312-50 (Mixed Questions Set 2)
-
Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in security testing the client?
-
Reconnaissance
-
Enumeration
-
Scanning
-
Escalation
-
This quiz, titled '312-50 (Mixed Questions Set 2)', evaluates skills in cybersecurity through realistic penetration testing scenarios. It covers topics such as reconnaissance, ARP, metadata analysis, and collision attacks in cryptography, essential for professionals in the field.
Quiz Preview
- 2.
Which regulation defines security and privacy controls for Federal information systems and organizations?
-
NIST-800-53
-
PCI-DSS
-
EU Safe Harbor
-
HIPAA
Correct Answer
A. NIST-800-53Explanation
NIST Special Publication 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations," provides a catalog of security controls for all U.S. federal information systems except those related to national security.
References: https://en.wikipedia.org/wiki/NIST_Special_Publication_800-53Rate this question:
-
- 3.
How does the Address Resolution Protocol (ARP) work?
-
It sends a request packet to all the network elements, asking for the MAC address from a specific IP.
-
It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.
-
It sends a reply packet for a specific IP, asking for the MAC address.
-
It sends a request packet to all the network elements, asking for the domain name from a specific IP.
Correct Answer
A. It sends a request packet to all the network elements, asking for the MAC address from a specific IP.Explanation
When an incoming packet destined for a host machine on a particular local area network arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the IP address. The ARP program looks in the ARP cache and, if it finds the address, provides it so that the packet can be converted to the right packet length and format and sent to the machine. If no entry is found for the IP address, ARP broadcasts a request packet in a special format to all the machines on the LAN to see if one machine knows that it has that IP address associated with it. A machine that recognizes the IP address as its
own returns a reply so indicating. ARP updates the ARP cache for future reference and then sends the packet to the MAC address that replied.
References: http://searchnetworking.techtarget.com/definition/Address-Resolution-Protocol-ARPRate this question:
-
- 4.
You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it. What tool will help you with the task?
-
Metagoofil
-
Armitage
-
Dimitry
-
Cdpsnarf
Correct Answer
A. MetagoofilExplanation
Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.
Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfOption 1Miner? and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.
References: http://www.edge-security.com/metagoofil.phpRate this question:
-
- 5.
When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation. What command will help you to search files using Google as a search engine?
-
Site: target.com filetype:xls username password email
-
Inurl: target.com filename:xls username password email
-
Domain: target.com archive:xls username password email
-
Site: target.com file:xls username password email
Correct Answer
A. Site: target.com filetype:xls username password emailExplanation
If you include site: in your query, Google will restrict your search results to the site or domain you specify.
If you include filetype:suffix in your query, Google will restrict the results to pages whose names end in suffix. For example, [ web page evaluation checklist filetype:pdf ] will return Adobe Acrobat pdf files that match the terms “web,” “page,” “evaluation,” and “checklist.”
References: http://www.googleguide.com/advanced_operators_reference.htmlRate this question:
-
- 6.
What is a "Collision attack" in cryptography?
-
Collision attacks try to find two inputs producing the same hash.
-
Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.
-
Collision attacks try to get the public key.
-
Collision attacks try to break the hash into three parts to get the plaintext value.
Correct Answer
A. Collision attacks try to find two inputs producing the same hash.Explanation
A Collision Attack is an attempt to find two input strings of a hash function that produce the same hash result.
References: https://learncryptography.com/hash-functions/hash-collision-attackCollision attacks try to break the hash into three parts to get the plaintext value.Rate this question:
-
- 7.
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?
-
Social engineering
-
Tailgating
-
Piggybacking
-
Eavesdropping
Correct Answer
A. Social engineeringExplanation
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a
more complex fraud scheme.
Incorrect Answers:
( B ) Using tailgaiting an attacker, seeking entry to a restricted area secured by unattended, electronic access control, e.g. by RFID card, simply walks in behind a person who has legitimate access.
References: https://en.wikipedia.org/wiki/Social_engineering_(security)Rate this question:
-
- 8.
When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine. What nmap script will help you with this task?
-
Http-methods
-
Http enum
-
Http-headers
-
Http-git
Correct Answer
A. Http-methodsExplanation
You can check HTTP method vulnerability using NMAP.
Example: #nmap –script=http-methods.nse 192.168.0.25
References: http://solutionsatexperts.com/http-method-vulnerability-check-using-nmap/Rate this question:
-
- 9.
When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners. What proxy tool will help you find web vulnerabilities?
-
Burp suite
-
Maskgen
-
Dimitry
-
Proxychains
Correct Answer
A. Burp suiteExplanation
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
References: https://portswigger.net/burp/Rate this question:
-
- 10.
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What wireshark filter will show the connections from the snort machine to kiwi syslog machine?
-
Tcp.dstport==514 && ip.dst==192.168.0.150
-
Tcp.srcport==514 && ip.src==192.168.0.99
-
Tcp.dstport==514 && ip.dst==192.168.0.0/16
-
Tcp.srcport==514 && ip.src==192.168.150
Correct Answer
A. Tcp.dstport==514 && ip.dst==192.168.0.150Explanation
We need to configure destination port at destination ip. The destination ip is 192.168.0.150, where the kiwi syslog is installed.
References: https://wiki.wireshark.org/DisplayFiltersRate this question:
-
- 11.
This asymmetry cipher is based on factoring the product of two large prime numbers. What cipher is described above?
-
RSA
-
SHA
-
RC5
-
MD5
Correct Answer
A. RSAExplanation
RSA is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem.
Note: A user of RSA creates and then publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers must be kept https://www.gratisexam.com/secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime numbers can feasibly decode the message.
References: https://en.wikipedia.org/wiki/RSA_(cryptosystem)Rate this question:
-
- 12.
Which of the following parameters describe LM Hash (see exhibit):
-
I, II, and III
-
I
-
II
-
I and II
Correct Answer
A. I, II, and IIIExplanation
The LM hash is computed as follows:
( 1 ) The user's password is restricted to a maximum of fourteen characters.
( 2 ) The user’s password is converted to uppercase.
Etc.
14 character Windows passwords, which are stored with LM Hash, can be cracked in five seconds.
References: https://en.wikipedia.org/wiki/LM_hashRate this question:
-
- 13.
What is the process of logging, recording, and resolving events that take place in an organization?
-
Incident Management Process
-
Security Policy
-
Internal Procedure
-
Metrics
Correct Answer
A. Incident Management ProcessExplanation
The activities within the incident management process include:
-- Incident detection and recording
-- Classification and initial support
-- Investigation and analysis
-- Resolution and record
-- Incident closure
-- Incident ownership, monitoring, tracking and communication Establish incident framework management
-- Evaluation of incident framework management
References: https://en.wikipedia.org/wiki/Incident_management_(ITSM)#Incident_management_procedureRate this question:
-
- 14.
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?
-
Injection
-
Cross Site Scripting
-
Cross Site Request Forgery
-
Path disclosure
Correct Answer
A. InjectionExplanation
The top item of the OWASP 2013 OWASP's Top Ten Project Most Critical Web Application Security Risks is injection.
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
References: https://www.owasp.org/index.php/Top_10_2013-Top_10Rate this question:
-
- 15.
You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account. What should you do?
-
Report immediately to the administrator
-
Do not report it and continue the penetration test.
-
Transfer money from the administrator's account to another account.
-
Do not transfer the money but steal the bitcoins.
Correct Answer
A. Report immediately to the administratorExplanation
The correct answer is to report immediately to the administrator. As a penetration tester, it is important to follow ethical guidelines and prioritize the security and well-being of the organization being tested. Reporting the discovery of sensitive information, such as bank account passwords and login information, allows the administrator to take appropriate actions to protect their accounts and prevent any potential harm.Rate this question:
-
- 16.
Which of the following describes the characteristics of a Boot Sector Virus?
-
Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
-
Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
-
Modifies directory table entries so that directory entries point to the virus code instead of the actual program
-
Overwrites the original MBR and only executes the new virus code
Correct Answer
A. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBRExplanation
A boot sector virus is a computer virus that infects a storage device's master boot record (MBR). The virus moves the boot sector to another location on the hard drive.
References: https://www.techopedia.com/definition/26655/boot-sector-virusRate this question:
-
- 17.
You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions. Which command-line utility are you most likely to use?
-
Grep
-
Notepad
-
MS Excel
-
Relational Database
Correct Answer
A. GrepExplanation
grep is a command-line utility for searching plain-text data sets for lines matching a regular expression.
References: https://en.wikipedia.org/wiki/GrepRate this question:
-
- 18.
You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk. What is one of the first things you should do when given the job?
-
Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.
-
Interview all employees in the company to rule out possible insider threats.
-
Establish attribution to suspected attackers.
-
Start the wireshark application to start sniffing network traffic.
Correct Answer
A. Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.Explanation
The goals of penetration tests are:
( 1 ) Determine feasibility of a particular set of attack vectors
( 2 ) Identify high-risk vulnerabilities from a combination of lower-risk vulnerabilities exploited in a particular sequence
( 3 ) Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability
scanning software
( 4 ) Assess the magnitude of potential business and operational impacts of successful attacks
( 5 ) Test the abilOption 3ity of network defenders to detect and respond to attacks
( 6 ) Provide evidence to support increased investments in security personnel and technology
References: https://en.wikipedia.org/wiki/Penetration_testRate this question:
-
- 19.
A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?
-
The host is likely a printer.
-
The host is likely a Windows machine.
-
The host is likely a Linux machine.
-
The host is likely a router.
Correct Answer
A. The host is likely a printer.Explanation
The Internet Printing Protocol (IPP) uses port 631.
References: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbersRate this question:
-
- 20.
Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?
-
Height and Weight
-
Voice
-
Fingerprints
-
Iris patterns
Correct Answer
A. Height and WeightExplanation
There are two main types of biometric identifiers:
( 1 ) Physiological characteristics: The shape or composition of the body.
( 2 ) Behavioral characteristics: The behavior of a person.
Examples of physiological characteristics used for biometric authentication include fingerprints; DNA; face, hand, retina or ear features; and odor. Behavioral characteristics are related to the pattern of the behavior of a person, such as typing rhythm, gait, gestures and voice.
References: http://searchsecurity.techtarget.com/definition/biometricsRate this question:
-
- 21.
Which of the following is NOT a Bluetooth attack?
-
Bluedriving
-
Bluejacking
-
Bluesmacking
-
Bluesnarfing
Correct Answer
A. BluedrivingExplanation
Incorrect Answers:
( B ) Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones,
PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or
bluechat) to another Bluetooth-enabled device via the OBEX protocol.
( C ) BlueSmack is a Bluetooth attack that knocks out some Bluetooth-enabled devices immediately. This Denial of Service
attack can be conducted using standard tools that ship with the official Linux Bluez utils package.
( D ) Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often
between phones, desktops, laptops, and PDAs (personal digital assistant.). This allows access to a calendar, contact list,
emails and text messages, and on some phones, users can copy pictures and private videos.
References: https://en.wikipedia.org/wiki/Bluejacking
http://trifinite.org/trifinite_stuff_bluesmack.html
https://en.wikipedia.org/wiki/BluesnarfingRate this question:
-
- 22.
This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?
-
Footprinting
-
Network mapping
-
Gaining access
-
Escalating privileges
Correct Answer
A. FootprintingExplanation
Footprinting is a first step that a penetration tester used to evaluate the security of any IT infrastructure, footprinting means to gather the maximum information about the computer system or a network and about the devices that are attached to this network.
References: http://www.ehacking.net/2011/02/footprinting-first-step-of-ethical.htmlRate this question:
-
- 23.
The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices.
-
Wireless Intrusion Prevention System
-
Wireless Access Point
-
Wireless Access Control List
-
Wireless Analyzer
Correct Answer
A. Wireless Intrusion Prevention SystemExplanation
A wireless intrusion prevention system (WIPS) is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).
References: https://en.wikipedia.org/wiki/Wireless_intrusion_prevention_systemRate this question:
-
- 24.
"NMAP -sn 192.168.11.200-215" The NMAP command above performs which of the following?
-
A ping scan
-
A trace sweep
-
An operating system detect
-
A port scan
Correct Answer
A. A ping scanExplanation
NMAP -sn (No port scan)
This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the host discovery probes. This is often known as a “ping scan”, but you can also request that traceroute and NSE host scripts be run.
References: https://nmap.org/book/man-host-discovery.htmlRate this question:
-
- 25.
You are using NMAP to resolve domain names into IP addresses for a ping sweep later. Which of the following commands looks for IP addresses?
-
>host -t a hackeddomain.com
-
>host -t soa hackeddomain.com
-
>host -t ns hackeddomain.com
-
>host -t AXFR hackeddomain.com
Correct Answer
A. >host -t a hackeddomain.comExplanation
The A record is an Address record. It returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host.
References: https://en.wikipedia.org/wiki/List_of_DNS_record_typesRate this question:
-
- 26.
Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
-
TCPDump
-
Nessus
-
Etherea
-
Jack the ripper
Correct Answer
A. TCPDumpExplanation
TCPDump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
References: https://en.wikipedia.org/wiki/TcpdumpRate this question:
-
- 27.
The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?
-
Promiscuous mode
-
Port forwarding
-
Multi-cast mode
-
WEM
Correct Answer
A. Promiscuous modeExplanation
Promiscuous mode refers to the special mode of Ethernet hardware, in particular network interface cards (NICs), that allows a NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (a.k.a. MAC) of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting.
References: https://www.tamos.com/htmlhelp/monitoring/Rate this question:
-
- 28.
Which of the following is an extremely common IDS evasion technique in the web world?
-
Unicode characters
-
Spyware
-
Port knocking
-
Subnetting
Correct Answer
A. Unicode charactersExplanation
Unicode attacks can be effective against applications that understand it. Unicode is the international standard whose goal is to represent every character needed by every written human language as a single integer number. What is known as Unicode evasion should more correctly be referenced as UTF-8 evasion. Unicode characters are normally represented with two bytes, but this is impractical in real life.
One aspect of UTF-8 encoding causes problems: non-Unicode characters can be represented encoded. What is worse is multiple representations of each character can exist. Non-Unicode character encodings are known as overlong characters, and may be signs of attempted attack.
References: http://books.gigatux.nl/mirror/apachesecurity/0596007248/apachesc-chp-10-sect-8.htmlRate this question:
-
- 29.
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
-
PKI
-
Single sign on
-
Biometrics
-
SOA
Correct Answer
A. PKIExplanation
A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates[1] and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email.
References: https://en.wikipedia.org/wiki/Public_key_infrastructureRate this question:
-
- 30.
Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?
-
Service Oriented Architecture
-
Object Oriented Architecture
-
Lean Coding
-
Agile Process
Correct Answer
A. Service Oriented ArchitectureExplanation
A service-oriented architecture (SOA) is an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network.
References: https://en.wikipedia.org/wiki/Service-oriented_architectureRate this question:
-
- 31.
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?
-
ESP transport mode
-
AH permiscuous
-
ESP confidential
-
AH Tunnel mode
Correct Answer
A. ESP transport modeExplanation
When transport mode is used, IPSec encrypts only the IP payload. Transport mode provides the protection of an IP payload through an AH or ESP header.
Encapsulating Security Payload (ESP) provides confidentiality (in addition to authentication, integrity, and anti-replay protection) for the IP payload.
Incorrect Answers:
B: Authentication Header (AH) provides authentication, integrity, and anti-replay protection for the entire packet (both the IP header and the data payload carried in the packet). It does not provide confidentiality, which means that it does not encrypt the data.
References: https://technet.microsoft.com/en-us/library/cc739674(v=ws.10).aspxRate this question:
-
- 32.
Which of the following is assured by the use of a hash?
-
Integrity
-
Confidentiality
-
Authentication
-
Availability
Correct Answer
A. IntegrityExplanation
An important application of secure hashes is verification of message integrity. Determining whether any changes have been made to a message (or a file), for example, can be accomplished by comparing message digests calculated before, and after, transmission (or any other event).
References: https://en.wikipedia.org/wiki/Cryptographic_hash_function#Verifying_the_integrity_of_files_or_messagesRate this question:
-
- 33.
Which of the following is the greatest threat posed by backups?
-
A backup is the source of Malware or illicit information.
-
A backup is unavailable during disaster recovery.
-
A backup is incomplete because no verification was performed.
-
An un-encrypted backup can be misplaced or stolen.
Correct Answer
A. A backup is the source of Malware or illicit information.Explanation
If the data written on the backup media is properly encrypted, it will be useless for anyone without the key.
References: http://resources.infosecinstitute.com/backup-media-encryption/Rate this question:
-
- 34.
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause?
-
The network devices are not all synchronized.
-
Proper chain of custody was not observed while collecting the logs.
-
The attacker altered or erased events from the logs.
-
The security breach was a false positive.
Correct Answer
A. The network devices are not all synchronized.Explanation
Time synchronization is an important middleware service of distributed systems, amongst which Distributed Intrusion Detection System (DIDS) makes extensive use of time synchronization in particular.
References: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5619315&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%
3D5619315Rate this question:
-
- 35.
In Risk Management, how is the term "likelihood" related to the concept of "threat"?
-
Likelihood is the probability that a threat-source will exploit a vulnerability.
-
Likelihood is a possible threat-source that may exploit a vulnerability.
-
Likelihood is the likely source of a threat that could exploit a vulnerability.
-
Likelihood is the probability that a vulnerability is a threat-source.
Correct Answer
A. Likelihood is the probability that a threat-source will exploit a vulnerability.Explanation
The ability to analyze the likelihood of threats within the organization is a critical step in building an effective security program. The process of assessing threat probability should be well defined and incorporated into a broader threat analysis process to be effective.
References: http://www.mcafee.com/campaign/securitybattleground/resources/chapter5/whitepaper-on-assessing-threat-attack-likelihood.pdfRate this question:
-
- 36.
The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%). What is the closest approximate cost of this replacement and recovery operation per year?
-
$146
-
$1320
-
$440
-
$100
Correct Answer
A. $146Explanation
The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE).
Suppose than an asset is valued at $100,000, and the Exposure Factor (EF) for this asset is 25%. The single loss expectancy (SLE) then, is 25% * $100,000, or $25,000.
In our example the ARO is 33%, and the SLE is 300+14*10 (as EF=1). The ALO is thus: 33%*(300+14*10) which equals 146.
References: https://en.wikipedia.org/wiki/Annualized_loss_expectancyRate this question:
-
- 37.
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible?
-
File system permissions
-
Privilege escalation
-
Directory traversal
-
Brute force login
Correct Answer
A. File system permissionsExplanation
To upload files the user must have proper write file permissions.
References: http://codex.wordpress.org/Hardening_WordPressRate this question:
-
- 38.
While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?
-
Cross-Site Request Forgery
-
Cross-Site Scripting
-
Clickjacking
-
Web form input validation
Correct Answer
A. Cross-Site Request ForgeryExplanation
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.
Example and characteristics
If an attacker is able to find a reproducible link that executes a specific action on the target page while the victim is being logged in there, he is able to embed such link on a page he controls and trick the victim into opening it. The attack carrier link may be placed in a location that the victim is likely to visit while logged into the target site (e.g. a discussion forum), sent in a HTML email body or attachment.
Incorrect Answers:
( C ) Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code
or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.
References: https://en.wikipedia.org/wiki/Cross-site_request_forgeryRate this question:
-
- 39.
A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?
-
Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
-
Attempts by attackers to access the user and password information stored in the company's SQL database.
-
Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
-
Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
Correct Answer
A. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.Explanation
Cookies can store passwords and form content a user has previously entered, such as a credit card number or an address.
Cookies can be stolen using a technique called cross-site scripting. This occurs when an attacker takes advantage of a website that allows its users to post unfiltered HTML and JavaScript content.
References: https://en.wikipedia.org/wiki/HTTP_cookie#Cross-site_scripting_.E2.80.93_cookie_theftRate this question:
-
- 40.
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of Web application vulnerability likely exists in their software?
-
Cross-site scripting vulnerability
-
Cross-site Request Forgery vulnerability
-
SQL injection vulnerability
-
Web site defacement vulnerability
Correct Answer
A. Cross-site scripting vulnerabilityExplanation
Many operators of particular web applications (e.g. forums and webmail) allow users to utilize a limited subset of HTML markup. When accepting HTML input from users (say, very large), output encoding (such as <b>very</b> large) will not suffice since the user input needs to be rendered as HTML by the browser (so it shows as "very large", instead of "very large"). Stopping an XSS attack when accepting HTML input from users is much more complex in this situation. Untrusted HTML input must be run through an HTML sanitization engine to ensure that it does not contain cross-site scripting code.
References: https://en.wikipedia.org/wiki/Cross-site_scripting#Safely_validating_untrusted_HTML_inputRate this question:
-
- 41.
Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?
-
Use cryptographic storage to store all PII
-
Use encrypted communications protocols to transmit PII
-
Use full disk encryption on all hard drives to protect PII
-
Use a security token to log into all Web applications that use PII
Correct Answer
A. Use cryptographic storage to store all PIIExplanation
As a matter of good practice any PII should be protected with strong encryption.
References: https://cuit.columbia.edu/cuit/it-security-practices/handling-personally-identifying-informationRate this question:
-
- 42.
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
-
Validate and escape all information sent to a server
-
Use security policies and procedures to define and implement proper security settings
-
Verify access right before allowing access to protected information and UI controls
-
Use digital certificates to authenticate a server prior to sending data
Correct Answer
A. Validate and escape all information sent to a serverExplanation
Contextual output encoding/escaping could be used as the primary defense mechanism to stop Cross-site Scripting (XSS) attacks.
References: https://en.wikipedia.org/wiki/Cross-site_scripting#Contextual_output_encoding.2Fescaping_of_string_inputRate this question:
-
- 43.
An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol is most likely able to handle this requirement?
-
RADIUS
-
DIAMETER
-
Kerberos
-
TACACS+
Correct Answer
A. RADIUSExplanation
Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.
References: https://en.wikipedia.org/wiki/RADIUSRate this question:
-
- 44.
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
-
The WAP does not recognize the client’s MAC address
-
The client cannot see the SSID of the wireless network
-
Client is configured for the wrong channel
-
The wireless client is not configured to use DHCP
Correct Answer
A. The WAP does not recognize the client’s MAC addressExplanation
MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC Filtering is often used on wireless networks.
References: https://en.wikipedia.org/wiki/MAC_filteringRate this question:
-
- 45.
An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?
-
Protocol analyzer
-
Intrusion Prevention System (IPS)
-
Network sniffer
-
Vulnerability scanner
Correct Answer
A. Protocol analyzerExplanation
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer—or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital neOption 4twork or part of a network. A packet analyzer can analyze packet traffic saved in a PCAP file.
References: https://en.wikipedia.org/wiki/Packet_analyzerRate this question:
-
- 46.
An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?
-
Insufficient input validation
-
Insufficient exception handling
-
Insufficient database hardening
-
Insufficient security management
Correct Answer
A. Insufficient input validationExplanation
The most common web application security weakness is the failure to properly validate input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file system attacks, and buffer overflows.
References: https://www.owasp.org/index.php/Testing_for_Input_ValidationRate this question:
-
- 47.
Which of the following is a protocol specifically designed for transporting event messages?
-
SYSLOG
-
SMS
-
SNMP
-
ICMP
Correct Answer
A. SYSLOGExplanation
SYSLOG is a standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity label.
References: https://en.wikipedia.org/wiki/Syslog#Network_protocolRate this question:
-
- 48.
Which of the following security operations is used for determining the attack surface of an organization?
-
Running a network scan to detect network services in the corporate DMZ
-
Training employees on the security policy regarding social engineering
-
Reviewing the need for a security clearance for each employee
-
Using configuration management to determine when and where to apply security patches
Correct Answer
A. Running a network scan to detect network services in the corporate DMZExplanation
For a network scan the goal is to document the exposed attack surface along with any easily detected vulnerabilities.
References: http://meisecurity.com/home/consulting/consulting-network-scanning/Rate this question:
-
- 49.
The security concept of "separation of duties" is most similar to the operation of which type of security device?
-
Firewall
-
Bastion host
-
Intrusion Detection System
-
Honeypot
Correct Answer
A. FirewallExplanation
In most enterprises the engineer making a firewall change is also the one reviewing the firewall metrics for unauthorized changes. What if the firewall administrator wanted to hide something? How would anyone ever find out? This is where the separation of duties comes in to focus on the responsibilities of tasks within security.
References: http://searchsecurity.techtarget.com/tip/Modern-security-management-strategy-requires-security-separation-of-dutiesRate this question:
-
Quiz Review Timeline (Updated): Mar 21, 2023 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Mar 19, 2019Quiz Created by
Dale
Back to top