Question 1

Which of the following types of hosts are completely exposed to risk?

Accepted Answer

A)  A Windows 2000 server 
B)  Honeypot 
C)  Bastion host 
D)  An open source operating system 
A)  A Windows 2000 server 
B)  Honeypot 
C)  Bastion host 
D)  An open source operating system C

Question 2

Which of the following phrases is a derogatory term and would only invite retaliation?

Accepted Answer

A)  Script Kiddie 
B)  Hacker 
C)  Attacker 
D)  Consultant 
A)  Script Kiddie 
B)  Hacker 
C)  Attacker 
D)  Consultant A

Question 3

Devon has been "dumpster diving". He went through is target's garbage and recycle bins getting all he could. What is the term used to describe what he will most likely do with these documents?

Accepted Answer

A)  Paper Pilfering 
B)  Trash Tracing 
C)  Green Grabbing 
D)  Document Grinding 
A)  Paper Pilfering 
B)  Trash Tracing 
C)  Green Grabbing 
D)  Document Grinding D

Question 4

Someone downloads a tool from the Internet and uses it to experiment with an idea she got from a YouTube video. Another exam you recently passed considers this unethical and inappropriate. A friend of yours just considers this person to be a "script kiddie." You have your own opinions, but what is the most defensive way to respond to this scenario?

Accepted Answer

A)  Lecture the person about ethics and appropriate behavior. Make certain she realizes the trouble she is causing the industry as a whole. 
B)  Avoid insulting the person, enforce policy in a professional yet objective manner, and consider the idea that this person can be an asset if properly mentored. 
C)  Explain "Script kiddies are l00s3rs." And agree with your friend that if this l@m3r can't write her own buffer overflow shellcode then she isn't worth a slice of pizza. 
D)  Shrug your shoulders in indifference and get on with your day knowing your network is so secure that this person poses no possible threat. 
A)  Lecture the person about ethics and appropriate behavior. Make certain she realizes the trouble she is causing the industry as a whole. 
B)  Avoid insulting the person, enforce policy in a professional yet objective manner, and consider the idea that this person can be an asset if properly mentored. 
C)  Explain "Script kiddies are l00s3rs." And agree with your friend that if this l@m3r can't write her own buffer overflow shellcode then she isn't worth a slice of pizza. 
D)  Shrug your shoulders in indifference and get on with your day knowing your network is so secure that this person poses no possible threat.

Question 5

If attackers experimenting with the latest botnet tool decided to seize control of some federal computers for the purposes of committing a fraud utilizing symbolic data such as credit card information they would be in violation of:

Accepted Answer

A)  Computer Fraud and Abuse Act Section 1030 
B)  Federal Computer Breech Act of 1985 
C)  The Bush Cheney Act of 2006 
D)  Symbolic Data Protection Act of 2001 
A)  Computer Fraud and Abuse Act Section 1030 
B)  Federal Computer Breech Act of 1985 
C)  The Bush Cheney Act of 2006 
D)  Symbolic Data Protection Act of 2001

Question 6

You want to determine the web server and host operating system of a target. For legal reasons, you worry about getting caught. A passive recon technique that cannot be detected might be a good idea.
Which of the following choices holds the least risk of detection?

Accepted Answer

A)  Use the netcraft website to look up the target's host 
B)  Use telnet to perform a banner grab 
C)  Use a common scanner in "paranoid mode" 
D)  Call them and ask 
A)  Use the netcraft website to look up the target's host 
B)  Use telnet to perform a banner grab 
C)  Use a common scanner in "paranoid mode" 
D)  Call them and ask

Question 7

You are researching an adversary and are certain that you saw some incriminating information on their website about six months ago, but it isn't there now. What resource below might be the quickest way to check for this data?

Accepted Answer

A)  Look through the websites that target has partner relationships with 
B)  Use Google to look through their cache database 
C)  Learn to program in PERL and create a webcrawler of your own 
D)  "The Wayback Machine" 
A)  Look through the websites that target has partner relationships with 
B)  Use Google to look through their cache database 
C)  Learn to program in PERL and create a webcrawler of your own 
D)  "The Wayback Machine"

Question 8

Maureen returns from lunch and notices her PC has a BSOD but the hard drive activity light is still flashing. What tool is possibly being used?

Accepted Answer

A)  Nessus scans can cause BSODs, she just needs to reboot 
B)  Her computer is enumerating the network with dumpsec 
C)  Her computer is using floppyscan 
D)  A USB key was inserted and caused a IRQ conflict 
A)  Nessus scans can cause BSODs, she just needs to reboot 
B)  Her computer is enumerating the network with dumpsec 
C)  Her computer is using floppyscan 
D)  A USB key was inserted and caused a IRQ conflict

Question 9

Neil is conducting security research on a popular software application and discovers a buffer overflow. He considers reporting his finding to the vendor but realizes the EULA (End User License Agreement)
Forbids this kind of research.
What should Neil do?

Accepted Answer

A)  Neil should sell his exploit on eBay. There is nothing wrong with making an honest dollar this way since the software itself should have been free in the first place. 
B)  The laws that protect the right to Full Disclosure are in higher standing than the EULA. It is a constitutional issue regarding speech and expression. Neil can reveal his findings without worry. 
C)  Report the finding to a neutral party such as a CERT coordination center 
D)  Anonymously report the finding to the bugtraq or "full disclosure" mailing lists 
A)  Neil should sell his exploit on eBay. There is nothing wrong with making an honest dollar this way since the software itself should have been free in the first place. 
B)  The laws that protect the right to Full Disclosure are in higher standing than the EULA. It is a constitutional issue regarding speech and expression. Neil can reveal his findings without worry. 
C)  Report the finding to a neutral party such as a CERT coordination center 
D)  Anonymously report the finding to the bugtraq or "full disclosure" mailing lists

Question 10

Sean is having a conversation with a friend, making fun of how foolish spammers are. Clearly, he says "These emails are just sent by the millions and look like it. Only an idiot falls for them." In the meanwhile Sean is reading an email addressed to him. It says:
---
Dear Sean,
I understand you did some work awhile back for an orfanage in Brazil. Sorry to bother you sir, we have never meet, but I am a 13 year old boy whose parents were taken the the states. I need some money to get them to reurn safely or if I can greet them there in the states too. Can you help?
---
Sean remembers his trip to Brazil and thinks of a boy he met there (He met hundreds, but the mind plays tricks like this on the best of us). He wonders for a moment if this might be him.
What technique is Sean about to fall prey too?

Accepted Answer

A)  SPAM & Scam Sandwich 
B)  Brazilian Spam Squad 
C)  Spear Phishing 
D)  South American 419 Scam 
A)  SPAM & Scam Sandwich 
B)  Brazilian Spam Squad 
C)  Spear Phishing 
D)  South American 419 Scam

Question 11

Which of the following represents the greatest danger to enterprise networks?

Accepted Answer

A)  Disgruntled Employee 
B)  Black Hat hacker 
C)  Negligent management 
D)  The burdens of government regulations 
A)  Disgruntled Employee 
B)  Black Hat hacker 
C)  Negligent management 
D)  The burdens of government regulations

Question 12

When he is finished footprinting the network the next step an attacker would take is:

Accepted Answer

A)  Launch a vulnerability scanner 
B)  Enumerate as much as possible about the policies of each system 
C)  Attack! 
D)  Take the information they have gathered and start searching Google 
A)  Launch a vulnerability scanner 
B)  Enumerate as much as possible about the policies of each system 
C)  Attack! 
D)  Take the information they have gathered and start searching Google

Question 13

"Port scanning" is considered what form of attack?

Accepted Answer

A)  Illegal and highly prosecuted 
B)  Information gathering 
C)  Rude and impolite 
D)  Denial of Service 
A)  Illegal and highly prosecuted 
B)  Information gathering 
C)  Rude and impolite 
D)  Denial of Service

Question 14

During a pentest, you retrieve a USB key from a box of discarded hardware that was just sitting by a number of other items. You check the key for files and it turns out to have a number of .pdf documents that could have sensitive information. If this information were to get leaked it would be a great risk to your client. In your report you point this out but the customer doesn't see the problem as all of the documents were password protected.
Why isn't this enough to prevent the information leakage?

Accepted Answer

A)  Without knowing the original user of the file the information could be inaccurate or not relevant, however, if something thinks it is they would still try to use it during a social engineering attack. 
B)  Many tools that are easy to obtain can brute force the passwords. It is also common for documents of this nature to use easy to remember dictionary words that are also often the same for many files. 
C)  Since the password must always be stored in the file itself, it is fairly easy to use a common hex editor to analyze the file and extract the credentials 
D)  The passwords are usually stored using a very strong encryption, but notepad will usually open the files in clear text anyway 
A)  Without knowing the original user of the file the information could be inaccurate or not relevant, however, if something thinks it is they would still try to use it during a social engineering attack. 
B)  Many tools that are easy to obtain can brute force the passwords. It is also common for documents of this nature to use easy to remember dictionary words that are also often the same for many files. 
C)  Since the password must always be stored in the file itself, it is fairly easy to use a common hex editor to analyze the file and extract the credentials 
D)  The passwords are usually stored using a very strong encryption, but notepad will usually open the files in clear text anyway

Question 15

Hayley decides to circumvent the copy protection laws by taking an entire movie she recorded on her cell phone in the theatre and appending it with an insightful review and claims this is journalism and free speech. She still gets sued and loses. Why?

Accepted Answer

A)  She didn't have enough money to hire a good attorney. 
B)  This was an injustice. She should have won the case. 
C)  She used too much. A clip or two with proper attribution would have been better. 
D)  It was a flip of the coin; the case could have gone either way. 
A)  She didn't have enough money to hire a good attorney. 
B)  This was an injustice. She should have won the case. 
C)  She used too much. A clip or two with proper attribution would have been better. 
D)  It was a flip of the coin; the case could have gone either way.

Question 16

Which of the following are ways to overcome insider threats? (Choose up to 7)

Accepted Answer

A)  Separation of duties 
B)  Rotation of duties 
C)  Restrict privileges 
D)  Controlled access 
E)  Logging and auditing 
F) Legal policies
G) Archiving critical data 
A)  Separation of duties 
B)  Rotation of duties 
C)  Restrict privileges 
D)  Controlled access 
E)  Logging and auditing 
F) Legal policies
G) Archiving critical data

Question 17

When attackers have gained and then maintained access to a system it is said they have installed a…

Accepted Answer

A)  Backdoor 
B)  Rootkit 
C)  Maintenance hook 
D)  Trojan 
A)  Backdoor 
B)  Rootkit 
C)  Maintenance hook 
D)  Trojan

Question 18

The sales manager for your company nicknamed "Zig", is looking for a creative way to advertise and grow the business. He accesses a popular technical forum website and asks a question he knows many in the group will be able to answer. He thanks them for their help "in advance" (TIA) while suggesting everyone should visit his site for more information about his question.
One poster responds back with a link to a page called http://www.superdupersalesleadsUSA.cx and compliments Zig on his fantastic website. He said he can assist better if Zig could fill out the contact form on that page, and will also refer a number of new clients in case Zig is interested.
The sales manager gets suspicious and asks you for advice. What can you say to him?

Accepted Answer

A)  It looks like a promising link, he should try it out. 
B)  You tell him the site is not from the USA and would probably not have leads he can use anyway. He should respond to the poster by calling him a jerk for wasting our time. 
C)  You offer to click the link from your workstation instead, because it is safer. 
D)  You advise this is not considered good netiquette and that this type of advertising does not present the best image for the company. You ask Zig not to click on the link, do not respond further, and please don't do this again. 
A)  It looks like a promising link, he should try it out. 
B)  You tell him the site is not from the USA and would probably not have leads he can use anyway. He should respond to the poster by calling him a jerk for wasting our time. 
C)  You offer to click the link from your workstation instead, because it is safer. 
D)  You advise this is not considered good netiquette and that this type of advertising does not present the best image for the company. You ask Zig not to click on the link, do not respond further, and please don't do this again.

Question 19

Another way to describe risk is:

Accepted Answer

A)  A positive or negative event that can impact a resource or process 
B)  A negative event that can cause damage to a resource or process 
C)  Bungee jumping 
D)  A management technique that measures certainty 
A)  A positive or negative event that can impact a resource or process 
B)  A negative event that can cause damage to a resource or process 
C)  Bungee jumping 
D)  A management technique that measures certainty

Question 20

Systems that have default configurations are common targets during a pentest. Which of the following is not a default configuration?

Accepted Answer

A)  Setup a webserver that uses a secondary that only invited users will know about 
B)  Keeping the directory structures the same as installed, for easier maintenance 
C)  Allowing the sample pages of the webserver to remain so as not to confuse anyone until the real site is built 
D)  Keeping the default user accounts to make sure access is always available. 
A)  Setup a webserver that uses a secondary that only invited users will know about 
B)  Keeping the directory structures the same as installed, for easier maintenance 
C)  Allowing the sample pages of the webserver to remain so as not to confuse anyone until the real site is built 
D)  Keeping the default user accounts to make sure access is always available.

Which of the following types of hosts are completely exposed to risk?

Which of the following phrases is a derogatory term and would only invite retaliation?

Devon has been "dumpster diving". He went through is target's garbage and recycle bins getting all he could. What is the term used to describe what he will most likely do with these documents?

If attackers experimenting with the latest botnet tool decided to seize control of some federal computers for the purposes of committing a fraud utilizing symbolic data such as credit card information they would be in violation of:

You want to determine the web server and host operating system of a target. For legal reasons, you worry about getting caught. A passive recon technique that cannot be detected might be a good idea. Which of the following choices holds the least risk of detection?

You are researching an adversary and are certain that you saw some incriminating information on their website about six months ago, but it isn't there now. What resource below might be the quickest way to check for this data?

Maureen returns from lunch and notices her PC has a BSOD but the hard drive activity light is still flashing. What tool is possibly being used?

Neil is conducting security research on a popular software application and discovers a buffer overflow. He considers reporting his finding to the vendor but realizes the EULA (End User License Agreement) Forbids this kind of research. What should Neil do?

Which of the following represents the greatest danger to enterprise networks?

When he is finished footprinting the network the next step an attacker would take is:

"Port scanning" is considered what form of attack?

Hayley decides to circumvent the copy protection laws by taking an entire movie she recorded on her cell phone in the theatre and appending it with an insightful review and claims this is journalism and free speech. She still gets sued and loses. Why?

Which of the following are ways to overcome insider threats? (Choose up to 7)

When attackers have gained and then maintained access to a system it is said they have installed a…

Another way to describe risk is:

Systems that have default configurations are common targets during a pentest. Which of the following is not a default configuration?

Information Gathering

Malicious Code

Operating Systems and Applications

Networks and Services

Filters

Exam 1: Ethical Hacking and Testing

Which of the following types of hosts are completely exposed to risk?

Which of the following phrases is a derogatory term and would only invite retaliation?

Devon has been "dumpster diving". He went through is target's garbage and recycle bins getting all he could. What is the term used to describe what he will most likely do with these documents?

If attackers experimenting with the latest botnet tool decided to seize control of some federal computers for the purposes of committing a fraud utilizing symbolic data such as credit card information they would be in violation of:

You want to determine the web server and host operating system of a target. For legal reasons, you worry about getting caught. A passive recon technique that cannot be detected might be a good idea. Which of the following choices holds the least risk of detection?

You are researching an adversary and are certain that you saw some incriminating information on their website about six months ago, but it isn't there now. What resource below might be the quickest way to check for this data?

Maureen returns from lunch and notices her PC has a BSOD but the hard drive activity light is still flashing. What tool is possibly being used?

Neil is conducting security research on a popular software application and discovers a buffer overflow. He considers reporting his finding to the vendor but realizes the EULA (End User License Agreement) Forbids this kind of research. What should Neil do?

Which of the following represents the greatest danger to enterprise networks?

When he is finished footprinting the network the next step an attacker would take is:

"Port scanning" is considered what form of attack?

Hayley decides to circumvent the copy protection laws by taking an entire movie she recorded on her cell phone in the theatre and appending it with an insightful review and claims this is journalism and free speech. She still gets sued and loses. Why?

Which of the following are ways to overcome insider threats? (Choose up to 7)

When attackers have gained and then maintained access to a system it is said they have installed a…

Another way to describe risk is:

Systems that have default configurations are common targets during a pentest. Which of the following is not a default configuration?

Information Gathering

Malicious Code

Operating Systems and Applications

Networks and Services

Filters