A cryptographic attack type where a cryptanalyst has access to a ciphertext but does not have access to the corresponding plaintext is called:
Correct
Incorrect
Question 5 of 50
5. Question
1 point(s)
The most secure way to mitigate information theft from a laptop of an organization left in a public place is:
Correct
Incorrect
Question 6 of 50
6. Question
1 point(s)
Select a wireless network detector that is popular in Linux OS
Correct
Incorrect
Question 7 of 50
7. Question
1 point(s)
Code injection is a type of attack in which a malicious user:
Correct
Incorrect
Question 8 of 50
8. Question
1 point(s)
Sid is a judge for a programming contest. Before the code reaches him, it experiences a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle phase called?
Correct
Incorrect
Question 9 of 50
9. Question
1 point(s)
The payment Card Industry Data Security Standard (PCI DSS) contains six different kinds of objectives. Each objective contains at least one requirement, which must be followed in order to achieve compliance. Select the following requirements that would best fit under the objective, “Implement strong access control measures”.
Correct
Incorrect
Question 10 of 50
10. Question
1 point(s)
Which is an NMAP script that might help detect HTTP methods such as GET, HEAD, POST, PUT, TRACE, DELETE. Select from the following:
Correct
Incorrect
Question 11 of 50
11. Question
1 point(s)
Which of the followings is a process of recording, logging, and resolving events that take place in an organization?
Correct
Incorrect
Question 12 of 50
12. Question
1 point(s)
If an attacker has access to a Linux host and he has stolen the password file form/passwd/etc. What can he do now?
Correct
Incorrect
Question 13 of 50
13. Question
1 point(s)
Which of the followings is a response for a NULL scan if the port is closed?
Correct
Incorrect
Question 14 of 50
14. Question
1 point(s)
The Open Web Application Security Project (OWASP) is the worldwide not-for-benefit charitable organization concentrated on improving the security of software. What detail is the essential concern on OWASP’s Top Ten Project Most Critical Web Application Security Risks?
Correct
Incorrect
Question 15 of 50
15. Question
1 point(s)
Select the NMAP command for OS detection.
Correct
Incorrect
Question 16 of 50
16. Question
1 point(s)
How would an attacker record all the shares to which the current user context has an access when using CMD?
Correct
Incorrect
Question 17 of 50
17. Question
1 point(s)
Where does PPTP encryption belong in the OSI model?
Correct
Incorrect
Question 18 of 50
18. Question
1 point(s)
If the following binary values are XOR: 10110001, 00111010. The resultant binary value would be:
Correct
Incorrect
Question 19 of 50
19. Question
1 point(s)
Select the following resources that NMAP needs to use as a basic vulnerability scanner covering numerous vectors like HTTP, SMB, and FTP
Correct
Incorrect
Question 20 of 50
20. Question
1 point(s)
During a recent security assessment, you determine that the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and an another DNS server on the internal network. Which of the following type of DNS configuration is this?
Correct
Incorrect
Question 21 of 50
21. Question
1 point(s)
Which of the following cryptographic hash functions can take an arbitrary length of input and produce a message digest output of 160 bit?
Correct
Incorrect
Question 22 of 50
22. Question
1 point(s)
What is the main purpose of test automation in security testing?
Correct
Incorrect
Question 23 of 50
23. Question
1 point(s)
Select the suitable programming languages that is most vulnerable to buffer overflow attacks.
Correct
Incorrect
Question 24 of 50
24. Question
1 point(s)
Calculate the approximate cost of replacement and recovery operation of a hard drive failure per year if the cost of a new hard drive is $300. A technician charges $10 per hour and needs 10 hours to repair the OS and software to the new hard disk. It will require further 4 hours to repair the database from the last backup to the new hard disk. Calculate the SLE, ALE, and ARO. Assume the EF=1 (100%). What is the closest estimated cost of this replacement and recovery operation every year?
Correct
Incorrect
Question 25 of 50
25. Question
1 point(s)
Suppose you are the Chief Network Engineer. Your company is planning for a big business expansion. The company demands that your network should authenticate user connecting via analogue modems, Digital Subscriber Lines (DSL), Wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol would you implement?
Correct
Incorrect
Question 26 of 50
26. Question
1 point(s)
What kind of vulnerability/attack is it when a malicious person forces the user’s browser to send an authenticated request to a server?
Correct
Incorrect
Question 27 of 50
27. Question
1 point(s)
Which of the following is a hashing algorithm?
Correct
Incorrect
Question 28 of 50
28. Question
1 point(s)
A network administrator received a security alert at 3.00 a.m. from the Intrusion Detection System (IDS). The alert was generated due to a large number of incoming packets over ports 20 and 21. During analysis, there was no sign of attack on the FTP servers. How should the administrator handle this situation?
Correct
Incorrect
Question 29 of 50
29. Question
1 point(s)
SSL, PGP, and IKE are all examples of which kind of cryptography?
Correct
Incorrect
Question 30 of 50
30. Question
1 point(s)
Which one of the following protocols does a smart card use in order to transfer the certificate in a secure manner?
Correct
Incorrect
Question 31 of 50
31. Question
1 point(s)
The only way to defeat a multi-level security solution is to leak data via ________________.
Correct
Incorrect
Question 32 of 50
32. Question
1 point(s)
Select the following open source tools that would be the best option to scan a network for potential targets.
Correct
Incorrect
Question 33 of 50
33. Question
1 point(s)
What is the proper syntax when you want to do ICMP scan on a remote computer using hping 2?
Correct
Incorrect
Question 34 of 50
34. Question
1 point(s)
Select the suitable tools that are used to consider the files produced by several packet-capture programs such as WinDump, Wireshark, tcpdump, and EtherPeek?
Correct
Incorrect
Question 35 of 50
35. Question
1 point(s)
Which of the following protocols is used for setting up secured channels between two devices, typically in VPNs?
Correct
Incorrect
Question 36 of 50
36. Question
1 point(s)
The establishment of a TCP connection contains a negotiation called 3 way handshakes. Which kind of message is initially sent by the client to the server in order to begin this negotiation?
Correct
Incorrect
Question 37 of 50
37. Question
1 point(s)
Which of the following terms describes the amount of risk that remains after the identification of vulnerabilities and their mitigation?
Correct
Incorrect
Question 38 of 50
38. Question
1 point(s)
An attacker using a rogue wireless AP, launches an MITM attack and injects an HTML code to embed a malicious applet in all HTTP connections. When users access any page, the applet runs and exploits many machines. Select the suitable tool that the hacker probably used to inject the HTML code.
Correct
Incorrect
Question 39 of 50
39. Question
1 point(s)
Which of the following antenna is normally used in communications for a frequency band of 10 MHz to VHF and UHF?
Correct
Incorrect
Question 40 of 50
40. Question
1 point(s)
Which of the following international standards establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?
Correct
Incorrect
Question 41 of 50
41. Question
1 point(s)
If you want to scan fewer ports than the default scan that uses Nmap tool, which option would you use?
Correct
Incorrect
Question 42 of 50
42. Question
1 point(s)
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.What type of key does this bug leave exposed to the Internet, making exploitation of any compromised system very easy?
Correct
Incorrect
Question 43 of 50
43. Question
1 point(s)
Which tool can be used for passive OS fingerprinting?
Correct
Incorrect
Question 44 of 50
44. Question
1 point(s)
Select the following tool, which can scan a network to execute vulnerability checks and compliance auditing.
Correct
Incorrect
Question 45 of 50
45. Question
1 point(s)
Which protocol and port number might be needed to send log messages to a log analysis tool that resides behind a firewall?
Correct
Incorrect
Question 46 of 50
46. Question
1 point(s)
You have successfully gained access to a Linux server and would like to guarantee that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection Systems (NIDS). What is the best way to evade the NIDS?
Correct
Incorrect
Question 47 of 50
47. Question
1 point(s)
A _________________ is a network device that monitors the radio spectrum for the presence of unauthorized access points, and can automatically take countermeasures such as denying these unauthorized access points to connect to the network.
Correct
Incorrect
Question 48 of 50
48. Question
1 point(s)
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. What are the correct bit size of the Diffie-Hellman (DH) group 5?
Correct
Incorrect
Question 49 of 50
49. Question
1 point(s)
Which of the followings is a Windows command that a hacker can use to record all the shares, to which the current user context has access?
Correct
Incorrect
Question 50 of 50
50. Question
1 point(s)
Challenge/response authentication is used to prevent:
Correct
Incorrect
Sign-Up with your email address to receive news, new content updates, FREE reports and our most-awaited special discount offers on curated titles !
Sign-Up with your email address to receive news, new content updates, FREE reports and our most-awaited special discount offers on curated titles !