Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

A.

She is encrypting the file.

B.

She is using John the Ripper to view the contents of the file.

C.

She is using ftp to transfer the file to another hacker named John.

D.

She is using John the Ripper to crack the passwords in the secret.txt file.

Due to a slowdown of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

A.

All of the employees would stop normal work activities

B.

IT department would be telling employees who the boss is

C.

Not informing the employees that they are going to be monitored could be an invasion of privacy.

D.

The network could still experience traffic slow down.

The "white box testing" methodology enforces what kind of restriction?

A.

The internal operation of a system is completely known to the tester.

B.

Only the external operation of a system is accessible to the tester.

C.

Only the internal operation of a system is known to the tester.

D.

The internal operation of a system is only partly accessible to the tester.

What two conditions must a digital signature meet?

A.

Has to be unforgeable, and has to be authentic.

B.

Has to be legible and neat.

C.

Must be unique and have special characters.

D.

Has to be the same number of characters as a physical signature and must be unique.

Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?

A.

Internal Whitebox

B.

External, Whitebox

C.

Internal, Blackbox

D.

External, Blackbox

Which of the following is a low-tech way of gaining unauthorized access to systems?

A.

Social Engineering

B.

Sniffing

C.

Eavesdropping

D.

Scanning

On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?

A.

Risk Mitigation

B.

Emergency Plan Response (EPR)

C.

Disaster Recovery Planning (DRP)

D.

Business Impact Analysis (BIA)

Which is the first step followed by Vulnerability Scanners for scanning a network?

A.

TCP/UDP Port scanning

B.

Firewall detection

C.

OS Detection

D.

Checking if the remote host is alive

What would you enter, if you wanted to perform a stealth scan using Nmap?

A.

nmap -sU

B.

nmap -sS

C.

nmap -sM

D.

nmap -sT

Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?

A.

Chosen-Cipher text Attack

B.

Ciphertext-only Attack

C.

Timing Attack

D.

Rubber Hose Attack

Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.

What should Bob recommend to deal with such a threat?

A.

The use of security agents in clients’ computers

B.

The use of DNSSEC

C.

The use of double-factor authentication

D.

Client awareness

If an attacker uses the command SELECT*FROM user WHERE name = ‘x’ AND userid IS NULL; --‘; which type of SQL injection attack is the attacker performing?

A.

End of Line Comment

B.

UNION SQL Injection

C.

Illegal/Logically Incorrect Query

D.

Tautology

Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious Java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical Java script. What is the name of this technique to hide the code and extend analysis time?

A.

Encryption

B.

Code encoding

C.

Obfuscation

D.

Steganography

In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

A.

Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

B.

Extraction of cryptographic secrets through coercion or torture.

C.

Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.

D.

A backdoor placed into a cryptographic algorithm by its creator.

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.

Which type of virus detection method did Chandler use in this context?

A.

Heuristic Analysis

B.

Code Emulation

C.

Integrity checking

D.

Scanning