312-50 (Mixed Questions Set 2)

50 Questions | Total Attempts: 320

SettingsSettingsSettings
MCQ Quizzes & Trivia

Questions and Answers
  • 1. 
    Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in security testing the client?
    • A. 

      Reconnaissance

    • B. 

      Enumeration

    • C. 

      Scanning

    • D. 

      Escalation

  • 2. 
    Which regulation defines security and privacy controls for Federal information systems and organizations?
    • A. 

      NIST-800-53

    • B. 

      PCI-DSS

    • C. 

      EU Safe Harbor

    • D. 

      HIPAA

  • 3. 
    How does the Address Resolution Protocol (ARP) work?
    • A. 

      It sends a request packet to all the network elements, asking for the MAC address from a specific IP.

    • B. 

      It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.

    • C. 

      It sends a reply packet for a specific IP, asking for the MAC address.

    • D. 

      It sends a request packet to all the network elements, asking for the domain name from a specific IP.

  • 4. 
    You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it. What tool will help you with the task?
    • A. 

      Metagoofil

    • B. 

      Armitage

    • C. 

      Dimitry

    • D. 

      Cdpsnarf

  • 5. 
    When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation. What command will help you to search files using Google as a search engine?
    • A. 

      Site: target.com filetype:xls username password email

    • B. 

      Inurl: target.com filename:xls username password email

    • C. 

      Domain: target.com archive:xls username password email

    • D. 

      Site: target.com file:xls username password email

  • 6. 
    What is a "Collision attack" in cryptography?
    • A. 

      Collision attacks try to find two inputs producing the same hash.

    • B. 

      Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.

    • C. 

      Collision attacks try to get the public key.

    • D. 

      Collision attacks try to break the hash into three parts to get the plaintext value.

  • 7. 
    You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email( [email protected] ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?
    • A. 

      Social engineering

    • B. 

      Tailgating

    • C. 

      Piggybacking

    • D. 

      Eavesdropping

  • 8. 
    When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine. What nmap script will help you with this task?
    • A. 

      Http-methods

    • B. 

      Http enum

    • C. 

      Http-headers

    • D. 

      Http-git

  • 9. 
    When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners. What proxy tool will help you find web vulnerabilities?
    • A. 

      Burp suite

    • B. 

      Maskgen

    • C. 

      Dimitry

    • D. 

      Proxychains

  • 10. 
    You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What wireshark filter will show the connections from the snort machine to kiwi syslog machine?
    • A. 

      Tcp.dstport==514 && ip.dst==192.168.0.150

    • B. 

      Tcp.srcport==514 && ip.src==192.168.0.99

    • C. 

      Tcp.dstport==514 && ip.dst==192.168.0.0/16

    • D. 

      Tcp.srcport==514 && ip.src==192.168.150

  • 11. 
    This asymmetry cipher is based on factoring the product of two large prime numbers. What cipher is described above?
    • A. 

      RSA

    • B. 

      SHA

    • C. 

      RC5

    • D. 

      MD5

  • 12. 
    Which of the following parameters describe LM Hash (see exhibit):
    • A. 

      I, II, and III

    • B. 

      I

    • C. 

      II

    • D. 

      I and II

  • 13. 
    What is the process of logging, recording, and resolving events that take place in an organization?
    • A. 

      Incident Management Process

    • B. 

      Security Policy

    • C. 

      Internal Procedure

    • D. 

      Metrics

  • 14. 
    The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?
    • A. 

      Injection

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Path disclosure

  • 15. 
    You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account. What should you do?
    • A. 

      Report immediately to the administrator

    • B. 

      Do not report it and continue the penetration test.

    • C. 

      Transfer money from the administrator's account to another account.

    • D. 

      Do not transfer the money but steal the bitcoins.

  • 16. 
    Which of the following describes the characteristics of a Boot Sector Virus?
    • A. 

      Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

    • B. 

      Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

    • C. 

      Modifies directory table entries so that directory entries point to the virus code instead of the actual program

    • D. 

      Overwrites the original MBR and only executes the new virus code

  • 17. 
    You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions. Which command-line utility are you most likely to use?
    • A. 

      Grep

    • B. 

      Notepad

    • C. 

      MS Excel

    • D. 

      Relational Database

  • 18. 
    You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk. What is one of the first things you should do when given the job?
    • A. 

      Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.

    • B. 

      Interview all employees in the company to rule out possible insider threats.

    • C. 

      Establish attribution to suspected attackers.

    • D. 

      Start the wireshark application to start sniffing network traffic.

  • 19. 
    A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?
    • A. 

      The host is likely a printer.

    • B. 

      The host is likely a Windows machine.

    • C. 

      The host is likely a Linux machine.

    • D. 

      The host is likely a router.

  • 20. 
    Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?
    • A. 

      Height and Weight

    • B. 

      Voice

    • C. 

      Fingerprints

    • D. 

      Iris patterns

  • 21. 
    Which of the following is NOT a Bluetooth attack?
    • A. 

      Bluedriving

    • B. 

      Bluejacking

    • C. 

      Bluesmacking

    • D. 

      Bluesnarfing

  • 22. 
    This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?
    • A. 

      Footprinting

    • B. 

      Network mapping

    • C. 

      Gaining access

    • D. 

      Escalating privileges

  • 23. 
    The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices.
    • A. 

      Wireless Intrusion Prevention System

    • B. 

      Wireless Access Point

    • C. 

      Wireless Access Control List

    • D. 

      Wireless Analyzer

  • 24. 
    "NMAP -sn 192.168.11.200-215" The NMAP command above performs which of the following?
    • A. 

      A ping scan

    • B. 

      A trace sweep

    • C. 

      An operating system detect

    • D. 

      A port scan

  • 25. 
    You are using NMAP to resolve domain names into IP addresses for a ping sweep later. Which of the following commands looks for IP addresses?
    • A. 

      >host -t a hackeddomain.com

    • B. 

      >host -t soa hackeddomain.com

    • C. 

      >host -t ns hackeddomain.com

    • D. 

      >host -t AXFR hackeddomain.com

Back to Top Back to top