NEW QUESTION 1
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shallscript files, and the third is a binary file is named “nc.” The FTP server’s access logs show that the anonymous user account logged in the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function providedby the FTP server’s software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port.
Which kind of vulnerability must be present to make this remote attack possible?

• A. Filesystem permissions
• B. Brute Force Login
• C. Privilege Escalation
• D. Directory Traversal

Answer: D

NEW QUESTION 2
You’ve just been hired to perform a pentest on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk.
What is one of the first thing you should to when the job?

• A. Start the wireshark application to start sniffing network traffic.
• B. Establish attribution to suspected attackers.
• C. Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.
• D. Interview all employees in the company to rule out possible insider threats.

Answer: C

NEW QUESTION 3
Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website byinserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known toincorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.
What type of attack is outlined in the scenario?

• A. Watering Hole Attack
• B. Spear Phising Attack
• C. Heartbleed Attack
• D. Shellshock Attack

Answer: A

NEW QUESTION 4
What is the benefit of performing an unannounced Penetration Testing?

• A. The tester will have an actual security posture visibility of thetarget network.
• B. The tester could not provide an honest analysis.
• C. Network security would be in a “best state” posture.
• D. It is best to catch critical infrastructure unpatched.

Answer: A

NEW QUESTION 5
Which of the following is the BEST way to defend against network sniffing?

• A. Using encryption protocols to secure network communications
• B. Restrict Physical Access to Server Rooms hosting Critical Servers
• C. Use Static IP Address
• D. Register all machines MAC Address in a centralized Database

Answer: A

NEW QUESTION 6
Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening port on the targeted system.
If a scanned port is open, what happens?

• A. The port will ignore the packets.
• B. The port will send an RST.
• C. The port will send an ACK.
• D. The port will send a SYN.

Answer: A

NEW QUESTION 7
An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, digital Subscriber Line (DSL), wireless data services, and virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is most likely able to handle this requirement?

• A. DIAMETER
• B. Kerberos
• C. RADIUS
• D. TACACS+

Answer: D

NEW QUESTION 8
An incident investigator asks to receive a copy of the event from all firewalls, prosy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs the sequence of many of the logged events do not match up.
What is the most likely cause?

• A. The network devices are not all synchronized
• B. The securitybreach was a false positive.
• C. The attack altered or erased events from the logs.
• D. Proper chain of custody was not observed while collecting the logs.

Answer: C

NEW QUESTION 9
Your company performs penetration tests and security assessments for small and medium-
sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?

• A. Copy the data to removable media and keep it in case you need it.
• B. Ignore the data and continue the assessment until completed as agreed.
• C. Confront theclient on a respectful manner and ask her about the data.
• D. Immediately stop work and contact the proper legal authorities.

Answer: D

NEW QUESTION 10
As a Certified Ethical hacker, you were contracted by aprivate firm to conduct an external security assessment through penetration testing.
What document describes the specified of the testing, the associated violations, and essentially protects both the organization’s interest and your li abilities as a tester?

• A. Term of Engagement
• B. Non-Disclosure Agreement
• C. Project Scope
• D. Service Level Agreement

Answer: B

NEW QUESTION 11
When you are collecting information to perform a dataanalysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation.
What command will help you to search files using Google as a search engine?

• A. site:target.com file:xls username password email
• B. domain: target.com archive:xls username password email
• C. site: target.com filetype:xls username password email
• D. inurl: target.com filename:xls username password email

Answer: C

NEW QUESTION 12
You are performing a penetration test. You achieved access via a bufferoverflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account.
What should you do?

• A. Do not transfer the money but steal the bitcoins.
• B. Report immediately to the administrator.
• C. Transfer money from the administrator’s account to another account.
• D. Do not report it and continue the penetration test.

Answer: B

NEW QUESTION 13
You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do this fast and efficiently you must user regular expressions.
Which command-line utility are you most likely to use?

• A. Notepad
• B. MS Excel
• C. Grep
• D. Relational Database

Answer: C

NEW QUESTION 14
What does a firewall check to prevent particularports and applications from getting packets into an organizations?

• A. Transport layer port numbers and application layer headers
• B. Network layer headers and the session layer port numbers
• C. Application layer port numbers and the transport layer headers
• D. Presentation layer headers and the session layer port numbers

Answer: A

NEW QUESTION 15
You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System.
What is the best approach?

• A. Install and use Telnet to encrypt all outgoing traffic from this server.
• B. Install Cryptcat and encrypt outgoing packets from this server
• C. Use Alternate Data Streams to hide the outgoing packets from this server.
• D. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.

Answer: A

NEW QUESTION 16
Perspective clients wantto see sample reports from previous penetration tests. What should you do next?

• A. Share full reports, not redacted.
• B. Share full reports, with redacted.
• C. Decline but, provide references.
• D. Share reports, after NDA is signed.

Answer: B

NEW QUESTION 17
What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

• A. Inherent Risk
• B. ResidualRisk
• C. Deferred Risk
• D. Impact Risk

Answer: B

NEW QUESTION 18
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark,and EtherPeek?

• A. Nessus
• B. Tcptraceroute
• C. Tcptrace
• D. OpenVAS

Answer: C

NEW QUESTION 19
A company’s security states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

• A. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
• B. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
• C. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
• D. Attempts by attacks to access the user and password information stores in the company's SQL database.

Answer: C