Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Which of the following problems can be solved by using Wireshark?

A.

Tracking version changes of source code

B.

Checking creation dates on all webpages on a server

C.

Resetting the administrator password on multiple systems

D.

Troubleshooting communication resets between two systems

A hacker was able to sniff packets on a company's wireless network. The following information was discovereD.

The Key 10110010 01001011

The Cyphertext 01100101 01011010

Using the Exlcusive OR, what was the original message?

A.

00101000 11101110

B.

11010111 00010001

C.

00001101 10100100

D.

11110010 01011011

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

A.

SHA1

B.

Diffie-Helman

C.

RSA

D.

AES

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

A.

A bottom-up approach

B.

A top-down approach

C.

A senior creation approach

D.

An IT assurance approach

What is a successful method for protecting a router from potential smurf attacks?

A.

Placing the router in broadcast mode

B.

Enabling port forwarding on the router

C.

Installing the router outside of the network's firewall

D.

Disabling the router from accepting broadcast ping messages

How is sniffing broadly categorized?

A.

Active and passive

B.

Broadcast and unicast

C.

Unmanaged and managed

D.

Filtered and unfiltered

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

A.

Issue the pivot exploit and set the meterpreter.

B.

Reconfigure the network settings in the meterpreter.

C.

Set the payload to propagate through the meterpreter.

D.

Create a route statement in the meterpreter.

A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

A.

Netsh firewall show config

B.

WMIC firewall show config

C.

Net firewall show config

D.

Ipconfig firewall show config

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

A.

The web application does not have the secure flag set.

B.

The session cookies do not have the HttpOnly flag set.

C.

The victim user should not have an endpoint security solution.

D.

The victim's browser must have ActiveX technology enabled.

Which of the following is a strong post designed to stop a car?

A.

Gate

B.

Fence

C.

Bollard

D.

Reinforced rebar

Advanced encryption standard is an algorithm used for which of the following?

A.

Data integrity

B.

Key discovery

C.

Bulk data encryption

D.

Key recovery

Which of the following programming languages is most vulnerable to buffer overflow attacks?

A.

Perl

B.

C++

C.

Python

D.

Java

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

A.

Physical

B.

Procedural

C.

Technical

D.

Compliance

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

A.

Poly key exchange

B.

Cross certification

C.

Poly key reference

D.

Cross-site exchange

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

A.

Fast processor to help with network traffic analysis

B.

They must be dual-homed

C.

Similar RAM requirements

D.

Fast network interface cards

Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?

A.

Port scanning

B.

Banner grabbing

C.

Injecting arbitrary data

D.

Analyzing service response

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

A.

Sarbanes-Oxley Act (SOX)

B.

Gramm-Leach-Bliley Act (GLBA)

C.

Fair and Accurate Credit Transactions Act (FACTA)

D.

Federal Information Security Management Act (FISMA)

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

A.

Say no; the friend is not the owner of the account.

B.

Say yes; the friend needs help to gather evidence.

C.

Say yes; do the job for free.

D.

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Which of the following are variants of mandatory access control mechanisms? (Choose two.)

A.

Two factor authentication

B.

Acceptable use policy

C.

Username / password

D.

User education program

E.

Sign in register

An NMAP scan of a server shows port 25 is open. What risk could this pose?

A.

Open printer sharing

B.

Web portal data leak

C.

Clear text authentication

D.

Active mail relay