EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is an extremely common IDS evasion technique in the web world?

Question2: Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?

Output:
Segmentation fault

Question3: It is an entity or event with the potential to adversely impact a system through unauthorized acces, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?

Question4: Which of the following is not a Bluetooth attack?

Question5: What are the three types of authentication?

Question6: Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main
site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.
What should Bob recommend to deal with such a threat?

Question7: Which method of password cracking takes the most time and effort?

Question8: Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

Question9: From the two screenshots below, which of the following is occurring?

Question10: After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

Question11: Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Question12: Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

Question13: What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you've compromised and gained root access to?

Question14: An IT employee got a call from one our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

Question15: Which of the following is the successor of SSL?

Question16: Jesse receives an email with an attachment labeled "Court_Notice_21206.zip". Inside the zip file named
"Court_Notice_21206.docx.exe" disguised as a word document. Upon execution, a window appears stating, "This word document is corrupt". In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries.
What type of malware has Jesse encountered?

Question17: Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

Question18: A circuit level gateway works at which of the following layers of the OSI Model?

Question19: Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

Question20: Which of the following guidelines or standards is associated with the credit card industry?

Question21: A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Question22: A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites.
77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

Question23: During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account.
How can this weakness be exploited to access the system?

Question24: Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library?
This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS
encryption used to secure the Internet.

Question25: An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces.
Which of the following is the most likely reason for lack of management or control packets?

Question26: What does the following command in netcat do?
nc -l -u -p55555 < /etc/passwd

Question27: Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication; which option below offers that?

Question28: Passive reconnaissance involves collecting information through which of the following?

Question29: Why containers are less secure that virtual machine?

Question30: Under the "Post-attack Phase and Activities", it is the responsibility of the tester to restore the systems to a pre-test state.
Which of the following activities should not be included in this phase? (see exhibit) Exhibit:

Question31: Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

Question32: A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned
to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how
an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing -
Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool
should the analyst use to perform a Blackjacking attack?

Question33: Which of the following programming languages is most susceptible to buffer overflow attacks, due to its
lack of a built-in-bounds checking mechanism?
Code:
#include <string.h>
int main(){
char buffer[8];
strcpy(buffer, ""11111111111111111111111111111"");
}
Output:
Segmentation fault

Question34: What is a "Collision attack" in cryptography?

Question35: Bob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]"".
Which statement below is true?

Question36: Which of the following is the successor of SSL?

Question37: Advanced encryption standard is an algorithm used for which of the following?

Question38: Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.
What kind of attack is Susan carrying on?

Question39: Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

Question40: A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

Question41: You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence
number?

Question42: Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.
Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.
In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)

Question43: What is the process of logging, recording, and resolving events that take place in an organization?

Question44: What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Question45: Using Windows CMD, how would an attacker list all the shares to which the current user context has access?

Question46: What is the role of test automation in security testing?

Question47: You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.
You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.
In other words, you are trying to penetrate an otherwise impenetrable system.
How would you proceed?

Question48: WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Question49: Which cipher encrypts the plain text digit (bit or byte) one by one?

Question50: In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

Question51: Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
Basic example to understand how cryptography works is given below:

Which of the following choices is true about cryptography?

Question52: TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?

Question53: Which of the following tools would MOST LIKELY be used to perform security audit on various of forms of network systems?

Question54: A hacker was able to sniff packets on a company's wireless network. The following information was discovered:

Using the Exlcusive OR, what was the original message?

Question55: Which of the following is the BEST way to defend against network sniffing?

Question56: What is the code written for?

Question57: An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?

Question58: You have successfully gained access to a Linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by Network-Based Intrusion Detection Systems (NIDS).
What is the best way to evade the NIDS?

Question59: You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

Question60: Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close.
What just happened?

Question61: The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

Question62: Which type of access control is used on a router or firewall to limit network activity?

Question63: Emil uses nmap to scan two hosts using this command:
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:

What is his conclusion?

Question64: A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Question65: A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention can either be to simply gain knowledge or to illegally make changes.
Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

Question66: You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23.
Which of the following IP addresses could be leased as a result of the new configuration?

Question67: Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of vulnerability.
What is this style of attack called?

Question68: You need a tool that can do network intrusion prevention and intrusion detection, function as a network
sniffer, and record network activity. What tool would you most likely select?

Question69: Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide.
All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer's activity on the site. These tools are located on the servers of the marketing company.
What is the main security risk associated with this scenario?

Question70: Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Question71: A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash.
The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

Question72: Risks = Threats x Vulnerabilities is referred to as the:

Question73: A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

Question74: The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the
host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic.
After he applied his ACL configuration in the router, nobody can access to the ftp, and the permitted hosts
cannot access the Internet. According to the next configuration, what is happening in the network?

Question75: The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access to the ftp, and the permitted hosts cannot access the Internet.
According to the next configuration, what is happening in the network?

Question76: Which tool can be used to silently copy files from USB devices?

Question77: This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

Question78: Which of the following is assured by the use of a hash?

Question79: Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?

Output:
Segmentation fault

Question80: Assume a business-crucial web-site of some company that is used to sell handsets to the customers
worldwide. All the developed components are reviewed by the security team on a monthly basis. In order
to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The
tools are written in JavaScript and can track the customer's activity on the site. These tools are located on
the servers of the marketing company.
What is the main security risk associated with this scenario?

Question81: From the two screenshots below, which of the following is occurring?

Question82: An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

Question83: What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

Question84: The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

What is most likely taking place?

Question85: Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?

Question86: A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous penetration tests. What should you do?

Question87: In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

Question88: An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it.
The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

Question89: Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

Question90: Which of the following security operations is used for determining the attack surface of an organization?

Question91: Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.
What is this document called?

Question92: You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

Question93: An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to
monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

Question94: During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Question95: Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?

Question96: The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access to the ftp, and the permitted hosts cannot access the Internet. According to the next configuration, what is happening in the network?

Question97: An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

Question98: Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!" From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.
No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

Question99: Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B.
How do you prevent DNS spoofing?

Question100: The "white box testing" methodology enforces what kind of restriction?

Question101: Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?

Question102: A regional bank hires your company to perform a security assessment on their network after a recent data
breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?

Question103: Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentially, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
Basic example to understand how cryptography works is given below:

Which of the following choices true about cryptography?

Question104: ICMP ping and ping sweeps are used to check for active systems and to check

Question105: An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines.
Which one of the following tools the hacker probably used to inject HTML code?

Question106: If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?

Question107: What are two things that are possible when scanning UDP ports? (Choose two.)

Question108: Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Question109: Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he
uses a detection method where the anti-virus executes the malicious codes on a virtual machine to
simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?

Question110: Which of the following steps for risk assessment methodology refers to vulnerability identification?

Question111: What is a "Collision attack" in cryptography?

Question112: The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and

Question113: What is attempting an injection attack on a web server based on responses to True/False questions called?

Question114: Look at the following output. What did the hacker accomplish?

Question115: DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.
What command is used to determine if the entry is present in DNS cache?

Question116: While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com.
kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using
"-si" with Nmap?

Question117: A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

Question118: What is a "Collision attack" in cryptography?

Question119: Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name.
What should be the first step in security testing the client?

Question120: A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

Question121: ........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.
Fill in the blank with appropriate choice.

Question122: While reviewing the result of scanning run against a target network you come across the following:

Which among the following can be used to get this output?

Question123: A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer.
What is the consultant's obligation to the financial organization?

Question124: Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

Question125: If executives are found liable for not properly protecting their company's assets and information systems,
what type of law would apply in this situation?

Question126: What did the following commands determine?

Question127: What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Question128: To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

Question129: Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to
VHF and UHF?

Question130: You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best nmap command you will use?

Question131: The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

Question132: Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

Question133: Which of the following Nmap commands will produce the following output?

Question134: What is the best defense against privilege escalation vulnerability?

Question135: Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

Question136: The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

Question137: Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.
Which tool can be used to perform session splicing attacks?

Question138: Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?

Question139: Your team has won a contract to infiltrate an organization. The company wants to have the attack be as
realistic as possible; therefore, they did not provide any information besides the company name. What
should be the first step in security testing the client?

Question140: You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

Question141: You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

Question142: While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site:
<script>alert(" Testing Testing Testing ")</script>
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability has been detected in the web application?

Question143: You are doing an internal security audit and intend to find out what ports are open on all the servers. What is the best way to find out?

Question144: A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

Question145: Which of the following is the best countermeasure to encrypting ransomwares?

Question146: You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain. If the DNS server is at
192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Question147: Why should the security analyst disable/remove unnecessary ISAPI filters?

Question148: Which of the following Nmap commands will produce the following output?
Output:

Question149: A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

Question150: Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

Question151: A server has been infected by a certain type of Trojan. The hacker intended to utilize it to send and host junk mails. What type of Trojan did the hacker use?

Question152: Which of the following is considered an acceptable option when managing a risk?

Question153: Which of the following steps for risk assessment methodology refers to vulnerability identification?

Question154: You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn't get any response back.
What is happening?

Question155: The establishment of a TCP connection involves a negotiation called three-way handshake. What type of
message does the client send to the server in order to begin this negotiation?

Question156: A zone file consists of which of the following Resource Records (RRs)?

Question157: To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

Question158: One advantage of an application-level firewall is the ability to

Question159: An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and
Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible
breach of security. When the investigator attempts to correlate the information in all of the logs, the
sequence of many of the logged events do not match up.
What is the most likely cause?

Question160: In Trojan terminology, what is a covert channel?

Question161: Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

Question162: An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his
router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate
this attack?

Question163: A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Question164: Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?

Question165: The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

Question166: Which type of security feature stops vehicles from crashing through the doors of a building?

Question167: In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

Question168: An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office wants to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?