March Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

A framework is a fundamental structure used to support and resolve complex issues. The framework that delivers an efficient set of technologies in order to develop applications which are more secure in using Internet and Intranet is:

A.

Microsoft Internet Security Framework

B.

Information System Security Assessment Framework (ISSAF)

C.

Bell Labs Network Security Framework

D.

The IBM Security Framework

Full Access
Question # 5

What is the difference between penetration testing and vulnerability testing?

A.

Penetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of ‘in-depth ethical hacking’

B.

Penetration testing is based on purely online vulnerability analysis while vulnerability testing engages ethical hackers to find vulnerabilities

C.

Vulnerability testing is more expensive than penetration testing

D.

Penetration testing is conducted purely for meeting compliance standards while vulnerability testing is focused on online scans

Full Access
Question # 6

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

A.

%systemroot%\LSA

B.

%systemroot%\repair

C.

%systemroot%\system32\drivers\etc

D.

%systemroot%\system32\LSA

Full Access
Question # 7

DNS information records provide important data about:

A.

Phone and Fax Numbers

B.

Location and Type of Servers

C.

Agents Providing Service to Company Staff

D.

New Customer

Full Access
Question # 8

Which of the following methods is used to perform server discovery?

A.

Banner Grabbing

B.

Who is Lookup

C.

SQL Injection

D.

Session Hijacking

Full Access
Question # 9

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information.

You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

A.

Nmap

B.

Netcraft

C.

Ping sweep

D.

Dig

Full Access
Question # 10

ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.

ARP spoofing attack is used as an opening for other attacks.

What type of attack would you launch after successfully deploying ARP spoofing?

A.

Parameter Filtering

B.

Social Engineering

C.

Input Validation

D.

Session Hijacking

Full Access
Question # 11

Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may need to be adjusted.

Which one of the following scanned timing options in NMAP’s scan is useful across slow WAN links or to hide the scan?

A.

Paranoid

B.

Sneaky

C.

Polite

D.

Normal

Full Access
Question # 12

Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search.

link:www.ghttech.net

What will this search produce?

A.

All sites that link to ghttech.net

B.

Sites that contain the code: link:www.ghttech.net

C.

All sites that ghttech.net links to

D.

All search engines that link to .net domains

Full Access
Question # 13

You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London.

After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

A.

RaidSniff

B.

Snort

C.

Ettercap

D.

Airsnort

Full Access
Question # 14

Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT.

Which firewall would be most appropriate for Harold?

A.

Application-level proxy firewall

B.

Data link layer firewall

C.

Packet filtering firewall

D.

Circuit-level proxy firewall

Full Access
Question # 15

Which of the following reports provides a summary of the complete pen testing process, its outcomes, and recommendations?

A.

Vulnerability Report

B.

Executive Report

C.

Client-side test Report

D.

Host Report

Full Access
Question # 16

Which one of the following tools of trade is a commercial shellcode and payload generator written in Python by Dave Aitel?

A.

Microsoft Baseline Security Analyzer (MBSA)

B.

CORE Impact

C.

Canvas

D.

Network Security Analysis Tool (NSAT)

Full Access
Question # 17

Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs.

One of the plug-ins that the Nessus Vulnerability Scanner uses is ID #11026 and is named “Access Point Detection”. This plug-in uses four techniques to identify the presence of a WAP.

Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?

A.

NMAP TCP/IP fingerprinting

B.

HTTP fingerprinting

C.

FTP fingerprinting

D.

SNMP fingerprinting

Full Access
Question # 18

Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and Zombies? What type of Penetration Testing is Larry planning to carry out?

A.

Internal Penetration Testing

B.

Firewall Penetration Testing

C.

DoS Penetration Testing

D.

Router Penetration Testing

Full Access
Question # 19

Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and NTLMv2 value as 128 bits?

A.

Hash Key Length

B.

C/R Value Length

C.

C/R Key Length

D.

Hash Value Length

Full Access
Question # 20

The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a malicious manner to gain access to the target systems.

Which of the following information gathering terminologies refers to gathering information through social engineering on-site visits, face-to-face interviews, and direct questionnaires?

A.

Active Information Gathering

B.

Pseudonymous Information Gathering

C.

Anonymous Information Gathering

D.

Open Source or Passive Information Gathering

Full Access
Question # 21

Which of the following statements is true about the LM hash?

A.

Disabled in Windows Vista and 7 OSs

B.

Separated into two 8-character strings

C.

Letters are converted to the lowercase

D.

Padded with NULL to 16 characters

Full Access
Question # 22

Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?

A.

ip.dst==10.0.0.7

B.

ip.port==10.0.0.7

C.

ip.src==10.0.0.7

D.

ip.dstport==10.0.0.7

Full Access
Question # 23

Identify the attack represented in the diagram below:

A.

Input Validation

B.

Session Hijacking

C.

SQL Injection

D.

Denial-of-Service

Full Access
Question # 24

Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all the other security settings are as stringent as possible.

Paulette presents the following screenshot to her boss so he can inform the clients about necessary changes need to be made. From the screenshot, what changes should the client company make?

Exhibit:

A.

The banner should not state "only authorized IT personnel may proceed"

B.

Remove any identifying numbers, names, or version information

C.

The banner should include the Cisco tech support contact information as well

D.

The banner should have more detail on the version numbers for the network equipment

Full Access
Question # 25

Which of the following will not handle routing protocols properly?

A.

“Internet-router-firewall-net architecture”

B.

“Internet-firewall-router-net architecture”

C.

“Internet-firewall -net architecture”

D.

“Internet-firewall/router(edge device)-net architecture”

Full Access
Question # 26

An attacker injects malicious query strings in user input fields to bypass web service authentication mechanisms and to access back-end databases. Which of the following attacks is this?

A.

Frame Injection Attack

B.

LDAP Injection Attack

C.

XPath Injection Attack

D.

SOAP Injection Attack

Full Access
Question # 27

After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address.

Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

A.

A switched network will not respond to packets sent to the broadcast address

B.

Only IBM AS/400 will reply to this scan

C.

Only Unix and Unix-like systems will reply to this scan

D.

Only Windows systems will reply to this scan

Full Access
Question # 28

Which of the following password hashing algorithms is used in the NTLMv2 authentication mechanism?

A.

AES

B.

DES (ECB mode)

C.

MD5

D.

RC5

Full Access
Question # 29

Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?

A.

Testing to provide a more complete view of site security

B.

Testing focused on the servers, infrastructure, and the underlying software, including the target

C.

Testing including tiers and DMZs within the environment, the corporate network, or partner company connections

D.

Testing performed from a number of network access points representing each logical and physical segment

Full Access
Question # 30

HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the

A.

ASCII value of the character

B.

Binary value of the character

C.

Decimal value of the character

D.

Hex value of the character

Full Access