Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which of the following parameters describe LM Hash: I – The maximum password length is 14 characters.
II – There are no distinctions between uppercase and lowercase.
III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.
A. I
B. I and II
C. II
D. I, II and III
Answer: D
Q2. It is a short-range wireless communication technology intended to replace the cables connecting portables of fixed deviceswhile maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short- range wireless connection.
Which of the following terms best matches the definition?
A. Bluetooth
B. Radio-Frequency Identification
C. WLAN
D. InfraRed
Answer: A
Q3. This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attach along with some optimizations like Korek attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
Which of the following tools is being described?
A. Wificracker
B. WLAN-crack
C. Airguard
D. Aircrack-ng
Answer: D
Q4. Which of the following describes the characteristics of a Boot Sector Virus?
A. Overwrites the original MBR and only executes the new virus code
B. Modifies directory table entries so that directory entries point to the virus code instead of the actual program
C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
D. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
Answer: C
Q5. Jimmy is standing outside a secure entrance to a facility. He is pretending to having a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it beginsto close.
What just happened?
A. Masquading
B. Phishing
C. Whaling
D. Piggybacking
Answer: D
Q6. While using your bank’s online servicing you notice the following stringin the URL bar: “http://www.MyPersonalBank/Account?
Id=368940911028389&Damount=10980&Camount=21”
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.
What type of vulnerability is present on this site?
A. SQL injection
B. XSS Reflection
C. Web Parameter Tampering
D. Cookie Tampering
Answer: C
Q7. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
A. Inherent Risk
B. ResidualRisk
A. C. Deferred Risk
D. Impact Risk
Answer: B
Q8. It is a regulation that has a set if guideline,which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.
Which of the following regulations best matches the description?
A. HIPAA
B. COBIT
C. ISO/IEC 27002
D. FISMA
Answer: A
Q9. env x= ‘(){ :;};echo exploit ‘ bash –c ‘cat/etc/passwd
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?
A. Add new user to the passwd file
B. Display passwd contents to prompt
C. Change all password in passwd
D. Remove the passwd file.
Answer: B
Q10. Risk = Threats x Vulnerabilities is referred to as the:
A. Threat assessment
B. Disaster recovery formula
C. BIA equation
D. Risk equation
Answer: D
Q11. PGP, SSL, and IKE are all examples of which type of cryptography?
A. Hash Algorithm
B. Secret Key
C. Public Key
D. Digest
Answer: : C
Q12. You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from the server will not be caught by a Network Based Intrusion Detection System (NIDS).
Which is the best way to evade the NIDS?
A. Out of band signaling
B. Encryption
C. Alternate Data Streams
D. Protocol Isolation
Answer: B
Q13. Which of the following isthe greatest threat posed by backups?
A. An un-encrypted backup can be misplaced or stolen
B. A back is incomplete because no verification was performed.
C. A backup is the source of Malware or illicit information.
D. A backup is unavailable duringdisaster recovery.
Answer: A
Q14. The “Gray box testing” methodology enforces what kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. Only the internal operation of a system is known to the tester.
C. The internal operation of a system is completely known to the tester.
D. The internal operation of a system is only partly accessible to the tester.
Answer: D
Q15. When you are testing a web application, it is very useful to employ a prosy tool to save every request and response.Nyou can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?
A. Burpsuite
B. Dimitry
C. Proxychains
D. Maskgen
Answer: A
Q16. How does the Address Resolution Protocol (ARP) work?
A. It sends a reply packet for a specific IP, asking for the MAC address.
B. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.
C. It sends a request packet to all the network elements, asking for the domainname from a specific IP.
D. It sends a request packet to all the network elements, asking for the MAC address from a specific IP.
Answer: D
Q17. Which regulationdefines security and privacy controls for Federal information systems and organizations?
A. HIPAA
B. EU Safe Harbor
C. PCI-DSS
D. NIST-800-53
Answer: D
Q18. Which of the followingtypes of firewalls ensures that the packets are part of the established session?
A. Switch-level firewall
B. Stateful inspection firewall
C. Application-level firewall
D. Circuit-level firewall
Answer: B
Q19. You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it.
What tool will help you with the task?
A. Armitage
B. Dimitry
C. cdpsnarf
D. Metagoofil
Answer: D
Q20. Your company performs penetration tests and security assessments for small and medium-
sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?
A. Copy the data to removable media and keep it in case you need it.
B. Ignore the data and continue the assessment until completed as agreed.
C. Confront theclient on a respectful manner and ask her about the data.
D. Immediately stop work and contact the proper legal authorities.
Answer: D
Q21. You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?
A. ICMP
B. TCP
C. UDP
D. UPX
Answer: B