NEW QUESTION 1
What does the –oX flag do in an Nmap scan?

• A. Perform an eXpress scan
• B. Output the results in truncated format to the screen
• C. Output the results in XML format to a file
• D. Perform an Xmas scan

Answer: C

NEW QUESTION 2
Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

• A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111
• B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
• C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet
• D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

Answer: D

NEW QUESTION 3
When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

• A. The amount of time and resources that are necessary to maintain a biometric system
• B. How long it takes to setup individual user accounts
• C. The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information
• D. The amount of time it takes to convert biometric data into a template on a smart card

Answer: C

NEW QUESTION 4
What tool can crack Windows SMB passwords simply by listening to network traffic?

• A. This is not possible
• B. Netbus
• C. NTFSDOS
• D. L0phtcrack

Answer: D

NEW QUESTION 5
The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

• A. Regularly test security systems and processes.
• B. Encrypt transmission of cardholder data across open, public networks.
• C. Assign a unique ID to each person with computer access.
• D. Use and regularly update anti-virus software on all systems commonly affected by malware.

Answer: C

NEW QUESTION 6
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

• A. Error-based SQL injection
• B. Blind SQL injection
• C. Union-based SQL injection
• D. NoSQL injection

Answer: B

NEW QUESTION 7
What is the role of test automation in security testing?

• A. It is an option but it tends to be very expensive.
• B. It should be used exclusivel
• C. Manual testing is outdated because of low speed and possible test setup inconsistencies.
• D. Test automation is not usable in security due to the complexity of the tests.
• E. It can accelerate benchmark tests and repeat them with a consistent test setu
• F. But it cannot replace manual testing completely.

Answer: D

NEW QUESTION 8
A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

• A. Use port security on his switches.
• B. Use a tool like ARPwatch to monitor for strange ARP activity.
• C. Use a firewall between all LAN segments.
• D. If you have a small network, use static ARP entries.
• E. Use only static IP addresses on all PC's.

Answer: ABD

NEW QUESTION 9
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

• A. Libpcap
• B. Awinpcap
• C. Winprom
• D. Winpcap

Answer: D

NEW QUESTION 10
Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

• A. 137 and 139
• B. 137 and 443
• C. 139 and 443
• D. 139 and 445

Answer: D

NEW QUESTION 11
Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

• A. Hardware, Software, and Sniffing.
• B. Hardware and Software Keyloggers.
• C. Passwords are always best obtained using Hardware key loggers.
• D. Software only, they are the most effective.

Answer: A

NEW QUESTION 12
What is the proper response for a NULL scan if the port is open?

• A. SYN
• B. ACK
• C. FIN
• D. PSH
• E. RST
• F. No response

Answer: F

NEW QUESTION 13
These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hackers are we talking about?

• A. Black-Hat Hackers A
• B. Script Kiddies
• C. White-Hat Hackers
• D. Gray-Hat Hacker

Answer: C

NEW QUESTION 14
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

• A. Traceroute
• B. Hping
• C. TCP ping
• D. Broadcast ping

Answer: B

NEW QUESTION 15
What is the main security service a cryptographic hash provides?

• A. Integrity and ease of computation
• B. Message authentication and collision resistance
• C. Integrity and collision resistance
• D. Integrity and computational in-feasibility

Answer: D

NEW QUESTION 16
Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.
If these switches' ARP cache is successfully flooded, what will be the result?

• A. The switches will drop into hub mode if the ARP cache is successfully flooded.
• B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.
• C. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.
• D. The switches will route all traffic to the broadcast address created collisions.

Answer: A

NEW QUESTION 17
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

• A. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
• B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
• C. Symmetric encryption allows the server to security transmit the session keys out-of-band.
• D. Asymmetric cryptography is computationally expensive in compariso
• E. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Answer: A

NEW QUESTION 18
Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

• A. Interceptor
• B. Man-in-the-middle
• C. ARP Proxy
• D. Poisoning Attack

Answer: B

NEW QUESTION 19
What is a NULL scan?

• A. A scan in which all flags are turned off
• B. A scan in which certain flags are off
• C. A scan in which all flags are on
• D. A scan in which the packet size is set to zero
• E. A scan with an illegal packet size

Answer: A

NEW QUESTION 20
What is not a PCI compliance recommendation?

• A. Use a firewall between the public network and the payment card data.
• B. Use encryption to protect all transmission of card holder data over any public network.
• C. Rotate employees handling credit card transactions on a yearly basis to different departments.
• D. Limit access to card holder data to as few individuals as possible.

Answer: C

NEW QUESTION 21
......