What type of testing procedure involves the tester(s) analyzing the company’s security policy and procedures, and reporting any vulnerabilities to management?
Question 1 options:
penetration test
security test
hacking test
ethical hacking test
Question 2
What term best describes a person who hacks computer systems for political or social reasons?
Question 2 options:
cracktivist
hacktivist
sniffer
script kiddy
Question 3
What security certification did the “The International Council of Electronic Commerce Consultants” (EC-Council) develop?
Question 3 options:
Security+
OSSTMM Professional Security Tester (OPST)
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
Question 4
Penetration testers and security testers need technical skills to perform their duties effectively.
Question 4 options:
True
False
Question 5
If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals?
Question 5 options:
pen team
blue team
red team
security team
Question 6
Penetration testing can create ethical, technical, and privacy concerns for a company’s management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?
Question 6 options:
create a contractual agreement
create a lab demonstration
create a virtual demonstration
create a slide presentation
Question 7
What organization disseminates research documents on computer and network security worldwide at no cost?
Question 7 options:
EC-Council
SANS
ISECOM
ISC2
Question 8
Even though the Certified Information Systems Security Professional (CISSP) certification is not geared toward the technical IT professional, it has become one of the standards for many security professionals.
Question 8 options:
True
False
Question 9
Port scanning is a noninvasive, nondestructive, and legal testing procedure that is protected by federal law.
Question 9 options:
True
False
Question 10
What name is given to people who break into computer systems with the sole purpose to steal or destroy data?
Question 10 options:
packet monkeys
crackers
script kiddies
bots
Question 11
What penetration model should be used when a company’s management team does not wish to disclose that penetration testing is being conducted?
Question 11 options:
black box
white box
red box
silent box
Question 12
What type of laws should a penetration tester or student learning hacking techniques be aware of?
Question 12 options:
local
state
federal
all of the above
Question 13
What derogatory title do experienced hackers, who are skilled computer operators, give to inexperienced hackers?
Question 13 options:
script kiddies
repetition monkeys
packet sniffers
crackers
Question 14
In the TCP/IP stack, what layer is concerned with physically moving bits across the network’s medium?
Question 14 options:
Internet
Network
Transport
Application
Question 15
What layer, in the TCP/IP protocol stack, is responsible for encapsulating data into segments?
Question 15 options:
Transport layer
Internet layer
Application layer
Network layer
Question 16
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?
Question 16 options:
Internet
Network
Transport
Application
Question 17
How many host computers can be assigned a valid IPv4 address when using a CIDR /24 prefix?
Question 17 options:
254
512
65,000
16 million
Question 18
What port does the Trivial File Transfer Protocol, or TFTP service use?
Question 18 options:
25
53
69
80
Question 19
What does the acronym TCP represent?
Question 19 options:
Transfer Control Protocol
Transmission Control Protocol
Transfer Congestion Protocol
The Control Protocol
Question 20
What port does the Hypertext Transfer Protocol, or HTTP service use?
Question 20 options:
25
53
69
80
Question 21
What type of network attack relies on guessing a TCP header’s initial sequence number, or ISN?
Question 21 options:
ARP spoofing
Session hijacking
DoS
Man-in-the-middle
Question 22
A hex number is written with two characters, each representing a byte.
Question 22 options:
True
False
Question 23
What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity?
Question 23 options:
ISN
IP
port
SYN
Question 24
In the TCP/IP stack, the Transport layer includes network services and client software.
Question 24 options:
True
False
Question 25
To retrieve e-mail from a mail server, you most likely access port 119.
Question 25 options:
True
False
Question 26
What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?
Question 26 options:
Internet
Network
Transport
Application
Question 27
Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?
Question 27 options:
signatures
heuristics
macros
bots
Question 28
The virus signature file is maintained by what type of software?
Question 28 options:
antivirus
keylogger
remote control
firewall
Question 29
When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?
Question 29 options:
viruses
zombies
macros
cyborgs
Question 30
What type of malicious program cannot stand on its own and can replicate itself through an executable program attached to an e-mail?
Question 30 options:
shell
virus
keylogger
rootkit
Question 31
What type of virus is used to lock a user’s system, or cloud accounts until the system’s owner complies by paying the attacker a monetary fee?
Question 31 options:
keylogger
rootkit
ransomware
macro
Question 32
The acronym IDS stands for which of the following?
Question 32 options:
Intrusion Detection System
Information Dissemination System
Information Destruction System
Intruder Dispersal System
Question 33
Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?
Question 33 options:
Host security
Server security
Computer security
Network security
Question 34
Which of the following physical security methods provides the ability to secure a company’s assets and document any individuals physical time of entry?
Question 34 options:
rotary locks
combination locks
card access
deadbolt locks
Question 35
Whitelisting allows only approved programs to run on a computer.
Question 35 options:
True
False
Question 36
What type of malicious procedure involves using sniffing tools to capture network communications to intercept confidential information or gather credentials that can be used to extend the attack?
Question 36 options:
eavesdropping
overflowing
injecting
capturing
Question 37
Which type of attack is being carried out when an attacker joins a TCP session and makes both parties think he or she is the other party?
Question 37 options:
A DoS attack
Ping of Death
A buffer overflow attack
Session hijacking
Question 38
A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?
Question 38 options:
virus
Trojan
worm
shell
Question 39
A computer hacker may use a phishing e-mail to lure a user into following a malicious link. What type of technique is being used by the computer hacker?
Question 39 options:
mail fraud
heuristics
ransoming
social engineering
Question 40
Which type of program can mitigate some risks associated with malware?
Question 40 options:
shells
bots
antivirus
rootkits
Recent Comments