is the exploitation of an organization's telephone, dial, and private branch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources.

CMIT 321 Ethical Hacking FINAL EXAM with Answers (2016)


Question 1


1 / 1 point

__________ is the exploitation of an organization's telephone, dial, and private branch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources.



a. War driving



b. Line dialing



c. PBX driving



d. War dialing

View Feedback


Question 2


1 / 1 point

__________ cryptography is the most common method on the Internet for authenticating a message sender or encrypting a message.



a. Symmetric



b. Hash-based



c. Private-key



d. Public-key

View Feedback


Question 3


1 / 1 point

__________ is a lightweight Knoppix version cut to 50 MB for a business-card-sized CD.



a. Gnoppix



b. GeeXboX



c. Morphix



d. Damn Small Linux

View Feedback


Question 4


1 / 1 point

The __________ utility tests the integrity of an ODBC data source.



a. odbcping



b. ASPRunner



c. FlexTracer



d. DbEncrypt

View Feedback


Question 5


1 / 1 point

In the TCP/IP stack, the __________ layer is where applications and protocols, such as HTTP and Telnet, operate.



a. Internet



b. network



c. transport



d. application

View Feedback


Question 6


1 / 1 point

Attackers can use a simple test to find out if an application is vulnerable to an OLE DB error. They can fill in the username and password fields with __________.



a. a pound sign



b. two dashes



c. a single quotation mark



d. double quotes

View Feedback


Question 7


1 / 1 point

__________ allow attackers to pass malicious code to different systems via a web application.



a. SQL injection attacks



b. XSS vulnerabilities



c. Authentication hijacking attacks



d. Command injection flaws

View Feedback


Question 8


1 / 1 point

A __________ is a trusted entity that signs certificates and can vouch for the identity of the user and the user's public key.



a. verification authority



b. certification authority



c. validation authority



d. registration authority

View Feedback


Question 9


1 / 1 point

Null sessions require access to TCP port __________.



a. 139



b. 141



c. 345



d. 349

View Feedback


Question 10


1 / 1 point

__________ is a command-line utility provided by Microsoft with SQL Server 2000 (and Microsoft SQL Server 2000 Desktop Engine) that allows users to issue queries to the server.













View Feedback


Question 11


1 / 1 point

The __________ file is used to determine which TTY devices the root user is allowed to log in to.



a. /usr/securetty



b. /etc/securetty



c. /var/securetty



d. /home/securetty

View Feedback


Question 12


1 / 1 point

__________ can monitor a Simple Mail Transfer Protocol (SMTP) server regularly after connecting to it.



a. CheckOK



b. SMTPCheck



c. SMTPMon



d. SLCheck

View Feedback


Question 13


1 / 1 point

__________ is a method of gaining access to sensitive data in a Bluetooth-enabled device.



a. Bluebugging



b. Bluesnarfing



c. BTKeylogging



d. Blueprinting

View Feedback


Question 14


1 / 1 point

__________ is a simple form of attack aimed directly at the application's business logic.



a. Authentication hijacking



b. Parameter tampering



c. Cookie poisoning



d. Session poisoning

View Feedback


Question 15


1 / 1 point

Once the Oracle database server has been traced, the first port of call is made to the __________ listener.



a. SQL



b. TNS



c. TCP




View Feedback


Question 16


1 / 1 point

__________ is a common and easy form of SQL injection. The technique involves evading the logon forms.



a. Command injection



b. SELECT bypass



c. INSERT injection



d. Authorization bypass

View Feedback


Question 17


1 / 1 point

__________ gathering is the process of accumulating information from resources like the Internet that can later be analyzed as business intelligence.



a. Competitive intelligence



b. Tracerouting



c. Passive information



d. Footprinting

View Feedback


Question 18


1 / 1 point

__________, formerly called AppTapp, is a tool for jailbreaking and installing nonsanctioned third-party applications on the iPhone.



a. iFuntastic



b. iNdependence



c. iActivator



d. AppSnapp

View Feedback


Question 19


1 / 1 point

Firefox cannot correctly interpret single quotation marks and spaces during authentication. This is called the __________ value of an authentication header.



a. registration



b. site



c. domain



d. realm

View Feedback


Question 20


1 / 1 point

Private data stored by Firefox can be quickly deleted by selecting __________ in the Tools menu.



a. Clear History



b. Clear Private Data



c. Delete Private Data



d. Delete History

View Feedback


Question 21


1 / 1 point

A(n) __________ is a custom command in Linux that is a substitute for a formal command string.



a. user string



b. system link



c. alias



d. link

View Feedback


Question 22


1 / 1 point

A __________ is a device that cannot function in any capacity.



a. block



b. brick



c. rock



d. cage

View Feedback


Question 23


0 / 1 point

__________ involves plotting the tables in the database.



a. Database enumeration



b. Database footprinting



c. Table footprinting



d. Table enumeration

View Feedback


Question 24


1 / 1 point

A __________ is a device that receives digital signals and converts them into analog signals, and vice versa.



a. firewall



b. proxy



c. hub



d. modem

View Feedback


Question 25


1 / 1 point

Which of the following types of tools would be most effective in cracking UNIX passwords?



a. Ophcrack



b. KerbCrack



c. John the Ripper



d. RainbowCrack

View Feedback


Question 26


1 / 1 point

SQL Server, like other databases, delimits queries with a __________.



a. colon



b. period



c. semicolon



d. comma

View Feedback


Question 27


1 / 1 point

__________ is a unique 15- or 17-digit code used to identify a mobile station to a GSM network.









c. SIM



d. PhoneID

View Feedback


Question 28


1 / 1 point

Which of the following password attacks is conducted using nontechnical means?



a. hybrid



b. brute force



c. social engineering



d. rainbow tables

View Feedback


Question 29


1 / 1 point

In __________-level hijacking, the attacker obtains the session IDs to get control of an existing session or to create a new, unauthorized session.



a. network



b. data link



c. transport



d. application

View Feedback


Question 30


1 / 1 point

Which of the tools listed below can be used to execute code on remote Windows systems?



a. X.exe



b. PsExec



c. Rsync



d. Ghost

View Feedback


Question 31


1 / 1 point

Kaspersky is used as __________.



a. a hacking tool against PDAs



b. a hacking tool against IPHONEs



c. a hacking tool against IPODs



d. an antivirus for Windows Mobile

View Feedback


Question 32


1 / 1 point

__________ viruses search all drives and connected network shares to locate files with an EXE or SCR extension.



a. W32/Madang-Fam



b. W32/Hasnot-A



c. W32/Fujacks-AK



d. W32/Fujacks-E

View Feedback


Question 33


1 / 1 point

What is the difference between online and offline password attacks?



a. Online attacks are conducted against people using the Internet, and offline attacks are conducted against people on private networks.



b. Online attacks target passwords or their representations as they traverse a network, and offline attacks focus on stored passwords.



c. Online attacks are used to gain access to systems, and offline attacks are used to knock systems off the network.



d. Offline attacks target passwords or their representations as they traverse a network, and online attacks focus on stored passwords.

View Feedback


Question 34


0 / 1 point

__________ synchronizes the information between a Palm device and a desktop PC.



a. HotSync



b. ActiveSync



c. PocketSync



d. PalmSync

View Feedback


Question 35


1 / 1 point

__________ is a type of computer architecture in which multiple processors share the same memory and are each assigned different tasks to perform.



a. Xcode



b. Multitasking



c. Cocoa



d. Symmetric multiprocessing

View Feedback


Question 36


1 / 1 point

__________ hackers are information security professionals who specialize in evaluating, and defending against, threats from attackers.



a. Gray-hat



b. Black-hat



c. Consulting



d. Ethical

View Feedback


Question 37


1 / 1 point

An __________ share is a hidden share that allows communication between two processes on the same system.



a. SMC



b. IPC



c. EPC



d. SMB

View Feedback


Question 38


1 / 1 point

The __________ method appends data in the URL field.






b. GET






d. URL

View Feedback


Question 39


1 / 1 point

__________ is a lightweight substitute for telnet that enables the execution of processes on other systems, eliminating the need for manual installation of client software.



a. PsExec



b. Alchemy Remote Executor



c. Emsa FlexInfo Pro



d. RemoteApp

View Feedback


Question 40


1 / 1 point

__________ is a back-end GPL tool that works directly with any RFID ISO-reader to make the content stored on the RFID tags accessible.



a. RFDump



b. RFReader



c. RFReceiver



d. RFExplorer

View Feedback


Question 41


1 / 1 point

__________ is a parallelized login cracker that supports numerous protocols for attack.



a. ADMsnmp






c. Hydra



d. John the Ripper

View Feedback


Question 42


1 / 1 point

IT __________ are designed to evaluate an organization's security policies and procedures.



a. ping sweeps



b. vulnerability assessments



c. penetration tests



d. security audits

View Feedback


Question 43


1 / 1 point

__________ is the act of gathering information about the security profile of a computer system or organization, undertaken in a methodological manner.



a. Tracerouting



b. Passive information gathering



c. Footprinting



d. Competitive intelligence gathering

View Feedback


Question 44


1 / 1 point

__________ is a command-line interface for Microsoft SQL Server that allows an attacker to execute commands on the underlying operating system, execute SQL queries, and upload files to a remote server.



a. SQLExec



b. Absinthe



c. Sqlninja



d. SQLSmack

View Feedback


Question 45


1 / 1 point

__________ occurs when hackers break into government or corporate computer systems as an act of protest.



a. Hacktivism



b. Cyber terrorism



c. Cybercrime



d. Suicide hacking

View Feedback


Question 46


1 / 1 point

Mac OS X includes __________, a collection of frameworks, APIs, and accompanying runtimes that allows for a host of open-source web, database, scripting, and development technologies.



a. Cocoa



b. Coffee



c. Bean



d. Xcode

View Feedback


Question 47


1 / 1 point

__________ is usually employed when the attacker discerns that there is a low probability that these reconnaissance activities will be detected.



a. Social engineering



b. Direct information gathering



c. Active reconnaissance



d. Inactive reconnaissance

View Feedback


Question 48


1 / 1 point

__________ is a programming language that permits website designers to run applications on the user's computer.



a. Java



b. Ruby



c. Python



d. Smalltalk

View Feedback


Question 49


1 / 1 point

_________ hijacking is a hacking technique that uses spoofed packets to take over a connection between a victim and a target machine.



a. ACK



b. Blind






d. Network-level

View Feedback


Question 50


1 / 1 point

In order for traffic to get back to the attacker during session hijacking, a process called __________ is used that allows the sender to specify a particular route for the IP packet to take to the destination.



a. desynchronization



b. source routing



c. spoofing



d. TCP routing

View Feedback


Question 51


1 / 1 point

__________ is a worm for Windows XP that downloads and executes malicious files on the compromised computer and spreads through removable storage devices.



a. HTTP W32.Drom



b. W32/VBAut-B



c. W32/QQRob-ADN



d. W32/SillyFDC-BK

View Feedback


Question 52


1 / 1 point

The Java-based __________ worm spreads through Bluetooth and affects unprotected Mac OS X 10.4 systems.



a. OSX/Leap-A



b. AppHook.B



c. Inqtana.A



d. BTHook-A

View Feedback


Question 53


1 / 1 point

__________ is a virus targeted against mobile personal digital assistant devices.



a. Skulls



b. Brador



c. Doomboot.A



d. Podloso

View Feedback


Question 54


1 / 1 point

The __________ stores confidential information that is accessible only from inside the organization.



a. public website



b. confidential website



c. private website



d. external website

View Feedback


Question 55


1 / 1 point

__________ is the unauthorized alteration of routing tables.



a. Route poisoning



b. Routing table spoofing



c. Routing table poisoning



d. Route spoofing

View Feedback


Question 56


1 / 1 point

__________ automatically scans a computer, looking for cookies created by Internet Explorer, Mozilla Firefox, and Netscape Navigator, and then displays the data stored in each one.



a. Cookie Viewer



b. Cookie Explorer



c. Cookie Browser



d. Cookie Manager

View Feedback


Question 57


1 / 1 point

__________ is a tool that administrators can use to test the reliability of their critical systems and determine what actions they must take to fix any problems.



a. DbEncrypt



b. AppDetective



c. Selective Audit



d. AppRadar

View Feedback


Question 58


1 / 1 point

The __________ script allows a remote user to view the code of server-side scripts.



a. Showlogin.asp



b. Showcode.asp



c. RemoteAccess.asp



d. Remotelogin.asp

View Feedback


Question 59


1 / 1 point

__________ is a method in which a sniffer is used to track down a conversation between two users.



a. A man-in-the-middle (MITM) attack



b. Session hijacking



c. IP spoofing



d. Network tapping

View Feedback


Question 60


1 / 1 point

__________ is a small utility that lists all USB devices currently connected to a computer, as well as all previously used USB devices.



a. MyUSBOnly



b. USB Blocker



c. USB CopyNotify!



d. USBDeview

View Feedback


Question 61


1 / 1 point

After gaining access, what is the attacker's next goal?



a. Cover their tracks.



b. Start denial-of-service attacks.



c. Find ways to maintain access.



d. None of the above.

View Feedback


Question 62


1 / 1 point

__________ is an HTTP authentication brute-force program. It attempts to guess passwords for basic HTTP authentication by logging in to a web server.



a. Authforce



b. ObiWaN



c. Hydra



d. Cain & Abel

View Feedback


Question 63


1 / 1 point

__________ record the parts of the website visited and can contain identifying information.



a. Logs



b. Records



c. Cookies



d. Certificates

View Feedback


Question 64


1 / 1 point

Web applications have a three-layered architecture consisting of presentation, logic, and __________.



a. application



b. data layers



c. transport




View Feedback


Question 65


1 / 1 point

__________ is a Linux security feature that enables a user to choose the directory that an application can access.



a. Chroot



b. Sandbox



c. Jailroot



d. Rootjail

View Feedback


Question 66


1 / 1 point

There are several aspects to security, and the owner of a system should have confidence that the system will behave according to its specifications. This is called __________.



a. confidentiality



b. reusability



c. accountability



d. assurance

View Feedback


Question 67


1 / 1 point

The __________ command displays the ARP table and is used to modify it.



a. ifconfig -arp



b. arp-table



c. netstat -arp



d. arp

View Feedback


Question 68


0 / 1 point

__________ detects and monitors Bluetooth devices in a wireless network. It provides information about the features of each device and the services provided by it.



a. Bluetooth Network Scanner



b. BlueFire Mobile Security



c. BlueAuditor



d. BlueWatch

View Feedback


Question 69


1 / 1 point

Which of the following statements best describes a penetration test?



a. A penetration test is using a password cracker to gain access to a system.



b. A penetration test is an attempt to simulate methods used by attackers to gain unauthorized access to a computer system.



c. A penetration test is the act of hacking computer systems; it is used by criminals to attack legitimate organizations.



d. A penetration test is an audit of an organization's security policies and procedures.

View Feedback


Question 70


1 / 1 point

Which website can an ethical hacker visit to see web pages from 2002?













View Feedback


Question 71


1 / 1 point

__________ provides a complete view for monitoring and analyzing activity within USB host controllers, USB hubs, and USB devices.



a. USB PC Lock



b. USBlyzer



c. Advanced USB Monitor



d. Virus Chaser USB

View Feedback


Question 72


1 / 1 point

The __________ is due to a canonicalization error in IIS 4.0 and 5.0 that allows an attacker to use malformed URLs to access files and folders located on the logical drive that includes web folders.



a. canonicalization vulnerability



b. ::$DATA vulnerability



c. Unicode directory traversal vulnerability



d. Msw3prt IPP vulnerability

View Feedback


Question 73


1 / 1 point

A __________ attack adds numbers or symbols to a dictionary file's contents to crack a password successfully.



a. brute-force



b. dictionary



c. hybrid



d. parameter manipulation

View Feedback


Question 74


1 / 1 point

Only __________ scan is valid while scanning a Windows system.



a. SYN



b. Null



c. FIN



d. Xmas

View Feedback


Question 75


1 / 1 point

Ethical hackers use their knowledge and skills to __________.



a. learn the details of computer systems and enhance their capabilities



b. attack government and commercial businesses



c. develop new programs or reverse-engineer existing software to make it more efficient



d. defend networks from malicious attackers

View Feedback


Question 76


1 / 1 point

Tripwire protects against Trojan horse attacks by __________.



a. blocking the port that the Trojan program is listening on



b. removing any Trojan horse programs found on the system



c. detecting unexpected changes to a system utility file that may indicate it had been replaced by a Trojan horse



d. quarantining any Trojan horse programs discovered on the system

View Feedback


Question 77


1 / 1 point

The ISAPI extension responsible for IPP is __________.



a. msisapi.dll



b. msw3prt.dll



c. msipp5i.dll



d. isapiipp.dll

View Feedback


Question 78


1 / 1 point

__________ is a protocol used to create, modify, and terminate sessions such as VOIP.



a. SMS



b. SIP







View Feedback


Question 79


1 / 1 point

A(n) __________ is a specific way to breach the security of an IT system through a vulnerability.



a. hole



b. exposure



c. exploit



d. threat

View Feedback


Question 80


1 / 1 point

__________ is a portable, battery-powered device that mediates interactions between RFID readers and RFID tags.



a. RSA blocker tag



b. RFID Firewall



c. RFID Guardian



d. Kill switch

View Feedback


Question 81


1 / 1 point

Which of the statements below correctly describes a dictionary attack against passwords?



a. It is an attack that tries every combination of characters until a correct password is identified.



b. It is an attack that uses a list of words to guess passwords until a correct password is identified.



c. It is an attack that uses a list of words and appends additional numbers or characters to each word until a correct password is identified.



d. It is an attack that uses precomputed values until a correct password is identified.

View Feedback


Question 82


0 / 1 point

The __________ are the agreed-on guidelines for a penetration test.



a. rules of engagement



b. project scope statements



c. test requirements



d. service-level agreements (SLAs)

View Feedback


Question 83


1 / 1 point

The Network News Transport Protocol service uses port __________.



a. 110



b. 119



c. 135



d. 139

View Feedback


Question 84


1 / 1 point

A(n) __________ is the logical, not physical, component of a TCP connection.



a. ISN



b. socket



c. port



d. SYN

View Feedback


Question 85


1 / 1 point

__________ reconnaissance is a hacker's attempt to scout for or survey potential targets and then investigate the target using publicly available information.



a. Active



b. Passive



c. Public



d. Open

View Feedback


Question 86


1 / 1 point

A __________, also called a packet analyzer, is a software program that can capture, log, and analyze protocol traffic over the network and decode its contents.



a. sniffer



b. recorder



c. logger



d. tapper

View Feedback


Question 87


1 / 1 point

__________ is, simply enough, looking through an organization's trash for any discarded sensitive information.



a. Trash diving



b. Trash carving



c. Dumpster searching



d. Dumpster diving

View Feedback


Question 88


1 / 1 point

__________ is a secure method of posting data to the database.



a. URL



b. SQL



c. GET




View Feedback


Question 89


1 / 1 point

How do you defend against privilege escalation?



a. Use encryption to protect sensitive data.



b. Restrict the interactive logon privileges.



c. Run services as unprivileged accounts.



d. Run users and applications on the least privileges.

View Feedback


Question 90


1 / 1 point

When an ethical hacker uses nslookup, which protocol are they querying?



a. DNS






c. SMB



d. NTP

View Feedback


Question 91


1 / 1 point

Bluetooth-enabled devices communicate via short-range, ad hoc networks known as __________.



a. piconets



b. uninets



c. btnets



d. pans

View Feedback


Question 92


1 / 1 point

The act of hiding data within or behind other data is known as __________.



a. encoding



b. encryption



c. steganography



d. fuzzing

View Feedback


Question 93


1 / 1 point

A __________ occurs when a connection between the target and host is in the established state, or in a stable state with no data transmission, or the server's sequence number is not equal to the client's acknowledgment number, or the client's sequence number is not equal to the server's acknowledgment number.



a. synchronization state



b. blind hijacking



c. source routing



d. desynchronization state

View Feedback


Question 94


1 / 1 point

__________ are software applications that run automated tasks over the Internet.



a. Zombies



b. Spiders



c. Bots



d. Crawlers

View Feedback


Question 95


1 / 1 point

Which of the following definitions best describes a wrapper?



a. A wrapper is a packet-crafting technique used to perform stealthy port scans.



b. A wrapper is an encryption tool used to hide messages inside image files.



c. A wrapper is a method of hiding a virus inside an executable file.



d. A wrapper is a tool used to bind a Trojan to a legitimate file.

View Feedback


Question 96


1 / 1 point

In a hit-and-run attack, __________.



a. the attacker constantly injects bad packets into the router



b. the attacker mistreats packets, resulting in traffic congestion



c. the attacker injects a few bad packets into the router



d. the attacker alters a single packet, resulting in denial of service

View Feedback


Question 97


1 / 1 point

__________ is a command-line TCP/IP packet assembler/analyzer.



a. Hping2



b. Firewalk






d. Blaster Scan

View Feedback


Question 98


1 / 1 point

The __________ tool traces various application calls from Windows API functions to the Oracle Call Interface.



a. ASPRunner



b. FlexTracer



c. odbcping



d. SQL Query Analyzer

View Feedback


Question 99


1 / 1 point

With the __________ tool, you can ping multiple IP addresses simultaneously.



a. Fping



b. Nmap



c. Nessus



d. Unicornscan

View Feedback


Question 100


1 / 1 point

Attackers use a technique called __________ to exploit the system by pretending to be legitimate users or different systems.



a. identity theft



b. impersonation



c. spoofing



d. flooding

View Feedback


Question 101


1 / 1 point

__________ is a Microsoft-proprietary protocol that authenticates users and computers based on an authentication challenge and response.






b. Kerberos







View Feedback


Question 102


1 / 1 point

__________ reconstructs a device's Bluetooth PIN and link key from data sniffed during a pairing session.



a. Blooover



b. Hidattack



c. BTCrack



d. Cabir and Mabir

View Feedback


Question 103


1 / 1 point

This type of port scanning technique splits a TCP header into several packets so that the packet filters cannot detect what the packets intend to do.



a. UDP scanning



b. IP fragment scanning



c. inverse TCP flag scanning



d. ACK flag scanning

View Feedback


Question 104


1 / 1 point

__________ is an application that, when installed on a system, runs a background process that silently copies files from any USB flash drive connected to it.



a. USB Switchblade



b. USBDumper



c. USB Hacksaw



d. USB Copy 'em all

View Feedback


Question 105


1 / 1 point

__________ is an application that identifies all Bluetooth-enabled devices, their communications, and their connectivity within a given area.



a. BlueSweep



b. BlueWatch



c. BlueKey



d. BlueFire Mobile

View Feedback


Question 106


1 / 1 point

__________ URLs, or intranets, are private links that only a company's employees use.



a. Internal



b. Private



c. Organizational



d. Domain

View Feedback


Question 107


1 / 1 point

In Internet Explorer, the __________ zone is a security zone for sites that the user has designated as safe to visit.



a. user sites



b. legal sites



c. white list



d. trusted sites

View Feedback


Question 108


1 / 1 point

Which of the following is not a category of security assessment?



a. security audit



b. rootkit detection



c. vulnerability assessment



d. penetration testing

View Feedback


Question 109


1 / 1 point

A hacker has successfully used a tool to intercept communications between two entities and establish credentials with both sides of the connection. The two remote ends of the communication never notice that the attacker is relaying the information between the two. This is called a(n) __________ attack.



a. man-in-the-middle



b. interceptoring



c. MAC poisoning attack



d. firewalking

View Feedback


Question 110


1 / 1 point

__________ is a cable modem hacking program. It performs the task of uncapping by incorporating all the uncapping steps into one program.



a. Yersinia



b. OneStep: ZUP



c. Zebra



d. Solar Winds MIB Browser

View Feedback


Question 111


1 / 1 point

Information on all Linux accounts is stored in the __________ and /etc/shadow files.



a. /etc/conf



b. /etc/passwd



c. /etc/password



d. /conf/passwd

View Feedback


Question 112


1 / 1 point

Which type of penetration test is conducted with absolutely no prior knowledge of the target environment?



a. white-box testing



b. gray-box testing



c. red-hat testing



d. black-box testing

View Feedback


Question 113


1 / 1 point

Redirections for URLs are handled with the __________ URL handler, which can cause errors in older versions of Internet Explorer.



a. goto:



b. mdir:



c. mhtml:



d. redir:

View Feedback


Question 114


1 / 1 point

Traceroute uses the __________ field in an IP packet to determine how long it takes to reach a target host and whether that host is reachable and active.



a. IHL



b. flags



c. TOS



d. TTL

View Feedback


Question 115


1 / 1 point

Which of the following is not a Microsoft Internet Information Services vulnerability?



a. ::$DATA vulnerability



b. UFS integer overflow vulnerability



c. Showcode.asp vulnerability



d. WebDAV/RPC exploits

View Feedback


Question 116


1 / 1 point

Which of the following statements best describes the rules of engagement for a penetration test?



a. The rules of engagement are the systems that a tester can knock offline during a penetration test.



b. The rules of engagement are the agreed-upon guidelines for a penetration test, including desired code of conduct and procedures.



c. The rules of engagement define the service-level agreement and scope of a penetration test.



d. The rules of engagement include the insurance and risk management associated with third-party testing.

View Feedback


Question 117


1 / 1 point

The __________ service is responsible for sending a response packet that contains connection details to clients who send a specially formed request.













View Feedback


Question 118


1 / 1 point

The RFID __________ policy establishes the framework for many other security controls. It provides a vehicle for management to communicate its expectations regarding the RFID system and its security.



a. security



b. physical access



c. secure disposal



d. usage

View Feedback


Question 119


1 / 1 point

A __________ is a set of related programs, usually located at a network gateway server, that protect the resources of a private network from other network users.



a. firewall



b. proxy



c. packet filter



d. router

View Feedback


Question 120


1 / 1 point

While conducting an ethical penetration test in Europe, which Regional Internet Registry (RIR) would you use?













View Feedback


Question 121


1 / 1 point

__________ is a tool for performing automated attacks against web-enabled applications.



a. cURL



b. dotDefender



c. Burp Intruder



d. AppScan

View Feedback


Question 122


1 / 1 point

If the supplied data does not fit within the size constraints of a single packet, the data is spread among multiple packets in a process known as __________.



a. framing



b. separation



c. fragmentation



d. division

View Feedback


Question 123


1 / 1 point

__________ is a nonvoice service available with most GSM networks.






b. EDO







View Feedback


Question 124


1 / 1 point

The information resource or asset that is being protected from attacks is usually called the __________.



a. key value



b. target of evaluation



c. main asset



d. target asset

View Feedback


Question 125


1 / 1 point

__________ is an information service provider that helps law offices, government agencies, businesses, and individuals find information about people.






b. Best People Search



c. Switchboard



d. Google Finance

View Feedback