therefore, they did not provide any information besides the company name. What
should be the first step in security testing the client?

Question21: Which of the following can the administrator do to verify that a tape backup can be recovered in its
entirety?

Question22: In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

Question23: Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

Question24: A new wireless client is configured to join an 802.11 network. This client uses the same hardware and
software as many of the other clients on the network. The client can see the network, but cannot connect.
A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association
requests being sent by the wireless client. What is a possible source of this problem?

Question25: In which of the following password protection technique, random strings of characters are added to the
password before calculating their hashes?

Question26: A company's Web development team has become aware of a certain type of security vulnerability in their
Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the
software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

Question27: When conducting a penetration test, it is crucial to use all means to get all available information about the
target network. One of the ways to do that is by sniffing the network. Which of the following cannot be
performed by the passive network sniffing?

Question28: A company's Web development team has become aware of a certain type of security vulnerability in their
Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the
software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

Question29: Sam is working as s pen-tester in an organization in Houston. He performs penetration testing on IDS in
order to find the different ways an attacker uses to evade the IDS. Sam sends a large amount of packets to
the target IDS that generates alerts, which enable Sam to hide the real traffic. What type of method is Sam
using to evade IDS?

Question30: The following is part of a log file taken from the machine on the network with the IP address of
192.168.0.110:

What type of activity has been logged?

Question31: Steve, a scientist who works in a governmental security agency, developed a technological solution to
identify people based on walking patterns and implemented this approach to a physical control access.
A camera captures people walking and identifies the individuals using Steve's approach.
After that, people must approximate their RFID badges. Both the identifications are required to open the
door.
In this case, we can say:

Question32: What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting
data from multiple protected systems and instead of analyzing files locally it's made on the provider's
environment.

Question33: Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Question34: Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

Question35: Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library?
This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS
encryption used to secure the Internet.

Question36: You just set up a security system in your network. In what kind of system would you find the following
string of characters used as a rule within its configuration? alert tcp any any ->192.168.100.0/24 21
(msg:""FTP on the network!"";)

Question37: Which access control mechanism allows for multiple systems to use a central authentication server (CAS)
that permits users to authenticate once and gain access to multiple systems?

Question38: Code injection is a form of attack in which a malicious user:

Question39: Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by
inputting massive amounts of random data and observing the changes in the output?

Question40: Which of the following programs is usually targeted at Microsoft Office products?

Question41: It is an entity or event with the potential to adversely impact a system through unauthorized acces,
destruction, disclosure, denial of service or modification of data. Which of the following terms best matches
the definition?

Question42: Which tier in the N-tier application architecture is responsible for moving and processing data between the
tiers?

Question43: You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence
number?

Question44: You are looking for SQL injection vulnerability by sending a special character to web applications. Which of
the following is the most useful for quick validation?

Question45: Security Policy is a definition of what it means to be secure for a system, organization or other entity. For
Information Technologies, there are sub-policies like Computer Security Policy, Information Protection
Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access
Policy, and User Account Policy.
What is the main theme of the sub-policies for Information Technologies?

Question46: DNS cache snooping is a process of determining if the specified resource address is present in the DNS
cache records. It may be useful during the examination of the network to determine what software update
resources are used, thus discovering what software is installed.
What command is used to determine if the entry is present in DNS cache?

Question47: Which Intrusion Detection System is the best applicable for large environments where critical assets on the
network need extra security and is ideal for observing sensitive network segments?

Question48: An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and
Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible
breach of security. When the investigator attempts to correlate the information in all of the logs, the
sequence of many of the logged events do not match up.
What is the most likely cause?

Question49: In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites
with the intent of collecting personal identifiable information from its victims. What is the difference between
pharming and phishing attacks?

Question50: Which of the following Nmap commands will produce the following output?

Question51: Which of the following incident handling process phases is responsible for defining rules, collaborating
human workforce, creating a back-up plan, and testing the plans for an organization?

Question52: Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking
for an IDS with the following characteristics: -Verifies success or failure of an attack - Monitors system
activities - Detects attacks that a network-based IDS fails to detect. - Near real-time detection and
response - Does not require additional hardware - Lower entry cost. Which type of IDS is best suited for
Tremp's requirements?

Question53: You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate
all machines in the same network quickly.
What is the best Nmap command you will use?

Question54: An LDAP directory can be used to store information similar to a SQL database. LDAP uses a ____
database structure instead of SQL's ______ structure. Because of this, LDAP has difficulty representing
many-to-one relationships.

Question55: An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.
In which order should he perform these steps?

Question56: A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should
he do?

Question57: You are logged in as a local admin on a Windows 7 system and you need to launch the Computer
Management Console from command line.
Which command would you use?

Question58: Which method of password cracking takes the most time and effort?

Question59: What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a
hotel room?

Question60: Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a
signature-based IDS?

Question61: Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he
uses a detection method where the anti-virus executes the malicious codes on a virtual machine to
simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?

Question62: What is the role of test automation in security testing?

Question63: Firewalk has just completed the second phase (the scanning phase) and a technician receives the output
shown below. What conclusions can be drown based on these scan results?
TCP port 21 - no response
TCP port 22 - no response
TCP port 23 - Time-to-live exceeded

Question64: While performing online banking using a Web browser, a user receives an email that contains a link to an
interesting Web site. When the user clicks on the link, another Web browser session starts and displays a
video of cats playing a piano. The next business day, the user receives what looks like an email from his
bank, indicating that his bank account has been accessed from a foreign country. The email asks the user
to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based
security vulnerability was exploited to compromise the user?

Question65: The establishment of a TCP connection involves a negotiation called three-way handshake. What type of
message does the client send to the server in order to begin this negotiation?

Question66: Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

Question67: During an Xmas scan, what indicates a port is closed?

Question68: What is the least important information when you analyze a public IP address in a security alert?

Question69: The "white box testing" methodology enforces what kind of restriction?

Question70: It has been reported to you that someone has caused an information spillage on their computer. You go to
the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What
step in incident handling did you just complete?

Question71: By using a smart card and pin, you are using a two-factor authentication that satisfies

Question72: An unauthorized individual enters a building following an employee through the employee entrance after
the lunch rush. What type of breach has the individual just performed?

Question73: What is the difference between the AES and RSA algorithms?

Question74: A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take
part in coordinated attacks, or host junk email content.
Which sort of trojan infects this server?

Question75: Which of the following is the successor of SSL?

Question76: Which of the following areas is considered a strength of symmetric key cryptography when compared with
asymmetric algorithms?

Question77: In order to have an anonymous Internet surf, which of the following is best choice?

Question78: What is the purpose of a demilitarized zone on a network?

Question79: env x='(){ :;};echo exploit' bash -c 'cat/etc/passwd'
What is the Shellshock bash vulnerability attempting to do a vulnerable Linux host?

Question80: Scenario:
1. Victim opens the attacker's web site.
2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make
$1000 in a day?'.
3. Victim clicks to the interesting and attractive content URL.
4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks
that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content
or UPL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?

Question81: Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks
in the wired network to have Internet access. In the university campus, there are many Ethernet ports
available for professors and authorized visitors but not for students.
He identified this when the IDS alerted for malware activities in the network.
What should Bob do to avoid this problem?

Question82: Websites and web portals that provide web services commonly use the Simple Object Access Protocol
(SOAP). Which of the following is an incorrect definition or characteristics of the protocol?

Question83: As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security
assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects
both the organization's interest and your liabilities as a tester?

Question84: In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire
access to another account's confidential files and information. How can he achieve this?

Question85: Cryptography is the practice and study of techniques for secure communication in the presence of third
parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome
the influence of adversaries and that are related to various aspects in information security such as data
confidentially, data integrity, authentication, and non-repudiation. Modern cryptography intersects the
disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography
include ATM cards, computer passwords, and electronic commerce.
Basic example to understand how cryptography works is given below:

Which of the following choices true about cryptography?

Question86: Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by
running a scan which looks for common misconfigurations and outdated software versions. Which of the
following tools is he most likely using?

Question87: Which of the following is the structure designed to verify and authenticate the identity of individuals within
the enterprise taking part in a data exchange?

Question88: Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil
Corp's lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501.
What needs to happen before Matthew has full administrator access?

Question89: You need a tool that can do network intrusion prevention and intrusion detection, function as a network
sniffer, and record network activity. What tool would you most likely select?

Question90: Which of the following security policies defines the use of VPN for gaining access to an internal corporate
network?

Question91: Which of these options is the most secure procedure for storing backup tapes?

Question92: A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much
information can be obtained from the firm's public facing web servers. The engineer decides to start by
using netcat to port 80.
The engineer receives this output:
HTTP/1.1 200 OK
Server: Microsoft-IIS/6
Expires: Tue, 17 Jan 2011 01:41:33 GMT
Date: Mon, 16 Jan 2011 01:41:33 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT
ETag: "b0aac0542e25c31:89d"
Content-Length: 7369
Which of the following is an example of what the engineer performed?

Question93: Which is the first step followed by Vulnerability Scanners for scanning a network?

Question94: Which security strategy requires using several, varying methods to protect IT systems against attacks?

Question95: What attack is used to crack passwords by using a precomputed table of hashed passwords?

Question96: Jesse receives an email with an attachment labeled "Court_Notice_21206.zip". Inside the zip file named
"Court_Notice_21206.docx.exe" disguised as a word document. Upon execution, a window appears
stating, "This word document is corrupt". In the background, the file copies itself to Jesse APPDATA\local
directory and begins to beacon to a C2 server to download additional malicious binaries.
What type of malware has Jesse encountered?

Question97: Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in
and out the target network based on pre-defined set of rules.
Which of the following types of firewalls can protect against SQL injection attacks?

Question98: Which regulation defines security and privacy controls for Federal information systems and organizations?

Question99: Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in
software applications?

Question100: There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering
the process. A term describes when two pieces of data result in the value is?

Question101: Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on
his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it
begins to close.
What just happened?

Question102: Which regulation defines security and privacy controls for Federal information systems and organizations?

Question103: What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch
(.bat) or PowerShell (.ps1) script?

Question104: Seth is starting a penetration test from inside the network. He hasn't been given any information about the
network. What type of test is he conducting?

Question105: A large mobile telephony and data network operator has a data center that houses network elements.
These are essentially large computers running on Linux. The perimeter of the data center is secured with
firewalls and IPS systems.
What is the best security policy concerning this setup?

Question106: The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable
organization focused on improving the security of software. What item is the primary concern on OWASP's
Top Ten Project Most Critical Web Application Security Risks?

Question107: What is attempting an injection attack on a web server based on responses to True/False questions
called?

Question108: What is a "Collision attack" in cryptography?

Question109: The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In
the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124.
An attacker is trying to find those servers but he cannot see them in his scanning. The command he is
using is: nmap 192.168.1.64/28
Why he cannot see the servers?

Question110: Which Nmap option would you use if you were not concerned about being detected and wanted to perform
a very fast scan?

Question111: Assume a business-crucial web-site of some company that is used to sell handsets to the customers
worldwide. All the developed components are reviewed by the security team on a monthly basis. In order
to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The
tools are written in JavaScript and can track the customer's activity on the site. These tools are located on
the servers of the marketing company.
What is the main security risk associated with this scenario?

Question112: An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to
monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

Question113: Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main
site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.
What should Bob recommend to deal with such a threat?

Question114: Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing
services, which OS did it not directly affect?

Question115: Which of the following is a component of a risk assessment?

Question116: What two conditions must a digital signature meet?

Question117: While using your bank's online servicing you notice the following string in the URL bar:
"http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21"
You observe that if you modify the Damount&Camount values and submit the request, that data on the
web page reflects the changes.
Which type of vulnerability is present on this site?

Question118: A penetration test was done at a company. After the test, a report was written and given to the company's
IT authorities. A section from the report is shown below:
Access List should be written between VLANs.

Port security should be enabled for the intranet.

A security solution which filters data packets should be set between intranet (LAN) and DMZ.

A WAF should be used in front of the web applications.

According to the section from the report, which of the following choice is true?

Question119: Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He is
determined that the application is vulnerable to SQL injection and has introduced conditional timing delays
into injected queries to determine whether they are successful. What type of SQL injection is Elliot most
likely performing?

Question120: PGP, SSL, and IKE are all examples of which type of cryptography?

Question121: Your company was hired by a small healthcare provider to perform a technician assessment on the
network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

Question122: Why containers are less secure that virtual machine?

Question123: You have successfully gained access to a Linux server and would like to ensure that the succeeding
outgoing traffic from this server will not be caught by Network-Based Intrusion Detection Systems (NIDS).
What is the best way to evade the NIDS?

Question124: Which of the following Bluetooth hacking techniques does an attacker use to send messages to users
without the recipient's consent, similar to email spamming?

Question125: Why should the security analyst disable/remove unnecessary ISAPI filters?

Question126: To maintain compliance with regulatory requirements, a security audit of the systems on a network must be
performed to determine their compliance with security policies. Which one of the following tools would most
likely be used in such an audit?

Question127: Which of the following program infects the system boot sector and the executable files at the same time?

Question128:
What is the code written for?

Question129: Insecure direct object reference is a type of vulnerability where the application does not verify if the user is
authorized to access the internal object via its name or key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference
vulnerability?

Question130: Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention
(DEP) error has taken place. Which of the following is most likely taking place?

Question131: Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo Bank.
Kindly contact me for a vital transaction on:
[email protected]". Which statement below is true?

Question132: Risks=Threats x Vulnerabilities is referred to as the:

Question133: A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned
to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how
an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing -
Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool
should the analyst use to perform a Blackjacking attack?

Question134: Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides
different functionality. Collective IPSec does everything except.

Question135: During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web
enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall
is inspecting outbound traffic?

Question136: Bob finished a C programming course and created a small C application to monitor the network traffic and
produce alerts when any origin sends "many" IP packets, based on the average number of packets sent by
all origins and using some thresholds.
In concept, the solution developed by Bob is actually:

Question137: An IT employee got a call from one our best customers. The caller wanted to know about the company's
network infrastructure, systems, and team. New opportunities of integration are in sight for both company
and customer. What should this employee do?

Question138: On performing a risk assessment, you need to determine the potential impacts when some of the critical
business process of the company interrupt its service. What is the name of the process by which you can
determine those critical business?

Question139: You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the
machines has 2 connections, one wired and the other wireless. When you verify the configuration of this
Windows system you find two static routes.
route add 10.0.0.0 mask 255.0.0.0 10.0.0.1
route add 0.0.0.0 mask 255.0.0.0 199.168.0.1
What is the main purpose of those static routes?

Question140: Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the
chosen service call interruptions when they are being run?

Question141: An IT employee got a call from one of our best customers. The caller wanted to know about the company's
network infrastructure, systems, and team. New opportunities of integration are in sight for both company
and customer. What should this employee do?

Question142: An attacker changes the profile information of a particular user (victim) on the target website. The attacker
uses this string to update the victim's profile to a text file and then submit the data to the attacker's
database.
<iframe src=""http://www.vulnweb.com/updateif.php"" style=""display:none""></iframe>
What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Question143: Which of the following will perform an Xmas scan using NMAP?

Question144: Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?

Question145: You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When
you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have
an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate
disabled Windows accounts?

Question146: You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job which will
run the capture against a specific set of IPs. - 192.168.8.0/24. What command you would use?

Question147: Which one of the following Google advanced search operators allows an attacker to restrict the results to
those websites in the given domain?

Question148: You are performing information gathering for an important penetration test. You have found pdf, doc, and
images in your objective. You decide to extract metadata from these files and analyze it. What tool will help
you with the task?

Question149: A virus that attempts to install itself inside the file it is infecting is called?

Question150: Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

Question151: The "black box testing" methodology enforces what kind of restriction?

Question152: An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS
server and NTP server because of the importance of their job. The attacker gain access to the DNS server
and redirect the direction www.google.com to his own IP address. Now when the employees of the office
wants to go to Google they are being redirected to the attacker machine. What is the name of this kind of
attack?

Question153: WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Question154:
What does the option * indicate?

Question155: Emil uses nmap to scan two hosts using this command:
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:

What is his conclusion?

Question156: As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to
find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?

Question157: _________ is a set of extensions to DNS that provide to DNS clients (resolvers) the origin authentication of
DNS data to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

Question158: Which service in a PKI will vouch for the identity of an individual or company?

Question159: If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?

Question160: The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the
host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic.
After he applied his ACL configuration in the router, nobody can access to the ftp, and the permitted hosts
cannot access the Internet. According to the next configuration, what is happening in the network?

Question161: During a recent security assessment, you discover the organization has one Domain Name Server (DNS)
in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.
What is this type of DNS configuration commonly called?

Question162: In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one
knows they sent the spam out to thousands of users at a time. Which of the following best describes what
spammers use to hide the origin of these types of e-mails?

Question163: Which utility will tell you in real time which ports are listening or in another state?

Question164: A penetration tester is conducting a port scan on a specific host. The tester found several ports opened
that were confusing in concluding the Operating System (OS) version installed. Considering that NMAP
result below, which of the following is likely to be installed on the target machine by the OS? Starting
NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not
shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/
tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

Question165: You are the Network Admin, and you get a compliant that some of the websites are no longer accessible.
You try to ping the servers and find them to be reachable. Then you type the IP address and then you try
on the browser, and find it to be accessible. But they are not accessible when you try using the URL.
What may be the problem?

Question166: You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

Question167: Which of the following is assured by the use of a hash?

Question168: When analyzing the IDS logs, the system administrator noticed an alert was logged when the external
router was accessed from the administrator's Computer to update the router configuration. What type of an
alert is this?

Question169: Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to
VHF and UHF?

Question170: Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The
TCP XMAS scan is used to identify listening ports on the targeted system.
If a scanned port is open, what happens?

Question171: An attacker with access to the inside network of a small company launches a successful STP manipulation
attack. What will he do next?

Question172: What does the -oX flag do in an Nmap scan?

Question173: The purpose of a _______is to deny network access to local area networks and other information assets
by unauthorized wireless devices.

Question174: The company ABC recently contracted a new accountant. The accountant will be working with the financial
statements. Those financial statements need to be approved by the CFO and then they will be sent to the
accountant but the CFO is worried because he wants to be sure that the information sent to the accountant
was not modified once he approved it. What is the following options can be useful to ensure the integrity of
the data?

Question175: You are a security officer of a company. You had an alert from IDS that indicates that one PC on your
Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was
blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the
situation. Which of the following is appropriate to analyze?

Question176: What is correct about digital signatures?

Question177: If executives are found liable for not properly protecting their company's assets and information systems,
what type of law would apply in this situation?