The Ultimate Fundamentals Of Networking Test!

  • ISO/IEC 27001
  • NIST SP 800-53
Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Terry519vx
T
Terry519vx
Community Contributor
Quizzes Created: 2 | Total Attempts: 1,884
| Attempts: 715 | Questions: 102
Please wait...
Question 1 / 102
0 %
0/100
Score 0/100
1. In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

Explanation

Salting is a password protection technique where random strings of characters are added to the password before calculating their hashes. This adds an extra layer of security by making it difficult for attackers to guess the password through methods like rainbow table attacks. The salted password is then stored in the database, along with the salt value used. When a user tries to authenticate, the entered password is salted with the same value and compared with the stored salted password. If they match, the user is granted access.

Submit
Please wait...
About This Quiz
The Ultimate Fundamentals Of Networking Test! - Quiz

The Ultimate Fundamentals of Networking Test assesses essential security concepts within network environments. It covers DMZ purposes, intrusion detection, password salting, vulnerability scanning, and risks of third-party scripts, catering to learners aiming to enhance their network security skills.

Personalize your quiz and earn a certificate with your name on it!
2. A hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?

Explanation

Banner grabbing is a process that would help the hacker named Jack to determine the operating system of the bank's computer system. By analyzing the banners, which are information sent by the operating system, Jack can identify the specific operating system being used. This knowledge will enable him to launch further attacks targeted towards the vulnerabilities of that operating system.

Submit
3. Log monitoring tools performing behavioral analysis have alerted to several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activity it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

Explanation

The correct answer is NTP. NTP (Network Time Protocol) is a protocol used on Linux servers to synchronize the time. In this scenario, the log monitoring tools have detected suspicious logins occurring during non-business hours. After further examination, it is discovered that the system time on the Linux server is wrong by more than twelve hours. This indicates that the NTP protocol, which is responsible for synchronizing the time on the server, has stopped working.

Submit
4. What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Explanation

Grey-box analysis is performed when an attacker has partial knowledge of the inner-workings of the application. In this type of analysis, the attacker has some limited information about the system, such as access to the application's interface or documentation. This allows them to gain a deeper understanding of the application's behavior and vulnerabilities, which can be used to exploit and compromise the system. Grey-box analysis combines elements of both black-box (no knowledge) and white-box (full knowledge) analysis, making it a valuable technique for attackers seeking to exploit vulnerabilities in a targeted application.

Submit
5. Which of the following provides a security professional with most information about the system's security posture?

Explanation

Port scanning, banner grabbing, and service identification provide a security professional with the most information about the system's security posture. Port scanning involves scanning a system's network ports to identify open ports and potential vulnerabilities. Banner grabbing involves collecting information from network services such as web servers to gather details about the system. Service identification involves determining the specific services running on a system, which can help identify potential vulnerabilities or misconfigurations. These techniques provide valuable information for assessing and improving the security of a system.

Submit
6. Which of the following is an adaptive SQL injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

Explanation

Fuzzing testing is an adaptive SQL injection testing technique that involves inputting large amounts of random data to identify coding errors. By observing the changes in the output, developers can discover vulnerabilities and potential security flaws in the system. This technique helps to simulate real-world scenarios and test the resilience of the system against unexpected inputs. Fuzzing testing is an effective method to identify and fix coding errors, ensuring the security and stability of the SQL application.

Submit
7. Darius just received a call: Unknown Caller: Hello, my name is Rashad and i'm security engineer from Microsoft Corporation. We have observed suspicious activity originating from your system and we would like to stop this threat. To do so I would ask you to install some updates on your system. Would you prefer to send me you link or an attachment within email? Darius:  Hello, please send me an email with the attachment at [email protected] Unknow Caller: Thank you for your cooperation i'm sending instruction and all files. What Darius just faced?

Explanation

Darius just faced a social engineering attack. In this scenario, the caller claimed to be a security engineer from Microsoft Corporation and manipulated Darius into believing that there was suspicious activity on his system. The caller then requested Darius to install updates by either sending a link or an attachment within an email. This is a typical example of social engineering, where the attacker deceives the victim into taking actions that compromise their security.

Submit
8. You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

Explanation

Snort would be the most likely tool to select because it is a versatile network security tool that can perform network intrusion prevention and intrusion detection. It can also function as a network sniffer, capturing and analyzing network traffic. Additionally, Snort has the capability to record network activity, making it a comprehensive tool for network security monitoring and analysis.

Submit
9. The name for tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

Explanation

Security Incident and Event Monitoring (SIEM) tools are designed to receive event logs from various sources such as servers, network equipment, and applications. These tools analyze and correlate the logs to detect any security relevant issues. They can generate alarms or alerts when suspicious activities or potential security incidents are identified. SIEM tools play a crucial role in proactively monitoring and managing security events, allowing organizations to quickly respond to and mitigate potential threats.

Submit
10. Why is a penetration test considered to be more thorough than vulnerability scan?

Explanation

A penetration test is considered to be more thorough than a vulnerability scan because it actively exploits vulnerabilities in the targeted infrastructure. This means that the penetration test goes beyond just identifying vulnerabilities, but also attempts to exploit them to assess the potential impact and consequences. On the other hand, a vulnerability scan typically only involves identifying vulnerabilities through host discovery and port scanning, without actively exploiting them. Additionally, penetration testing tools often have more comprehensive vulnerability databases, allowing for a more thorough assessment of the system's security.

Submit
11. Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

Explanation

Peter is performing the hacking process known as "footprinting." Footprinting involves gathering information about a target system or organization through passive means, such as searching the internet for publicly available information. In this case, Peter is surfing the internet to gather information about DX Company, which falls under the footprinting process.

Submit
12. Which command can be used to show current TCP/IP connections.

Explanation

Netstat is the correct answer because it is a command-line tool used to display active TCP/IP connections on a computer. It provides information about the local address, foreign address, state of the connection, and other details. By using the netstat command, users can monitor network connections, troubleshoot network issues, and identify any suspicious or unauthorized connections.

Submit
13. Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company.  This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, president, or managers. The time a hacker spends performing research to locate this information about a company is known as?

Explanation

The correct answer is "Reconnassance" because it refers to the process of gathering information about a target company or individual. In the context of the question, hackers spend time researching and gathering specific details about the target company, such as logos, formatting, and names of high-level executives, in order to create a phishing message that appears legitimate. This reconnaissance phase is crucial for hackers to increase the trust level of their phishing attempts and make them more convincing to the target.

Submit
14. What is the process for allowing or blocking a specific port in the Windows firewall?  (For example, TCP port 22 inbound)

Explanation

To allow or block a specific port in the Windows firewall, a rule can be created in "Windows Firewall with Advanced Security" which is located in the Control Panel. This rule can be configured to match the requirements of allowing or blocking a specific port, such as TCP port 22 inbound. By creating this rule, the Windows firewall can be customized to allow or block traffic on the specified port.

Submit
15. Using spoofed IP address to generate port responses during a scan while using a SYN flag is a technique related to:

Explanation

The technique described in the question involves using spoofed IP addresses to generate port responses during a scan while using a SYN flag. This technique is not related to the FIN, SYN, or XMAS flags. Instead, it is related to the IDLE (side-channel) technique, which involves exploiting information leaked through side channels to gain unauthorized access or gather information about a system.

Submit
16. What is the purpose of a demilitarized zone on a network?

Explanation

A demilitarized zone (DMZ) on a network serves the purpose of providing direct access to the nodes within the DMZ while also protecting the network behind it. It acts as a buffer zone between the internal network and the external network, allowing for controlled access to certain resources. By placing servers or services that need to be accessed by external entities in the DMZ, the internal network is shielded from potential threats. This setup ensures that any malicious activity originating from the DMZ does not directly impact the internal network, enhancing overall network security.

Submit
17. In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

Explanation

The major difference concerning application layer vulnerabilities in IPv6 compared to IPv4 is that vulnerabilities in the application layer are independent of the network layer. This means that the vulnerabilities and the techniques used to mitigate them are almost identical in both IPv6 and IPv4. This implies that the security measures built into IPv6 do not necessarily address application layer vulnerabilities, and implementing IPv4 security in a dual-stack network can also provide protection from IPv6 attacks.

Submit
18. A pen tester is configuring a windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

Explanation

To allow the NIC to work in promiscuous mode while setting up Wireshark on a Windows laptop, the required river and library are Winpcap. Winpcap is a packet capture library that enables applications to capture and transmit network packets. It provides low-level access to network interfaces and allows Wireshark to capture all network traffic on the network interface, including packets not addressed to the laptop itself.

Submit
19. PGP, SSL, and IKE are all examples of which type of cryptography?

Explanation

PGP, SSL, and IKE are all examples of public key cryptography. Public key cryptography uses a pair of keys, a public key and a private key, to encrypt and decrypt data. The public key is used to encrypt data, while the private key is kept secret and used to decrypt the data. PGP (Pretty Good Privacy), SSL (Secure Sockets Layer), and IKE (Internet Key Exchange) are all protocols that use public key cryptography to secure communications and authenticate parties involved.

Submit
20. These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hacker are we talking about?

Explanation

Script Kiddies are hackers who have limited or no training and only know how to use basic techniques or tools. They are typically inexperienced and rely on pre-written scripts or tools developed by others to carry out their hacking attempts. Unlike other types of hackers, Script Kiddies lack the technical knowledge and skills to create their own hacking tools or exploit vulnerabilities. They often engage in hacking activities for fun or to prove their skills, but their actions are generally considered to be more of a nuisance than a serious threat.

Submit
21. What is the most important for a pentester before he can start any hacking activities:

Explanation

Before a pentester can start any hacking activities, it is crucial for them to ensure that their activity is authorized and that they have proper agreement with the owners of the targeted system. This is important for ethical and legal reasons. Unauthorized hacking can lead to legal consequences and damage relationships with clients. By obtaining proper authorization and agreement, the pentester can perform their activities within the boundaries defined by the system owners, ensuring a legal and ethical approach to the pentesting process.

Submit
22. Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp's lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

Explanation

Before Matthew has full administrator access, he must perform privilege escalation. Although he already has admin privileges, as indicated by the "501" at the end of the SID, this does not grant him full administrator access. Privilege escalation is the process of gaining higher levels of access or privileges than originally granted, allowing Matthew to have complete control and unrestricted access to the system.

Submit
23. Which is the first step followed by Vulnerability Scanners for scanning a network?

Explanation

Vulnerability scanners start by checking if the remote host is alive before proceeding with any other scans. This step is important because if the host is not active or accessible, further scanning will be pointless. By checking the host's availability, the vulnerability scanner ensures that it can establish a connection and communicate with the target system before continuing with more extensive network scanning activities.

Submit
24. A hacker gained access to database with logins and hashed passwords. To speed up cracking these passwords the best method would be:

Explanation

Rainbow tables are precomputed tables that contain a large number of possible passwords and their corresponding hash values. By using rainbow tables, the hacker can quickly look up the hashed passwords from the stolen database and find their corresponding plaintext passwords without having to perform time-consuming calculations. This method is much faster than brute force, which involves systematically trying every possible password combination, or decryption, which requires breaking the encryption algorithm. Collision does not apply in this scenario as it refers to two different inputs producing the same hash output.

Submit
25. The following is a part of a log file taken from the machine on the network with the IP address of 192.168.0.110: Time:June 16 17:30:15 Port:20 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:17 Port:21 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:19 Port:22 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:21 Port:23 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:22 Port:25 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:23 Port:80 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP What type of activity has been logged?

Explanation

The log file shows a series of connections being made to different ports on the IP address 192.168.0.110. This indicates a port scan, which is an activity where an attacker systematically scans a target IP address for open ports. In this case, the source IP address is 192.168.0.105, suggesting that it is the one performing the port scan. Therefore, the correct answer is "Port scan targeting 192.168.0.110."

Submit
26. Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Explanation

Msfencode is a Metasploit Framework tool that can help penetration testers evade anti-virus systems. It is used to encode payloads, making them undetectable by anti-virus software. By encoding the payload, it changes the signature of the file, bypassing the anti-virus detection and allowing the penetration tester to deliver the payload without being detected. This tool is commonly used in penetration testing to assess the effectiveness of an organization's anti-virus defenses.

Submit
27. Max saw a guy (Mario) who looked like a janitor who was holding a lot of boxes. Max held the door open for Mario. Mario was able to access the company without identification. What kind of attack is this?

Explanation

Tailgating is the correct answer for this question. Tailgating refers to the act of unauthorized individuals following authorized personnel into a secure area by closely following them through a controlled access point, such as a door. In this scenario, Max held the door open for Mario, who appeared to be a janitor holding a lot of boxes. Mario was able to access the company without identification, indicating that he gained entry by taking advantage of Max's presence and not through proper authentication.

Submit
28. A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

Explanation

The tester should use a single quote as the first character to attempt breaking a valid SQL request. This is because SQL injection involves inserting malicious SQL code into input fields, and using a single quote can help the tester determine if the application is vulnerable to such attacks. By inputting a single quote, the tester can check if the application's response indicates a potential vulnerability, such as displaying error messages or returning unexpected results.

Submit
29. An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL's _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

Explanation

LDAP uses a hierarchical database structure instead of SQL's relational structure. In a hierarchical structure, data is organized in a tree-like format with parent-child relationships, where each entry can have multiple children but only one parent. This makes it suitable for representing one-to-many relationships. On the other hand, SQL databases use a relational structure where data is organized in tables with rows and columns, allowing for many-to-one relationships. Therefore, LDAP has difficulty representing many-to-one relationships due to its hierarchical database structure.

Submit
30. Which of the following DoS tools is used to attack targets web applications by starvation of available sessions on the web server? The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

Explanation

R-U-Dead-Yet? (RUDY) is the correct answer because it is a Denial of Service (DoS) tool specifically designed to target web applications by starving the available sessions on the web server. It achieves this by keeping sessions at a halt using never-ending POST transmissions and sending an arbitrarily large content-length header value. This overwhelms the server and prevents it from serving legitimate user requests, effectively causing a denial of service.

Submit
31. Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, Network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy.What is the main theme of the sub-policies for Information Technologies?

Explanation

The main theme of the sub-policies for Information Technologies is Confidentiality, Integrity, and Availability. These three principles are fundamental in ensuring the security of a system, organization, or entity. Confidentiality ensures that sensitive information is protected from unauthorized access. Integrity ensures that data remains accurate, complete, and unaltered. Availability ensures that the system or information is accessible and usable when needed. By focusing on these three aspects, the sub-policies aim to establish a secure environment for information technologies.

Submit
32. Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Explanation

Blind SQL injection is the most likely type of SQL injection that Elliot is performing. Blind SQL injection is a technique where an attacker injects malicious SQL code into a vulnerable application, but unlike other types of SQL injection, the application does not display any error messages or visible results that would indicate the success of the injection. Instead, the attacker uses conditional timing delays, such as introducing a sleep function, to indirectly determine whether the injected queries are successful or not. This allows the attacker to gather information or exploit the application without leaving any visible traces.

Submit
33. To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

Explanation

The correct answer is "if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit". This rule specifically allows traffic from workstations in network 10.10.10.0/24 to reach the bank web site 10.20.20.1 using the secure https protocol on port 443. It ensures that only traffic meeting all three conditions (source IP, destination IP, and port) will be permitted through the firewall, effectively restricting access to only the desired destination.

Submit
34. The name for tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

Explanation

Security Incident and Event Monitoring (SIEM) is the correct answer because it accurately describes the tools that receive event logs from servers, network equipment, and applications, analyze and correlate those logs, and generate alarms for security relevant issues. Network Sniffer is incorrect because it refers to a tool used to capture and analyze network traffic. Intrusion Prevention Server is incorrect because it refers to a system that actively prevents and blocks intrusion attempts. Vulnerability Scanner is incorrect because it refers to a tool used to identify security vulnerabilities in systems.

Submit
35. You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP.After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.What kind of attack does the above scenario depict?

Explanation

The given scenario depicts a Botnet Attack. A botnet is a network of compromised devices that are controlled by a single entity, known as the botmaster. In this case, the internal IP addresses owned by the company are communicating with a blacklisted public IP, indicating that these internal devices have been compromised and are being used as part of a botnet. The attacker is using these compromised devices to carry out malicious activities, such as sending spam emails, launching DDoS attacks, or spreading malware.

Submit
36. Jim's company regularly performs backups of their critical servers. But the company can't afford to send backup tapes to an off-site vendor for long term storage and archiving. Instead Jim's company keeps the backup tapes in a safe in the office. Jim's company is audited each year, and the results from this year's audit show a risk because backup tapes aren't stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

Explanation

The correct answer is to encrypt the backup tapes and transport them in a lock box. Encrypting the backup tapes ensures that even if they are lost or stolen during transit, the data on them cannot be accessed without the encryption key. Transporting them in a lock box adds an additional layer of physical security, preventing unauthorized access to the tapes. This combination of encryption and physical security helps to protect the sensitive data on the backup tapes while they are in transit.

Submit
37. Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it's true positive or false positive. Looking at the logs he copy and paste basic details like below: source IP: 192.168.21.100 source port: 80 destination IP: 192.168.10.23 destination port: 63221 What is the most proper answer: 

Explanation

The given answer suggests that the alert triggered on reversed traffic, indicating that the source and destination IP addresses and ports are opposite to what is expected in a normal communication flow. This suggests that the IDS may have detected a suspicious or abnormal behavior, leading to a false positive alert.

Submit
38. What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Explanation

Supporting both types of algorithms allows for a more efficient and secure SSL/TLS connection. Asymmetric cryptography, although computationally expensive, is used to securely negotiate keys for symmetric cryptography. This means that the asymmetric algorithm is used to securely exchange a shared secret key, which is then used by the symmetric algorithm to encrypt and decrypt the actual data being transmitted. By combining both types of cryptography, the advantages of efficient symmetric encryption and secure key exchange through asymmetric encryption can be achieved. Additionally, supporting symmetric encryption allows for compatibility with less-powerful devices such as mobile phones.

Submit
39. Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in Javascript and can track the customers' activity on the site. These tools are located on the servers of the marketing company. What is the main security risk associated with this scenario?

Explanation

The main security risk associated with this scenario is that the external script contents could be maliciously modified without the security team's knowledge. Since the marketing tools are located on the servers of the marketing company, the web-site developers have no control over the scripts. This leaves the possibility for attackers to modify the scripts and inject malicious code, potentially leading to data breaches or other security vulnerabilities. The security team's monthly reviews may not be sufficient to detect such modifications, making it a significant risk.

Submit
40. What is the process for allowing or blocking a specific port in the Windows firewall?  (For example, TCP port 22 inbound)

Explanation

To allow or block a specific port in the Windows firewall, a rule that matches the requirements can be created in "Windows Firewall with Advanced Security", which is located in the Control Panel. This means that it is possible to configure the firewall settings directly within Windows without the need for third-party software. The "netsh" program on the command-line can also be used to implement specific rules, but the correct answer focuses on the option available in the Control Panel.

Submit
41. What is the difference between the AES and RSA algorithms?

Explanation

The explanation for the given correct answer is that RSA is an asymmetric algorithm, meaning it uses a public/private key pair for encryption and decryption. On the other hand, AES is a symmetric algorithm, meaning it uses the same key for both encryption and decryption. Therefore, RSA is used for key generation and encryption/decryption of small amounts of data, while AES is used for encrypting and decrypting larger amounts of data.

Submit
42. Which of the following techniques are NOT relevant in preventing arp spoof attack?

Explanation

Kernel based patches are not relevant in preventing ARP spoof attacks because they are not specifically designed to address this type of attack. Kernel based patches typically focus on fixing vulnerabilities and improving the performance of the operating system's kernel, but they do not directly deal with preventing ARP spoofing. Other techniques mentioned, such as static MAC entries, arpwatch, and secure ARP protocol, are more relevant in preventing ARP spoof attacks.

Submit
43. The I.T. Helpdesk at XYZ Company has begun receiving several phone calls from concerned staff regarding a suspicious email they have received.  One employee has forwarded a copy of the suspicous email to you for further investigation. Your manager is asking for immediate information to determine if this is a phishing attack. The email message looks like this: From: [email protected] To: [email protected] Date: 4/10/17 2:35pm Subject:New corporate HR sign up today! Priority: High You want to quickly determine who sent this email message so you look at the envelope headers and see this information: Received from unknown (209.85.213.50) by mail.xyzcompany.com id 2BqvU15YHBK; 10 Apr 2017 14:33:50 You perform a DNS query to determine more information about 209.85.213.50 but no record is found. What web site will allow you to quickly find out more information about 209.85.213.50 including the owner of the IP address?

Explanation

The correct answer is https://whois.arin.net. This website is a reliable source for performing a WHOIS query to find information about IP addresses. By entering 209.85.213.50 into the search field, you can quickly obtain details about the owner of the IP address, which will help in determining if the email is part of a phishing attack or not.

Submit
44. During a Xmas scan what indicates a port is closed?

Explanation

During a Xmas scan, a closed port is indicated by receiving a RST (Reset) response. This means that the scanned port is not open and the system is actively rejecting the connection attempt.

Submit
45. Developers at your company are creating a web application which will be available for use by anyone on the Internet. The developers have taken the approach of implementing a Three-Tier Architecture for the web application. The developers are now asking you which network should the Presentation Tier (front-end web server) be placed in?

Explanation

The Presentation Tier (front-end web server) should be placed in the DMZ network. The DMZ (Demilitarized Zone) network is a neutral zone between the internal network and the external network (Internet). It acts as a buffer zone, providing an additional layer of security by isolating the publicly accessible services from the internal network. Placing the front-end web server in the DMZ network allows external users to access the web application while keeping the internal network protected from potential security threats.

Submit
46. CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this: From: [email protected] To: [email protected] Subject:  Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message.  This proves that CompanyXYZ's email gateway doesn't prevent what?

Explanation

The fact that the employee of CompanyXYZ receives the specially formatted email message sent by the person assessing the security of the perimeter email gateway suggests that CompanyXYZ's email gateway does not prevent email spoofing. Email spoofing is a technique used by attackers to forge the header information of an email, making it appear as if it came from a different sender. In this case, the sender's email address ([email protected]) could have been easily manipulated or forged, allowing the email to pass through the gateway without detection.

Submit
47. Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn't log out from emails or other social media accounts, and etc. After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons. Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

Explanation

Vlady should conduct information security awareness training as the first step to make employees understand the importance of keeping confidential information a secret. This training will educate employees about the risks associated with sharing passwords and writing them on post-it notes, leaving computers unlocked, and not logging out from accounts. By providing this training, Vlady can raise awareness among employees about the significance of information security and help them understand the potential consequences of their actions. This will ultimately contribute to creating a more secure environment within the company.

Submit
48. What does the -oX flag do in an Nmap scan?

Explanation

The -oX flag in an Nmap scan is used to output the results in XML format to a file. This allows for easier parsing and analysis of the scan results using various tools. XML format provides a structured and standardized way to store and exchange data, making it a suitable choice for storing Nmap scan results. By using the -oX flag, the user can specify the name and location of the output file where the XML-formatted results will be saved.

Submit
49. Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP doesn't encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

Explanation

SMTP uses the command "STARTTLS" to initiate a secure connection between two mail servers and transmit email over TLS. This command allows SMTP to upgrade the connection and encrypt the email, ensuring that the information in the message is protected and cannot be read by unauthorized individuals.

Submit
50. You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

Explanation

The command "nmap -sT -O -T0" would result in a scan of common ports with the least amount of noise in order to evade IDS. The "-sT" flag specifies a TCP connect scan, which is less likely to be detected by IDS compared to other scan types. The "-O" flag enables OS detection, which can provide additional information about the target system without generating additional noise. The "-T0" flag sets the timing template to the slowest possible value, reducing the likelihood of detection by IDS.

Submit
51. Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics:- Verifies success or failure of an attack- Monitors System Activities- Detects attacks that a network based IDS fail to detect- Near real time detection and response- Does not require additional hardware- Lower entry cost Which type of IDS is best suited for Tremp's requirements?

Explanation

A host-based IDS is best suited for Tremp's requirements because it verifies the success or failure of an attack, monitors system activities, and detects attacks that a network-based IDS may fail to detect. Additionally, a host-based IDS provides near real-time detection and response, does not require additional hardware, and has a lower entry cost compared to other types of IDSs.

Submit
52. The systems administrator for one of your clients has just called you, explaining that one of their critical servers has been breached. You let her know that your incident response team is on the way, and instruct her not to power off the compromised system at this time. Why shouldn't she power off the server?  Select the best answer.

Explanation

The incident response team needs to retrieve information stored in volatile memory such as RAM. Powering off the server would cause the volatile memory to be cleared, resulting in the loss of important evidence that could help in identifying the attacker and understanding the extent of the breach. By keeping the server running, the incident response team can analyze the memory and gather valuable information to aid in the investigation and remediation process.

Submit
53. When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Explanation

To determine inconsistencies in the secure assets database and verify system compliance to the minimum security baseline, a security analyst should perform data items and vulnerability scanning. This involves analyzing the data items within the secure assets database to identify any inconsistencies or discrepancies. Additionally, vulnerability scanning helps to identify any potential weaknesses or vulnerabilities within the system that may pose a security risk. By conducting these assessments, the security analyst can ensure that the system is in line with the minimum security baseline and address any issues that may compromise its security.

Submit
54. Cross-site request forgery involves:

Explanation

Cross-site request forgery (CSRF) involves a browser making a request to a server without the user's knowledge. This means that an attacker can exploit the trust between a user and a website to perform unauthorized actions on behalf of the user. The attacker tricks the user's browser into making a request to a vulnerable website, which then executes the request as if it came from the user. This can lead to various malicious activities, such as changing account settings, making financial transactions, or deleting data, without the user's consent or knowledge.

Submit
55. Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Explanation

Intrusion Detection Systems (IDS) cannot easily distinguish a malicious payload in encrypted traffic because the payload is hidden within the encryption. IDS can analyze network packets, examine data in the context of network protocols, and distinguish specific content, but they cannot decrypt encrypted traffic to identify a malicious payload without additional measures such as decryption keys or specialized tools.

Submit
56. What is the purpose of DNS AAAA record?

Explanation

The purpose of a DNS AAAA record is to provide the IPv6 address resolution for a domain name. It allows the mapping of a domain name to its corresponding IPv6 address, enabling devices to connect to the correct destination using the IPv6 protocol. This record is essential for the proper functioning of IPv6 networks and ensures that the correct IP address is associated with a domain name when accessing resources on the internet.

Submit
57. A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Explanation

Before enabling the audit feature, the bank should first determine the impact of enabling it. This step is important as it allows the bank to assess the potential consequences of enabling the audit feature on their system. By understanding the impact, the bank can evaluate any potential risks, benefits, and requirements associated with enabling auditing. This will help them make an informed decision and take necessary precautions to ensure the security and privacy of the sensitive information stored and processed in relation to home loans.

Submit
58. Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

Explanation

IPsec is a layer 3 protocol that provides end-to-end encryption of the connection. It operates at the network layer of the OSI model and can be used to encrypt data at the IP packet level, ensuring that all traffic passing through the network is secure. While FTP does not provide encryption by default, IPsec can be implemented to encrypt the FTP traffic, providing a secure connection between the client and server.

Submit
59. You are performing a web application penetration test for one of your clients. The app uses HTTPS exclusively. You configure your browser to use Burp Suite as a proxy, but immediately receive a certificate error when attempting to visit the website. Which steps would you follow to remove this warning for all websites, and what would be the associated security risk?

Explanation

Adding the Burp Suite certificate as a trusted root CA for the browser/OS would remove the certificate error and allow the HTTPS sessions to proceed without warnings. However, this action exposes the user to man-in-the-middle attacks from anyone who possesses the same certificate. This means that an attacker with the same certificate could intercept and manipulate the communication between the user's browser and the web application, potentially compromising the confidentiality and integrity of the data transmitted.

Submit
60. Trinity needs to scan all hosts on a /16 network for TCP port 445 only.  What is the fastest way she can accomplish this with Nmap?  Stealth is not a concern.

Explanation

The fastest way for Trinity to scan all hosts on a /16 network for TCP port 445 only is by using the command "nmap -p 445 -n -T4 --open 10.1.0.0/16". This command specifies the port to be scanned (-p 445), disables DNS resolution (-n), sets the timing template to aggressive (-T4), and only shows open ports (--open).

Submit
61. What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the provider's environment.

Explanation

Antivirus software that identifies malware by collecting data from multiple protected systems and analyzing files on the provider's environment is known as cloud-based detection. This technique involves sending suspicious files or data to a cloud server where it is analyzed using advanced algorithms and machine learning models. By leveraging the power of the cloud, antivirus software can quickly identify and respond to new and emerging threats, providing real-time protection to users. Cloud-based detection also allows for faster updates and improved detection rates compared to traditional local file analysis methods.

Submit
62. Clara, a black hat, has connected her Linux laptop to an Ethernet jack in the E-Corp reception area. She types "ip route" at a terminal and receives the following output, realizing that she's still connected to a WiFi network across the street. If she were to attack a host at 192.168.100.250, out of which interface would the traffic exit? default via 192.168.100.1 dev wlp5s0 src 192.168.100.156 metric 202 default via 192.168.96.1 dev enp5s0u1 src 192.168.100.54 metric 600 192.168.100.0/24 dev wlp5s0 proto kernel scope link src 192.168.100.156 metric 202 192.168.96.0/21 dev enp5s0u1 proto kernel scope link src 192.168.100.54 metric 600

Explanation

The traffic would exit through the interface "wlp5s0" because it is the interface associated with the WiFi network that Clara is currently connected to. This can be determined from the "ip route" output where the line "default via 192.168.100.1 dev wlp5s0 src 192.168.100.156 metric 202" indicates that the default route for internet traffic is through the "wlp5s0" interface.

Submit
63. The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

Explanation

The requirement "Assign a unique ID to each person with computer access" would best fit under the objective "Implement strong access control measures" because it ensures that each individual with computer access is identified and can be held accountable for their actions. By assigning unique IDs, it becomes easier to track and monitor user activity, preventing unauthorized access and potential security breaches. This control measure strengthens access control by enforcing accountability and limiting access privileges to authorized individuals.

Submit
64. Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious java scripts. After opening one of them he noticed that it's very hard to understand the code and all code differs from typical java script. What is the name of this technique to hide the code and extend analysis time?

Explanation

The correct answer is obfuscation. Obfuscation is a technique used to make code difficult to understand or analyze. In this scenario, the suspicious java script code has been intentionally modified to be hard to comprehend, making it time-consuming for the analyst to analyze it. This technique is commonly used by attackers to hide their malicious intentions and make it challenging for security analysts to detect and understand their code.

Submit
65. You are performing a penetration test for a client, and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain. If the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Explanation

The command "ls -d abccorp.local" is used to attempt a zone transfer in nslookup. A zone transfer is a mechanism used to replicate DNS records from a primary DNS server to a secondary DNS server. By typing this command, the tester is requesting the DNS server at 192.168.10.2 to provide all DNS records for the abccorp.local domain, which can be useful for further analysis and exploitation during the penetration test.

Submit
66. While scanning with Nmap, Patin found several hosts which have the IP ID sequence of incremental. He then decided to conduct: nmap -Pn -p- -sI kiosk.adobe.com www.riaa.com Whereas kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-sI" with Nmap?

Explanation

The purpose of using "-sI" with Nmap is to conduct an IDLE scan. IDLE scanning is a stealthy method of scanning that allows the attacker to use a third-party system as a proxy to scan a target network. By using a host with an incremental IP ID sequence (in this case, kiosk.adobe.com), the attacker can send spoofed packets to the target network, and the responses from the target network will be sent to the host with the incremental IP ID sequence. This allows the attacker to gather information about the target network without directly interacting with it, making it difficult to detect.

Submit
67. You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23. Which of the following IP addresses could be leased as a result of the new configuration?

Explanation

The given subnet is 10.1.4.0/23, which means it has a range of IP addresses from 10.1.4.1 to 10.1.5.254. The last 100 usable IP addresses in this range would be from 10.1.5.155 to 10.1.5.254. Therefore, 10.1.5.200 is within this range and could be leased as a result of the new configuration.

Submit
68. Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that another security risk assessment was performed showing that risk has decreased to 10%.The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with most business profit?

Explanation

Accepting the risk would be the best decision for the project in terms of its successful continuation with the most business profit. This is because the risk has decreased to 10%, which is below the risk threshold of 20%. Introducing more controls to bring the risk to 0% may not be cost-effective or necessary since the risk is already within an acceptable range. Mitigating the risk may also not be necessary as it is already below the risk threshold. Avoiding the risk may not be feasible or practical for the project.

Submit
69. This proprietary information security standard wireless guidelines classify CDEs (Cardholder Data Environments) into three scenarios depending on WLANs deployment. What standard is being mentioned?

Explanation

The correct answer is PCI. The explanation is that the question is asking about a proprietary information security standard that classifies CDEs (Cardholder Data Environments) into three scenarios based on WLANs deployment. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Therefore, PCI is the standard being mentioned in the question.

Submit
70. Which of the following algorithms is used for Kerberos encryption? 

Explanation

DES (Data Encryption Standard) is the correct answer for this question. DES is a symmetric encryption algorithm that is used in the Kerberos protocol for encrypting and decrypting data. It is a widely used encryption algorithm known for its security and efficiency. DES uses a 56-bit key to encrypt and decrypt data in blocks of 64 bits. It has been widely used in various applications, including network security protocols like Kerberos.

Submit
71. A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees don't like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

Explanation

The correct answer is "tcp.port == 21". This command can be used as a display filter in Wireshark to find unencrypted file transfers because port 21 is commonly used for FTP (File Transfer Protocol) which is an unencrypted protocol. By filtering for traffic on port 21, any file transfers using this protocol will be displayed, allowing the user to identify any instances of unencrypted file transfers.

Submit
72. OpenSSL on Linux servers includes a command line tool for testing TLS.  What is the name of the tool and the correct syntax to connect to a web server?

Explanation

The correct answer is "openssl s_client -connect www.website.com:443". OpenSSL on Linux servers includes the command line tool "s_client" which is used to test TLS connections. The "-connect" option is used to specify the server and port to connect to, in this case, www.website.com on port 443.

Submit
73. You have successfully logged on a Linux system. You want now to cover you tracks. Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

Explanation

The file "user.log" does not belong to the list because it is not a standard log file in Linux systems. The other files mentioned, such as "auth.log," "wtmp," and "btmp," are commonly used to log authentication and login activities. However, "user.log" is not a standard log file name and is not typically used for logging login attempts.

Submit
74. Using spoofed IP address to generate port responses during a scan while using a SYN flag is a technique related to:

Explanation

Using spoofed IP address to generate port responses during a scan while using a SYN flag is a technique related to the IDLE (side-channel) attack. In this attack, the attacker sends SYN packets with spoofed IP addresses to the target system. The target system responds with SYN-ACK packets to the spoofed IP addresses, which allows the attacker to gather information about open ports without directly communicating with the target. This technique takes advantage of the side-channel information leakage to perform reconnaissance on a target system.

Submit
75. How is the public key distributed in an orderly, controlled fashion in order that users can be sure of the sender's identity?

Explanation

A digital certificate is a way to distribute the public key in an orderly and controlled fashion. It is issued by a trusted third party, known as a Certificate Authority (CA), and contains information about the sender's identity, along with their public key. The digital certificate is digitally signed by the CA, ensuring its authenticity. When a user receives a digital certificate, they can verify the CA's signature and trust the sender's identity. This ensures that users can be confident about the sender's identity when using the public key for encryption or authentication purposes.

Submit
76. Why containers are less secure that virtual machines?

Explanation

A compromise container may cause a CPU starvation of the host because containers share the same kernel as the host operating system. If a container is compromised and starts consuming excessive CPU resources, it can starve other containers and even the host system of CPU power, leading to degraded performance or even system failure. This is a security concern as it can impact the overall stability and availability of the host system.

Submit
77. Your company provides data analytics services to several large clients. A new client says that your company is required to sign a Business Associate Agreement (BAA) document before they will transfer any data to your company. You review the BAA and determine it is a legal contract between your company and the client. It lists the exact details of how your company will handle the client's data and specific security requirements. What regulation, which requires a Business Associate Agreement for some vendors, is the client following?

Explanation

The client is following the HIPAA (Health Insurance Portability and Accountability Act) regulation, which requires a Business Associate Agreement for some vendors. The BAA is a legal contract that outlines the specific details of how the company will handle the client's data and the security requirements. This regulation is specifically designed to protect the privacy and security of individuals' health information.

Submit
78. Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it's true positive or false positive. Looking at the logs he copy and paste basic details like below: source IP: 192.168.21.100 source port: 80 destination IP: 192.168.10.23 destination port: 63221 What is the most proper answer:

Explanation

The given answer suggests that the alert triggered on reversed traffic, which indicates that the source and destination IP addresses and ports are switched. This implies that the IDS detected suspicious activity from the destination IP and port (192.168.10.23:63221) towards the source IP and port (192.168.21.100:80), which is unusual and may be a false positive.

Submit
79. Darius and Mathew were performing internal vulnerability scan within the corporate network and reported results to his manager. Manager found that it was not performed correctly because there were some mismatches comparing both of them. He was expecting the same results, showing the same findings as it was made at the same time, tool and they've scanned the same IP ranges. Results simply shows more finding from Mathew's scan. What was the most probably root cause:

Explanation

The most probable root cause for the mismatch in results is that one of the scans was blocked by an Intrusion Prevention System (IPS). An IPS is designed to monitor network traffic and prevent malicious activity. In this case, it is likely that the IPS detected the scanning activity from one of the individuals and blocked it, resulting in fewer findings compared to the other scan. This would explain why Darius and Mathew's scans did not produce the same results, despite using the same tool and scanning the same IP ranges.

Submit
80. What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS? 

Explanation

Using both symmetric and asymmetric cryptography in SSL/TLS has the advantage of combining the strengths of both encryption methods. Asymmetric cryptography is computationally expensive but is ideal for securely negotiating keys for symmetric cryptography. Symmetric encryption, on the other hand, allows for secure transmission of session keys out-of-band and provides a failsafe when asymmetric methods fail. This combination allows for efficient and secure key exchange while also accommodating less-powerful devices that may not be able to handle the computational requirements of asymmetric cryptography.

Submit
81. DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Explanation

Dynamic ARP Inspection (DAI) is a security feature on switches that leverages the DHCP snooping database to help prevent man-in-the-middle attacks. DAI inspects Address Resolution Protocol (ARP) packets and verifies the IP-to-MAC address bindings in the DHCP snooping database. It then drops any ARP packets that have invalid or unauthorized IP-to-MAC address bindings, thus preventing attackers from redirecting traffic or performing ARP spoofing attacks. By utilizing the information from the DHCP snooping database, DAI adds an extra layer of protection against these types of attacks on the network.

Submit
82. Which of below hashing functions are not recommended for use: 

Explanation

MD5 and SHA-1 are not recommended for use as hashing functions. This is because they are considered to be weak and vulnerable to collision attacks. Collision attacks occur when two different inputs produce the same hash value, which can lead to security vulnerabilities. Therefore, it is recommended to use stronger and more secure hashing functions such as SHA-2 and SHA-3. SHA-5 is not a commonly used hashing function, so it is not recommended either.

Submit
83. Which of the below encryption algorithms are the fastest?

Explanation

AES (Advanced Encryption Standard) is the correct answer because it is known for its speed and efficiency in encryption and decryption processes. AES is widely used and has become the industry standard due to its ability to provide strong security while maintaining high performance. It is commonly used in various applications, including secure communication, data storage, and network security. ECC (Elliptic Curve Cryptography), SHA-1, and SHA-2 are not encryption algorithms but rather cryptographic hash functions, which serve different purposes in data security.

Submit
84. AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Explanation

The correct answer is Nikto. The question states that the person is looking for common misconfigurations and outdated software versions. Nikto is a web server vulnerability scanner that specifically looks for these types of vulnerabilities. Armitage is a graphical interface for Metasploit, which is a penetration testing framework. Nmap is a network scanning tool that can be used for various purposes, including vulnerability scanning, but it is not specifically designed for finding misconfigurations and outdated software versions. Therefore, the most likely tool being used in this scenario is Nikto.

Submit
85. When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication "open", but sets the SSID to a 32-character string of random letters and numbers. What is an accurate assessment of this scenario from a security perspective?

Explanation

not-available-via-ai

Submit
86. What is the known plaintext attack used against DES which results in the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

Explanation

A meet-in-the-middle attack is a known plaintext attack that exploits the vulnerability of using two DES keys in sequence. In this attack, the attacker encrypts the plaintext with one key and stores the intermediate result. Then, they decrypt the ciphertext with another key and stores the intermediate result. By comparing the two intermediate results, the attacker can find the matching pair of keys that produce the same result. This attack reduces the effective key size, making it no more secure than using a single key.

Submit
87. Which utility will tell you in real time which ports are listening or in another state?

Explanation

Netstat is a utility that provides information about network connections and listening ports on a computer. It displays a list of active connections, including the protocol, local and remote IP addresses, and the state of each connection. By using Netstat, users can see which ports are open and actively listening for incoming connections, as well as identify any suspicious or unauthorized connections. This real-time information is useful for network troubleshooting, monitoring network activity, and ensuring the security of a computer or network. TCPView, Loki, and Nmap are also network monitoring tools, but Netstat specifically focuses on displaying real-time information about listening ports.

Submit
88. Which TCP scanning method is unlikely to set off network IDS?

Explanation

A TCP SYN scan is unlikely to set off network IDS because it only completes the TCP handshake process up to the SYN/ACK stage. It sends a SYN packet to the target host and waits for a response. If the port is open, the target host will respond with a SYN/ACK packet, indicating that the port is open and ready for a connection. However, the TCP SYN scan does not complete the handshake by sending an ACK packet, which is typically required to establish a full connection. This incomplete handshake makes it difficult for network IDS to detect the scan as it appears more like a normal connection attempt rather than a scan.

Submit
89. User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

Explanation

In the context of PKI (Public Key Infrastructure), the encryption and decryption of the sensitive email message take place at the Application layer of the OSI model. The Application layer is responsible for providing network services to the user and enables applications to access the network. In this case, the email application is utilizing PKI to secure the message, which involves encrypting the email at the sender's end and decrypting it at the receiver's end. This ensures that only user B, the intended recipient, can read the sensitive email.

Submit
90. A Multihomed firewall has a minimum of how many network connections?

Explanation

A multihomed firewall is a firewall that is connected to multiple networks. In order to be considered multihomed, it must have at least two network connections. This allows the firewall to filter and control traffic between the different networks, providing an added layer of security. Therefore, the correct answer is 2.

Submit
91. Which of the following is true regarding a PKI system?

Explanation

The correct answer is "The RA verifies an applicant to the system." In a PKI (Public Key Infrastructure) system, the Registration Authority (RA) is responsible for verifying the identity of an applicant before issuing a certificate. The RA performs the necessary checks and authentication processes to ensure that the applicant is who they claim to be. This verification step is crucial in maintaining the security and trustworthiness of the PKI system.

Submit
92. What is the main security service a cryptographic hash provides?

Explanation

A cryptographic hash provides the main security service of integrity and collision resistance. Integrity ensures that the data remains unchanged during transmission or storage, as any alteration to the data will result in a different hash value. Collision resistance ensures that it is computationally infeasible to find two different inputs that produce the same hash value. These properties make cryptographic hashes essential for verifying the integrity of data and preventing unauthorized modifications or tampering.

Submit
93. You are analysing a traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs -  192.168.8.0/24. What command you would use?

Explanation

The correct answer is "wireshark --capture --local --masked 192.168.8.0 --range 24". This command will run a capture against a specific set of IPs, in this case, the IP range 192.168.8.0/24. The "--capture" flag indicates that a capture should be performed, the "--local" flag specifies that the capture should be performed on the local machine, the "--masked" flag specifies the IP range to capture, and the "--range" flag specifies the range of IPs to capture, in this case, 24.

Submit
94. Which of the following is NOT correct about the usefulness of vulnerability scanning:

Explanation

The correct answer is "Provide the environment to be able to safely penetrate vulnerable systems." This option is not correct because vulnerability scanning does not provide the environment to safely penetrate vulnerable systems. Instead, vulnerability scanning identifies vulnerabilities in systems and provides information on how to mitigate those vulnerabilities, checks compliance with security policies, and provides information on targets for penetration testing.

Submit
95. What does mean the line 7 of the traceroute : ark@debian-lxde:~$ traceroute -n 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1  192.168.2.1  0.914 ms  1.000 ms  1.054 ms 2  192.168.1.1  2.364 ms  1.983 ms  2.126 ms 3       4  193.253.85.230  2.313 ms  3.021 ms  2.848 ms 5  81.253.182.230  3.086 ms  2.868 ms  4.077 ms 6  81.253.184.82  10.248 ms  10.268 ms  10.085 ms 7  81.52.200.209  6.970 ms 81.52.200.217  6.454 ms 81.52.200.209  7.179 ms 8  81.52.186.142  6.766 ms  7.278 ms  7.206 ms 9  209.85.244.252  8.847 ms  8.644 ms  8.639 ms 10  8.8.8.8  9.289 ms  9.123 ms  9.024 ms ark@debian-lxde:~$

Explanation

not-available-via-ai

Submit
96. Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe?

Explanation

Encrypting backup tapes that are sent off-site is the best practice for businesses when adding credit card numbers to their data backups. Encrypting the tapes ensures that even if they are lost or stolen, the sensitive credit card information remains secure and inaccessible to unauthorized individuals. This helps to protect the privacy and security of the customers' credit card information and comply with data protection regulations. Hiring a security consultant may be beneficial, but it is not specifically related to the best practice for backing up credit card numbers. Not backing up either the credit card numbers or their hashes or backing up only the hashes would not provide a complete backup solution.

Submit
97. At 2:05pm your log monitoring tool sends an alert to the InfoSec team that a special account named dba_admin was just used. While investigating this alert, at 2:30pm your database administrator calls with information that a database extract of ten thousand records occurred around 2pm. He says this is unusual because no data extract jobs were scheduled at that time.  At 2:45pm your web proxy sends an alert to the InfoSec team that someone just tried to access the underground hacker site named Data4Sale.com. After consulting on the information available so far, the Manager of Information Security, the Director of Information Technology, and the Chief Information Security Officer declare an incident. During the Evidence Gathering and Handling phase of the incident response, what is the most important thing to do?

Explanation

The most important thing to do during the Evidence Gathering and Handling phase of the incident response is to review the evidence in careful detail to identify the attacking hosts. This is crucial in order to determine the source of the attack and gather information about the attackers. By carefully examining the evidence, the InfoSec team can gather valuable insights that can help in understanding the nature of the incident and developing effective countermeasures to prevent future attacks.

Submit
98. Nedved is an IT Security Manager of a Bank in his country. One day, he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address. What is the first thing that Nedved needs to do before contacting the incident response team?

Explanation

Nedved should leave the suspicious connection as it is and immediately contact the incident response team. This is because the incident response team is specialized in handling security breaches and will have the necessary expertise to investigate and mitigate the situation effectively. Disconnecting the email server or blocking the connection without proper analysis may hinder the investigation process and potentially cause further damage. Migrating the connection to the backup email server is not the immediate priority as resolving the security breach takes precedence.

Submit
99. Which of the following steps for risk assessment methodology refers to vulnerability identification?

Explanation

The step for risk assessment methodology that refers to vulnerability identification is determining if any flaws exist in systems, policies, or procedures. This step involves analyzing the systems, policies, and procedures in place to identify any weaknesses or vulnerabilities that could potentially be exploited. By identifying these flaws, organizations can take appropriate measures to mitigate the risks associated with them and enhance the security of their IT systems.

Submit
100. Your company has web servers, DNS servers, and mail servers in a DMZ that are accessible from the Internet. Hackers have been scanning your public IP addresses and you even suspect they have begun enumerating some targets. Your company performs daily Nessus scans to find live hosts, open ports, and vulnerabilities. The Nessus scanner is connected to your internal network. Your manager commented that he thinks a network firewall is blocking Nessus from scanning the hosts in the DMZ. What is a solution to provide Nessus with the same visibility of the DMZ as that of a hacker?

Explanation

The solution to provide Nessus with the same visibility of the DMZ as that of a hacker is to run Nessus from a server that resides in the DMZ. By doing so, the scan will not be interfered with by firewalls, IPS, or other security products. This will allow Nessus to effectively scan the hosts in the DMZ and identify any live hosts, open ports, and vulnerabilities present.

Submit
101. The network team has well established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration you notice a recently implemented rule but can't locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

Explanation

A good step to have in the procedures for a situation like this would be to monitor all traffic using the firewall rule until a manager can approve it. This ensures that the business operations are not disrupted by rolling back the rule immediately, while also addressing the concern of lacking manager approval. By monitoring the traffic, any potential risks or issues can be identified and addressed promptly, while waiting for the necessary approval from a manager. This approach allows for a balance between maintaining operational continuity and ensuring proper authorization for firewall rule implementations.

Submit
102. You type the following command at a Linux command prompt: hping3 -c 65535 -i u1 -S -p 80 --rand-source www.targetcorp.com What action are you performing?

Explanation

By typing the given command at a Linux command prompt, you are performing a SYN flood. This command utilizes the hping3 tool to flood the target website "www.targetcorp.com" with a large number of SYN packets. The "-c 65535" flag specifies the number of packets to send, "-i u1" sets the interval between packets to 1 microsecond, "-S" indicates that the packets should be TCP SYN packets, and "--rand-source" randomizes the source IP address of the packets. This type of attack overwhelms the target's resources by exhausting the available connections, potentially causing denial of service.

Submit
View My Results

Quiz Review Timeline (Updated): Mar 22, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Sep 19, 2018
    Quiz Created by
    Terry519vx
Cancel
  • All
    All (102)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
In which of the following password protection technique, random...
A hacker named Jack is trying to compromise a bank's computer system....
Log monitoring tools performing behavioral analysis have alerted to...
What type of analysis is performed when an attacker has partial...
Which of the following provides a security professional with most...
Which of the following is an adaptive SQL injection testing technique...
Darius just received a call: Unknown Caller: Hello, my name is Rashad...
You need a tool that can do network intrusion prevention and intrusion...
The name for tools which receive event logs from servers, network...
Why is a penetration test considered to be more thorough than...
Peter is surfing the internet looking for information about DX...
Which command can be used to show current TCP/IP connections.
Hackers often raise the trust level of a phishing message by modeling...
What is the process for allowing or blocking a specific port in the...
Using spoofed IP address to generate port responses during a scan...
What is the purpose of a demilitarized zone on a network?
In IPv6 what is the major difference concerning application layer...
A pen tester is configuring a windows laptop for a test. In setting up...
PGP, SSL, and IKE are all examples of which type of cryptography?
These hackers have limited or no training and know how to use only...
What is the most important for a pentester before he can start any...
Matthew, a black hat, has managed to open a meterpreter session to one...
Which is the first step followed by Vulnerability Scanners for...
A hacker gained access to database with logins and hashed passwords....
The following is a part of a log file taken from the machine on the...
Which Metasploit Framework tool can help penetration tester for...
Max saw a guy (Mario) who looked like a janitor who was holding a lot...
A tester has been hired to do a web application security test. The...
An LDAP directory can be used to store information similar to a SQL...
Which of the following DoS tools is used to attack targets web...
Security Policy is a definition of what it means to be secure for a...
Elliot is in the process of exploiting a web application that uses SQL...
To reach a bank web site, the traffic from workstations must pass...
The name for tools which receive event logs from servers, network...
You are working as a Security Analyst in a company XYZ that owns the...
Jim's company regularly performs backups of their critical...
Darius is analysing logs from IDS. He want to understand what have...
What is one of the advantages of using both symmetric and asymmetric...
Assume a business-crucial web-site of some company that is used to...
What is the process for allowing or blocking a specific port in the...
What is the difference between the AES and RSA algorithms?
Which of the following techniques are NOT relevant in preventing arp...
The I.T. Helpdesk at XYZ Company has begun receiving several phone...
During a Xmas scan what indicates a port is closed?
Developers at your company are creating a web application which will...
CompanyXYZ has asked you to assess the security of their perimeter...
Vlady works in a fishing company where the majority of the employees...
What does the -oX flag do in an Nmap scan?
Email is transmitted across the Internet using the Simple Mail...
You are attempting to run an Nmap port scan on a web server. Which of...
Tremp is an IT Security Manager, and he is planning to deploy an IDS...
The systems administrator for one of your clients has just called you,...
When a security analyst prepares for the formal security assessment -...
Cross-site request forgery involves:
Which of the following statements is FALSE with respect to Intrusion...
What is the purpose of DNS AAAA record?
A bank stores and processes sensitive privacy information related to...
Although FTP traffic is not encrypted by default, which layer 3...
You are performing a web application penetration test for one of your...
Trinity needs to scan all hosts on a /16 network for TCP port 445...
What kind of detection techniques is being used in antivirus softwares...
Clara, a black hat, has connected her Linux laptop to an Ethernet jack...
The Payment Card Industry Data Security Standard (PCI DSS) contains...
Analyst is investigating proxy logs and found out that one of the...
You are performing a penetration test for a client, and have gained...
While scanning with Nmap, Patin found several hosts which have the IP...
You are tasked to configure the DHCP server to lease the last 100...
Suppose your company has just passed a security risk assessment...
This proprietary information security standard wireless guidelines...
Which of the following algorithms is used for Kerberos...
A company's policy requires employees to perform file transfers...
OpenSSL on Linux servers includes a command line tool for testing TLS....
You have successfully logged on a Linux system. You want now to cover...
Using spoofed IP address to generate port responses during a scan...
How is the public key distributed in an orderly, controlled fashion in...
Why containers are less secure that virtual machines?
Your company provides data analytics services to several large...
Darius is analysing logs from IDS. He want to understand what have...
Darius and Mathew were performing internal vulnerability scan within...
What is one of the advantages of using both symmetric and asymmetric...
DHCP snooping is a great solution to prevent rogue DHCP servers on...
Which of below hashing functions are not recommended for use: 
Which of the below encryption algorithms are the fastest?
AES is asymmetric, which is used to create a public/private key pair;...
When configuring wireless on his home router, Javik disables SSID...
What is the known plaintext attack used against DES which results in...
Which utility will tell you in real time which ports are listening or...
Which TCP scanning method is unlikely to set off network IDS?
User A is writing a sensitive email message to user B outside the...
A Multihomed firewall has a minimum of how many network connections?
Which of the following is true regarding a PKI system?
What is the main security service a cryptographic hash provides?
You are analysing a traffic on the network with Wireshark. You want to...
Which of the following is NOT correct about the usefulness of...
What does mean the line 7 of the traceroute : ark@debian-lxde:~$...
Your business has decided to add credit card numbers to the data it...
At 2:05pm your log monitoring tool sends an alert to the InfoSec team...
Nedved is an IT Security Manager of a Bank in his country. One day, he...
Which of the following steps for risk assessment methodology refers to...
Your company has web servers, DNS servers, and mail servers in a DMZ...
The network team has well established procedures to follow for...
You type the following command at a Linux command prompt: hping3 -c...
Alert!

Advertisement