1.
A security consultant decides to use multiple layers of anti-virus defense, such as end-user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?
A. 
B. 
C. 
Social engineering attack
D. 
2.
A person who uses hacking skills for defensive purposes is called a:
A. 
B. 
C. 
D. 
3.
Which of the following refers to an attacker exploiting vulnerabilities before the vendor has a patch or mitigation for them?
A. 
B. 
C. 
D. 
4.
What is the preparatory phase of hacking called?
A. 
B. 
C. 
D. 
5.
Which of the following is a weakness in a system, application, network, or process?
A. 
B. 
C. 
D. 
6.
Which of the following refers to an unskilled hacker that uses pre-made scripts and tools to hack into systems?
A. 
B. 
C. 
D. 
7.
Gathering information about a target without direct contact is called:
A. 
B. 
C. 
D. 
8.
Which of the following ports is used by the Domain Name Service?
9.
Which type of password attack makes use of extensive wordlists to hash and run against a captured password hash?
A. 
B. 
C. 
D. 
10.
Where are password hashes stored on a Windows system?
A. 
B. 
C. 
D. 
C:\Windows\system32\shadow
11.
All of the following are considered clear text protocols EXCEPT:
A. 
B. 
C. 
D. 
12.
Which of the following open source tools would be the best choice to scan a network for
potential targets?
A. 
B. 
C. 
D. 
13.
Which of the following is the successor of SSL?
A. 
B. 
C. 
D. 
14.
As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?
A. 
B. 
C. 
D. 
15.
The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?
A. 
B. 
C. 
D. 
16.
A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any
information besides the name of their company. What phase of security testing would your team jump in right away?
A. 
B. 
C. 
D. 
17.
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design and implementation?
A. 
B. 
C. 
D. 
Access control list reviews
18.
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?
A. 
B. 
C. 
D. 
19.
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
A. 
B. 
Cross-Site Scripting (XSS)
C. 
D. 
Cross-Site Request Forgery (CSRF)
20.
Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?
A. 
B. 
C. 
D. 
21.
Which is the first step followed by Vulnerability Scanners for scanning a network?
A. 
B. 
C. 
D. 
Checking if the remote host is alive
22.
The "gray box testing" methodology enforces what kind of restriction?
A. 
The internal operation of a system is only partly accessible to the tester.
B. 
The internal operation of a system is completely known to the tester.
C. 
Only the external operation of a system is accessible to the tester.
D. 
Only the internal operation of a system is known to the tester.
23.
Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?
A. 
B. 
C. 
D. 
24.
Which of the following is a low-tech way of gaining unauthorized access to systems?
A. 
B. 
C. 
D. 
25.
In order to have an anonymous Internet surf, which of the following is best choice?
A. 
Use SSL sites when entering personal information
B. 
Use Tor network with multi-node
C. 
D.