NEW QUESTION 1
You are tasked to perform a penetration test. While you are performinginformation gathering, you find ab employee list in Google. You find receptionist’s email, and you send her an email changing the source email to her boss’s email ( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected.
What testing method did you use?

• A. Piggybacking
• B. Tailgating
• C. Evesdropping
• D. Social engineering

Answer: D

NEW QUESTION 2
The heartland bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2004-1060. Thisbug affects the OpenSSL implementation of the transport Layer security (TLS) protocols defined in RFC6520.
What types of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

• A. Root
• B. Private
• C. Shared
• D. Public

Answer: A

NEW QUESTION 3
Which of the following is an extremelycommon IDS evasion technique in the web world?

• A. post knocking
• B. subnetting
• C. unicode characters
• D. spyware

Answer: C

NEW QUESTION 4
Which of the following is component of a risk assessment?

• A. Logical interface
• B. DMZ
• C. Administrative safeguards
• D. Physical security

Answer: C

NEW QUESTION 5
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

• A. ESP confidential
• B. AH Tunnel mode
• C. ESP transport mode
• D. AH permiscuous

Answer: C

NEW QUESTION 6
Which of the following is a low-tech way of gaining unauthorized access to systems?

• A. Sniffing
• B. Social engineering
• C. Scanning
• D. Eavesdropping

Answer: B

NEW QUESTION 7
env x= ‘(){ :;};echo exploit ‘ bash –c ‘cat/etc/passwd
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?

• A. Add new user to the passwd file
• B. Display passwd contents to prompt
• C. Change all password in passwd
• D. Remove the passwd file.

Answer: B

NEW QUESTION 8
The phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the“landscape” looks like.
What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

• A. Network Mapping
• B. Gaining access
• C. Footprinting
• D. Escalating privileges

Answer: C

NEW QUESTION 9
A company’s Web development team has become aware ofa certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of web application vulnerability likely exists in their software?

• A. Web site defacement vulnerability
• B. SQL injection vulnerability
• C. Cross-site Scripting vulnerability
• D. Cross-site Request Forgery vulnerability

Answer: C

NEW QUESTION 10
You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping but you didn’t get any response back.
What is happening?

• A. TCP/IP doesn’t support ICMP.
• B. ICMP could be disabled on the target server.
• C. The ARP is disabled on the target server.
• D. You need to run the ping command with root privileges.

Answer: A

NEW QUESTION 11
A hacker has successfully infected an internet-facing server, which he will then use to send junk mail, take part incoordinated attacks, or host junk email content.
Which sort of trojan infects this server?

• A. Botnet Trojan
• B. Banking Trojans
• C. Ransomware Trojans
• D. Turtle Trojans

Answer: A

NEW QUESTION 12
When you are getting informationabout a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine.
What nmap script will help you with this task?

• A. http enum
• B. http-git
• C. http-headers
• D. http-methods

Answer: B

NEW QUESTION 13
A common cryptographically tool is the use of XOR. XOR the following binary value: 10110001
00111010

• A. 10001011
• B. 10011101
• C. 11011000
• D. 10111100

Answer: A

NEW QUESTION 14
A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing inconcluding the Operating System (OS) version installed. Considering the NMAP result below, which of the follow is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report
for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80 /tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tec open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

• A. The host is likely a printer.
• B. The host is likely a router.
• C. The host is likely a Linux machine.
• D. The host is likely a Windows machine.

Answer: A

NEW QUESTION 15
Which of the following is designed to indentify malicious attempts to penetrate systems?

• A. Proxy
• B. Router
• C. Firewall
• D. Intrusion Detection System

Answer: D

NEW QUESTION 16
This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attach along with some optimizations like Korek attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
Which of the following tools is being described?

• A. Wificracker
• B. WLAN-crack
• C. Airguard
• D. Aircrack-ng

Answer: D

NEW QUESTION 17
The “Black box testing” methodology enforces which kind of restriction?

• A. Only the external operation of a systemis accessible to the tester
• B. The internal operation of a system is completely known to the tester.
• C. Only the internal operation of a system is known to the tester.
• D. The internal operation of a system is only partly accessible to the tester.

Answer: A

NEW QUESTION 18
You are usingNMAP to resolve domain names into IP addresses for a ping sweep later. Which of the following commands looks for IP addresses?

• A. >host –t ns hackeddomain.com
• B. >host –t AXFR hackeddomain.com
• C. >host –t soa hackeddomain.com
• D. >host –t a hackeddomain.com

Answer: D

NEW QUESTION 19
Which of the following is assured by the use of a hash?

• A. Availability
• B. Confidentiality
• C. Authentication
• D. Integrity

Answer: D