Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?
A. Terminate the audit.
B. Identify and evaluate existing practices.
C. Create a procedures document
D. Conduct compliance testing
Answer: B
Q2. Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file is a file named “Court_Notice_21206.docx.exe” disguised as a word document.Upon execution, a windows appears stating, “This word document is corrupt.” In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries. What type of malware has Jesse encountered?
A. Trojan
B. Worm
C. Key-Logger
D. Micro Virus
Answer: A
Q3. You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System.
What is the best approach?
A. Install and use Telnet to encrypt all outgoing traffic from this server.
B. Install Cryptcat and encrypt outgoing packets from this server
C. Use Alternate Data Streams to hide the outgoing packets from this server.
D. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.
Answer: A
Q4. Your company performs penetration tests and security assessments for small and medium-
sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?
A. Copy the data to removable media and keep it in case you need it.
B. Ignore the data and continue the assessment until completed as agreed.
C. Confront theclient on a respectful manner and ask her about the data.
D. Immediately stop work and contact the proper legal authorities.
Answer: D
Q5. While performing online banking using a web browser, a user receives an email that contains alink to an interesting Web site. When the user clicks on the link, another web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.
What web browser-based security vulnerability was exploited to compromise the user?
A. Cross-Site Request Forgery
B. Cross-Site Scripting
C. Web form input validation
D. Clickjacking
Answer: A
Q6. The NMAP command above performs which of the following?
A. A ping scan
B. A trace sweep
C. An operating system detect
D. A port scan
Answer: A
Q7. When you are testing a web application, it is very useful to employ a prosy tool to save every request and response.Nyou can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?
A. Burpsuite
B. Dimitry
C. Proxychains
D. Maskgen
Answer: A
Q8. You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?
A. Host-based IDS
B. Firewall
C. Network-Based IDS
D. Proxy
Answer: C
Q9. The “Gray box testing” methodology enforces what kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. Only the internal operation of a system is known to the tester.
C. The internal operation of a system is completely known to the tester.
D. The internal operation of a system is only partly accessible to the tester.
Answer: D
Q10. You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.
What wireshark filter will show the connections from the snort machineto kiwi syslog machine?
A. tcp.dstport==514 && ip.dst==192.168.0.150 B. tcp.dstport==514 &&ip.dst==192.168.0.99 C. tcp.srcport==514 && ip.src==192.168.0.99 D. tcp.srcport==514 && ip.src==192.168.150
Answer: A
Q11. You have successfully gained access to your client’s internal network and successfully comprised a linux server which is part of the internal IP network. You want to know which
Microsoft Windows workstation have the sharing enabled.
Which port would you see listeningon these Windows machines in the network?
A. 1443
B. 3389
C. 161
D. 445
Answer: D
Q12. Which of the following describes the characteristics of a Boot Sector Virus?
A. Overwrites the original MBR and only executes the new virus code
B. Modifies directory table entries so that directory entries point to the virus code instead of the actual program
C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
D. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
Answer: C
Q13. Perspective clients wantto see sample reports from previous penetration tests. What should you do next?
A. Share full reports, not redacted.
B. Share full reports, with redacted.
C. Decline but, provide references.
D. Share reports, after NDA is signed.
Answer: B
Q14. Nation-state threat actors often discover vulnerabilitiesand hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of this vulnerability.
What is this style of attack called?
A. zero-hour
B. no-day
C. zero-day
D. zero-sum
Answer: : C
Q15. The phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the“landscape” looks like.
What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?
A. Network Mapping
B. Gaining access
C. Footprinting
D. Escalating privileges
Answer: C
Q16. You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best nmap command you will use?
A. Nmap –T4 –F 10.10.0.0/24
B. Nmap –T4 –q 10.10.0.0/24
C. Nmap –T4 –O 10.10.0.0/24
D. Nmap –T4 –r 10.10.0.0/24
Answer: A
Q17. While using your bank’s online servicing you notice the following stringin the URL bar: “http://www.MyPersonalBank/Account?
Id=368940911028389&Damount=10980&Camount=21”
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.
What type of vulnerability is present on this site?
A. SQL injection
B. XSS Reflection
C. Web Parameter Tampering
D. Cookie Tampering
Answer: C
Q18. To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?
A. Bounding
B. Mutating
C. Puzzing
D. Randomizing
Answer: C
Q19. You are tasked to perform a penetration test. While you are performinginformation gathering, you find ab employee list in Google. You find receptionist’s email, and you send her an email changing the source email to her boss’s email ( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected.
What testing method did you use?
A. Piggybacking
B. Tailgating
C. Evesdropping
D. Social engineering
Answer: D
Q20. Which of the following is not a Bluetooth attack?
A. Bluejacking
B. Bluedriving
C. Bluesnarfing
D. Bluesmaking
Answer: B
Q21. In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known wardriving.
Which algorithm is this referring to?
A. Wired Equivalent Privacy (WEP)
B. Temporal Key Integrity Protocol (TRIP)
C. Wi-Fi Protected Access (WPA)
D. Wi-Fi Protected Access 2(WPA2)
Answer: A