Save Time & improve Grades
- Questions Asked
- Experts
- Total Answered
Start Excelling in your courses, Ask an Expert and get answers for your homework and assignments!!
Computer Science homework help
Computer Science homework help
__________ is the exploitation of an organization's telephone, dial, and private branch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources.
|
|
|
a. War driving |
|
|
|
b. Line dialing |
|
|
|
c. PBX driving |
|
|
|
d. War dialing |
|
Question 2 |
|
1 / 1 point |
__________ cryptography is the most common method on the Internet for authenticating a message sender or encrypting a message.
|
|
|
a. Symmetric |
|
|
|
b. Hash-based |
|
|
|
c. Private-key |
|
|
|
d. Public-key |
|
Question 3 |
|
1 / 1 point |
__________ is a lightweight Knoppix version cut to 50 MB for a business-card-sized CD.
|
|
|
a. Gnoppix |
|
|
|
b. GeeXboX |
|
|
|
c. Morphix |
|
|
|
d. Damn Small Linux |
|
Question 4 |
|
1 / 1 point |
The __________ utility tests the integrity of an ODBC data source.
|
|
|
a. odbcping |
|
|
|
b. ASPRunner |
|
|
|
c. FlexTracer |
|
|
|
d. DbEncrypt |
|
Question 5 |
|
1 / 1 point |
In the TCP/IP stack, the __________ layer is where applications and protocols, such as HTTP and Telnet, operate.
|
|
|
a. Internet |
|
|
|
b. network |
|
|
|
c. transport |
|
|
|
d. application |
|
Question 6 |
|
1 / 1 point |
Attackers can use a simple test to find out if an application is vulnerable to an OLE DB error. They can fill in the username and password fields with __________.
|
|
|
a. a pound sign |
|
|
|
b. two dashes |
|
|
|
c. a single quotation mark |
|
|
|
d. double quotes |
|
Question 7 |
|
1 / 1 point |
__________ allow attackers to pass malicious code to different systems via a web application.
|
|
|
a. SQL injection attacks |
|
|
|
b. XSS vulnerabilities |
|
|
|
c. Authentication hijacking attacks |
|
|
|
d. Command injection flaws |
|
Question 8 |
|
1 / 1 point |
A __________ is a trusted entity that signs certificates and can vouch for the identity of the user and the user's public key.
|
|
|
a. verification authority |
|
|
|
b. certification authority |
|
|
|
c. validation authority |
|
|
|
d. registration authority |
|
Question 9 |
|
1 / 1 point |
Null sessions require access to TCP port __________.
|
|
|
a. 139 |
|
|
|
b. 141 |
|
|
|
c. 345 |
|
|
|
d. 349 |
|
Question 10 |
|
1 / 1 point |
__________ is a command-line utility provided by Microsoft with SQL Server 2000 (and Microsoft SQL Server 2000 Desktop Engine) that allows users to issue queries to the server.
|
|
|
a. ODBC |
|
|
|
b. SQLP |
|
|
|
c. OSQL |
|
|
|
d. SSRS |
|
Question 11 |
|
1 / 1 point |
The __________ file is used to determine which TTY devices the root user is allowed to log in to.
|
|
|
a. /usr/securetty |
|
|
|
b. /etc/securetty |
|
|
|
c. /var/securetty |
|
|
|
d. /home/securetty |
|
Question 12 |
|
1 / 1 point |
__________ can monitor a Simple Mail Transfer Protocol (SMTP) server regularly after connecting to it.
|
|
|
a. CheckOK |
|
|
|
b. SMTPCheck |
|
|
|
c. SMTPMon |
|
|
|
d. SLCheck |
|
Question 13 |
|
1 / 1 point |
__________ is a method of gaining access to sensitive data in a Bluetooth-enabled device.
|
|
|
a. Bluebugging |
|
|
|
b. Bluesnarfing |
|
|
|
c. BTKeylogging |
|
|
|
d. Blueprinting |
|
Question 14 |
|
1 / 1 point |
__________ is a simple form of attack aimed directly at the application's business logic.
|
|
|
a. Authentication hijacking |
|
|
|
b. Parameter tampering |
|
|
|
c. Cookie poisoning |
|
|
|
d. Session poisoning |
|
Question 15 |
|
1 / 1 point |
Once the Oracle database server has been traced, the first port of call is made to the __________ listener.
|
|
|
a. SQL |
|
|
|
b. TNS |
|
|
|
c. TCP |
|
|
|
d. PL/SQL |
|
Question 16 |
|
1 / 1 point |
__________ is a common and easy form of SQL injection. The technique involves evading the logon forms.
|
|
|
a. Command injection |
|
|
|
b. SELECT bypass |
|
|
|
c. INSERT injection |
|
|
|
d. Authorization bypass |
|
Question 17 |
|
1 / 1 point |
__________ gathering is the process of accumulating information from resources like the Internet that can later be analyzed as business intelligence.
|
|
|
a. Competitive intelligence |
|
|
|
b. Tracerouting |
|
|
|
c. Passive information |
|
|
|
d. Footprinting |
|
Question 18 |
|
1 / 1 point |
__________, formerly called AppTapp, is a tool for jailbreaking and installing nonsanctioned third-party applications on the iPhone.
|
|
|
a. iFuntastic |
|
|
|
b. iNdependence |
|
|
|
c. iActivator |
|
|
|
d. AppSnapp |
|
Question 19 |
|
1 / 1 point |
Firefox 2.0.0.11 cannot correctly interpret single quotation marks and spaces during authentication. This is called the __________ value of an authentication header.
|
|
|
a. registration |
|
|
|
b. site |
|
|
|
c. domain |
|
|
|
d. realm |
|
Question 20 |
|
1 / 1 point |
Private data stored by Firefox can be quickly deleted by selecting __________ in the Tools menu.
|
|
|
a. Clear History |
|
|
|
b. Clear Private Data |
|
|
|
c. Delete Private Data |
|
|
|
d. Delete History |
|
Question 21 |
|
1 / 1 point |
A(n) __________ is a custom command in Linux that is a substitute for a formal command string.
|
|
|
a. user string |
|
|
|
b. system link |
|
|
|
c. alias |
|
|
|
d. link |
|
Question 22 |
|
1 / 1 point |
A __________ is a device that cannot function in any capacity.
|
|
|
a. block |
|
|
|
b. brick |
|
|
|
c. rock |
|
|
|
d. cage |
|
Question 23 |
|
0 / 1 point |
__________ involves plotting the tables in the database.
|
|
|
a. Database enumeration |
|
|
|
b. Database footprinting |
|
|
|
c. Table footprinting |
|
|
|
d. Table enumeration |
|
Question 24 |
|
1 / 1 point |
A __________ is a device that receives digital signals and converts them into analog signals, and vice versa.
|
|
|
a. firewall |
|
|
|
b. proxy |
|
|
|
c. hub |
|
|
|
d. modem |
|
Question 25 |
|
1 / 1 point |
Which of the following types of tools would be most effective in cracking UNIX passwords?
|
|
|
a. Ophcrack |
|
|
|
b. KerbCrack |
|
|
|
c. John the Ripper |
|
|
|
d. RainbowCrack |
|
Question 26 |
|
1 / 1 point |
SQL Server, like other databases, delimits queries with a __________.
|
|
|
a. colon |
|
|
|
b. period |
|
|
|
c. semicolon |
|
|
|
d. comma |
|
Question 27 |
|
1 / 1 point |
__________ is a unique 15- or 17-digit code used to identify a mobile station to a GSM network.
|
|
|
a. IMEI |
|
|
|
b. SIMID |
|
|
|
c. SIM |
|
|
|
d. PhoneID |
|
Question 28 |
|
1 / 1 point |
Which of the following password attacks is conducted using nontechnical means?
|
|
|
a. hybrid |
|
|
|
b. brute force |
|
|
|
c. social engineering |
|
|
|
d. rainbow tables |
|
Question 29 |
|
1 / 1 point |
In __________-level hijacking, the attacker obtains the session IDs to get control of an existing session or to create a new, unauthorized session.
|
|
|
a. network |
|
|
|
b. data link |
|
|
|
c. transport |
|
|
|
d. application |
|
Question 30 |
|
1 / 1 point |
Which of the tools listed below can be used to execute code on remote Windows systems?
|
|
|
a. X.exe |
|
|
|
b. PsExec |
|
|
|
c. Rsync |
|
|
|
d. Ghost |
|
Question 31 |
|
1 / 1 point |
Kaspersky is used as __________.
|
|
|
a. a hacking tool against PDAs |
|
|
|
b. a hacking tool against IPHONEs |
|
|
|
c. a hacking tool against IPODs |
|
|
|
d. an antivirus for Windows Mobile |
|
Question 32 |
|
1 / 1 point |
__________ viruses search all drives and connected network shares to locate files with an EXE or SCR extension.
|
|
|
a. W32/Madang-Fam |
|
|
|
b. W32/Hasnot-A |
|
|
|
c. W32/Fujacks-AK |
|
|
|
d. W32/Fujacks-E |
|
Question 33 |
|
1 / 1 point |
What is the difference between online and offline password attacks?
|
|
|
a. Online attacks are conducted against people using the Internet, and offline attacks are conducted against people on private networks. |
|
|
|
b. Online attacks target passwords or their representations as they traverse a network, and offline attacks focus on stored passwords. |
|
|
|
c. Online attacks are used to gain access to systems, and offline attacks are used to knock systems off the network. |
|
|
|
d. Offline attacks target passwords or their representations as they traverse a network, and online attacks focus on stored passwords. |
|
Question 34 |
|
0 / 1 point |
__________ synchronizes the information between a Palm device and a desktop PC.
|
|
|
a. HotSync |
|
|
|
b. ActiveSync |
|
|
|
c. PocketSync |
|
|
|
d. PalmSync |
|
Question 35 |
|
1 / 1 point |
__________ is a type of computer architecture in which multiple processors share the same memory and are each assigned different tasks to perform.
|
|
|
a. Xcode |
|
|
|
b. Multitasking |
|
|
|
c. Cocoa |
|
|
|
d. Symmetric multiprocessing |
|
Question 36 |
|
1 / 1 point |
__________ hackers are information security professionals who specialize in evaluating, and defending against, threats from attackers.
|
|
|
a. Gray-hat |
|
|
|
b. Black-hat |
|
|
|
c. Consulting |
|
|
|
d. Ethical |
|
Question 37 |
|
1 / 1 point |
An __________ share is a hidden share that allows communication between two processes on the same system.
|
|
|
a. SMC |
|
|
|
b. IPC |
|
|
|
c. EPC |
|
|
|
d. SMB |
|
Question 38 |
|
1 / 1 point |
The __________ method appends data in the URL field.
|
|
|
a. POST |
|
|
|
b. GET |
|
|
|
c. APPEND |
|
|
|
d. URL |
|
Question 39 |
|
1 / 1 point |
__________ is a lightweight substitute for telnet that enables the execution of processes on other systems, eliminating the need for manual installation of client software.
|
|
|
a. PsExec |
|
|
|
b. Alchemy Remote Executor |
|
|
|
c. Emsa FlexInfo Pro |
|
|
|
d. RemoteApp |
|
Question 40 |
|
1 / 1 point |
__________ is a back-end GPL tool that works directly with any RFID ISO-reader to make the content stored on the RFID tags accessible.
|
|
|
a. RFDump |
|
|
|
b. RFReader |
|
|
|
c. RFReceiver |
|
|
|
d. RFExplorer |
|
Question 41 |
|
1 / 1 point |
__________ is a parallelized login cracker that supports numerous protocols for attack.
|
|
|
a. ADMsnmp |
|
|
|
b. SING |
|
|
|
c. Hydra |
|
|
|
d. John the Ripper |
|
Question 42 |
|
1 / 1 point |
IT __________ are designed to evaluate an organization's security policies and procedures.
|
|
|
a. ping sweeps |
|
|
|
b. vulnerability assessments |
|
|
|
c. penetration tests |
|
|
|
d. security audits |
|
Question 43 |
|
1 / 1 point |
__________ is the act of gathering information about the security profile of a computer system or organization, undertaken in a methodological manner.
|
|
|
a. Tracerouting |
|
|
|
b. Passive information gathering |
|
|
|
c. Footprinting |
|
|
|
d. Competitive intelligence gathering |
|
Question 44 |
|
1 / 1 point |
__________ is a command-line interface for Microsoft SQL Server that allows an attacker to execute commands on the underlying operating system, execute SQL queries, and upload files to a remote server.
|
|
|
a. SQLExec |
|
|
|
b. Absinthe |
|
|
|
c. Sqlninja |
|
|
|
d. SQLSmack |
|
Question 45 |
|
1 / 1 point |
__________ occurs when hackers break into government or corporate computer systems as an act of protest.
|
|
|
a. Hacktivism |
|
|
|
b. Cyber terrorism |
|
|
|
c. Cybercrime |
|
|
|
d. Suicide hacking |
|
Question 46 |
|
1 / 1 point |
Mac OS X includes __________, a collection of frameworks, APIs, and accompanying runtimes that allows for a host of open-source web, database, scripting, and development technologies.
|
|
|
a. Cocoa |
|
|
|
b. Coffee |
|
|
|
c. Bean |
|
|
|
d. Xcode |
|
Question 47 |
|
1 / 1 point |
__________ is usually employed when the attacker discerns that there is a low probability that these reconnaissance activities will be detected.
|
|
|
a. Social engineering |
|
|
|
b. Direct information gathering |
|
|
|
c. Active reconnaissance |
|
|
|
d. Inactive reconnaissance |
|
Question 48 |
|
1 / 1 point |
__________ is a programming language that permits website designers to run applications on the user's computer.
|
|
|
a. Java |
|
|
|
b. Ruby |
|
|
|
c. Python |
|
|
|
d. Smalltalk |
|
Question 49 |
|
1 / 1 point |
_________ hijacking is a hacking technique that uses spoofed packets to take over a connection between a victim and a target machine.
|
|
|
a. ACK |
|
|
|
b. Blind |
|
|
|
c. TCP/IP |
|
|
|
d. Network-level |
|
Question 50 |
|
1 / 1 point |
In order for traffic to get back to the attacker during session hijacking, a process called __________ is used that allows the sender to specify a particular route for the IP packet to take to the destination.
|
|
|
a. desynchronization |
|
|
|
b. source routing |
|
|
|
c. spoofing |
|
|
|
d. TCP routing |
|
Question 51 |
|
1 / 1 point |
__________ is a worm for Windows XP that downloads and executes malicious files on the compromised computer and spreads through removable storage devices.
|
|
|
a. HTTP W32.Drom |
|
|
|
b. W32/VBAut-B |
|
|
|
c. W32/QQRob-ADN |
|
|
|
d. W32/SillyFDC-BK |
|
Question 52 |
|
1 / 1 point |
The Java-based __________ worm spreads through Bluetooth and affects unprotected Mac OS X 10.4 systems.
|
|
|
a. OSX/Leap-A |
|
|
|
b. AppHook.B |
|
|
|
c. Inqtana.A |
|
|
|
d. BTHook-A |
|
Question 53 |
|
1 / 1 point |
__________ is a virus targeted against mobile personal digital assistant devices.
|
|
|
a. Skulls |
|
|
|
b. Brador |
|
|
|
c. Doomboot.A |
|
|
|
d. Podloso |
|
Question 54 |
|
1 / 1 point |
The __________ stores confidential information that is accessible only from inside the organization.
|
|
|
a. public website |
|
|
|
b. confidential website |
|
|
|
c. private website |
|
|
|
d. external website |
|
Question 55 |
|
1 / 1 point |
__________ is the unauthorized alteration of routing tables.
|
|
|
a. Route poisoning |
|
|
|
b. Routing table spoofing |
|
|
|
c. Routing table poisoning |
|
|
|
d. Route spoofing |
|
Question 56 |
|
1 / 1 point |
__________ automatically scans a computer, looking for cookies created by Internet Explorer, Mozilla Firefox, and Netscape Navigator, and then displays the data stored in each one.
|
|
|
a. Cookie Viewer |
|
|
|
b. Cookie Explorer |
|
|
|
c. Cookie Browser |
|
|
|
d. Cookie Manager |
|
Question 57 |
|
1 / 1 point |
__________ is a tool that administrators can use to test the reliability of their critical systems and determine what actions they must take to fix any problems.
|
|
|
a. DbEncrypt |
|
|
|
b. AppDetective |
|
|
|
c. Selective Audit |
|
|
|
d. AppRadar |
|
Question 58 |
|
1 / 1 point |
The __________ script allows a remote user to view the code of server-side scripts.
|
|
|
a. Showlogin.asp |
|
|
|
b. Showcode.asp |
|
|
|
c. RemoteAccess.asp |
|
|
|
d. Remotelogin.asp |
|
Question 59 |
|
1 / 1 point |
__________ is a method in which a sniffer is used to track down a conversation between two users.
|
|
|
a. A man-in-the-middle (MITM) attack |
|
|
|
b. Session hijacking |
|
|
|
c. IP spoofing |
|
|
|
d. Network tapping |
|
Question 60 |
|
1 / 1 point |
__________ is a small utility that lists all USB devices currently connected to a computer, as well as all previously used USB devices.
|
|
|
a. MyUSBOnly |
|
|
|
b. USB Blocker |
|
|
|
c. USB CopyNotify! |
|
|
|
d. USBDeview |
|
Question 61 |
|
1 / 1 point |
After gaining access, what is the attacker's next goal?
|
|
|
a. Cover their tracks. |
|
|
|
b. Start denial-of-service attacks. |
|
|
|
c. Find ways to maintain access. |
|
|
|
d. None of the above. |
|
Question 62 |
|
1 / 1 point |
__________ is an HTTP authentication brute-force program. It attempts to guess passwords for basic HTTP authentication by logging in to a web server.
|
|
|
a. Authforce |
|
|
|
b. ObiWaN |
|
|
|
c. Hydra |
|
|
|
d. Cain & Abel |
|
Question 63 |
|
1 / 1 point |
__________ record the parts of the website visited and can contain identifying information.
|
|
|
a. Logs |
|
|
|
b. Records |
|
|
|
c. Cookies |
|
|
|
d. Certificates |
|
Question 64 |
|
1 / 1 point |
Web applications have a three-layered architecture consisting of presentation, logic, and __________.
|
|
|
a. application |
|
|
|
b. data layers |
|
|
|
c. transport |
|
|
|
d. HTTP |
|
Question 65 |
|
1 / 1 point |
__________ is a Linux security feature that enables a user to choose the directory that an application can access.
|
|
|
a. Chroot |
|
|
|
b. Sandbox |
|
|
|
c. Jailroot |
|
|
|
d. Rootjail |
|
Question 66 |
|
1 / 1 point |
There are several aspects to security, and the owner of a system should have confidence that the system will behave according to its specifications. This is called __________.
|
|
|
a. confidentiality |
|
|
|
b. reusability |
|
|
|
c. accountability |
|
|
|
d. assurance |
|
Question 67 |
|
1 / 1 point |
The __________ command displays the ARP table and is used to modify it.
|
|
|
a. ifconfig -arp |
|
|
|
b. arp-table |
|
|
|
c. netstat -arp |
|
|
|
d. arp |
|
Question 68 |
|
0 / 1 point |
__________ detects and monitors Bluetooth devices in a wireless network. It provides information about the features of each device and the services provided by it.
|
|
|
a. Bluetooth Network Scanner |
|
|
|
b. BlueFire Mobile Security |
|
|
|
c. BlueAuditor |
|
|
|
d. BlueWatch |
|
Question 69 |
|
1 / 1 point |
Which of the following statements best describes a penetration test?
|
|
|
a. A penetration test is using a password cracker to gain access to a system. |
|
|
|
b. A penetration test is an attempt to simulate methods used by attackers to gain unauthorized access to a computer system. |
|
|
|
c. A penetration test is the act of hacking computer systems; it is used by criminals to attack legitimate organizations. |
|
|
|
d. A penetration test is an audit of an organization's security policies and procedures. |
|
Question 70 |
|
1 / 1 point |
Which website can an ethical hacker visit to see web pages from 2002?
|
|
|
a. www.symantec.com |
|
|
|
b. www.archive.org |
|
|
|
c. www.oldwebsites.net |
|
|
|
d. www.historyoftheinternet.com |
|
Question 71 |
|
1 / 1 point |
__________ provides a complete view for monitoring and analyzing activity within USB host controllers, USB hubs, and USB devices.
|
|
|
a. USB PC Lock |
|
|
|
b. USBlyzer |
|
|
|
c. Advanced USB Monitor |
|
|
|
d. Virus Chaser USB |
|
Question 72 |
|
1 / 1 point |
The __________ is due to a canonicalization error in IIS 4.0 and 5.0 that allows an attacker to use malformed URLs to access files and folders located on the logical drive that includes web folders.
|
|
|
a. canonicalization vulnerability |
|
|
|
b. ::$DATA vulnerability |
|
|
|
c. Unicode directory traversal vulnerability |
|
|
|
d. Msw3prt IPP vulnerability |
|
Question 73 |
|
1 / 1 point |
A __________ attack adds numbers or symbols to a dictionary file's contents to crack a password successfully.
|
|
|
a. brute-force |
|
|
|
b. dictionary |
|
|
|
c. hybrid |
|
|
|
d. parameter manipulation |
|
Question 74 |
|
1 / 1 point |
Only __________ scan is valid while scanning a Windows system.
|
|
|
a. SYN |
|
|
|
b. Null |
|
|
|
c. FIN |
|
|
|
d. Xmas |
|
Question 75 |
|
1 / 1 point |
Ethical hackers use their knowledge and skills to __________.
|
|
|
a. learn the details of computer systems and enhance their capabilities |
|
|
|
b. attack government and commercial businesses |
|
|
|
c. develop new programs or reverse-engineer existing software to make it more efficient |
|
|
|
d. defend networks from malicious attackers |
|
Question 76 |
|
1 / 1 point |
Tripwire protects against Trojan horse attacks by __________.
|
|
|
a. blocking the port that the Trojan program is listening on |
|
|
|
b. removing any Trojan horse programs found on the system |
|
|
|
c. detecting unexpected changes to a system utility file that may indicate it had been replaced by a Trojan horse |
|
|
|
d. quarantining any Trojan horse programs discovered on the system |
|
Question 77 |
|
1 / 1 point |
The ISAPI extension responsible for IPP is __________.
|
|
|
a. msisapi.dll |
|
|
|
b. msw3prt.dll |
|
|
|
c. msipp5i.dll |
|
|
|
d. isapiipp.dll |
|
Question 78 |
|
1 / 1 point |
__________ is a protocol used to create, modify, and terminate sessions such as VOIP.
|
|
|
a. SMS |
|
|
|
b. SIP |
|
|
|
c. GSMA |
|
|
|
d. GPRS |
|
Question 79 |
|
1 / 1 point |
A(n) __________ is a specific way to breach the security of an IT system through a vulnerability.
|
|
|
a. hole |
|
|
|
b. exposure |
|
|
|
c. exploit |
|
|
|
d. threat |
|
Question 80 |
|
1 / 1 point |
__________ is a portable, battery-powered device that mediates interactions between RFID readers and RFID tags.
|
|
|
a. RSA blocker tag |
|
|
|
b. RFID Firewall |
|
|
|
c. RFID Guardian |
|
|
|
d. Kill switch |
|
Question 81 |
|
1 / 1 point |
Which of the statements below correctly describes a dictionary attack against passwords?
|
|
|
a. It is an attack that tries every combination of characters until a correct password is identified. |
|
|
|
b. It is an attack that uses a list of words to guess passwords until a correct password is identified. |
|
|
|
c. It is an attack that uses a list of words and appends additional numbers or characters to each word until a correct password is identified. |
|
|
|
d. It is an attack that uses precomputed values until a correct password is identified. |
|
Question 82 |
|
0 / 1 point |
The __________ are the agreed-on guidelines for a penetration test.
|
|
|
a. rules of engagement |
|
|
|
b. project scope statements |
|
|
|
c. test requirements |
|
|
|
d. service-level agreements (SLAs) |
|
Question 83 |
|
1 / 1 point |
The Network News Transport Protocol service uses port __________.
|
|
|
a. 110 |
|
|
|
b. 119 |
|
|
|
c. 135 |
|
|
|
d. 139 |
|
Question 84 |
|
1 / 1 point |
A(n) __________ is the logical, not physical, component of a TCP connection.
|
|
|
a. ISN |
|
|
|
b. socket |
|
|
|
c. port |
|
|
|
d. SYN |
|
Question 85 |
|
1 / 1 point |
__________ reconnaissance is a hacker's attempt to scout for or survey potential targets and then investigate the target using publicly available information.
|
|
|
a. Active |
|
|
|
b. Passive |
|
|
|
c. Public |
|
|
|
d. Open |
|
Question 86 |
|
1 / 1 point |
A __________, also called a packet analyzer, is a software program that can capture, log, and analyze protocol traffic over the network and decode its contents.
|
|
|
a. sniffer |
|
|
|
b. recorder |
|
|
|
c. logger |
|
|
|
d. tapper |
|
Question 87 |
|
1 / 1 point |
__________ is, simply enough, looking through an organization's trash for any discarded sensitive information.
|
|
|
a. Trash diving |
|
|
|
b. Trash carving |
|
|
|
c. Dumpster searching |
|
|
|
d. Dumpster diving |
|
Question 88 |
|
1 / 1 point |
__________ is a secure method of posting data to the database.
|
|
|
a. URL |
|
|
|
b. SQL |
|
|
|
c. GET |
|
|
|
d. POST |
|
Question 89 |
|
1 / 1 point |
How do you defend against privilege escalation?
|
|
|
a. Use encryption to protect sensitive data. |
|
|
|
b. Restrict the interactive logon privileges. |
|
|
|
c. Run services as unprivileged accounts. |
|
|
|
d. Run users and applications on the least privileges. |
|
Question 90 |
|
1 / 1 point |
When an ethical hacker uses nslookup, which protocol are they querying?
|
|
|
a. DNS |
|
|
|
b. HTTPS |
|
|
|
c. SMB |
|
|
|
d. NTP |
|
Question 91 |
|
1 / 1 point |
Bluetooth-enabled devices communicate via short-range, ad hoc networks known as __________.
|
|
|
a. piconets |
|
|
|
b. uninets |
|
|
|
c. btnets |
|
|
|
d. pans |
|
Question 92 |
|
1 / 1 point |
The act of hiding data within or behind other data is known as __________.
|
|
|
a. encoding |
|
|
|
b. encryption |
|
|
|
c. steganography |
|
|
|
d. fuzzing |
|
Question 93 |
|
1 / 1 point |
A __________ occurs when a connection between the target and host is in the established state, or in a stable state with no data transmission, or the server's sequence number is not equal to the client's acknowledgment number, or the client's sequence number is not equal to the server's acknowledgment number.
|
|
|
a. synchronization state |
|
|
|
b. blind hijacking |
|
|
|
c. source routing |
|
|
|
d. desynchronization state |
|
Question 94 |
|
1 / 1 point |
__________ are software applications that run automated tasks over the Internet.
|
|
|
a. Zombies |
|
|
|
b. Spiders |
|
|
|
c. Bots |
|
|
|
d. Crawlers |
|
Question 95 |
|
1 / 1 point |
Which of the following definitions best describes a wrapper?
|
|
|
a. A wrapper is a packet-crafting technique used to perform stealthy port scans. |
|
|
|
b. A wrapper is an encryption tool used to hide messages inside image files. |
|
|
|
c. A wrapper is a method of hiding a virus inside an executable file. |
|
|
|
d. A wrapper is a tool used to bind a Trojan to a legitimate file. |
|
Question 96 |
|
1 / 1 point |
In a hit-and-run attack, __________.
|
|
|
a. the attacker constantly injects bad packets into the router |
|
|
|
b. the attacker mistreats packets, resulting in traffic congestion |
|
|
|
c. the attacker injects a few bad packets into the router |
|
|
|
d. the attacker alters a single packet, resulting in denial of service |
|
Question 97 |
|
1 / 1 point |
__________ is a command-line TCP/IP packet assembler/analyzer.
|
|
|
a. Hping2 |
|
|
|
b. Firewalk |
|
|
|
c. WUPS |
|
|
|
d. Blaster Scan |
|
Question 98 |
|
1 / 1 point |
The __________ tool traces various application calls from Windows API functions to the Oracle Call Interface.
|
|
|
a. ASPRunner |
|
|
|
b. FlexTracer |
|
|
|
c. odbcping |
|
|
|
d. SQL Query Analyzer |
|
Question 99 |
|
1 / 1 point |
With the __________ tool, you can ping multiple IP addresses simultaneously.
|
|
|
a. Fping |
|
|
|
b. Nmap |
|
|
|
c. Nessus |
|
|
|
d. Unicornscan |
|
Question 100 |
|
1 / 1 point |
Attackers use a technique called __________ to exploit the system by pretending to be legitimate users or different systems.
|
|
|
a. identity theft |
|
|
|
b. impersonation |
|
|
|
c. spoofing |
|
|
|
d. flooding |
|
Question 101 |
|
1 / 1 point |
__________ is a Microsoft-proprietary protocol that authenticates users and computers based on an authentication challenge and response.
|
|
|
a. LMLAN |
|
|
|
b. Kerberos |
|
|
|
c. NTLM |
|
|
|
d. NTLAN |
|
Question 102 |
|
1 / 1 point |
__________ reconstructs a device's Bluetooth PIN and link key from data sniffed during a pairing session.
|
|
|
a. Blooover |
|
|
|
b. Hidattack |
|
|
|
c. BTCrack |
|
|
|
d. Cabir and Mabir |
|
Question 103 |
|
1 / 1 point |
This type of port scanning technique splits a TCP header into several packets so that the packet filters cannot detect what the packets intend to do.
|
|
|
a. UDP scanning |
|
|
|
b. IP fragment scanning |
|
|
|
c. inverse TCP flag scanning |
|
|
|
d. ACK flag scanning |
|
Question 104 |
|
1 / 1 point |
__________ is an application that, when installed on a system, runs a background process that silently copies files from any USB flash drive connected to it.
|
|
|
a. USB Switchblade |
|
|
|
b. USBDumper |
|
|
|
c. USB Hacksaw |
|
|
|
d. USB Copy 'em all |
|
Question 105 |
|
1 / 1 point |
__________ is an application that identifies all Bluetooth-enabled devices, their communications, and their connectivity within a given area.
|
|
|
a. BlueSweep |
|
|
|
b. BlueWatch |
|
|
|
c. BlueKey |
|
|
|
d. BlueFire Mobile |
|
Question 106 |
|
1 / 1 point |
__________ URLs, or intranets, are private links that only a company's employees use.
|
|
|
a. Internal |
|
|
|
b. Private |
|
|
|
c. Organizational |
|
|
|
d. Domain |
|
Question 107 |
|
1 / 1 point |
In Internet Explorer, the __________ zone is a security zone for sites that the user has designated as safe to visit.
|
|
|
a. user sites |
|
|
|
b. legal sites |
|
|
|
c. white list |
|
|
|
d. trusted sites |
|
Question 108 |
|
1 / 1 point |
Which of the following is not a category of security assessment?
|
|
|
a. security audit |
|
|
|
b. rootkit detection |
|
|
|
c. vulnerability assessment |
|
|
|
d. penetration testing |
|
Question 109 |
|
1 / 1 point |
A hacker has successfully used a tool to intercept communications between two entities and establish credentials with both sides of the connection. The two remote ends of the communication never notice that the attacker is relaying the information between the two. This is called a(n) __________ attack.
|
|
|
a. man-in-the-middle |
|
|
|
b. interceptoring |
|
|
|
c. MAC poisoning attack |
|
|
|
d. firewalking |
|
Question 110 |
|
1 / 1 point |
__________ is a cable modem hacking program. It performs the task of uncapping by incorporating all the uncapping steps into one program.
|
|
|
a. Yersinia |
|
|
|
b. OneStep: ZUP |
|
|
|
c. Zebra |
|
|
|
d. Solar Winds MIB Browser |
|
Question 111 |
|
1 / 1 point |
Information on all Linux accounts is stored in the __________ and /etc/shadow files.
|
|
|
a. /etc/conf |
|
|
|
b. /etc/passwd |
|
|
|
c. /etc/password |
|
|
|
d. /conf/passwd |
|
Question 112 |
|
1 / 1 point |
Which type of penetration test is conducted with absolutely no prior knowledge of the target environment?
|
|
|
a. white-box testing |
|
|
|
b. gray-box testing |
|
|
|
c. red-hat testing |
|
|
|
d. black-box testing |
|
Question 113 |
|
1 / 1 point |
Redirections for URLs are handled with the __________ URL handler, which can cause errors in older versions of Internet Explorer.
|
|
|
a. goto: |
|
|
|
b. mdir: |
|
|
|
c. mhtml: |
|
|
|
d. redir: |
|
Question 114 |
|
1 / 1 point |
Traceroute uses the __________ field in an IP packet to determine how long it takes to reach a target host and whether that host is reachable and active.
|
|
|
a. IHL |
|
|
|
b. flags |
|
|
|
c. TOS |
|
|
|
d. TTL |
|
Question 115 |
|
1 / 1 point |
Which of the following is not a Microsoft Internet Information Services vulnerability?
|
|
|
a. ::$DATA vulnerability |
|
|
|
b. UFS integer overflow vulnerability |
|
|
|
c. Showcode.asp vulnerability |
|
|
|
d. WebDAV/RPC exploits |
|
Question 116 |
|
1 / 1 point |
Which of the following statements best describes the rules of engagement for a penetration test?
|
|
|
a. The rules of engagement are the systems that a tester can knock offline during a penetration test. |
|
|
|
b. The rules of engagement are the agreed-upon guidelines for a penetration test, including desired code of conduct and procedures. |
|
|
|
c. The rules of engagement define the service-level agreement and scope of a penetration test. |
|
|
|
d. The rules of engagement include the insurance and risk management associated with third-party testing. |
|
Question 117 |
|
1 / 1 point |
The __________ service is responsible for sending a response packet that contains connection details to clients who send a specially formed request.
|
|
|
a. SSRS |
|
|
|
b. OSQL |
|
|
|
c. ODBC |
|
|
|
d. SQLP |
|
Question 118 |
|
1 / 1 point |
The RFID __________ policy establishes the framework for many other security controls. It provides a vehicle for management to communicate its expectations regarding the RFID system and its security.
|
|
|
a. security |
|
|
|
b. physical access |
|
|
|
c. secure disposal |
|
|
|
d. usage |
|
Question 119 |
|
1 / 1 point |
A __________ is a set of related programs, usually located at a network gateway server, that protect the resources of a private network from other network users.
|
|
|
a. firewall |
|
|
|
b. proxy |
|
|
|
c. packet filter |
|
|
|
d. router |
|
Question 120 |
|
1 / 1 point |
While conducting an ethical penetration test in Europe, which Regional Internet Registry (RIR) would you use?
|
|
|
a. APNIC |
|
|
|
b. RIPE NCC |
|
|
|
c. ARIN |
|
|
|
d. LACNIR |
|
Question 121 |
|
1 / 1 point |
__________ is a tool for performing automated attacks against web-enabled applications.
|
|
|
a. cURL |
|
|
|
b. dotDefender |
|
|
|
c. Burp Intruder |
|
|
|
d. AppScan |
|
Question 122 |
|
1 / 1 point |
If the supplied data does not fit within the size constraints of a single packet, the data is spread among multiple packets in a process known as __________.
|
|
|
a. framing |
|
|
|
b. separation |
|
|
|
c. fragmentation |
|
|
|
d. division |
|
Question 123 |
|
1 / 1 point |
__________ is a nonvoice service available with most GSM networks.
|
|
|
a. CDMA |
|
|
|
b. EDO |
|
|
|
c. EDVA |
|
|
|
d. GPRS |
|
Question 124 |
|
1 / 1 point |
The information resource or asset that is being protected from attacks is usually called the __________.
|
|
|
a. key value |
|
|
|
b. target of evaluation |
|
|
|
c. main asset |
|
|
|
d. target asset |
|
Question 125 |
|
1 / 1 point |
__________ is an information service provider that helps law offices, government agencies, businesses, and individuals find information about people.
|
|
|
a. People-Search-America.com |
|
|
|
b. Best People Search |
|
|
|
c. Switchboard |
|
|
|
d. Google Finance |
Pending
Other
/
Other
08 Sep 2017
Due Date: 08 Sep 2017
Answers
Login/SignUp to view answers