Edward is a penetration tester hired by the OBC Group. He was asked to gather information on the client's
network. As part of the work assigned, Edward needs to find the range of IP addresses and the subnet
mask used by the target organization.
What does Edward need to do to get the required information?
A. Search for web pages posting patterns and revision numbers
B. Search for an appropriate Regional Internet Registry (RIR)
C. Search for link popularity of the company's website
D. Search for Trade Association Directories
Adam found a pen drive in his company's parking lot. He connected it to his system to check the content. On the next day, he found that someone has logged into his company email account and sent some emails. What type of social engineering attack has Adam encountered?
A. Media Dropping
B. Phishing
C. Eaves Dropping
D. Dumpster Diving
What is the purpose of a Get-Out-of-Jail-Free card in a pen testing engagement?
A. It indemnifies the tester against any loss or damage that may result from the testing
B. It details standards and penalties imposed by federal, state, or local governments
C. It is a formal approval to start pen test engagement
D. It gives an understanding of the limitations, constraints, liabilities, and indemnification considerations
A security analyst at Techsoft Solutions is performing penetration testing on the critical IT assets of the
company. As part of this process, he is simulating the methodologies and techniques of a real attacker
because he is provided with limited or zero information about the company and its assets.
Identify the type of testing performed by the security analyst?
A. Announced testing
B. Blind testing
C. White-box testing
D. Unannounced testing
Jackson, a social media editor for Early Times, identified that there are exploitable zero-day vulnerabilities in many of the open source protocols and common file formats across software used by some of the specific industries. To identify vulnerabilities in software, he had sent malformed or random input to the target software and then observed the result. This technique helps in uncovering zero-day vulnerabilities and helps security teams in identifying areas where the quality and security of the software need to be improved. Identify the technique used by Jackson to uncover zero-day vulnerabilities?
A. Application fuzz testing
B. Application black testing
C. Source code review
D. Application white testing
Rock is a disgruntled employee of XYZ Inc. He wanted to take revenge. For that purpose, he created a malicious software that automatically visits every page on the company's website, checks pages for important links to other content recursively, and indexes them in a logical flow. By using this malicious software, he gathered a lot of crucial information that is required to exploit the organization. What is the type of software that Rock developed?
A. Web spider
B. Web fuzzer
C. Web scanner
D. Web proxy
DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.
A. Wardriving
B. Spoofing
C. Sniffing
D. Network Hijacking
Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?
A. Threat-Assessment Phase
B. Pre-Assessment Phase
C. Assessment Phase
D. Post-Assessment Phase
Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs. One of the plug-ins that the Nessus Vulnerability Scanner uses is ID #11026 and is named "Access Point Detection". This plug-in uses four techniques to identify the presence of a WAP. Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?
A. NMAP TCP/IP fingerprinting
B. HTTP fingerprinting
C. FTP fingerprinting
D. SNMP fingerprinting
After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the Restrict Anonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using User info tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?
A. Restrict Anonymous must be set to "2" for complete security
B. Restrict Anonymous must be set to "3" for complete security
C. There is no way to always prevent an anonymous null session from establishing
D. Restrict Anonymous must be set to "10" for complete security
Which of the following defines the details of services to be provided for the client's organization and the list of services required for performing the test in the organization?
A. Draft
B. Report
C. Requirement list
D. Quotation
The first phase of the penetration testing plan is to develop the scope of the project in consultation with the
client. Pen testing test components depend on the client's operating environment, threat perception,
security and compliance requirements, ROE, and budget.
Various components need to be considered for testing while developing the scope of the project.
Which of the following is NOT a pen testing component to be tested?
A. System Software Security
B. Intrusion Detection
C. Outside Accomplices
D. Inside Accomplices
Logs are the record of the system and network activities. Syslog protocol is used for delivering log information across an IP network. Syslog messages can be sent via which one of the following?
A. UDP and TCP
B. TCP and SMTP
C. SMTP
D. UDP and SMTP
Which one of the following is a command line tool used for capturing data from the live network and copying those packets to a file?
A. Wireshark: Capinfos
B. Wireshark: Tcpdump
C. Wireshark: Text2pcap
D. Wireshark: Dumpcap
A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices. Which of the following attacks can be detected with the help of wireless intrusion detection system (WIDS)?
A. Social engineering
B. SQL injection
C. Parameter tampering
D. Man-in-the-middle attack