Topic 1: Exam Pool A
A network admin contacts you. He is concerned that ARP spoofing or poisoning might
occur on his network. What are some things he can do to prevent it? Select the best
answers.
A.
Use port security on his switches.
B.
Use a tool like ARPwatch to monitor for strange ARP activity.
C.
Use a firewall between all LAN segments.
D.
If you have a small network, use static ARP entries.
E.
Use only static IP addresses on all PC's.
Use port security on his switches.
Use a tool like ARPwatch to monitor for strange ARP activity.
If you have a small network, use static ARP entries.
Peter is surfing the internet looking for information about DX Company. Which hacking
process is Peter doing?
A.
Scanning
B.
Footprinting
C.
Enumeration
D.
System Hacking
Footprinting
Which type of security feature stops vehicles from crashing through the doors of a building?
A.
Bollards
B.
Receptionist
C.
Mantrap
D.
Turnstile
Bollards
What term describes the amount of risk that remains after the vulnerabilities are classified
and the countermeasures have been deployed?
A.
Residual risk
B.
Impact risk
C.
Deferred risk
D.
Inherent risk
Residual risk
Explanation:
https://en.wikipedia.org/wiki/Residual_risk
The residual risk is the risk or danger of an action or an event, a method or a (technical)
process that, although being abreast with science, still conceives these dangers, even if all
theoretically possible safety measures would be applied (scientifically conceivable
measures); in other words, the amount of risk left over after natural or inherent risks have
been reduced by risk controls.
· Residual risk = (Inherent risk) – (impact of risk controls)
Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the
Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?
A.
This is a scam as everybody can get a @yahoo address, not the Yahoo customer
service employees.
B.
This is a scam because Bob does not know Scott.
C.
Bob should write to scottmelby@yahoo.com to verify the identity of Scott.
D.
This is probably a legitimate message as it comes from a respectable organization.
This is a scam as everybody can get a @yahoo address, not the Yahoo customer
service employees.
Which of the following algorithms can be used to guarantee the integrity of messages being
sent, in transit, or stored?
A.
symmetric algorithms
B.
asymmetric algorithms
C.
hashing algorithms
D.
integrity algorithms
hashing algorithms
You are tasked to perform a penetration test. While you are performing information
gathering, you find an employee list in Google. You find the receptionist’s email, and you
send her an email changing the source email to her boss’s email (boss@company). In this
email, you ask for a pdf with information. She reads your email and sends back a pdf with
links. You exchange the pdf links with your malicious links (these links contain malware)
and send back the modified pdf, saying that the links don’t work. She reads your email,
opens the links, and her machine gets infected. You now have access to the company
network. What testing method did you use?
A.
Social engineering
B.
Piggybacking
C.
Tailgating
D.
Eavesdropping
Social engineering
Explanation:
Social engineering is the term used for a broad range of malicious activities accomplished
through human interactions. It uses psychological manipulation to trick users into making
security mistakes or giving away sensitive information.
Social engineering attacks typically involve some form of psychological manipulation,
fooling otherwise unsuspecting users or employees into handing over confidential or
sensitive data. Commonly, social engineering involves email or other communication that
invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly
reveal sensitive information, click a malicious link, or open a malicious file. Because social
engineering involves a human element, preventing these attacks can be tricky for
enterprises.
What two conditions must a digital signature meet?
A.
Has to be the same number of characters as a physical signature and must be unique.
B.
Has to be unforgeable, and has to be authentic.
C.
Must be unique and have special characters
D.
Has to be legible and neat
Has to be unforgeable, and has to be authentic.
The company ABC recently contracts a new accountant. The accountant will be working
with the financial statements. Those financial statements need to be approved by the CFO
and then they will be sent to the accountant but the CFO is worried because he wants to be
sure that the information sent to the accountant was not modified once he approved it.
Which of the following options can be useful to ensure the integrity of the data?
A.
The CFO can use a hash algorithm in the document once he approved the financial
statements
B.
The CFO can use an excel file with a password
C.
The financial statements can be sent twice, one by email and the other delivered in USB
and the accountant can compare both to be sure is the same document
D.
The document can be sent to the accountant using an exclusive USB for that document
The CFO can use a hash algorithm in the document once he approved the financial
statements
You need to deploy a new web-based software package for your organization. The
package requires three separate servers and needs to be available on the Internet. What is
the recommended architecture in terms of server placement?
A.
All three servers need to be placed internally
B.
A web server facing the Internet, an application server on the internal network, a
database server on the internal network
C.
A web server and the database server facing the Internet, an application server on the
internal network
D.
All three servers need to face the Internet so that they can communicate between
themselves
A web server facing the Internet, an application server on the internal network, a
database server on the internal network
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From
your office in New York, you craft a specially formatted email message and send it across
the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of
your test. Your email message looks like this:
From: jim_miller@companyxyz.com
To: michelle_saunders@companyxyz.com Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ’s email gateway doesn’t prevent what?
A.
Email Masquerading
B.
Email Harvesting
C.
Email Phishing
D.
Email Spoofing
Email Spoofing
Explanation:
Email spoofing is the fabrication of an email header in the hopes of duping the recipient into
thinking the email originated from someone or somewhere other than the intended source.
Because core email protocols do not have a built-in method of authentication, it is common
for spam and phishing emails to use said spoofing to trick the recipient into trusting the
origin of the message.
The ultimate goal of email spoofing is to get recipients to open, and possibly even respond
to, a solicitation. Although the spoofed messages are usually just a nuisance requiring little
action besides removal, the more malicious varieties can cause significant problems and
sometimes pose a real security threat.
env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?
A.
Removes the passwd file
B.
Changes all passwords in passwd
C.
Add new user to the passwd file
D.
Display passwd content to prompt
Display passwd content to prompt
| Page 8 out of 48 Pages |
| Previous |