Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Pregunta 1:
If you have been contracted to perform an attack against a target system, you
are what type of hacker?
a- Gray hat
b- Black hat
c- Red hat
d- White hat
Explicación:A white hat hacker always has permission to perform pen testing against
a target system.
Pregunta 2:
Which of the following best describes what a hacktivist does?
a- Defaces websites
b- Performs social engineering
c- Hacks with basic skills
d- Hacks for political reasons
Pregunta 3:
Which of the following describes an attacker who goes after a target to draw
attention to a cause?
a- Hacktivist
b- Script Kiddie
c- Terrorist
d- Criminal
Explicación:TOE stands for target of evaluation and represents the target (the
product or system ) being tested.
Pregunta 5:
Which of the following best describes a vulnerability?
a- A rootkit
b- A weakness
c- A worm
d- A virus
Pregunta 6:
What level of knowledge about hacking does a script kiddie have?
a- Low
b- High
c- Medium
d- Advanced
Explicación:An ethical hacker never performs their services against a target without
explicit permission of the owner of that system.
Pregunta 8:
What separates a suicide hacker from other attackers?
a- A desire to be helpful
b- The intent to reform
c- A lack of fear of being caught
d- A disregard for the law
Explicación:Much like suicide bombers in the real world, suicide hackers do not worry
about getting caught; they are only concerned with their mission.
Pregunta 9:
Companies may require a penetration test for which of the following reasons?
a- Legal reasons
b- To perform an audit
c- Regulatory reasons
d- All the above
PARTE 2
Pregunta 1:
What device acts as an intermediary between an internal client and a web
resource?
a- Proxy
b- VTC
c- PBX
d- Router
Pregunta 2:
Which of the below kinds of machines do security teams often use for attracting
potential intruders?
a- Files pot
b- Honeypot
c- Data pot
d- Bastion host
Pregunta 4:
What is the proper sequence of the TCP three-way-handshake?
a- SYN-ACK.ACK.ACK
b- SYN-SYN,SYN-ACK,SYN
c- SYN,SYN-ACK,ACK
d- ACK,SYN-ACK,SYN
Explicación:Remember this three-way handshake sequence; you will see it quite a bit
in packet captures when sniffing the network. Being able to identify the handshake
process allows you to quickly find the beginning of a data transfer.
Pregunta 5:
You want to access and pull password files from various websites. These
passwords are stored within the index directory of a website’s server. What
could you use from the below options that would allow you to do this?
a- Google
b- Whois
c- Nmap
d- Sam Spade
Explicación:Google hacking is a way to find and retrieve password files which have
been indexed within a web server's directory) from specified websites. Search queries
on Google will potentially discover information from a web server's index directory.
Pregunta 6:
In order to determine the end-time for DNS cache poisoning, which of the below
DNS records should you examine?
a- PTR
b- NS
c- SOA
d- MX
Explicación:A start of authority (SOA) record contains information about the DNS
zone on which it is stored and about other DNS records. A DNS zone is the area of a
domain that is within the responsibility of a specific DNS server. There is only one SOA
record for each DNS.
Pregunta 7:
What port range is an obscure third-party application most likely to use?
a- 1 to 1024
b- 1025 to 32767
c- 32768 to 49151
d- 49152 to 65535
Explicación:Ports 49152 to 65535 are known as the dynamic ports and are used by
applications that are neither well known nor registered. The dynamic range is
essentially reserved for those applications that are not what we would consider
mainstream. Although obscure in terms of port usage, repeated showings of the same
obscure port during pen testing or assessment may be indicative of something strange
going on.
Pregunta 8:
Phil needs to procure information related to a server with an IP address range
that is within the IP address range that is used in Brazil. There are many
registries available online for discovering the details of web server IP addresses,
or reverse Domain Name Service (DNS) lookup. Which of the below registries
will be most useful to him?
a- RIPE NCC
b- ARIN
c- APNIC
d- LACNIC
Explicación:Phil needs to obtain information about a web server situated in Brazil.
Registries are available throughout the world, most often broken up into geographic
locations. So the Latin American and Caribbean Internet Addresses Registry, or
LACNIC, is the Regional Internet Registry for the Latin American and Caribbean
regions and is therefore the best registry for doing a DNS lookup. LACNIC is one of
five (5) regional Internet registries available worldwide. Its chief purpose is to assign
and administrate IP addresses for the region of Latin America and parts of the
Caribbean. The Réseaux IP Européens Network Coordination Centre, or RIPE NCC, is
the Regional Internet Registry (RIR) for Europe, the Middle East, and certain parts of
Central Asia.The Asia Pacific Network Information Centre (APNIC), Regional Internet
Registry for the Asia Pacific region, assigns and administers numerical resource
allocation as well as registration services to support the global operation of the Internet
The American Registry for Internet Numbers (ARIN) is the Regional Internet Registry
(RIR) for Canada, parts of the Caribbean, some North Atlantic islands, and the United
States.
Pregunta 9:
Which attacks take advantage of the built-in code and scripts most off-the shelf
applications come with?
a- Misconfiguration
b- OS attacks
c- Shrink-wrap
d- Bit-flipping
Pregunta 10:
You have selected the option in your IDS to notify you via email if it senses any
network irregularities. Checking the logs, you notice a few incidents but you
didn’t receive any alerts. What protocol needs to be configured on the IDS?
a- NTP
b- SNMP
c- SMTP
d- POP3
Pregunta 12:
While running an nmap scan for filtered ports, you send an ACK flag and receive
a RSTpacket for open and closed ports. What kind of nmap scan did you run?
a- XMAS Scan –Sx
b- TCP ACK scan –sA
c- Null Scan –Sn
d- Fin Scan –sF
Explicación:The TCP ACK Scan will not discover open and closed ports—it will
determine whether or not a port is filtered or unfiltered. When an ACK flag is sent,
Open/Closed ports will return RST. Any ports that do not respond are considered
filtered. Conversely, with a NULL Scan, no flags are set on a packet. The target must
follow RFC 793, a TCP specification. If the port is open or filtered, it will receive no
response. If the port is closed, it will receive RST. In Fin Scan, a Fin flag is set on a
packet. Again, the target must follow RFC 793. If a port is open or filtered, it will
receive no response; yet it will receive RST if a port is actually closed. In XMAS Scan,
the FIN, URG, and PSH flags are set on a packet. The target must still follow RFC
793. It will receive no response if a port is open or filtered and will receive RST if a port
is closed.
Pregunta 13:
If a device is using node MAC addresses to funnel traffic, what layer of the OSI
model is this device working in?
a- Layer 2
b- Layer 4
c- Layer 3
d- Layer 1
Explicación:A network device that uses MAC addresses for directing traffic resides on
Layer 2 of the OSI model. Devices that direct traffic via IP addresses, such as routers,
work at Layer 3.
Pregunta 14:
Choosing a protective network appliance, you want a device that will inspect
packets at the most granular level possible while providing improved traffic
efficiency. What appliance would satisfy these requirements?
a- NAT-enabled router
b- Proxy firewall
c- Layer 3 switch
d- Application firewall
Explicación:A packet-filtering firewall operates at Layer 7 (and all layers) of the OSI
model and thus filters traffic at a highly granular level.
Pregunta 15:
Which technology allows the use of a single public address to support many
internal clients while also preventing exposure of internal IP addresses to the
outside world?
a- NAT
b- Tunneling
c- VPN
d- NTP
Explicación:Network Address Translation (NAT) is a technology that funnels all
internal traffic through a single public connection. NAT is implemented for both cost
savings and network security.
Pregunta 16:
Which nmap switch would you use to retrieve as many different protocols as
posible that are being used by a remote host?
a- nmap –sT
b- nmap –sO
c- nmap –vO
d- nmap –sS
Pregunta 17:
Which port uses SSL to secure web traffic?
a- 25
b- 80
c- 23
d- 443
Pregunta 18:
Based on the above information, which of the below tools is Luke using?
a- Sniffer
b- Nessus
c- Kismet
d- Nmap
Explicación:Nmap is an active data collection tool. The port-scanning ability of the
nmap utility can be the open ports on a Linux machine. Administrators can employ this
tool to discover which services are accessible to external users.
Pregunta 19:
When a match for an alert rule is found in Snort, the intrusion detection system
carries out which of the below actions?
a- Continues to analyze the packet until each rule has been checked
b- Blocks a connection with the source IP address in the packet
c- Halts rule query,sends a network alert,and freezes the packet
d- Drops the packet and selects the next packet detection option
Pregunta 20:
At which layer of the OSI model does a proxy operate?
a- Data Link
b- Application
c- Physical
d- Network
Explicación:Proxies operate at Layer 7, the Application layer of the OSI model.
Proxies are capable of filtering network traffic based on content such as keywords and
phrases. Because of this, a proxy digs down farther than a packet’s header and
reviews the data within the packet as well.
Parte 3
Pregunta 1:
What item is also referred to as a logical address to a computer system?
a- MAC address
b- IPX address
c- IP address
d- SMAC address
Explicación:An IP address is a logical address assigned at Layer 3 and can be
assigned to an IPbased system. The same IP address can be assigned to different
systems, albeit at different times, unlike MAC addresses.
Pregunta 2:
A message digest is a product of which kind of algorithm?
a- Asymmetric
b- Hashing
c- Symmetric
d- Steganography
Pregunta 3:
What kind of physical access device restricts access to a single individual at
any one time?
a- Checkpoint
b- Security zones
c- Mantrap
d- Perimeter security
Pregunta 4:
Which of the following is commonly used to create thumbprints for digital
certificates?
a- SHA8
b- SHA12
c- MD7
d- MD5
Pregunta 6:
In the key recovery process, which key must be recoverable?
a- Previous key
b- Secret Key
c- Rollover key
d- Escrow Key
Pregunta 7:
IPsec uses which two modes?
a- EH/ASP
b- AES/ESP
c- AH/ESP
d- AES/DES
Pregunta 8:
Which of the following would provide additional security to an Internet web
server?
a- Changing the default port for traffic to 161
b- Changing the default port for traffic to 1019
c- Changing the default port for traffic to 443
d- Changing the default port for traffic to 80
Explicación:Changing the default port for web server traffic to 443 would mean that all
traffic to and from the web server would be encrypted using SSL.
Pregunta 9:
What is the focus of a security audit or vulnerability assessment?
a- Enacting threats
b- Locating threats
c- Locating vulnerabilities
d- Exploiting vulnerabilities
Explicación
A vulnerability assessment is focused on uncovering vulnerabilities or weaknesses in
an environment but by definition does not exploit those vulnerabilities.
Pregunta 10:
Which of the following manages digital certificates?
a- Hub
b- Public Key
c- Certificate authority
d- Key
Pregunta 11:
An individual presents herself at your office claiming to be a service technician.
She is attempting to discuss technical details of your environment such as
applications, hardware, and personnel used to manage it. This may be an
example of what type of attack?
a- Social engineering
b- Access control
c- Perimeter screening
d- Behavioral engineering
Pregunta 13:
At what point can SSL be used to protect data?
a- On a hard drive
b- During transmission
c- On Bluetooth
d- On a flash drive
Pregunta 14:
Which of the following best describes hashing?
a- Cipher
b- Nonreversible
c- A cryptosystem
d- An algorithm
Pregunta 15:
Who first developed SSL?
a- Sun
b- Netscape
c- Oracle
d- Microsoft
Explicación:Netscape originally developed SSL, but since its introduction the
technology has spread to become a standard supported by many clients such as
email, web browsers, VPNs, and other systems.
Pregunta 16:
Symmetric cryptography is also known as __________.
a- Shared key cryptography
b- Hashing
c- Steganography
d- Public key cryptography
Pregunta 17:
Asymmetric encryption is also referred to as which of the following?
a- Shared key
b- Public Key
c- Hashing
d- Block
Pregunta 18:
How many bits are in an IPv6 address?
a- 256
b- 32
c- 64
d- 128
Explicación:An IPv6 address has 128 bits as opposed to IPv4, which has only 32 bits.
This increased number of bits allows for the generation of many more IP addresses
than is possible with IPv4.
Pregunta 19:
Which of the following does IPsec use?
a- PKI
b- DES
c- AES
d- SSL
Pregunta 20:
A user has just reported that he downloaded a file from a prospective client
using IM.The user indicates that the file was called account.doc. The system has
been behaving unusually since he downloaded the file. What is the most likely
event that occurred?
a- The system is unstable due to the use of IM
b- Your user may have downloaded a rootkit
c- Your user may have accidently changed a setting on the system
d- Your user inadvertently downloaded a macro virus using IM
Explicación:The file is a Microsoft Word file and as such can have VBA macros
embedded into it that can be used to deliver macro viruses.