1 Which of the following actions best describes the term IP spoofing?

a. Trying to guess a password

b. Pretending to be someone you are not
c. Capturing TCP/IP traffic.
d. Trying to crack an encryption key.
2 You work as a penetration tester for Hammond Security Consultants. You are
currently working on a contract for the state government of California. Your next
step is to initiate a DoS attack on their network. Why would you want to initiate
a DoS attack on a system you are testing?
a. Use attack as a launching point to penetrate deeper into the network
b. Demonstrate that no system can be protected againstDoS attacks
c. List weak points on their network
d. Show outdated equipment so it can be replaced
3 A packet is sent to a router that does not have the packet destination address in
its route table, how will the packet get to its properA packet is sent to a router
that does not have the packet? Destination address in its route table, how will
the packet get to its proper destination?
a. Root Internet servers
b. Border Gateway Protocol
c. Gateway of last resort
d. Reverse DNS
4 Harold is a web designer who has completed a website for ghttech.net. As part of
the maintenance agreement he signed with the client, Harold is performing
research online and seeing how much exposure the site has received so far.
Harold navigates to google.com and types in the following search.
Link:www.ghttech.net
What will this search produce
a. All sites that link to ghttech.net
b. Sites that contain the code: link:www.ghttech.net
c. All sites that ghttech.net links to
d. All search engines that link to .net domains
5 You are a security analyst performing reconnaissance on a company you will be
carrying out a penetration test for. You conduct a search for IT jobs on Dice.com
and find the following information for an open position:
7+ years experience in Windows Server environment
5+ years experience in Exchange 2000/2003 environment Experience with Cisco
Pix Firewall Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software
are required MCSA desired, MCSE preferred
No Unix/Linux Experience needed
What is this information posted on the job website considered?
a. Information vulnerability
b. Social engineering exploit
c. Trade secret
d. Competitive exploit
6 Jason has set up a honeypot environment by creating a DMZ that has no physical
or logical access to his production network. In this honeypot, he has placed a
server running Windows Active Directory. He has also placed a Web server in the
DMZ that services a number of web pages that offer visitors a chance to
download sensitive information by clicking on a button A week later, Jason finds
in his network logs how an intruder accessed the honeypot and downloaded
sensitive information. Jason uses the logs to try and prosecute the intruder for
stealing sensitive corporate information. Why will this not be viable
a. Intruding into a honeypot is not illegal
b. Entrapment
c. Intruding into a DMZ is not illegal
d. Enticement
7 You are assisting a Department of Defense contract company to become
compliant with the stringent security policies set by the DoD. One such strict rule
is that firewalls must only allow incoming connections that were first initiated by
internal computers. What type of firewall must you implement to abide by this
policy?
a. Circuit-level proxy firewall
b. Packet filtering firewall
c. Application-level proxy firewall
d. Statefull firewall
8 Meyer Electronics Systems just recently had a number of laptops stolen out of
their office. On
these laptops contained sensitive corporate information regarding patents and
company
strategies. A month after the laptops were stolen, a competing company was
found to have
just developed products that almost exactly duplicated products that Meyer
produces.
What could have prevented this information from being stolen from the laptops?
a. SDW Encryption
b. EFS Encryption
c. DFS Encryption
d. IPS Encryption
9 You are configuring the IP addressing for your network. One of the subnets has
been
defined with addresses already. You run ifconfig on a host and determine that it
has an
address of 10.12.32.18/14. What is the broadcast address for this network?
A. 10.255.255.255 C. 10.12.255.255
B. 10.12.0.0 D. 10.15.255.255
10 Harold wants to set up a firewall on his network but is not sure which one would
be the most appropriate. He knows he needs to allow FTP traffic to one of the
servers on his network, but he wants to only allow FTP-PUT. Which firewall would
be most appropriate for Harold? needs?
a. Application-level proxy firewall
b. Data link layer firewall
c. Packet filtering firewall
d. Circuit-level proxy firewall
11 George is performing security analysis for Hammond and Sons LLC. He is testing
security vulnerabilities of their wireless network. He plans on remaining as
"stealthy" as possible during the scan. Why would a scanner like Nessus is not
recommended in this situation?
a. Nessus is too loud
b. There are no ways of performing a "stealthy" wireless scan
c. Nessus cannot perform wireless testing
d. Nessus is not a network scanner
12 What is war chalking?
A. Marking unsecured wireless networks
B. SSID discovery
B. Scanning for open ports
C. Finding unsecured wireless networks
13 When setting up a wireless network with multiple access points, why is it
important to set each access point on a different channel?
a. Avoid cross talk
b. Avoid over-saturation of wireless signals
c. So that the access points will work on different frequencies
d. Multiple access points can be set up on the same channel without any issues
14 Your company's network just finished going through a SAS 70 audit. This audit
reported that
overall, your network is secure, but there are some areas that needs
improvement. The
major area was SNMP security. The audit company recommended turning off
SNMP, but that
is not an option since you have so many remote nodes to keep track of.
What step could you take to help secure SNMP on your network?
a. Change the default community string names
b. Block all internal MAC address from using SNMP
c. Block access to UDP port 171
d. Block access to TCP port 171
15 At a policy meeting you have been given the task of creating the firewall policy.
What are
the two basic positions you can take when creating the policy?
A. To deny all traffic and permit only that which is required.
B. To permit only TCP traffic and filter IP traffic
C. To permit all traffic and deny that which is required.
D. To include your internal IP address as blocked from incoming to prevent
spoofing.
16 George is the network administrator of a large Internet company on the west
coast. Per
corporate policy, none of the employees in the company are allowed to use FTP
or SFTP
programs without obtaining approval from the IT department. Few managers are
using SFTP
program on their computers. Before talking to his boss, George wants to have
some proof of
their activity.
George wants to use Ethereal to monitor network traffic, but only SFTP traffic to
and from his
network. What filter should George use in Ethereal?
a. net port 22
b. udp port 22 and host 172.16.28.1/24
c. src port 22 and dst port 22
d. src port 23 and dst port 23
17 You are the security analyst working for a private company out of France. Your
current
assignment is to obtain credit card information from a Swiss bank owned by that
company.
After initial reconnaissance, you discover that the bank security defenses are very
strong and
would take too long to penetrate. You decide to get the information by monitoring
the traffic
between the bank and one of its subsidiaries in London. After monitoring some of
the traffic,
you see a lot of FTP packets traveling back and forth. You want to sniff the traffic
and extract
usernames and passwords.
What tool could you use to get this information?
a. Raidsniff
b. Snort
c. Ettercap
d. Airsnort
18 A maximum acceptable period of time within which a system must be restored
after failure
is also known as:
A. Meantime To Restore (MTTR)
B. Recovery Time Objective (RTO)
C. Meantime Between Failures (MTBF)
D. Maximum Tolerable Period of Disruption (MTPOD)
19 John and Hillary works at the same department in the company. John wants to
find out Hillary's network password so he can take a look at her documents on
the file server. He enables Lophtcrack program to sniffing mode. John sends
Hillary an email with a link to Error! Reference source not found. What
information will he be able to gather from this?
a. The SID of Hillary's network account
b. The network shares that Hillary has permission
c. The SAM file from Hillary's computer
d. Hillary’s network username and password hash
20 Simon is a former employee of Trinitron XML Inc. He feels he was wrongly
terminated and
wants to hack into his former company's network. Since Simon remembers some
of the
server names, he attempts to run the axfr and ixfr commands using DIG.
What is Simon trying to accomplish here?
a. Enumerate all the users in the domain
b. Perform DNS poisoning
c. Send DOS commands to crash the DNS servers
d. Perform a zone transfer
21 Penetration test with the prior knowledge on how the system that is to be tested
works is
also known as:
A. White box C. White hat
B. Black box D. Sandbox
22 Terri works for a security consulting firm that is currently performing a
penetration test on First National Bank in Tokyo. Terri's duties include bypassing
firewalls and switches to gain access to the network. Terri sends an IP packet to
one of the company's switches with ACK bit and the source address of her
machine set. What is Terri trying to accomplish by sending this IP packet?
a. Poison the switch's MAC address table by flooding it with ACK bits
b. Enable tunneling feature on the switch
c. Trick the switch into thinking it already has a session with terri’s
computer
d. Crash the switch with aDoS attack since switches cannot send ACK bits
23 You are concerned about attacks against your network, and have decided to
implement
some defensive measure on your routers. If you have 3 interfaces, S1, S0, and
E0, and
you implement the following configuration, what attack will you be defending
against?
Router#config terminal
Router(config)# Interface Ethernet 0
Router(config-if)#no ip directed broadcast
Router(config-if)#Interface Serial 0
Router (config-if)#no ip directed broadcast
Router(config-if)#Interface Serial 1
Router(config-if)#no ip directed broadcast
Router(config) #^Z Router#
A. Smurf C. SubSeven
B. BO2K D. Any Trojan
24 You have been asked to develop an audit plan for your company. You have been
told that
there have been constant deletions of files that are being worked on by a team,
and that
they have had to redo the work a number of times. What type of auditing would
you
implement to track the access to this resource?
a. Logon/logoff success
b. object/file access success
c. object/file access failure
d. Logon/logoff failure
25 Which of the following is a weakness in WEP related to the IV? (Select all that
apply)
a. The IV is a static value, which makes it relatively easy for an attacker to brute
force the
WEP key from captured traffic.
b. The IV is transmitted in plaintext and can be easily seen in captured traffic.
c. The IV is only 24 bits in size, which makes it possible that two or more data
frames will
be transmitted with the same IV, thereby resulting in an IV collision that an
attacker
can use to determine information about the network.
d. There is no weakness in WEP related to the IV.
26 You are configuring a new IDS, running Snort, in your network. To better
configure Snort,
you are studying the configuration file. Which four of the following are the
primary parts of
the Snort configuration file?
A. Postprocessors C. Preprocessors
B. Variables D. Output Plug-ins
27 Tyler is setting up a wireless network for his business that he runs out of his
home. He has followed all the directions from the ISP as well as the wireless
router manual. He does not have any encryption set and the SSID is being
broadcast. On his laptop, he can pick up the wireless signal for short periods of
time, but then the connection drops and the signal goes
away. Eventually the wireless signal shows back up, but drops intermittently.
What could be Tyler issue with his home wireless network?
a. 2.4Ghz Cordless
b. Satellite television
c. CB radio
d. Computers on his wired network
28 Which of the following is most likely to make systems vulnerable to MITM
attacks?
a. Weak passwords
b. Weak TCP sequence numbers
c. Authentication misconfiguration on routers
d. Use of the wrong operating systems
29 Which of the following can stop attacks on the network?
B. HIDS C. HIPS
C. NIDS D. NIPS
30 Which of the following is most likely to make systems vulnerable to MITM
attacks?
a. Weak passwords
b. Weak TCP sequence numbers
c. Authentication misconfiguration on routers
d. Use of the wrong operating systems
31 Which of the following are a benefit of removing unused or unneeded services
and
protocols?
a. More machine resource availability
b. More network throughput
c. Less need for administration
d. More security
32 You have compromised a lower-level administrator account on an Active Directory
network of a small company in Dallas, Texas. You discover Domain Controllers
through enumeration.
You connect to one of the Domain Controllers on port 389 using ldp.exe. What
are you trying to accomplish here?
a. Enumerate domain user accounts and built-in groups
b. Establish a remote connection to the Domain Controller
c. Poison the DNS records with false records
d. Enumerate MX and A records from DNS
33 The component of a DDoS attack that sends commands to DDoS zombie agents
is known
as a _____.
a. System Commander b. Console c. Master d. Rootkit
34 Phishing scams targeting people holding high positions in an organization or
business are
also known as:
A. Tailgating C. Shoulder surfing
B. Pharming D. Whaling
35 PDAs, cell phones, and certain network cards have the ability to
use_____________
networks. Choose the BEST answer.
a. Wired b. Private c. Wireless d. Antique
36 Why is it a good idea to perform a penetration test from the inside?
a. It is easier to hack from the inside
b. It is never a good idea to perform a penetration test from the inside
c. To attack a network from a hacker's perspective
d. Because 70% of attacks are from inside the organization
37 Which of the following are a benefit of removing unused or unneeded services
and
protocols?
a. More machine resource availability
b. More network throughput
c. Less need for administration
d. More security
38 You are creating a DMZ for a company and need to allow external users to
access Web
servers in the DMZ using HTTP/S as well as allow internal users to access the
same Web
servers using standard HTTP. What is the best way to configure the external and
internal
firewalls to meet these requirements?
a. Open port 80 on the external firewall and port 443 on the internal firewall.
b. Open port 443 on the external firewall and port 80 on the internal firewall.
c. Open port 80 on the external firewall and port 110 on the internal firewall.
d. Open port 110 on the external firewall and port 80 on the internal firewall.
39 What are the two WEP key sizes available in 802.11 networks?
a. 40-bit and 104-bit
b. 24-bit and 64-bit
c. 64-bit and 128-bit
d. 24-bit and 104-bit
40 Antivirus software can be kept up to date through:
A. Virtualization C. Virus signature updates
B. Auditing D. Engine updates
41 The term Trusted OS refers to an operating system:
A. Admitted to a network through NAC
B. That has been authenticated on the network
C. With enhanced security features
D. Implementing patch management
42 The use of VPNs and __________________ have enabled users to be able to
telecommute.
a. PGP b. S/MIME c. Wireless NICs d. RASs
43 Which of the following fall(s) into the category of social engineering attacks?
A. Spear phishing C. MAC spoofing
B. Whaling D. Vishing
44 What is tailgating?
A. Gaining unauthorized access to restricted areas by following another person
B. Manipulating a user into disclosing confidential information
C. Scanning for unsecured wireless networks while driving in a car
D. Looking over someone's shoulder in order to get information
45 Which of the following algorithms are available for commercial use without a
licensing fee?
(Select all that apply)
a. RSA b. DES c. IDEA d. AES
46 There are three recognized levels of hacking ability in the Internet community.
The first is the skilled hacker, who writes the programs and scripts that script
kiddies use for their attacks. Next comes the script kiddie, who knows how to run
the scripts written by the skilled hackers. After the script kiddies come the
_______________ who lack the basic knowledge of networks and security to
launch an attack themselves.
a. Web kiddies b. Clickers c. Click kiddies d. Dunce kiddies
47 Finding vulnerability in an application by feeding it incorrect input is also known
as:
A. Application hardening C. Fuzzing
B. Exception handling D. Patching
48 Your supervisor has charged you with determining which 802.11 authentication
method to
use when deploying the new wireless network. Given your knowledge of the
802.11
specification, which of the following is the most secure 802.11 authentication
method?
a. Shared-key
b. EAP-TLS
c. EAP-MD5
d. Open
49 An authentication subsystem that enables a user to access multiple, connected
system
components (such as separate hosts on a network) after a single login at only
one of the
components is also referred to as:
A. WAP C. SSO
B. SSL D. TLS

50 The network team at your company has placed a sniffer on the network to
analyze an
ongoing network-related problem. The team connects to the sniffer using Telnet
to view the
 data going across the network. What would you recommend to increase the
security of this
connection without making it significantly more difficult for the network team
members to
do their jobs?
a. Require the network team to remove the sniffer immediately.
b. Require the network team to view the data from the local console of the
sniffer.
c. Encrypt the connection to the sniffer using PAP.
d. Use SSH to make the connection to the sniffer rather than Telnet
51 You are setting up a test plan for verifying that new code being placed on a Web
server is
secure and does not cause any problems with the production Web server. What
is the best
way to test the code prior to deploying it to the production Web server?
a. Test all new code on a development PC prior to transferring it to the
production Web
server.
b. Test all new code on an active internal Web server prior to transferring it to
the
production Web server.
c. Test all new code on a duplicate Web server prior to transferring it to the
production
Web server.
d. Test all new code on another user’s PC prior to transferring it to the
production Web
server.
52 During a network analysis session, you capture several TCP/IP sessions. You
focus your
analysis on the IP Headers. In an IP Header, what is the function of the first four
bits?
A. To define the source port number
B. To define the destination port number
C. To define the IP Version
D. To define the upper layer protocol
53 What types of computers might you expect to find located on an intranet?
(Choose all that apply)
a. Publicly accessible DNS servers
b. Public Web servers
c. SQL 2000 servers
d. User workstations
54 Some new servers are being installed on your company’s network and you have
been asked
to work with the installer to ensure that they are as secure as possible from hack
attempts.
What is the most important step you should take to ensure that the servers’ OSs
is secure?
a. Make sure that the installer is certified.
b. Make sure that the latest OS service pack is installed.
c. Make sure that the latest OS service pack and all security patches are
installed.
d. Make sure that the servers have locks on the hot-swap drive chassis.

55 To allow its employees remote access to the corporate network, a company has
implemented a hardware VPN solution. Why is this considered a secure remote
access
solution?
a. Because only the company’s employees will know the address to connect to in
 order to
use the VPN.
b. Because VPNs use the Internet to transfer data.
c. Because a VPN uses compression to make its data secure.
d. Because a VPN uses encryption to make its data secure
56 Public Key Cryptography is a system that uses a mix of symmetric and
___________
algorithms for the encryption of a secret key.
a. Public b. Asymmetric c. Private d. Certificate
57 When you use Java, the JVM isolates the Java applet to a sandbox when it
executes. What
does this do to provide additional security?
a. This prevents the Java applet from accessing data on the client’s hard drive.
b. This prevents the Java applet from communicating to servers other than the
one from
which it was downloaded.
c. This prevents the Java applet from failing in such a way that the Java applet is
unable
to execute.
d. This prevents the Java applet from failing in such a way that it affects another
application.
58 Paper shredder would help in preventing what kind of threats? (Select all that
apply)
A. Tailgating C. Social engineering
B. Dumpster diving D. Zero-day attack
59 Your FTP server was just compromised. When you examine the settings, you find
that the
server allows Anonymous access. However, you know that this is a default
condition in
most FTP servers, and must dig further for the problem. Where else might you
check?
a. Access permissions on server’s file structure
b. ACL settings for server access
c. Effective permissions for the anonymous access
d. All of the above
60 Rick is a security auditor for your company. He is in the process of attempting to
attack one
of your servers but when you check all of your production servers, you detect no
attacks
happening. Why is this so?
a. Rick is actually attacking a server in someone else’s network.
b. Rick is actually attacking a honeypot, not a production server.
c. Rick is being stopped at the firewall.
d. Rick is using the wrong account with which to launch the attack
61 As Intrusion Detection Systems become more sophisticated, the software
manufacturers
develop different methods of detection. If an IDS uses the process of matching
known
attacks against data collected in your network, what is this known as?
A. Signature analysis
B. Packet filter matching
C. Statistical analysis
D. Packet match and alarming

62 Which of the following protocols can be used to secure a VPN connection?

a. TCP/IP
b. DNS
c. MPPE
d. AppleTalk
63 You have downloaded a CD ISO image and want to verify its integrity. What
should you do?
a. Compare the file sizes.
b. Burn the image and see if it works.
c. Create an MD5 sum and compare it to the MD5 sum listed where the image
was
downloaded.
d. Create an MD4 sum and compare it to the MD4 sum listed where the image
was
downloaded.
64 Josh has asked for a clarification of what a firmware update is. How could you
briefly
describe for him the purpose of firmware updates? (Pick the best answer)
a. Firmware updates are control software- or BIOS-type updates that are
installed to
improve the functionality or extend the life of the device involved.
b. Firmware updates are device-specific command sets that must be upgraded to
continue
operation.
c. Firmware updates update the mechanical function of the device.
d. Firmware updates are minor fixes, and are not usually necessary.
65 Which of the following is an example of a multi-factor authentication?
A. Iris and fingerprint scan
B. Smart card and identification badge
C. User name and PIN
D. Password and biometric scan
66 The PKI identification process is based upon the use of unique identifiers, known
as _____.
a. Licenses
b. Fingerprints
c. Keys
d. Locks
67 If you wanted to encrypt a single file for your own personal use, what type of
cryptography
would you use?
a. A proprietary algorithm
b. A digital signature
c. A symmetric algorithm
d. An asymmetric algorithm
68 Sally has come to you for advice and guidance. She is trying to configure a
network device
to block attempts to connect on certain ports, but when she finishes the
configuration, it
works for a period of time but then changes back to the original configuration.
She cannot
understand why the settings continue to change back. When you examine the
configuration, you find that the __________ are incorrect, and are allowing Bob
to change
the configuration, although he is not supposed to operate or configure this
device. Since he
did not know about Sally, he kept changing the configuration back.
a. MAC settings
b. DAC settings
c. ACL settings
d. Permissions
69 It is a given that two computers that communicate using TCP/IP as the protocol
must use
valid addresses and media to do so. What combination of the following is
required to
create a TCP/IP socket?
 A. The MAC Address, the IP Address and the IP Protocol ID
B. The IP Address, the IP Protocol ID and a Port number
C. The MAC Address and the IP Protocol ID
D. The MAC Address, the IP Protocol ID and a Port number
70 Your network is a mixed environment of Windows, Linux, and UNIX, computers.
The routers are primarily Cisco and the network uses a T-1 to connect to the
Internet. You are experimenting with setting up a mail server in a production
environment for internal use only. You do not want this mail server to receive
any requests from anywhere but the internal network. Therefore you have
decided to block incoming SMTP traffic at the
Firewall. Which port will you block at the Firewall?
A. 23 C. 53
B. 25 D. 80
71 Software that performs unwanted and harmful actions in disguise of a legitimate
and useful program is also referred to as:
A. Trojan horse C. Spyware
B. Logic bomb D. Adware
72 What tool used in wireless network analysis has the ability to output its findings
to
MapPoint?
A. Netstumbler C. Network Monitor
B. AirSnort D. AirSniffer
73 An authentication subsystem that enables a user to access multiple, connected
system components (such as separate hosts on a network) after a single login at
only one of the
components is also referred to as:
A. WAP C. SSO
B. SSL D. TLS
74 Your network traffic has increased substantially over the last year, and you are
looking into your caching options for frequently visited websites. What are the
two types of caching
that ISA Server 2006 supports?
A. Reverse caching C. Inverse caching
B. Forward caching D. Recursive caching
75 You are configuring a L2TPsolution between your office and your primary branch
office.
The CEO has requested a report on the benefits of using this technology. Which
of the
following benefits does L2TP (with IPSec) provide?
A. Bandwidth Management C. Packet Authentication
B. User Authentication D. Key Management
76 Which of the following refers to one of the testing stages in the software
development process performed by customers or end users?
A. UAT C. UAC
B. NAT D. EULA
77 You have just installed a new IDS and are creating the analysis options. Since
you wish for
your options to be based on time, which of the following will be able to meet
your analysis
needs?
A. Interval Analysis
B. Real-time Analysis
C. Statistical Analysis
D. Behavioral Use Analysis
78 You are evaluating the security of different wireless media, and are considering
the use of
microwave technology. What are the two types of microwave transmissions used
in
commercial wireless networking?
 A. Terrestrial C. Integrated
B. Line of sight D. Satellite
79 You are configuring your new Intrusion Detection System, and studying the true-
false
matrix. You read about the different types of alarms and events. Which of the
following
defines an event where an alarm is indicating an intrusion when there is no
actual
intrusion?
A. True-negative
B. False-positive
C. True-positive
D. False-negative