Question 1

Which two of the following are among the major 5 actors of the NIST Cloud Computing Reference Architecture?

Question 1 options:
Cloud Auditor
CloudShareOne
Cloud Broker
Cloud Database

Question 2

What is the block (word) size used by SHA-512 algorithm?

Question 2 options:
128-bit
64-bit
32-bit
256-bit

Question 3

Which of the following can be utilized as traceroute tool?

Question 3 options:
nslookup
TTL (Time to Live)
Path Analyzer Pro
pingpath

Question 4

What is a network of many hacked smartphones called?

Question 4 options:
phone_net
botnet
4g-hacked
3gees

Question 5

Which version of the Linux kernal does Android rely upon?

Question 5 options:
2.6
3.0
3.10
3.6

Question 6

The Autorun feature of Removable Disks and CD Drives can be a threat to network Security. What is the best course of action to remove Autorun for Removable Disks and CD Drives in Windows?

Question 6 options:
Tape the USB ports
Provide Users without Administrative Rights
Use Group Policy
Remove the CD-ROM Drive from the System

Question 7

According to the text, the three different types of Virtualization include:

Question 7 options:
SAN Virtualization
Network Virtualization
Storage Virtualization
Server Virtualization

Question 8

Among all smartphones, which is most likely to be hacked? (choose all that apply)

Question 8 options:
Blackberry
Windows Phone
iPhone
Android

Question 9

Some of the Infrastructure as a service vendors include: (choose all that apply)

Question 9 options:
Windows SkyDrive
Amazon EC2
Go Grid
Sungrid

Question 10

The psexec utility can be utilized to perform which of the following actions?

Question 10 options:
Get System Information
List Processes
Launch an Interactive Command Session
Show open files

Question 11

Which of the following are Mobile Network Based Attacks? (choose all that apply)

Question 11 options:
Man-in-the-Middle Attacks
Rogue Access Points
Packet Sniffing
SSL Strip

Question 12

The Management Information Base (MIB) includes which of the following?
(choose all that apply)

Question 12 options:
Scalar and Tabular Objects
File and Folder Permissions
OID Numbers
User Accounts

Question 13

Which of the following applies to an SSID? (choose all that apply)

Question 13 options:
Will be encrypted in WEP or WPA/WPA2 is utilized
Is part of the frame header
Is Case Sensitive
Can be up to 32 characters

Question 14

Which of the following are app stores? (choose all that apply)

Question 14 options:
ITunes Store
Fanddago
Google Play
BlackBerry App World

Question 15

Which Cloud Deployment model is a multi-tenant infrastructure shared among organizations with common characteristics?

Question 15 options:
Private Cloud
Hybrid Cloud
Public Cloud
Community Cloud

Question 16

Question 16 options:
Disable File and Print Sharing
Block ICMP so the host cannot be detected
Use TCP Wrappers
Turn on the Windows Firewal

Question 17

A lack of vetting of apps can lead to which two of the following results?

Question 17 options:
rooting
Malicious apps
jail-breaking
fake apps

Question 18

According to your text, which of the following are ways to detect an Intrusion with an (IDS)? (choose all that apply) Choose all that apply
Question 18 options:
Anti-Virus Alerts
Anomaly Detection
Protocol Anomaly Detection
Signature Detection

Question 19

Which of the following firewall architectures is designed to host servers that offer public services?

Question 19 options:
Screened host
Bastion Host
Screened subnet
Screened

Question 20

Black hat hackers are:

Question 20 options:
Individuals who work both offensively and defensively at various times
Individuals who aim to bring down critical infrastructure for a cause
and are not worried about jail
Individuals professing hacker skills and using them for defensive
purposees, or security analysts
Individuals with extraordinary computing skills, resorting to malicious
or destructive activities

Question 21

Identify the Nmap Scan method that is often referred to as half open scan:

Question 21 options:
SYN Stealth
Half open
Windows Scan
ACK Scan

Question 22

According to the text, a major Denial of Service Attack caused major
problems for ___.

Question 22 options:
DALnet IRC Network
Target
The Department of Defense
780th Military Intelligence Brigade

Question 23

Which of the following Management Information Base (MIB) files contains
information about server services?

Question 23 options:
LNMIB2.MIB
HOSTMIB.MIB
WINS.MIB
DCHP.MIB

Question 24

According to the text, which of the following is a form of MITM Attack?

Question 24 options:
Packet Sniffing
Checksum Evasion
API Hooking
SSL Strip

Question 25

Of the following options, which are virtualization vendors? (
choose all that apply)

Question 25 options:
Microsoft
VMware vSphere
VMware vCloud Suite
Virtual Box

Question 26

Which password cracking technique will the attacker use if she gets
some information about the password to crack?

Question 26 options:
Denial of Service Attack
Distributed Network Attack (DNA)
Rule-based Attack
Syllable Attack

Question 27

Which of the following are signs of file system intrusion?
(choose all that apply)

Question 27 options:
Connection Requests
Double Extensions
Rogue SUID Entries
Reduced Bandwidth

Question 28

According to OWASP, strong encryption channels, such as which of the following should be used? (choose all that apply)

Question 28 options:
RC4
DES
3DES
AES

Question 29

Which of the following are risks of rooting? (choose all that apply)

Question 29 options:
voiding the warranty
malware
bricking
poor performance

Question 30

Buffer overflow attacks allow an attacker to modify the ___________ in order to control the process execution, .

Question 30 options:
Target process's address space
Target remote access
Target rainbow table
Target SAM file

Question 31

According to the text, by 2018, what percentage of enterprises will specify Wi-Fi as the default connection?

Question 31 options:
25%
75%
40%
60%

Question 32

Identify the attack which forces an unsuspecting user's browser to send malicious requests they did not intend.

Question 32 options:
SQL injection attack
LDAP Injection attack
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)

Question 33

Which of the following is an antenna based on the principal of a satellite dish and can pick up Wi-Fi signals from 10 miles away?

Question 33 options:
Parabolic
Yagi
Dipole
Omni Directional

Question 34

You should place your Intrusion Detection System (IDS) in this location on the network (choose all that apply):

Question 34 options:
DMZ
Outside the Firewall
At the ISP Location
Inside the Firewall

Question 35

Permutation Scanning involves which of the following?

Question 35 options:
Using a psudorandom function
Looking for new vulnerable machines on the local subnet
Collecting a list of possibly vulnerable machines
Using information from infected machines

Question 36

What are some of the limitations of Cloud Computing services? (choose all that apply)

Question 36 options:
Inflexible
Storage Limits
Control Limits
Contracts

Question 37

Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?

Question 37 options:
802.11a
802.11b
802.11g
802.11i

Question 38

It was well publicized that BlackShades Net was used as an attack tool against:

Question 38 options:
RSA
Syrain Political Activists
Sony Pictures
Target

Question 39

Which Cloud Consumer model includes storage, service management, and content delivery?

Question 39 options:
IaaS
SAN
SaaS
PaaS

Question 40

What were the two dominant attack strategies identified in Symantec's Threat Report?

Question 40 options:
Advanced Persistent Threats
Broader Strokes
Focused Attack
Distributed Denial of Service

Question 41

SYN flooding takes advantage of which of the following? (choose all that apply)

Question 41 options:
A flaw in how the three-way handshake can be implemented
A flaw in some firewalls which do not restrict ICMP traffic by default
Not replying to SYN/ACKs
Holding the incomplete connection for a period up to one second

Question 42

Which of the following is a tool that can be used to check for modified or trojanzied files?

Question 42 options:
chkdsk
scandisk
fsck
tripwire

Question 43

The advantages of a using a Community Cloud Deployment include which of the following? (choose all that apply)

Question 43 options:
High Security
Clear Legal Entity
Compliance to Regulations
Shared Resources

Question 44

Which of the following sentences is true about a proxy?

Question 44 options:
Cannot be used to filter out unwanted content
Allows attacker to view the desktop of users system
Protects the local network from outside access
Does not allow the connection of a number of computers to the Internet when having
only one IP

Question 45

Which of the following Windows Utilities can be utilized to enumerate hosts?

Question 45 options:
net stop
net view
net Use
net start

Question 46

Which of the following is the 3D Graphics Library of Android?

Question 46 options:
OpenGL
SSL
Media Framework
SGL

Question 47

Which of the following applies to an Intrusion Detection System (IDS)? (choose all that apply)

Question 47 options:
Monitors outbound traffic
Monitors inbound traffic
Will perform actions to stop the attacker in their tracks
Signals an alarm

Question 48

What is the size of WEP initialization vector (IV)?

Question 48 options:
8-bit
16-bit
24-bit
32-bit

Question 49

low? (choose all that apply)

Question 49 options:
removing bloatware
Low level access to hardware
tethering
deleting system files

Question 50

If you want to mask (or spoof) your IP Address, what type of scan should you use?

Question 50 options:
IDLE, IPID Scan
ACK Flag Probe Scan
Stealth Scan
UDP Scan

Question 51

An organization can implement this Cloud Deployment model within the corporate firewall.

Question 51 options:
Public Cloud
Hybrid Cloud
Community Cloud
Private Cloud

Question 52

Which of the following is true about the 802.11i standard?

Question 52 options:
It operates at both 2.4 GHZ and 5 GHZ
It defines WPA-2 Enterprise and Personal
It operates at 5 GHZ only
It operates at 2.4 GHZ only

Question 53

Which two of the following are included in Android Runtime?

Question 53 options:
core libraries
Dalvik Virtual Machine
Flash memory driver
Bind IPC driver

Question 54

Which modes on Bluetooth devices at greater risk? (choose all that apply)

Question 54 options:
monitor
promiscuous
open
discovery

Question 55

Which of the following is an example of a Trojan that can be utilized for Website Defacement?

Question 55 options:
Restorator
HTTrack
CrimePack
WGET

Question 56

Which rootkit modifies the boot sequence to load themselves instead of the original virtual machine monitor?

Question 56 options:
Library level rootkits
Hypervisor level rootkit
Boot loader level rootkit
Kernel level rootkit

Question 57

Central Source propagation commonly utilized what two protocols?

Question 57 options:
TFTP
FTP
RDP
RPC

Question 58

What happens when the CAM table is full?

Question 58 options:
It does not affect the switch functioning
Additional ARP request traffic will not be forwarded to any port on the switch
Additional ARP request traffic will flood every port on the switch
The switch will stop functioning and get disconnected from network

Question 59

Which of the following companies offer Cloud Computing services? (choose all that apply)

Question 59 options:
Facebook
Salesforce
Dropbox
Google

Question 60

Which of the following evasion techniques rely on Time-to-Live (TTL) fields of a TCP/IP packet?

Question 60 options:
Denial-of-Service Attack
Obfuscation
Insertion Attack
Unicode Evasion

Question 61

Which of the following conditions shows the presence of a honeypot?

Question 61 options:
Ports show a particular service running and allow a three-way handshake connection
Ports show a particular service running but deny a three-way handshake connection
Scan shows that no scanned port is live on the network
Ports do not show any particular service running

Question 62

What virus modifies the directory table entries so they point to the virus code instead of the actual program?

Question 62 options:
Boot Sector Viruses
Macro Viruses
Cluster Viruses
Encryption Viruses

Question 63

Identify the statement which is true for RC6 algorithm:

Question 63 options:
Is a 64 bit block cipher that uses a key length that can vary between 32 and 448 bits
Is a parameterized algorithm with a variable block size, key size, and a variable number
of rounds
Includes integer multiplication and the use of four 4-bit working registers
Is a variable key-size stream cipher with byte-oriented operations and is based on random
permutation

Question 64

ARP Spoofing involves constructing a large number of forged ARP request and reply packets to overload:

Question 64 options:
Hub
Bridge
Router
Switch

Question 65

Packet filtering firewall works at which of these layers of the OSI model?

Question 65 options:
Physical layer
Application layer
Session layer
Network layer

Question 66

All of the following are true about an SSID except which of the following?

Question 66 options:
Is Case Sensitive
Can be up to 32 characters
Is part of the frame header
Will be encrypted in WEP or WPA/WPA2 is utilized

Question 67

According to your text, which of the following are Cloud Deployment Models? (choose all that apply)

Question 67 options:
Community Cloud
Public Cloud
Hybrid Cloud
Private Cloud

Question 68

Which of the following is true about active stack fingerprinting?

Question 68 options:
Uses sniffing techniques instead of the scanning techniques
Uses password crackers to escalate system privileges
TCP connect scan
Is based on the differential implantation of the stack and the various ways an OS responds
to it
Is based on the fact that various vendors of OS implement the TCP stack differently

Question 69

Which of the following are characteristics of Cloud Computing services? (choose all that apply)

Question 69 options:
Distributed Storage
Virtualization Technology
Measured Services
Resource Pooling

Question 70

According to OWASP, the top ten mobile risks include which two of the following?

Question 70 options:
Bluetooth
Insecure Data Storage
Client Side Injection
WEP and WPA1

Question 71

According to your text, examples of malware include which of the following? (choose all that apply)

Question 71 options:
Botnet
Ransomware
Crypter
Metasploit

Question 72

BlackShades Net can best be described as a:

Question 72 options:
Bot
Wrapper
DDoS Tool
RAT

Question 73

With Cross Site Scripting, attackers can inject malicious ____. (choose all that apply)

Question 73 options:
JavaScript
HTML
VBScript
Flash

Question 74

With this Cloud Deployment model, the provider makes services such as applications, servers, and data storage available.

Question 74 options:
Hybrid Cloud
Community Cloud
Public Cloud
Private Cloud

Question 75

When an attacker is performing a denial of service and a SYN attack is initiated which of the following occurs? (choose all that apply)

Question 75 options:
Sends a large number of ACK packets to the target
Uses a fake source address
Sends a large number SYN requests to the target
Uses the actual source address

Question 76

Which scanning technique will bypass firewall rules, logging mechanism, and hide themselves?

Question 76 options:
TCP connect scanning technique
Xmas scanning technique
Stealth scanning technique
Maintaining Access
FIN scanning technique

Question 77

Which of the following characteristics applies to the Simple Service Discovery Protocol (SSDP)? (choose all that apply)

Question 77 options:
Can be vulnerable to denial of service
Not work behind a firewall
Controls Communication for the Universal Plug and Play Service
Uses multicast addresses

Question 78

Of the following, which two are purposes of malware?

Question 78 options:
Making a Computer Useless
Obtaining Passwords
Remove the Default LAN Route
Disable Networking Functions

Question 79

Which of the following techniques is used to simulate an attack from someone who is unfamiliar with the system?

Question 79 options:
White box pen testing
Grey box pen testing
Maintaining Access
Announced pen testing
Black box pen testing

Question 80

Which version of Wired Equivalent Privacy (WEP) uses a 104-bit key size?

Question 80 options:
152 bit WEP
64 bit WEP
128 bit WEP
256 bit WEP

Question 81

Which of the following are Mobile Physical Based Attacks? (choose all that apply)

Question 81 options:
Jail-Breaking
Carrier Loaded Software
Rooting
No passcode

Question 82

Which of the following uses direct client to client (DCC)?

Question 82 options:
Internet Relay Chat
Internet Browser
File Sharing with Mapped Drives
Email Clients such as Outlook Express

Question 83

Which device in a wireless local area network determines the next network to which a packet should be forwarded?

Question 83 options:
Wireless modem
Antenna
Mobile station
Wireless router

Question 84

Mobile Devices are replacing which of the following devices? (choose all that apply)

Question 84 options:
PDA
GPS
laptop
desktop

Question 85

Which of the following are some of the main functions of an Intrusion Detection System (IDS)? (choose all that apply)

Question 85 options:
Performs packet sniffing
Blocks rule-based traffic
Performs packet analysis
Gathers and analyses information from a network

Question 86

Which of the following scans only works if the operating systems TCP/IP implementation is based on RFC 793?

Question 86 options:
Maintaining Access
IDLE scan
TCP connect scan
NULL scan
FTP bounce scan

Question 87

Which of the following is one of the most reliable forms of TCP scanning?

Question 87 options:
Half-open Scan
XMAS Scan
Connect Scan
Inverse TCP Flag Scan

Question 88

Fake Defender deleted apk files from which two of the following locations?

Question 88 options:
/users/Download
/home/Download
/mnt/external_sd/Download
/mnt/extSdCard/Download

Question 89

Which of the following 802.11 standards uses Orthogonal Frequency Division Multiplexing? (choose all that apply)

Question 89 options:
802.11a
802.11b
802.11g
802.11n

Question 90

Passive sniffing refers to:

Question 90 options:
Sniffing through a hub
Sniffing through a switch
Sniffing through a bridge
Sniffing through a router

Question 91

Which of the following are methods to connect smartphones to a network? (choose all that apply)

Question 91 options:
3G/4G
Wired Connection
Wi-Fi
Bluetooth

Question 92

Which of the following are disadvantages of signature detection? (choose all that apply)

Question 92 options:
False Alerts
Signature Detection
False Positives
Administrative Alerts

Question 93

Which of the following protocols are susceptible to sniffing?

Question 93 options:
FTP
SNMP
NNTP
Telnet

Question 94

Which of the following are SPAM? (choose all that apply)

Question 94 options:
SMS
MMS
TLS
IM

Question 95

Which of the following factors contribute to a successful session hijacking attack?

Question 95 options:
Definite session expiration time
No clear text transmission
Weak session ID generation algorithm
Account lockout for invalid session IDs

Question 96

Which of the following ports does NTP use as its primary means of communication?

Question 96 options:
UDP port 161
UDP port 113
UDP port 320
UDP port 123

Question 97

Which of the following viruses evades the anti-virus software by intercepting its requests to the operating system?

Question 97 options:
Cluster virus
System or boot sector virus
Macro virus
Stealth/Tunneling virus

Question 98

Which of the following Wi-Fi chalking methods refers to drawing symbols in public places to advertise open Wi-Fi?

Question 98 options:
WarFlying
WarWalking
WarChalking
WarDriving

Question 99

According to your text, what are the 3 types of cloud services?

Question 99 options:
Platform as a Service
Infrastructure as a Service
Virtualization as a Service
Software as a Service

Question 100

Which of the following is transmission method of digital data that uses a pseudo random noise spreading code?

Question 100 options:
OFDM
IR
DSSS
FHSS

Question 101

Which of the following steganography techniques embeds a secret message in the frequency domain of a signal?

Question 101 options:
Transform domain techniques
Cover generation techniques
Domain distortion techniques
Spread spectrum techniques

Question 102

Which of the following commands can be used in a UNIX environment to enumerate the shared directories?

Question 102 options:
rpcclient
rpcinfo
finger
Showmount

Question 103

Which of the following are Network Time Protocol (NTP) enumeration commands? (choose all that apply)

Question 103 options:
ntptrace
ntpq
ntpdate
Net time

Question 104

The SMTP Protocol provides 3 built in commands, including which of the following?

Question 104 options:
FINGER
RCPT TO
VRFY
EXPN

Question 105

Temporal keys are changed for every ___________.

Question 105 options:
1,000 packets
5,000 packets
10,000 packets
15,000 packets

Question 106

The MAC Address of an access point is referred to as the ___.

Question 106 options:
BSSID
OFDM
ESSID
SSID

Question 107

According to your text, components of a Cloud Broker include which of the following? (choose all that apply)

Question 107 options:
Service Arbitration
Service Negotiation
Service Intermediation
Service Aggregation
Question 108

Which of the following is a symptom of a DoS attack?

Question 108 options:
Decrease in the amount of spam emails received
Automatic increase in network performance
Automatic increase in network bandwidth
Unavailability of a particular website

Question 109

Which of the following are LDAP enumeration tools? (choose all that apply)

Question 109 options:
Active Directory Explorer
JXplorer
SnScan
LEX

Question 110

Identify the correct statement for a software firewall.

Question 110 options:
Software firewall is placed between the router and the networking components of the
operating system
Software firewall is placed between the desktop and the software components of the
operating system
Software firewall is placed between the normal application and the networking component
s of the operating system
Software firewall is placed between the anti-virus application and the IDS components of
the operating system

Question 111

Which of the following is an antenna used in wireless base stations and provides a 360 degree horizontal radiation pattern?

Question 111 options:
Omnidirectional antenna
Parabolic grid antenna
Yagi antenna
Dipole antenna

Question 112

Signs of Intrusions include which of the following? (choose all that apply)

Question 112 options:
Strange Processes
Slow Performance
System Crashes
Missing Logs

Question 113

According to the text, which of the following will protect by limiting the ability to access resources?

Question 113 options:
Jail Breaking
Android Rooting
app sandboxing
Jail break detection

Question 114

Sophos mobile security features include (choose all that apply)

Question 114 options:
Spam Protection
Loss and Theft Protection
antivirus anti-malware
Privacy Protection and security

Question 115

According to OWASP, which of the following should be applied to transport channels? (choose all that apply)

Question 115 options:
SSL
TLS
WPA2 with AES
WPA

Question 116

According to the text, characteristics of Virtualization in cloud computing technology include which of the following? (choose all that apply)

Question 116 options:
Wireless Capable
Partitioning
Isolation
Encapsulation

Question 117

What does SSL Strip do? (choose all that apply)

Question 117 options:
Remove HTTPS
Force HTTP
Exploit the Server
Exploit the Client Connection

Question 118

Which two of the following are signs of network intrusion? (choose all that apply)

Question 118 options:
Sudden Influx of Data
File Size Modifications
Repeated Service Probes
Missing Files
Question 119

Which of the following below accurately describes Transmission Control Protocol? (choose all that apply)

Question 119 options:
Can terminate a connection
Provides acknowledgment
Supports Retransmission of lost Data
Connection-less oriented protocol
Question 120

Footprining tools will help gather the following information about a target. (choose all that apply)

Question 120 options:
IP Addresses
Host Names
Process Lists
DNS Records
Question 121

Which of the following are types of database attacks? (choose all that apply)

Question 121 options:
HOS Command Execution
Privilege Escalation
Data Dumping
SQL Injection
Question 122

Which of the following techniques practiced by an attacker exploits human behavior to make attacks?

Question 122 options:
Denial of Service
SQL injection
Social Engineering
Buffer overflow
Question 123

Identify the denial-of-service attack that is carried out using a method known as "bricking a system."

Question 123 options:
Bandwidth Attacks
Phlashing
Application Level Flood Attacks
ICMP Flood Attack
Question 124

Which of the following enumeration techniques does an attacker use to obtain list of computers that belongs to a domain?

Question 124 options:
Netbios enumeration
SNMP enumeration
SMTP enumeration
NTP enumeration
Question 125

Which is the best location to place keyloggers?

Question 125 options:
UPS and keyboard
Monitor and keyboard software
Keyboard hardware and the operating system
Operating system and UPS.