Which of the following is not an acceptable method of IDS evasion?
Correct
Incorrect
Question 2 of 100
2. Question
1 point(s)
Sending the split packets out-of-order with delay is considered an example of ______________.
Correct
Incorrect
Question 3 of 100
3. Question
1 point(s)
Which of the following is not a type of Open Source Web Server architecture?
Correct
Incorrect
Question 4 of 100
4. Question
1 point(s)
Using dots and slash sequences, an attacker attempts a trial and error strategy to access restricted directories. Which type of Web server attack is this?
Correct
Incorrect
Question 5 of 100
5. Question
1 point(s)
An attacker sends a request that allows him to add a header response; the user is now sent to a malicious website. What kind of attack is this?
Correct
Incorrect
Question 6 of 100
6. Question
1 point(s)
An update that is specially designed to fix the issue for a live production environment is called ________________________.
Correct
Incorrect
Question 7 of 100
7. Question
1 point(s)
A piece of Software developed to fix an issue is called ________________________.
Correct
Incorrect
Question 8 of 100
8. Question
1 point(s)
Which of the following is a tool for patch management?
Correct
Incorrect
Question 9 of 100
9. Question
1 point(s)
A person who is in charge of the web application’s management and setup is referred to as ________________________.
Correct
Incorrect
Question 10 of 100
10. Question
1 point(s)
Which of the following is not a Back-end Programming language?
Correct
Incorrect
Question 11 of 100
11. Question
1 point(s)
Which of the following is not a Front-end Programming language?
Correct
Incorrect
Question 12 of 100
12. Question
1 point(s)
Web Applications architecture is categorized into three basic layers. Which of the following are they?
Correct
Incorrect
Question 13 of 100
13. Question
1 point(s)
An attacker has accessed the web application. Now, he is escalating privileges to access sensitive information. Which type of web application attack is this?
Correct
Incorrect
Question 14 of 100
14. Question
1 point(s)
Which of the following is not appropriate for a Data Connectivity attack between the application and its database?
Correct
Incorrect
Question 15 of 100
15. Question
1 point(s)
Inferential Injection is also called ________________________.
Correct
Incorrect
Question 16 of 100
16. Question
1 point(s)
An attacker is using the same communication channel to launch the injection attack and gather information from the response. Which type of SQL injection is being performed?
Correct
Incorrect
Question 17 of 100
17. Question
1 point(s)
To extract data from a database, which SQL statement is used?
Correct
Incorrect
Question 18 of 100
18. Question
1 point(s)
To update data in a database, which SQL statement is used?
Correct
Incorrect
Question 19 of 100
19. Question
1 point(s)
Which SQL Query is correct to extract only the “UserID” field from the “Employees” table in the database?
Correct
Incorrect
Question 20 of 100
20. Question
1 point(s)
What does SQL stand for?
Correct
Incorrect
Question 21 of 100
21. Question
1 point(s)
The name of the access point that is usually broadcasting for the identification of wireless networks is called ________________________.
Correct
Incorrect
Question 22 of 100
22. Question
1 point(s)
How many frames are communicated between the client and AP to complete the authentication process in a Wi-Fi Network with Open Authentication?
Correct
Incorrect
Question 23 of 100
23. Question
1 point(s)
How many frames are communicated between the client and AP to complete the authentication process in a Wi-Fi Network with Shared Key Authentication?
Correct
Incorrect
Question 24 of 100
24. Question
1 point(s)
Wi-Fi authentication with a centralized authentication server is deployed by using __________.
Correct
Incorrect
Question 25 of 100
25. Question
1 point(s)
____________ provides the Doughnut Shaped Radiation pattern.
Correct
Incorrect
Question 26 of 100
26. Question
1 point(s)
Which Wireless encryption uses a 24-bit Initialization Vector to create RC4 with CRC?
Correct
Incorrect
Question 27 of 100
27. Question
1 point(s)
Which of the following protocols ensures per packet key by dynamically generating a 128-bit key?
Correct
Incorrect
Question 28 of 100
28. Question
1 point(s)
In a Bluetooth network, target devices are being overflowed by random packets. Which type of Bluetooth attack is this?
Correct
Incorrect
Question 29 of 100
29. Question
1 point(s)
An attacker attempts to gain remote access to a Bluetooth device to compromise security. Which type of attack is this?
Correct
Incorrect
Question 30 of 100
30. Question
1 point(s)
Which tools are appropriate for packet sniffing in a wireless network?
Correct
Incorrect
Question 31 of 100
31. Question
1 point(s)
Which device can detect rogue wireless access points?
Correct
Incorrect
Question 32 of 100
32. Question
1 point(s)
Jailbreaking refers to ________________________.
Correct
Incorrect
Question 33 of 100
33. Question
1 point(s)
When an iOS device is rebooted, it will no longer have a patched kernel and may stick in a partially started state. Which type of Jailbreaking is performed on it?
Correct
Incorrect
Question 34 of 100
34. Question
1 point(s)
The official Application store for the Blackberry platform is ____________:
Correct
Incorrect
Question 35 of 100
35. Question
1 point(s)
If an administrator is required to monitor and control mobile devices running on a corporate network, then which one of the following is the most appropriate solution?
Correct
Incorrect
Question 36 of 100
36. Question
1 point(s)
How many layers are there in the architecture of IoT?
Correct
Incorrect
Question 37 of 100
37. Question
1 point(s)
Which layer in IoT architecture is responsible for device and information management?
Correct
Incorrect
Question 38 of 100
38. Question
1 point(s)
Which layer is responsible for Protocol translation and messaging?
Correct
Incorrect
Question 39 of 100
39. Question
1 point(s)
An IoT device directly communicating with the application server is called ___________________.
Correct
Incorrect
Question 40 of 100
40. Question
1 point(s)
An eavesdropper records the transmission and replays it at a later time to cause the receiver to ‘unlock’; this attack is known as ________________________.
Correct
Incorrect
Question 41 of 100
41. Question
1 point(s)
IaaS Cloud Computing Service offers ______________.
Correct
Incorrect
Question 42 of 100
42. Question
1 point(s)
_________ is an example of SaaS.
Correct
Incorrect
Question 43 of 100
43. Question
1 point(s)
A cloud deployment model accessed by multiple parties having shared resources is known as a ________________________.
Correct
Incorrect
Question 44 of 100
44. Question
1 point(s)
A person or organization that maintains a business relationship with and uses service from Cloud Providers is known as ________________________.
Correct
Incorrect
Question 45 of 100
45. Question
1 point(s)
A person who negotiates the relationship between Cloud Provider and Consumer is called ________________________.
The cipher that encrypts the plain text one by one is known as ________________________.
Correct
Incorrect
Question 49 of 100
49. Question
1 point(s)
64-bit Block Size, 56-bit Key size, and 16 rounds are the parameters of ____________.
Correct
Incorrect
Question 50 of 100
50. Question
1 point(s)
Digital Certificate’s “Subject” field shows ___________________.
Correct
Incorrect
Question 51 of 100
51. Question
1 point(s)
RSA key length varies from _____________.
Correct
Incorrect
Question 52 of 100
52. Question
1 point(s)
The message digest is used to ensure ___________.
Correct
Incorrect
Question 53 of 100
53. Question
1 point(s)
MD5 produces a hash value of ________________________.
Correct
Incorrect
Question 54 of 100
54. Question
1 point(s)
A cryptographic attack type where a cryptanalyst has access to a ciphertext but does not have access to the corresponding plaintext is called ________________________.
Correct
Incorrect
Question 55 of 100
55. Question
1 point(s)
The most secure way to mitigate information theft from a laptop of an organization left in a public place is ________________________.
Correct
Incorrect
Question 56 of 100
56. Question
1 point(s)
Select a wireless network detector that is popular in Linux OS.
Correct
Incorrect
Question 57 of 100
57. Question
1 point(s)
Code injection is a type of attack in which a malicious user ________________________.
Correct
Incorrect
Question 58 of 100
58. Question
1 point(s)
Jack is a programming contest judge. Before reaching him, the code is run through a restricted OS and tested there. If it passes, it will proceed to Jack. What is the name of this stage in the process?
Correct
Incorrect
Question 59 of 100
59. Question
1 point(s)
The payment Card Industry Data Security Standard (PCI DSS) contains six different kinds of objectives. Each objective contains at least one requirement, which must be followed to achieve compliance. Select the following requirements that best fit under the objective, “Implement strong access control measures.”
Correct
Incorrect
Question 60 of 100
60. Question
1 point(s)
Which is an NMAP script that might help detect HTTP methods such as GET, HEAD, POST, PUT, TRACE, and DELETE?
Correct
Incorrect
Question 61 of 100
61. Question
1 point(s)
Which of the following is a process of recording, logging, and resolving events that take place in an organization?
Correct
Incorrect
Question 62 of 100
62. Question
1 point(s)
Suppose an attacker has access to a Linux host and has stolen the password file form/passwd/etc. What can he do now?
Correct
Incorrect
Question 63 of 100
63. Question
1 point(s)
Which of the following is a response for a NULL scan if the port is closed?
Correct
Incorrect
Question 64 of 100
64. Question
1 point(s)
The Open Web Application Security Project (OWASP) is a worldwide not-for-benefit charitable organization concentrated on improving software security. What detail is the essential concern on OWASP’s Top Ten Project Most Critical Web Application Security Risks?
Correct
Incorrect
Question 65 of 100
65. Question
1 point(s)
Select the NMAP command for OS detection
Correct
Incorrect
Question 66 of 100
66. Question
1 point(s)
How would an attacker record all the shares to which the current user context has access when using CMD?
Correct
Incorrect
Question 67 of 100
67. Question
1 point(s)
Where does PPTP encryption belong in the OSI model?
Correct
Incorrect
Question 68 of 100
68. Question
1 point(s)
Suppose the binary values are XOR: 10110001, 00111010. The resultant binary value would be ________________________.
Correct
Incorrect
Question 69 of 100
69. Question
1 point(s)
Select the resources NMAP needs to use as a basic vulnerability scanner covering numerous vectors like HTTP, SMB, and FTP.
Correct
Incorrect
Question 70 of 100
70. Question
1 point(s)
During a recent security assessment, you determined that the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and another DNS server on the internal network. Which of the following type of DNS configuration is this?
Correct
Incorrect
Question 71 of 100
71. Question
1 point(s)
Which of the following cryptographic hash functions can take an arbitrary length of input and produce a message digest output of 160 bits?
Correct
Incorrect
Question 72 of 100
72. Question
1 point(s)
What is the main purpose of test automation in security testing?
Correct
Incorrect
Question 73 of 100
73. Question
1 point(s)
Select the suitable programming language that is most vulnerable to buffer overflow attacks.
Correct
Incorrect
Question 74 of 100
74. Question
1 point(s)
Calculate the approximate cost of replacement and recovery operation of a hard drive failure per year if the cost of a new hard drive is $300. A technician charges $10 per hour and needs 10 hours to repair the OS and software to the new hard disk. It will require a further 4 hours to repair the database from the last backup to the new hard disk. Calculate the SLE, ALE, and ARO. Assume the EF=1 (100%). What is the closest estimated cost of this replacement and recovery operation every year?
Correct
Incorrect
Question 75 of 100
75. Question
1 point(s)
Assume you are the Director of Network Engineering. Your business is planning a significant expansion. Users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network must be authenticated, according to the business. Which AAA protocol do you think you would use?
Correct
Incorrect
Question 76 of 100
76. Question
1 point(s)
What kind of vulnerability/attack occurs when a malicious person forces the user’s browser to send an authenticated request to a server?
Correct
Incorrect
Question 77 of 100
77. Question
1 point(s)
A network administrator received a security alert at 3.00 a.m. from the Intrusion Detection System (IDS). The alert was generated due to numerous incoming packets over ports 20 and 21. During analysis, there was no sign of an attack on the FTP servers. How should the administrator handle this situation?
Correct
Incorrect
Question 78 of 100
78. Question
1 point(s)
SSL, PGP, and IKE are all examples of which kind of cryptography?
Correct
Incorrect
Question 79 of 100
79. Question
1 point(s)
Which one of the following protocols does a smart card use in order to transfer the certificate in a secure manner?
Correct
Incorrect
Question 80 of 100
80. Question
1 point(s)
The only way to defeat a multi-level security solution is to leak data via ________________.
Correct
Incorrect
Question 81 of 100
81. Question
1 point(s)
Select the open-source tools that would be the best option to scan a network for potential targets.
Correct
Incorrect
Question 82 of 100
82. Question
1 point(s)
What is the proper syntax when you want to do an ICMP scan on a remote computer using hping 2?
Correct
Incorrect
Question 83 of 100
83. Question
1 point(s)
Select the suitable tools used to consider the files produced by several packet-capture programs such as WinDump, Wireshark, tcpdump, and EtherPeek.
Correct
Incorrect
Question 84 of 100
84. Question
1 point(s)
Which protocols are used for setting up secured channels between two devices, typically in VPNs?
Correct
Incorrect
Question 85 of 100
85. Question
1 point(s)
The establishment of a TCP connection contains a negotiation called three-way handshakes. What kind of message is initially sent by the client to the server to begin this negotiation?
Correct
Incorrect
Question 86 of 100
86. Question
1 point(s)
Which of the following terms describes the amount of risk that remains after identifying vulnerabilities and their mitigation?
Correct
Incorrect
Question 87 of 100
87. Question
1 point(s)
An attacker using a rogue wireless AP launches a MITM attack and injects an HTML code to embed a malicious applet in all HTTP connections. When users access any page, the applet runs and exploits many machines. Select the tool the hacker probably used to inject the HTML code.
Correct
Incorrect
Question 88 of 100
88. Question
1 point(s)
Which of the following antenna is normally used in communications for a frequency band of 10 MHz to VHF and UHF?
Correct
Incorrect
Question 89 of 100
89. Question
1 point(s)
Which of the following international standards establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?
Correct
Incorrect
Question 90 of 100
90. Question
1 point(s)
Which option would you use if you want to scan fewer ports than the default scan that uses the Nmap tool?
Correct
Incorrect
Question 91 of 100
91. Question
1 point(s)
Which tool can be used for passive OS fingerprinting?
Correct
Incorrect
Question 92 of 100
92. Question
1 point(s)
Select the tool that can scan a network to execute vulnerability checks and compliance auditing.
Correct
Incorrect
Question 93 of 100
93. Question
1 point(s)
Which protocol and port number might be needed to send log messages to a log analysis tool that resides behind a firewall?
Correct
Incorrect
Question 94 of 100
94. Question
1 point(s)
You have successfully gained access to a Linux server. You would like to guarantee that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection System (NIDS). What is the most effective technique to avoid NIDS?
Correct
Incorrect
Question 95 of 100
95. Question
1 point(s)
A _________________ is a network device that monitors the radio spectrum for the presence of unauthorized access points and can automatically take countermeasures, such as denying these unauthorized access points to connect to the network.
Correct
Incorrect
Question 96 of 100
96. Question
1 point(s)
Which of the following is a Windows command that a hacker can use to record all the shares to which the current user context has access?
Correct
Incorrect
Question 97 of 100
97. Question
1 point(s)
Challenge/response authentication is used to prevent ________________________.
Correct
Incorrect
Question 98 of 100
98. Question
1 point(s)
These hackers have limited or no training and only know how to use basic methods or tools. What kind of hackers are we talking about?
Correct
Incorrect
Question 99 of 100
99. Question
1 point(s)
What is considered to be a brute force attack?
Correct
Incorrect
Question 100 of 100
100. Question
1 point(s)
Which of the following is one of the most fundamental ways to prevent Cross-site Scripting (XSS) in software applications?
Correct
Incorrect
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.