EMT Practice Test

1. Question Content...


Question List

Question1: Which command can be used to show the current TCP/IP connections?

Question2: You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23.
Which of the following IP addresses could be teased as a result of the new configuration?

Question3: What type of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money, cryptocurrency, etc. to the operators of the malware to remove the restriction?

Question4: Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

Question5: What is the process of logging, recording, and resolving events that take place in an organization?

Question6: Which utility will tell you in real time which ports are listening or in another state?

Question7: What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

Question8: What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Question9: A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Question10: A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.
Which cryptography attack is the student attempting?

Question11: What is the purpose of DNS AAAA record?

Question12: While performing ping scans into a target network you get a frantic call from the organization's security team.
They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization's IDS monitor.
How can you modify your scan to prevent triggering this event in the IDS?

Question13: Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

Question14: You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at
192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Question15: Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends "many" IP packets, based on the average number of packets sent by all origins and using some thresholds.
In concept, the solution developed by Bob is actually:

Question16: A medium-sized healthcare IT business decides to implement a risk management strategy.
Which of the following is NOT one of the five basic responses to risk?

Question17:
Identify the correct terminology that defines the above statement.

Question18: You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best nmap command you will use?

Question19: Which of the following is an application that requires a host application for replication?

Question20: Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

Question21: A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer.
What is the consultant's obligation to the financial organization?

Question22: Which command line switch would be used in NMAP to perform operating system detection?

Question23: What is the following command used for?
net use \targetipc$ "" /u:""

Question24: Which security control role does encryption meet?

Question25: Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

Question26: During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.
What is this type of DNS configuration commonly called?

Question27: You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

Question28: PGP, SSL, and IKE are all examples of which type of cryptography?

Question29: While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

Question30: What is the benefit of performing an unannounced Penetration Testing?

Question31: What is the main security service a cryptographic hash provides?

Question32: Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

Question33: What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Question34: A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

Question35: What is the role of test automation in security testing?

Question36: How can a rootkit bypass Windows 7 operating system's kernel mode, code signing policy?

Question37: When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this?

Question38: Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?
The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

Question39: Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

Question40: Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?

Question41: The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

Question42: Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Question43: A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use?

Question44: The "black box testing" methodology enforces which kind of restriction?

Question45: Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

Question46: Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Question47: Which of the following types of firewall inspects only header information in network traffic?

Question48: Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?

Question49: Which of the following is a restriction being enforced in "white box testing?"

Question50: A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am.
Which of the following programming languages would most likely be used?

Question51: What statement is true regarding LM hashes?

Question52: During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

Question53: A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Question54: If the final set of security controls does not eliminate all risk in a system, what could be done next?

Question55: Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.
What would Yancey be considered?

Question56: Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Question57: Which tool can be used to silently copy files from USB devices?

Question58: Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?

Question59: Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

Question60: The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).
What is the closest approximate cost of this replacement and recovery operation per year?

Question61: A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Question62: Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

Question63: What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

Question64: You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?

Question65: What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

Question66: Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?

Question67: Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

Question68: When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

Question69: Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

Question70: A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous penetration tests. What should you do?

Question71: Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place.
He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

Question72: You're doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?

Question73: How can telnet be used to fingerprint a web server?

Question74: Which of the following is a component of a risk assessment?

Question75: Which of the following is a hashing algorithm?

Question76: Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Question77: Windows LAN Manager (LM) hashes are known to be weak.
Which of the following are known weaknesses of LM? (Choose three.)

Question78: How does a denial-of-service attack work?

Question79: An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is most likely able to handle this requirement?

Question80: env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

Question81: Which is the first step followed by Vulnerability Scanners for scanning a network?

Question82: Suppose you've gained access to your client's hybrid network. On which port should you listen to in order to know which Microsoft Windows workstations has its file sharing enabled?

Question83: In order to show improvement of security over time, what must be developed?

Question84: If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Question85: Which cipher encrypts the plain text digit (bit or byte) one by one?

Question86: From the following table, identify the wrong answer in terms of Range (ft).

Question87: Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

Question88: Least privilege is a security concept that requires that a user is

Question89: You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for.
Which of the below scanning technique will you use?

Question90: An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Question91: Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

Question92: Which method of password cracking takes the most time and effort?

Question93: An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

Question94: Which of the following steps for risk assessment methodology refers to vulnerability identification?

Question95: Which of the following descriptions is true about a static NAT?

Question96: Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

Question97: This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described?

Question98: Why should the security analyst disable/remove unnecessary ISAPI filters?

Question99: Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.
If these switches' ARP cache is successfully flooded, what will be the result?

Question100: Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?

Question101: How can a policy help improve an employee's security awareness?

Question102: You have successfully gained access to your client's internal network and successfully comprised a Linux server which is part of the internal IP network. You want to know which Microsoft Windows workstations have file sharing enabled.
Which port would you see listening on these Windows machines in the network?

Question103: A person approaches a network administrator and wants advice on how to send encrypted email from home.
The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

Question104: Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious Java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical Java script. What is the name of this technique to hide the code and extend analysis time?

Question105: What is the most common method to exploit the "Bash Bug" or "ShellShock" vulnerability?

Question106: What are the three types of authentication?

Question107: Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?

Question108: The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

Question109: Which of the following tools are used for enumeration? (Choose three.)

Question110: Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Question111: Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

Question112: What would you enter, if you wanted to perform a stealth scan using Nmap?

Question113: The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124.
An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is:
nmap 192.168.1.64/28.
Why he cannot see the servers?

Question114: Which of the following lists are valid data-gathering activities associated with a risk assessment?

Question115: Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm?

Question116: Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.
Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.
In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)

Question117: The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

Question118: When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Question119: An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
<iframe src="http://www.vulnweb.com/updateif.php" style="display:none"></iframe> What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Question120: Which of the following is a preventive control?

Question121: In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

Question122: Which of the following statements is TRUE?

Question123: Destination unreachable administratively prohibited messages can inform the hacker to what?

Question124: The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

Question125: Within the context of Computer Security, which of the following statements describes Social Engineering best?

Question126: Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Question127: The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

Question128: You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

Question129: The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

Question130: If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

Question131: On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

Question132: If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

Question133: Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

Question134: When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

Question135: To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

Question136: The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

What is most likely taking place?

Question137: An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

Question138: The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Question139: Which of the following is an example of two factor authentication?

Question140: The "white box testing" methodology enforces what kind of restriction?

Question141: Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close.
What just happened?

Question142: What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

Question143: What port number is used by LDAP protocol?

Question144: Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

Question145: A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Question146: Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Question147: Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.
What should Bob recommend to deal with such a threat?

Question148: Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

Question149: Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

Question150: Which of the following will perform an Xmas scan using NMAP?

Question151: At a Windows Server command prompt, which command could be used to list the running services?

Question152: An NMAP scan of a server shows port 25 is open. What risk could this pose?

Question153: Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

Question154: While reviewing the result of scanning run against a target network you come across the following:

Which among the following can be used to get this output?

Question155: Fred is the network administrator for his company. Fred is testing an internal switch.
From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

Question156: A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

Question157: This TCP flag instructs the sending system to transmit all buffered data immediately.

Question158: A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content.
Which sort of trojan infects this server?

Question159: Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

Question160: A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21.
During analysis, there were no signs of attack on the FTP servers. How should the administrator classify this situation?

Question161: An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

Question162: Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

Question163: Which of the following is used to indicate a single-line comment in structured query language (SQL)?

Question164: Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.
Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?

Question165: An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

Question166: Which of the following is a protocol specifically designed for transporting event messages?

Question167: When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Question168: A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

Question169: After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

Question170: Which Intrusion Detection System is best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?

Question171: The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and

Question172: Which among the following is a Windows command that a hacker can use to list all the shares to which the current user context has access?

Question173: A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Question174: It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?

Question175: _________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Question176: What are two things that are possible when scanning UDP ports? (Choose two.)

Question177: Which of the following describes the characteristics of a Boot Sector Virus?

Question178: To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

Question179: Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

Question180: Which type of cryptography does SSL, IKE and PGP belongs to?

Question181: You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

Question182: While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. What specific octet within the subnet does the technician see?

Question183: While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model. Which type of firewall is the tester trying to traverse?

Question184: While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?

Question185: A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.
The engineer receives this output:

Which of the following is an example of what the engineer performed?

Question186: You are using NMAP to resolve domain names into IP addresses for a ping sweep later.
Which of the following commands looks for IP addresses?

Question187: Which of the following is the best countermeasure to encrypting ransomwares?

Question188: Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?

Question189: A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

Question190: The following are types of Bluetooth attack EXCEPT_____?

Question191: The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.
You also notice "/bin/sh" in the ASCII part of the output.
As an analyst what would you conclude about the attack?

Question192: What is the minimum number of network connections in a multi homed firewall?

Question193: The "gray box testing" methodology enforces what kind of restriction?

Question194: A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database.
In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

Question195: Cross-site request forgery involves:

Question196: Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

Question197: It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again.
Which of the following terms best matches the definition?

Question198: It is a short-range wireless communication technology that allows mobile phones, computers and other devices to connect and communicate. This technology intends to replace cables connecting portable devices with high regards to security.

Question199: A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

Question200: How do employers protect assets with security policies pertaining to employee surveillance activities?

Question201: Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

Question202: What is the algorithm used by LM for Windows2000 SAM?

Question203: Which of the below hashing functions are not recommended for use?

Question204: What hacking attack is challenge/response authentication used to prevent?

Question205: A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the
192.168.1.0/24. Which of the following has occurred?

Question206: Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?

Question207: You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?

Question208: Which of the following is designed to identify malicious attempts to penetrate systems?

Question209: You are about to be hired by a well-known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank's interest and your liabilities as a tester?

Question210: Fingerprinting VPN firewalls is possible with which of the following tools?

Question211: Which of the following business challenges could be solved by using a vulnerability scanner?

Question212: When tuning security alerts, what is the best approach?

Question213: What is not a PCI compliance recommendation?

Question214: Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.
What is this document called?

Question215:
What does the option * indicate?

Question216: It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection.
Which of the following terms best matches the definition?

Question217: TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?

Question218: Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

Question219: Which element of Public Key Infrastructure (PKI) verifies the applicant?

Question220: You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

Question221: Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it's true positive or false positive. Looking at the logs he copy and paste basic details like below:
source IP: 192.168.21.100
source port: 80
destination IP: 192.168.10.23
destination port: 63221
What is the most proper answer.

Question222: Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to
""know"" to prove yourself that it was Bob who had send a mail?

Question223: The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?

Question224: During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?

Question225: This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like.
What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

Question226: When discussing passwords, what is considered a brute force attack?

Question227: Which of the following is a strong post designed to stop a car?

Question228: What kind of risk will remain even if all theoretically possible safety measures would be applied?

Question229: Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?

Question230: One way to defeat a multi-level security solution is to leak data via

Question231: In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

Question232: An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL's _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

Question233: What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

Question234: Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

Question235: A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

Question236: Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?

Question237: Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:
invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24
TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!
Obviously, it is not going through. What is the issue here?

Question238: Which of the following is considered as one of the most reliable forms of TCP scanning?

Question239: Bluetooth uses which digital modulation technique to exchange information between paired devices?

Question240: You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

Question241: On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?

Question242: Fingerprinting an Operating System helps a cracker because:

Question243: Which of the following examples best represents a logical or technical control?

Question244: How does the Address Resolution Protocol (ARP) work?

Question245: Which service in a PKI will vouch for the identity of an individual or company?

Question246: Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp's lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

Question247: Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.
He identified this when the IDS alerted for malware activities in the network.
What should Bob do to avoid this problem?

Question248: The security concept of "separation of duties" is most similar to the operation of which type of security device?

Question249: Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server. What should the administrator do next?

Question250: An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

Question251: The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

Question252: Look at the following output. What did the hacker accomplish?

Question253: A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

Question254: In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

Question255: What is a successful method for protecting a router from potential smurf attacks?

Question256: A zone file consists of which of the following Resource Records (RRs)?