Ethicalquiz

147 Questions | Total Attempts: 722

SettingsSettingsSettings
Please wait...
Ethicalquiz

.


Questions and Answers
  • 1. 
    What is the length of the IPv6 datagram header? 
    • A. 

      10 bytes

    • B. 

      25 bytes

    • C. 

      30 bytes

    • D. 

      40 bytes

  • 2. 
    In the IPv6 header, the traffic class field is similar to which field in the IPv4 header? 
    • A. 

      Fragmentation field

    • B. 

      Fast switching

    • C. 

      TOS field

    • D. 

      Option field

  • 3. 
    Which of the following features are present in IPv4 header but not in IPv6 header? [Select the BEST answer] 
    • A. 

      Fragmentation

    • B. 

      Header checksum

    • C. 

      Options

    • D. 

      All of the above

  • 4. 
    Which statement is the MOST accurate regarding firewalls?
    • A. 

      They route traffic based upon inspecting packets.

    • B. 

      They filter traffic based upon inspecting packets.

    • C. 

      They switch packets based upon inspecting packets.

    • D. 

      They forward packets to the Internet based upon inspecting packets.

  • 5. 
    Which of the following are private IP addresses that can be assigned to a host? [Select all that apply] 
    • A. 

      12.17.1.45

    • B. 

      10.255.255.254

    • C. 

      172.15.255.248

    • D. 

      192.168.1.5

  • 6. 
    Which of the following are valid types of IPv6 address? [Select all that apply]
    • A. 

      Global unicast

    • B. 

      Unique local

    • C. 

      Multicast

    • D. 

      Broadcast

  • 7. 
    MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client? 
    • A. 

      The MAC address doesn’t map to a manufacturer.

    • B. 

      The MAC address is two digits too long.

    • C. 

      A reverse ARP request maps to two hosts.

    • D. 

      The host is receiving its own traffic.

  • 8. 
    ARP poisoning alters ARP table mappings to align all traffic to the attacker’s interface before traveling to the proper destination. What does this allow to an attacker? [Select two] 
    • A. 

      Capture all traffic on the network

    • B. 

      Entice the victim to open or activate the payload

    • C. 

      Install software to perform any function

    • D. 

      Jumping-off point for future attacks

  • 9. 
    There are some programs that can be used to provide unexpected or random inputs to computer programs. This is referred to as:
    • A. 

      Fuzzing

    • B. 

      Penetration test

    • C. 

      MAC Spoofing

    • D. 

      Port Mirroring

  • 10. 
    Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? [Select two]
    • A. 

      Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.

    • B. 

      Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached

    • C. 

      Router C will use ICMP to inform Router B that Host 2 cannot be reached

    • D. 

      Router C will send a Destination Unreachable message type

  • 11. 
    Which statement describes how public/private key pair is used to protect confidentiality when using asymmetric encryption? 
    • A. 

      The sender encrypts the data using the sender's private key, and the receiver decrypts the data using the sender's public key.

    • B. 

      The sender encrypts the data using the sender's public key, and the receiver decrypts the data using the sender's private key.

    • C. 

      The sender encrypts the data using the receiver's public key, and the receiver decrypts the data using the receiver's private key.

    • D. 

      The sender encrypts the data using the receiver's private key, and the receiver decrypts the data using the sender's public key.

  • 12. 
    SSIDs serve many functions, but the primary goal is which of the following? 
    • A. 

      Mask a network

    • B. 

      Prioritize traffic

    • C. 

      Identify clients to the network

    • D. 

      Identify the network to clients or potential clients

  • 13. 
    Which device is typically used with software such as Wireshark to aid in wireless network traffic analysis? 
    • A. 

      AirPcap

    • B. 

      Honeypot

    • C. 

      Access point

    • D. 

      Router

  • 14. 
    Because of its obvious rule-breaking nature, what scan method flagged by almost all intrusion prevention or intrusion detection systems?
    • A. 

      SYN scan

    • B. 

      FIN scan

    • C. 

      Stealth scan

    • D. 

      Christmas tree scan

  • 15. 
    The port numbers range from 0 to 65,535 and are split into three different groups. Registered ports are: 
    • A. 

      0-1023

    • B. 

      1024-49151

    • C. 

      49152-65535

    • D. 

      1024-2024

  • 16. 
    Which of the following is a denial-of-service attack against a Bluetooth device? 
    • A. 

      Bluesmacking

    • B. 

      Bluejacking

    • C. 

      Bluesniffing

    • D. 

      Bluescarfing

  • 17. 
    (Inherent risk) - (impact of risk controls) = ?
    • A. 

      Residual risk

    • B. 

      Accepted risk

    • C. 

      Return On Investment (ROI)

    • D. 

      Vulnerability

  • 18. 
    In the context of the Microsoft Windows NT, which Security Identifier (SID) represents the administrator account?  
    • A. 

      S-1-5- and end with -500

    • B. 

      S-1-0-0

    • C. 

      S-1-1-0

    • D. 

      S-1-3-1

  • 19. 
    Vulnerability mapping occurs after which phase of a penetration test? 
    • A. 

      Host scanning

    • B. 

      Passive information gathering

    • C. 

      Analysis of host scanning

    • D. 

      Network level discovery

  • 20. 
    Bob is having no luck performing a penetration test on Retail Store's network. He is running the test from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Bob is unable to get any useful results. Why is Bob having these problems? 
    • A. 

      Security scanners are not designed to scan through a firewall.

    • B. 

      Security scanners cannot perform vulnerability mapping.

    • C. 

      Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.

    • D. 

      All of the above.

  • 21. 
    How would you describe an attacker’s attempts to deliver the payload over multiple packets for an extended period of time? [Select the best answer] 
    • A. 

      Evasion

    • B. 

      IP fragmentation

    • C. 

      Session splicing

    • D. 

      Session hijacking

  • 22. 
    When discussing password attacks, what is considered a rubber hose attack?
    • A. 

      You load a dictionary of words into your cracking program.

    • B. 

      You create a rainbow table from a dictionary and compare it with hashed passwords

    • C. 

      You attempt every single possibility until you exhaust all possible combinations or discover the password

    • D. 

      You threaten someone with physical harm unless they reveal their password

  • 23. 
    Which of the following tactics is used in social engineering attacks? [Select all that apply]
    • A. 

      Reciprocity

    • B. 

      Social Validation

    • C. 

      Accountability

    • D. 

      Authority

  • 24. 
    Which of the following are functions of Arpwatch?
    • A. 

      Keeping track of Ethernet/IP addressing pairing

    • B. 

      Packet filtering

    • C. 

      Encryption

    • D. 

      DNS security

  • 25. 
    Which type of attack is used to redirect users to an incorrect DNS server? [Select two] 
    • A. 

      DNS DoS

    • B. 

      DNS cache poisoning

    • C. 

      DNS zone transfer

    • D. 

      Pharming