NEW QUESTION 1
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

• A. Kismet
• B. Netstumbler
• C. Abel
• D. Nessus

Answer: A

NEW QUESTION 2
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to www.MyPersonalBank.com, that the user is directed to a phishing site.
Which file does the attacker needto modify?

• A. Hosts
• B. Networks
• C. Boot.ini
• D. Sudoers

Answer: A

NEW QUESTION 3
A company’s Web development team has become aware ofa certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of web application vulnerability likely exists in their software?

• A. Web site defacement vulnerability
• B. SQL injection vulnerability
• C. Cross-site Scripting vulnerability
• D. Cross-site Request Forgery vulnerability

Answer: C

NEW QUESTION 4
You are usingNMAP to resolve domain names into IP addresses for a ping sweep later. Which of the following commands looks for IP addresses?

• A. >host –t ns hackeddomain.com
• B. >host –t AXFR hackeddomain.com
• C. >host –t soa hackeddomain.com
• D. >host –t a hackeddomain.com

Answer: D

NEW QUESTION 5
Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website byinserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known toincorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.
What type of attack is outlined in the scenario?

• A. Watering Hole Attack
• B. Spear Phising Attack
• C. Heartbleed Attack
• D. Shellshock Attack

Answer: A

NEW QUESTION 6
What is the most common method to exploit the “Bash Bug” or ShellShock” vulnerability?

• A. SSH
• B. SYN Flood
• C. Manipulate format strings in text fields
• D. Through Web servers utilizing CGI (CommonGateway Interface) to send a malformed environment variable to a vulnerable Web server

Answer: D

NEW QUESTION 7
It isan entity or event with the potential to adversely impact a system through unauthorized access destruction disclosures denial of service or modification of data.
Which of the following terms best matches this definition?

• A. Threat
• B. Attack
• C. Risk
• D. Vulnerability

Answer: A

NEW QUESTION 8
Jimmy is standing outside a secure entrance to a facility. He is pretending to having a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it beginsto close.
What just happened?

• A. Masquading
• B. Phishing
• C. Whaling
• D. Piggybacking

Answer: D

NEW QUESTION 9
An attacker gains access to a Web server’s database and display the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

• A. Insufficient security management
• B. Insufficient database hardening
• C. Insufficient exception handling
• D. Insufficient input validation

Answer: D

NEW QUESTION 10
You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it.
What tool will help you with the task?

• A. Armitage
• B. Dimitry
• C. cdpsnarf
• D. Metagoofil

Answer: D

NEW QUESTION 11
Risk = Threats x Vulnerabilities is referred to as the:

• A. Threat assessment
• B. Disaster recovery formula
• C. BIA equation
• D. Risk equation

Answer: D

NEW QUESTION 12
A company’s security states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

• A. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
• B. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
• C. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
• D. Attempts by attacks to access the user and password information stores in the company's SQL database.

Answer: C

NEW QUESTION 13
A common cryptographically tool is the use of XOR. XOR the following binary value: 10110001
00111010

• A. 10001011
• B. 10011101
• C. 11011000
• D. 10111100

Answer: A

NEW QUESTION 14
The security concept of “separation of duties” is most similar to the operation ofwhich type of security device?

• A. Bastion host
• B. Honeypot
• C. Firewall
• D. Intrusion Detection System

Answer: C

NEW QUESTION 15
Which of the following isthe greatest threat posed by backups?

• A. An un-encrypted backup can be misplaced or stolen
• B. A back is incomplete because no verification was performed.
• C. A backup is the source of Malware or illicit information.
• D. A backup is unavailable duringdisaster recovery.

Answer: A

NEW QUESTION 16
Perspective clients wantto see sample reports from previous penetration tests. What should you do next?

• A. Share full reports, not redacted.
• B. Share full reports, with redacted.
• C. Decline but, provide references.
• D. Share reports, after NDA is signed.

Answer: B

NEW QUESTION 17
Using Windows CMD, how would an attacker list all the shares to which the current user context hasaccess?

• A. NET CONFIG
• B. NET USE
• C. NET FILE
• D. NET VIEW

Answer: D

NEW QUESTION 18
In Risk Management, how is the term “likelihood” related to the concept of “threat?”

• A. Likelihood is the probability that a vulnerability is a threat-source.
• B. Likelihood is a possible threat-source that may exploit a vulnerability.
• C. Likelihood is the likely source of a threat that could exploit a vulnerability.
• D. Likelihood is the probability that a threat-source will exploit a vulnerability.

Answer: D

NEW QUESTION 19
Which of the following is the BEST way to defend against network sniffing?

• A. Using encryption protocols to secure network communications
• B. Restrict Physical Access to Server Rooms hosting Critical Servers
• C. Use Static IP Address
• D. Register all machines MAC Address in a centralized Database

Answer: A

NEW QUESTION 20
Which of the following is considered the best way to prevent Personally Identifiable Information (PII) from web application vulnerabilities?

• A. Use encrypted communications protocols to transmit PII
• B. Use full disk encryption on all hard drives to protect PII
• C. Use cryptographic storage to store all PII
• D. Use a security token to log onto into all Web application that use PII

Answer: A