EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

Question2: Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Question3: Emil uses nmap to scan two hosts using this command:
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:

What is his conclusion?

Question4: Which of the following tools is used to detect wireless LANs using the 802.11 a/b/g/n WLAN standards on a linux platform?

Question5: You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.
What testing method did you use?

Question6: It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection. Which of the following terms best matches the definition?

Question7: During the security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

Question8: An attacker scans a host with the below command. Which three flags are set? (Choose three.)
#nmap -sX host.domain.com

Question9: What does the -oX flag do in an Nmap scan?

Question10: Which of the following is the successor of SSL?

Question11:
What is the code written for?

Question12: What is the correct process for the TCP three-way handshake connection establishment and connection termination?

Question13: Which of the following is a component of a risk assessment?

Question14: Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?

Question15: You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

Question16: It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?

Question17: Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

Question18: Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers.
The time a hacker spends performing research to locate this information about a company is known as?

Question19: An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

Question20: A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?

Question21: Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?
Code:
#include <string.h>
int main(){
char buffer[8];
strcpy(buffer, ""11111111111111111111111111111"");
}
Output:
Segmentation fault

Question22: Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

Question23: In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

Question24: Which of the following programs is usually targeted at Microsoft Office products?

Question25: What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the provider's environment.

Question26: You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

Question27: An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.
In which order should he perform these steps?

Question28: Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

Question29: The collection of potentially actionable, overt, and publicly available information is known as

Question30: Which type of security feature stops vehicles from crashing through the doors of a building?

Question31: If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Question32: In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

Question33: A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention can either be to simply gain knowledge or to illegally make changes.
Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

Question34: Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occuring during non-business hours. After further examination of all login activities, it is notices that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realized the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux serves to synchronize the time has stopped working?

Question35: If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?

Question36: You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for.
Which of the below scanning technique will you use?

Question37: A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content.
Which sort of trojan infects this server?

Question38: Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?

Question39: Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?

Question40: Which of the following act requires employer's standard national numbers to identify them on standard transactions?

Question41: Which of these is capable of searching for and locating rogue access points?

Question42: What two conditions must a digital signature meet?

Question43: Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system.
If a scanned port is open, what happens?

Question44: Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

Question45: A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

Question46: Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

Question47: You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet
10.1.4.0/23.
Which of the following IP addresses could be leased as a result of the new configuration?

Question48: When tuning security alerts, what is the best approach?

Question49: Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.
A camera captures people walking and identifies the individuals using Steve's approach.
After that, people must approximate their RFID badges. Both the identifications are required to open the door.
In this case, we can say:

Question50: Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Question51: The purpose of a _______is to deny network access to local area networks and other information assets by unauthorized wireless devices.

Question52: In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

Question53: In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

Question54: Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?

Question55: You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

Question56: The "gray box testing" methodology enforces what kind of restriction?

Question57: You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the configuration of this Windows system you find two static routes.
route add 10.0.0.0 mask 255.0.0.0 10.0.0.1
route add 0.0.0.0 mask 255.0.0.0 199.168.0.1
What is the main purpose of those static routes?

Question58: Which of the following steps for risk assessment methodology refers to vulnerability identification?

Question59: Which security strategy requires using several, varying methods to protect IT systems against attacks?

Question60: A pen-tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscous mode?

Question61: Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?

Question62: Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

Question63: What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Question64: This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering and it will tell you the "landscape" looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

Question65: Which of the following parameters describe LM Hash:
I - The maximum password length is 14 characters
II - There are no distinctions between uppercase and lowercase
III - The password is split into two 7-byte halves

Question66: How does the Address Resolution Protocol (ARP) work?

Question67: Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.
Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?

Question68: What is the difference between the AES and RSA algorithms?

Question69: Which service in a PKI will vouch for the identity of an individual or company?

Question70: During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.
What is this type of DNS configuration commonly called?

Question71: Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming?

Question72: A virus that attempts to install itself inside the file it is infecting is called?

Question73: A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below:
Access List should be written between VLANs.

Port security should be enabled for the intranet.

A security solution which filters data packets should be set between intranet (LAN) and DMZ.

A WAF should be used in front of the web applications.

According to the section from the report, which of the following choice is true?

Question74: Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?

Question75: Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

Question76: When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server.
You can detect all these methods (GET, POST, HEAD, DELETE, TRACE) using NMAP script engine.
What Nmap script will help you with this task?

Question77: Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library?
This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

Question78: You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

Question79: A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.
Which cryptography attack is the student attempting?

Question80: Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

Question81: The following is part of a log file taken from the machine on the network with the IP address of
192.168.0.110:

What type of activity has been logged?

Question82: Why should the security analyst disable/remove unnecessary ISAPI filters?

Question83: You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

Question84: Jesse receives an email with an attachment labeled "Court_Notice_21206.zip". Inside the zip file named
"Court_Notice_21206.docx.exe" disguised as a word document. Upon execution, a window appears stating, "This word document is corrupt". In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries.
What type of malware has Jesse encountered?

Question85: Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: -Verifies success or failure of an attack - Monitors system activities - Detects attacks that a network-based IDS fails to detect. - Near real-time detection and response - Does not require additional hardware - Lower entry cost. Which type of IDS is best suited for Tremp's requirements?

Question86: Which of the following statements is TRUE?

Question87: Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

Question88: The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

Question89: Which results will be returned with the following Google search query? site:target.com site:Marketing.target.com accounting

Question90: An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

Question91: Which of the following is a low-tech way of gaining unauthorized access to systems?

Question92: You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain. If the DNS server is at
192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Question93: Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends "many" IP packets, based on the average number of packets sent by all origins and using some thresholds.
In concept, the solution developed by Bob is actually:

Question94: Which method of password cracking takes the most time and effort?

Question95: Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

Question96: Your company was hired by a small healthcare provider to perform a technician assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

Question97: Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm?

Question98: In order to have an anonymous Internet surf, which of the following is best choice?

Question99: Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

Question100: A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the
192.168.1.0/24. Which of the following has occurred?

Question101: Risks=Threats x Vulnerabilities is referred to as the:

Question102: The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive.
Which of the following is being described?

Question103: What is not a PCI compliance recommendation?

Question104: As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?

Question105: Which of the following describes the characteristics of a Boot Sector Virus?

Question106: An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines.
Which one of the following tools the hacker probably used to inject HTML code?

Question107: Which of the following program infects the system boot sector and the executable files at the same time?

Question108: Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

Question109: You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account. What should you do?

Question110: You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

Question111: In cryptanalysis and computer security, 'pass the hash' is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case.
Metasploit Framework has a module for this technique: psexec. The psexec module is often used by penetration testers to obtain access to a given system whose credentials are known. It was written by sysinternals and has been integrated within the framework. The penetration testers successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values.
Which of the following is true hash type and sort order that is used in the psexec module's 'smbpass' option?

Question112: In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities.
Example:
allintitle: root passwd

Question113: Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

Question114: Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

Question115: Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

Question116: Which of the following statements regarding ethical hacking is incorrect?

Question117: If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?

Question118: Which of the following is the best countermeasure to encrypting ransomwares?

Question119: Why is a penetration test considered to be more thorough than vulnerability scan?

Question120: Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

Question121: What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Question122: A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

Question123: What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

Question124: Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

Question125: You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

Question126: If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

Question127: Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

Question128: Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

Question129: An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Question130: How can rainbow tables be defeated?

Question131: Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

Question132: Which of the following will perform an Xmas scan using NMAP?

Question133: Jim's company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim's company keeps the backup tapes in a safe in the office. Jim's company is audited each year, and the results from this year's audit show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

Question134: WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Question135: When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?

Question136: On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?

Question137: Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Question138: Which protocol is used for setting up secure channels between two devices, typically in VPNs?

Question139: Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Question140: When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Question141: When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

Question142: Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?

Question143: You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

Question144: Scenario:
1. Victim opens the attacker's web site.
2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make
$1000 in a day?'.
3. Victim clicks to the interesting and attractive content URL.
4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content or UPL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?

Question145: Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

Question146: A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

Question147: A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?

Question148: Sam is working as s pen-tester in an organization in Houston. He performs penetration testing on IDS in order to find the different ways an attacker uses to evade the IDS. Sam sends a large amount of packets to the target IDS that generates alerts, which enable Sam to hide the real traffic. What type of method is Sam using to evade IDS?

Question149: Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe?

Question150: By using a smart card and pin, you are using a two-factor authentication that satisfies

Question151: Cross-site request forgery involves:

Question152: Which of the following Linux commands will resolve a domain name into IP address?

Question153: Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Question154: The "white box testing" methodology enforces what kind of restriction?

Question155: A new wireless client is configured to join an 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect.
A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?

Question156: What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall.

Question157: What would you enter, if you wanted to perform a stealth scan using Nmap?

Question158: When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation. What command will help you to search files using Google as a search engine?

Question159: John the Ripper is a technical assessment tool used to test the weakness of which of the following?

Question160: While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p -sl kiosk.adobe.com www.riaa.com kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-sl" with Nmap?

Question161: What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?
What kind of Web application vulnerability likely exists in their software?

Question162: Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Question163: The following is part of a log file taken from the machine on the network with the IP address of
192.168.1.106:

What type of activity has been logged?

Question164: An IT employee got a call from one our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

Question165: A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

Question166: Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

Question167: During an Xmas scan, what indicates a port is closed?

Question168: Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He is determined that the application is vulnerable to SQL injection and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Question169: An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

Question170: OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

Question171: Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in security testing the client?

Question172: Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?

Question173: What is the process of logging, recording, and resolving events that take place in an organization?

Question174: >NMAP -sn 192.168.11.200-215 The NMAP command above performs which of the following?

Question175: What is a "Collision attack" in cryptography?

Question176: DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Question177: PGP, SSL, and IKE are all examples of which type of cryptography?

Question178: The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic.
After he applied his ACL configuration in the router, nobody can access to the ftp, and the permitted hosts cannot access the Internet. According to the next configuration, what is happening in the network?

Question179: A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

Question180: In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known as wardriving.
Which Algorithm is this referring to?