Irin is a newly joined penetration tester for XYZ Ltd. While joining, as a part of her training, she was instructed about various legal policies and information securities acts by her trainer. During the training, she was informed about a specific information security act related to the conducts and activities like it is illegal to perform DoS attacks on any websites or applications, it is illegal to supply and own hacking tools, it is illegal to access unauthorized computer material, etc.
To which type of information security act does the above conducts and activities best suit?
- A . Police and Justice Act 2006
- B . Data Protection Act 1998
- C . USA Patriot Act 2001
- D . Human Rights Act 1998
Adam is an IT administrator for Syncan Ltd. He is designated to perform various IT tasks like setting up new user accounts, managing backup/restores, security authentications and passwords, etc. Whilst performing his tasks, he was asked to employ the latest and most secure authentication protocol to encrypt the passwords of users that are stored in the Microsoft Windows OS-based systems.
Which of the following authentication protocols should Adam employ in order to achieve the objective?
- A . LANMAN
- B . Kerberos
- C . NTLM
- D . NTLMv2
Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it.
Which of the following tools will Michael use to perform this task?
- A . VisualRoute
- B . NetInspector
- C . BlackWidow
- D . Zaproxy
A hacker initiates so many invalid requests to a cloud network host that the host uses all its resources responding to invalid requests and ignores the legitimate requests. Identify the type of attack
- A . Denial of Service (DoS) attacks
- B . Side Channel attacks
- C . Man-in-the-middle cryptographic attacks
- D . Authentication attacks
Thomas is an attacker and he skimmed through the HTML source code of an online shopping website for the presence of any vulnerabilities that he can exploit. He already knows that when a user makes any selection of items in the online shopping webpage, the selection is typically stored as form field values and sent to the application as an HTTP request (GET or POST) after clicking the Submit button. He also knows that some fields related to the selected items are modifiable by the user (like quantity, color, etc.) and some are not (like price). While skimming through the HTML code, he identified that the price field values of the items are present in the HTML code. He modified the price field values of certain items from $200 to $2 in the HTML code and submitted the request successfully to the application.
Identify the type of attack performed by Thomas on the online shopping website?
- A . Session poisoning attack
- B . Hidden field manipulation attack
- C . HTML embedding attack
- D . XML external entity attack
Steven is performing a wireless network audit. As part of the engagement, he is trying to crack a WPAPSK key. Steven has captured enough packets to run aircrack-ng and discover the key, but aircrack-ng did not yield any result, as there were no authentication packets in the capture.
Which of the following commands should Steven use to generate authentication packets?
- A . aireplay-ng –deauth 11 -a AA:BB:CC:DD:EE:FF
- B . airmon-ng start eth0
- C . airodump-ng –write capture eth0
- D . aircrack-ng.exe -a 2 -w capture.cap
Sam was asked to conduct penetration tests on one of the client’s internal networks. As part of the testing process, Sam performed enumeration to gain information about computers belonging to a domain, list of shares on the individual hosts in the network, policies and passwords.
Identify the enumeration technique.
- A . NTP Enumeration
- B . NetBIOS Enumeration
- C . DNS Enumeration
- D . SMTP Enumeration
Jason is working on a pen testing assignment. He is sending customized ICMP packets to a host in the target network.
However, the ping requests to the target failed with “ICMP Time Exceeded Type = 11” error messages.
What can Jason do to overcome this error?
- A . Set a Fragment Offset
- B . Increase the Window size in the packets
- C . Increase the TTL value in the packets
- D . Increase the ICMP header length
Joseph, a penetration tester, was hired by Xsecurity Services. Joseph was asked to perform a pen test on a client’s network. He was not provided with any information about the client organization except the company name.
Identify the type of testing Joseph is going to perform for the client organization?
- A . White-box Penetration Testing
- B . Black-box Penetration Testing
- C . Announced Testing
- D . Grey-box Penetration Testing
An organization deployed Microsoft Azure cloud services for running their business activities. They appointed Jamie, a security analyst for performing cloud penetration testing. Microsoft prohibits certain tests to be carried out on their platform.
Which of the following penetration testing activities Jamie cannot perform on the Microsoft Azure cloud service?
- A . Post scanning
- B . Denial-of-Service
- C . Log monitoring
- D . Load testing
Sandra, a wireless network auditor, discovered her client is using WEP. To prove the point that the WEP encryption is very weak, she wants to decrypt some WEP packets. She successfully captured the WEP data packets, but could not reach the content as the data is encrypted.
Which of the following will help Sandra decrypt the data packets without knowing the key?
- A . Fragmentation Attack
- B . Chopchop Attack
- C . ARP Poisoning Attack
- D . Packet injection Attack
Peter, a disgruntled ex-employee of Zapmaky Solutions Ltd., is trying to jeopardize the company’s website http://zapmaky.com. He conducted the port scan of the website by using the Nmap tool to extract the information about open ports and their corresponding services. While performing the scan, he recognized that some of his requests are being blocked by the firewall deployed by the IT personnel of Zapmaky and he wants to bypass the same. For evading the firewall, he wanted to employ the stealth scanning technique which is an incomplete TCP three-way handshake method that can effectively bypass the firewall rules and logging mechanisms.
Which if the following Nmap commands should Peter execute to perform stealth scanning?
- A . nmap -sT -v zapmaky.com
- B . nmap -T4 -A -v zapmaky.com
- C . nmap -sX -T4 -A -v zapmaky.com
- D . nmap -sN -A zapmaky.com
Richard, a penetration tester was asked to assess a web application. During the assessment, he discovered a file upload field where users can upload their profile pictures. While scanning the page for vulnerabilities, Richard found a file upload exploit on the website. Richard wants to test the web application by uploading a malicious PHP shell, but the web page denied the file upload. Trying to get around the security, Richard added the ‘jpg’ extension to the end of the file. The new file name ended with ‘.php.jpg’. He then used the Burp suite tool and removed the ‘jpg’’ extension from the request while uploading the file. This enabled him to successfully upload the PHP shell.
Which of the following techniques has Richard implemented to upload the PHP shell?
- A . Session stealing
- B . Cookie tampering
- C . Cross site scripting
- D . Parameter tampering
Richard is working on a web app pen testing assignment for one of his clients. After preliminary information, gathering and vulnerability scanning Richard runs the SQLMAP tool to extract the database information.
Which of the following commands will give Richard an output as shown in the screenshot?
- A . sqlmap Curl http://quennhotel.com/about.aspx?name=1 CD queenhotel –tables
- B . sqlmap Curl http://quennhotel.com/about.aspx?name=1 Cdbs
- C . sqlmap Curl http://quennhotel.com/about.aspx?name=1 CD queenhotel CT –columns
- D . sqlmap Curl http://quennhotel.com/about.aspx?name=1 Cdatabase queenhotel Ctables
A
Explanation:
Identify the PRGA from the following screenshot:
- A . replay_src-0124-161120.cap
- B . fragment-0124-161129.xor
- C . 0505 933f af2f 740e
- D . 0842 0201 000f b5ab cd9d 0014 6c7e 4080
James is an attacker who wants to attack XYZ Inc. He has performed reconnaissance over all the publicly available resources of the company and identified the official company website http://xyz.com. He scanned all the pages of the company website to find for any potential vulnerabilities to exploit. Finally, in the user account login page of the company’s website, he found a user login form which consists of several fields that accepts user inputs like username and password. He also found than any non-validated query that is requested can be directly communicated to the active directory and enable unauthorized users to obtain direct access to the databases. Since James knew an employee named Jason from XYZ Inc., he enters a valid username “jason” and injects “jason)(&))” in the username field. In the password field, James enters “blah” and clicks Submit button. Since the complete URL string entered by James becomes “(& (USER=jason)(&))(PASS=blah)),” only the first filter is processed by the Microsoft Active Directory, that is, the query “(&(USER=jason)(&))” is processed. Since this query always stands true, James successfully logs into the user account without a valid password of Jason.
In the above scenario, identify the type of attack performed by James?
- A . LDAP injection attack
- B . HTML embedding attack
- C . Shell injection attack
- D . File injection attack
An organization has deployed a web application that uses encoding technique before transmitting the data over the Internet. This encoding technique helps the organization to hide the confidential data such as user credentials, email attachments, etc. when in transit. This encoding technique takes 3 bytes of binary data and divides it into four chunks of 6 bits. Each chunk is further encoded into respective printable character.
Identify the encoding technique employed by the organization?
- A . Unicode encoding
- B . Base64 encoding
- C . URL encoding
- D . HTMS encoding
During an internal network audit, you are asked to see if there is any RPC server running on the network and if found, enumerate the associate RPC services.
Which port would you scan to determine the RPC server and which command will you use to enumerate the RPC services?
- A . Port 111, rpcinfo
- B . Port 111, rpcenum
- C . Port 145, rpcinfo
- D . Port 145, rpcenum
The penetration testing team of MirTech Inc. identified the presence of various vulnerabilities in the web application coding. They prepared a detailed report addressing to the web developers regarding the findings. In the report, the penetration testing team advised the web developers to avoid the use of dangerous standard library functions. They also informed the web developers that the web application copies the data without checking whether it fits into the target destination memory and is susceptible in supplying the application with large amount of data.
According to the findings by the penetration testing team, which type of attack was possible on the web application?
- A . Buffer overflow
- B . SQL injection
- C . Cross-site scripting
- D . Denial-of-service
Alisa is a Network Security Manager at Aidos Cyber Security. During a regular network audit, she sent specially crafted ICMP packet fragments with different offset values into the network, causing a system crash.
Which attack Alisa is trying to perform?
- A . Ping-of-death attack
- B . Fraggle attack
- C . Session hijacking
- D . Smurf attack
Which of the following roles of Microsoft Windows Active Directory refers to the ability of an active directory to transfer roles to any domain controller (DC) in the enterprise?
- A . Master Browser (MB)
- B . Global Catalog (GC)
- C . Flexible Single Master Operation (FSMO)
- D . Rights Management Services (RMS)
A user unknowingly installed a fake malicious banking app in his Android mobile. This app includes a configuration file that consists of phone numbers of the bank. When the user makes a call to the bank, he is automatically redirected to the number being used by the attacker. The attacker impersonates as a banking official. Also, the app allows the attacker to call the user, then the app displays fake caller ID on the user’s mobile resembling call from a legitimate bank.
Identify the attack being performed on the Android mobile user?
- A . Tailgating
- B . SMiShing
- C . Vishing
- D . Eavesdropping
How does OS Fingerprinting help you as a pen tester?
- A . It defines exactly what software the target has installed
- B . It doesn’t depend on the patches that have been applied to fix existing security holes
- C . It opens a security-delayed window based on the port being scanned
- D . It helps to research vulnerabilities that you can use to exploit on a target system
While scanning a server, you found rpc, nfs and mountd services running on it. During the investigation, you were told that NFS Shares were mentioned in the /etc/exports list of the NFS server.
Based on this information, which among the following commands would you issue to view the NFS Shares running on the server?
- A . showmount
- B . nfsenum
- C . mount
- D . rpcinfo
SecGlobal Corporation hired Michael, a penetration tester. Management asked Michael to perform cloud penetration testing on the company’s cloud infrastructure. As a part of his task, he started checking all the agreements with cloud service provider and came to a conclusion that it is not possible to perform penetration testing on the cloud services that are being used by the organization due to the level of responsibilities between company and the Cloud Service Provider (CSP).
Identify the type of cloud service deployed by the organization?
- A . Platform as a service (PaaS)
- B . Software as a service (SaaS)
- C . Anything as a service (XaaS)
- D . Infrastructure as a service (IaaS)
A team of cyber criminals in Germany has sent malware-based emails to workers of a fast-food center which is having multiple outlets spread geographically. When any of the employees click on the malicious email, it will give backdoor access to the point of sale (POS) systems located at various outlets. After gaining access to the POS systems, the criminals will be able to obtain credit card details of the fast-food center’s customers.
In the above scenario, identify the type of attack being performed on the fast-food center?
- A . Phishing
- B . Vishing
- C . Tailgating
- D . Dumpster diving
As a part of the pen testing process, James performs a FIN scan as given below:
What will be the response if the port is open?
- A . No response
- B . FIN/RST
- C . FIN/ACK
- D . RST
Peter works as a lead penetration tester in a security service firm named Xsecurity. Recently, Peter was assigned a white-box pen test assignment testing the security of an IDS system deployed by a client. During the preliminary information gathering, Peter discovered the TTL to reach the IDS system from his end is 30. Peter created a Trojan and fragmented it in to 1-character packets using the Colasoft packet builder tool. He then used a packet flooding utility to bombard the IDS with these fragmented packets with the destination address of a target host behind the IDS whose TTL is 35.
What is Peter trying to achieve?
- A . Peter is trying to bypass the IDS system using a Trojan
- B . Peter is trying to bypass the IDS system using the broadcast address
- C . Peter is trying to bypass the IDS system using the insertion attack
- D . Peter is trying to bypass the IDS system using inconsistent packets
Robert is a network admin in XYZ Inc. He deployed a Linux server in his enterprise network and wanted to share some critical and sensitive files that are present in the Linux server with his subordinates. He wants to set the file access permissions using chmod command in such a way that his subordinates can only read/view the files but cannot edit or delete the files.
Which of the following chmod commands can Robert use in order to achieve his objective?
- A . chmod 666
- B . chmod 644
- C . chmod 755
- D . chmod 777
Tecty Motors Pvt. Ltd. has recently deployed RFID technology in the vehicles which allows the car owner to unlock the car with the exchange of a valid RFID signal between a reader and a tag. Jamie, on the other hand, is a hacker who decided to exploit this technology with the aim of stealing the target vehicle. To perform this attack on the target vehicle, he first used an automated tool to intercept the signals between the reader and the tag to capture a valid RFID signal and then later used the same signal to unlock and steal the victim’s car.
Which of the following RFID attacks Jamie has performed in the above scenario?
- A . RFID cloning
- B . Replay attack
- C . DoS attack
- D . Power analysis attack
You have just completed a database security audit and writing the draft pen testing report.
Which of the following will you include in the recommendation section to enhance the security of the database server?
- A . Allow direct catalog updates
- B . Install SQL Server on a domain controller
- C . Install a certificate to enable SSL connections
- D . Grant permissions to the public database role
George, a freelance Security Auditor and Penetration Tester, was working on a pen testing assignment for Xsecurity. George is an ESCA certified professional and was following the LPT methodology in performing a comprehensive security assessment of the company. After the initial reconnaissance, scanning and enumeration phases, he successfully recovered a user password and was able to log on to a Linux machine located on the network. He was also able to access the /etc/passwd file; however, the passwords were stored as a single “x” character.
What will George do to recover the actual encrypted passwords?
- A . George will perform sniffing to capture the actual passwords
- B . George will perform replay attack to collect the actual passwords
- C . George will escalate his privilege to root level and look for /etc/shadow file
- D . George will perform a password attack using the pre-computed hashes also known as a rainbow attack
An attacker targeted to attack network switches of an organization to steal confidential information such as network subscriber information, passwords, etc. He started transmitting data through one switch to another by creating and sending two 802.1Q tags, one for the attacking switch and the other for victim switch. By sending these frames. The attacker is fooling the victim switch into thinking that the frame is intended for it. The target switch then forwards the frame to the victim port.
Identify the type of attack being performed by the attacker?
- A . SNMP brute forcing
- B . MAC flooding
- C . IP spoofing
- D . VLAN hopping
An attacker targeted to attack network switches of an organization to steal confidential information such as network subscriber information, passwords, etc. He started transmitting data through one switch to another by creating and sending two 802.1Q tags, one for the attacking switch and the other for victim switch. By sending these frames. The attacker is fooling the victim switch into thinking that the frame is intended for it. The target switch then forwards the frame to the victim port.
Identify the type of attack being performed by the attacker?
- A . SNMP brute forcing
- B . MAC flooding
- C . IP spoofing
- D . VLAN hopping
65.172.55 microsoft.com
After performing a Who is lookup, Joe discovered the IP does not refer to Microsoft.com. The network admin denied modifying the host files.
Which type of attack does this scenario present?
- A . DNS starvation
- B . DNS poisoning
- C . Phishing
- D . MAC spoofing
The Rhythm Networks Pvt Ltd firm is a group of ethical hackers. Rhythm Networks was asked by their client Zombie to identify how the attacker penetrated their firewall. Rhythm discovered the attacker modified the addressing information of the IP packet header and the source address bits field to bypass the firewall.
What type of firewall bypassing technique was used by the attacker?
- A . Source routing
- B . Proxy Server
- C . HTTP Tunneling
- D . Anonymous Website Surfing Sites
Todd is working on an assignment involving auditing of a web service. The scanning phase reveals the web service is using an Oracle database server at the backend. He wants to check the TNS Listener configuration file for configuration errors.
Which of the following directories contains the TNS Listener configuration file, by default:
- A . $ORACLE_HOME/bin
- B . $ORACLE_HOME/network /admin
- C . $ORACLE_HOME/network /bin
- D . $ORACLE_HOME/network
Cedric, who is a software support executive working for Panacx Tech. Inc., was asked to install Ubuntu operating system in the computers present in the organization. After installing the OS, he came to know that there are many unnecessary services and packages in the OS that were automatically installed without his knowledge. Since these services or packages can be potentially harmful and can create various security threats to the host machine, he was asked to disable all the unwanted services.
In order to stop or disable these unnecessary services or packages from the Ubuntu distributions, which of the following commands should Cedric employ?
- A . # update-rc.d -f [service name] remove
- B . # chkconfig [service name] Cdel
- C . # chkconfig [service name] off
- D . # service [service name] stop
Jack, a network engineer, is working on an IPv6 implementation for one of his clients. He deployed IPv6 on IPv4 networks using a mechanism where a node can choose from IPv6 or IPv4 based on the DNS value. This makes the network resources work simpler.
What kind of technique did Jack use?
- A . Dual stacks
- B . Filtering
- C . Translation
- D . Tunneling
Arnold is trying to gain access to a database by inserting exploited query statements with a WHERE clause. He wants to retrieve all the entries from a particular table (e. g. StudName) using the WHERE clause.
What query does Arnold need to write to retrieve the information?
- A . EXTRACT * FROM StudName WHERE roll_number = 1 order by 1000
- B . DUMP * FROM StudName WHERE roll_number = 1 AND 1=1―
- C . SELECT * FROM StudName WHERE roll_number = " or ‘1’ = ‘1’
- D . RETRIVE * FROM StudName WHERE roll_number = 1’#
Edward is a penetration tester hired by the OBC Group. He was asked to gather information on the client’s network. As part of the work assigned, Edward needs to find the range of IP addresses and the subnet mask used by the target organization.
What does Edward need to do to get the required information?
- A . Search for web pages posting patterns and revision numbers
- B . Search for an appropriate Regional Internet Registry (RIR)
- C . Search for link popularity of the company’s website
- D . Search for Trade Association Directories
Karen is a Network engineer at ITSec, a reputed MNC based in Philadelphia, USA. She wants to retrieve the DNS records from the publicly available servers. She searched using Google for the providers DNS Information and found the following sites: http://www.dnsstuff.com https://dnsquery.org Through these sites she got the DNS records information as she wished.
What information is contained in DNS records?
- A . Information about the DNS logs.
- B . Information about local MAC addresses.
- C . Information such as mail server extensions, IP addresses etc.
- D . Information about the database servers and its services.
As a part of information gathering, you are given a website URL and asked to identify the operating system using passive OS fingerprinting. When you begin to use p0f tool and browse the website URL, the tool captures the header information of all the packets sent and received, and decodes them.
Which among the decoded request/response packets hold the operating system information of the remote operating system?
- A . SYN
- B . SYN-ACK
- C . ACK
- D . RST
The Finger service displays information such as currently logged-on users, email address, full name, etc.
Which among the following ports would you scan to identify this service during a penetration test?
- A . Port 89
- B . Port 99
- C . Port 69
- D . Port 79
Stuart has successfully cracked the WPA-PSK password during his wireless pen testing assignment.
However, he is unable to connect to the access point using this password.
What could be the probable reason?
- A . It is a rogue access point
- B . The access point implements another layer of WEP encryption
- C . The access point implements a signal jammer to protect from attackers
- D . The access point implements MAC filtering
Veronica, a penetration tester at a top MNC company, is trying to breach the company’s database as a part of SQLi penetration testing. She began to use the SQLi techniques to test the database security level. She inserted new database commands into the SQL statement and appended a SQL Server EXECUTE command to the vulnerable SQL statements.
Which of the following SQLi techniques was used to attack the database?
- A . Function call injection
- B . File inclusion
- C . Buffer Overflow
- D . Code injection
Christen is a renowned SQL penetration testing specialist in the US. A multinational ecommerce company hired him to check for vulnerabilities in the SQL database. Christen wanted to perform SQL penetration testing on the database by entering a massive amount of data to crash the web application of the company and discover coding errors that may lead to a SQL injection attack.
Which of the following testing techniques is Christen using?
- A . Fuzz Testing
- B . Stored Procedure Injection
- C . Union Exploitation
- D . Automated Exploitation
Fred, who owns a company called Skyfeit Ltd., wants to test the enterprise network for presence of any vulnerabilities and loopholes. He employed a third-party penetration testing team and asked them to perform the penetration testing over his organizational infrastructure. Fred briefed the team about his network infrastructure and provided them with a set of IP addresses on which they can perform tests. He gave them strict instruction not to perform DDoS attacks or access the domain servers in the company. He also instructed them that they can carry out the penetration tests even when the regular employees are on duty since they lack the clue about the happenings.
However, he asked the team to take care that no interruption in business continuity should be caused. He also informed the penetration testing team that they get only 1 month to carry out the test and submit the report.
What kind of penetration test did Fred ask the third-party penetration testing team to perform?
- A . Announced testing
- B . Blind testing
- C . Grey-Box testing
- D . Unannounced testing
Frank is performing a wireless pen testing for an organization. Using different wireless attack techniques, he successfully cracked the WPA-PSK key. He is trying to connect to the wireless network using the WPAPSK key.
However, he is unable to connect to the WLAN as the target is using MAC filtering.
What would be the easiest way for Frank to circumvent this and connect to the WLAN?
- A . Attempt to crack the WEP key
- B . Crack the Wi-Fi router login credentials and disable the ACL
- C . Sniff traffic off the WLAN and spoof his MAC address to the one that he has captured
- D . Use deauth command from aircrack-ng to deauthenticate a connected user and hijack the session
Moses, a professional hacker, attempts to overwhelm the target victim computer by transmitting TCP connection requests faster than the computer can process them. He started sending multiple SYN packets of size between 800 and 900 bytes with spoofed source addresses and port numbers. The main intention of Moses behind this attack is to exhaust the server resources and saturate the network of the target organization.
Identify the type of attack being performed by Moses?
- A . VTP attack
- B . DoS attack
- C . ARP attack
- D . HSRP attack
What is the purpose of the Traceroute command?
- A . For extracting information about the network topology, trusted routers, and firewall locations
- B . For extracting information about closed ports
- C . For extracting information about the server functioning
- D . For extracting information about opened ports
Which port does DHCP use for client connections?
- A . UDP port 67
- B . UDP port 68
- C . UDP port 69
- D . UDP port 66
Rebecca, a security analyst, was auditing the network in her organization. During the scan, she found a service running on a remote host, which helped her to enumerate information related to user accounts, network interfaces, network routing and TCP connections.
Which among the following services allowed Rebecca to enumerate the information?
- A . NTP
- B . SNMP
- C . SMPT
- D . SMB
In delivering penetration testing report, which of the following steps should NOT be followed?
- A . Always send the report by email or CD-ROM
- B . Always deliver the report to approved stakeholders in the company in person
- C . Always ask for a signed acknowledgment after submitting the report
- D . Report must be presented in a PDF format, unless requested otherwise
AB Cloud services provide virtual platform services for the users in addition to storage. The company offers users with APIs, core connectivity and delivery, abstraction and hardware as part of the service.
What is the name of the service AB Cloud services offer?
- A . Web Application Services
- B . Platform as a service (PaaS)
- C . Infrastructure as a service (IaaS)
- D . Software as a service (SaaS)
Jason is a penetration tester, and after completing the initial penetration test, he wanted to create a final penetration test report that consists of all activities performed throughout the penetration testing process.
Before creating the final penetration testing report, which of the following reports should Jason prepare in order to verify if any crucial information is missed from the report?
- A . Activity report
- B . Host report
- C . User report
- D . Draft report
The penetration testers are required to follow predefined standard frameworks in making penetration testing reporting formats.
Which of the following standards does NOT follow the commonly used methodologies in penetration testing?
- A . National Institute of Standards and Technology (NIST)
- B . Information Systems Security Assessment Framework (ISSAF)
- C . Open Web Application Security Project (OWASP)
- D . American Society for Testing Materials (ASTM)
You have implemented DNSSEC on your primary internal DNS server to protect it from various DNS attacks. Network users complained they are not able to resolve domain names to IP addresses at certain times.
What could be the probable reason?
- A . DNSSEC does not provide protection against Denial of Service (DoS) attacks
- B . DNSSEC does not guarantee authenticity of a DNS response during an attack
- C . DNSSEC does not protect the integrity of a DNS response
- D . DNSSEC does not guarantee the non-existence of a domain name or type
Ross performs security test on his company’s network assets and creates a detailed report of all the findings. In his report, he clearly explains the methodological approach that he has followed in finding the loopholes in the network.
However, his report does not mention about the security gaps that can be exploited or the amount of damage that may result from the successful exploitation of the loopholes. The report does not even mention about the remediation steps that are to be taken to secure the network.
What is the type of test that Ross has performed?
- A . Penetration testing
- B . Vulnerability assessment
- C . Risk assessment
- D . Security audit
JUA Networking Solutions is a group of certified ethical hacking professionals with a large client base. Stanley works as a penetrating tester at this firm. Future group approached JUA for an internal pen test. Stanley performs various penetration testing test sequences and gains information about the network resources and shares, routing tables, audit and service settings, SNMP and DNS details, machine names, users and groups, applications and banners. Identify the technique that gave Stanley this information.
- A . Enumeration
- B . Sniffing
- C . Ping sweeps
- D . Port scanning
Frank is a senior security analyst at Roger Data Systems Inc. The company asked him to perform a database penetration test on its client network to determine whether the database is vulnerable to attacks or not. The client did not reveal any information about the database they are using. As a pen tester Frank knows that each database runs on its own default port. So he started database port scanning using the Nmap tool and tried different commands using default port numbers and succeeded with the following command. nmap -sU Cp 1521 <client ip-address> Identify the database used by the company?
- A . MySQL
- B . Microsoft SQL Server
- C . SQLite
- D . Oracle