coursework-banner

CMIT 321 Final Exam (UMUC)

CMIT 321 Final Exam (UMUC)

Final Exam

Question 1

1 / 1 point

A __________ is a device that receives digital signals and converts them into analog signals, and vice versa.

a. firewall

b. proxy

c. hub

d. modem

View Feedback

Question 2

1 / 1 point

__________ is a parallelized login cracker that supports numerous protocols for attack.

a. ADMsnmp

b. SING

c. Hydra

d. John the Ripper

View Feedback

Question 3

1 / 1 point

An __________ share is a hidden share that allows communication between two processes on the same system.

a. SMC

b. IPC

c. EPC

d. SMB

View Feedback

Question 4

1 / 1 point

__________ monitors and audits databases for security issues in real time.

a. Selective Audit

b. AppDetective

c. AppRadar

d. FlexTracer

View Feedback

Question 5

1 / 1 point

__________ is a command-line utility provided by Microsoft with SQL Server 2000 (and Microsoft SQL Server 2000 Desktop Engine) that allows users to issue queries to the server.

a. ODBC

b. SQLP

c. OSQL

d. SSRS

View Feedback

Question 6

1 / 1 point

__________ allows applications to read and write various image file formats, including GIF.

a. ImageCore

b. CoreText

c. ImageIO

d. CoreImage

View Feedback

Question 7

1 / 1 point

Which of the following types of tools would be most effective in cracking UNIX passwords?

a. Ophcrack

b. KerbCrack

c. John the Ripper

d. RainbowCrack

View Feedback

Question 8

1 / 1 point

A __________ is a device that cannot function in any capacity.

a. block

b. brick

c. rock

d. cage

View Feedback

Question 9

1 / 1 point

__________ can monitor a Simple Mail Transfer Protocol (SMTP) server regularly after connecting to it.

a. CheckOK

b. SMTPCheck

c. SMTPMon

d. SLCheck

View Feedback

Question 10

1 / 1 point

In a hit-and-run attack, __________.

a. the attacker constantly injects bad packets into the router

b. the attacker mistreats packets, resulting in traffic congestion

c. the attacker injects a few bad packets into the router

d. the attacker alters a single packet, resulting in denial of service

View Feedback

Question 11

1 / 1 point

__________ is the act of gathering information about the security profile of a computer system or organization, undertaken in a methodological manner.

a. Tracerouting

b. Passive information gathering

c. Footprinting

d. Competitive intelligence gathering

View Feedback

Question 12

1 / 1 point

__________, formerly called AppTapp, is a tool for jailbreaking and installing nonsanctioned third-party applications on the iPhone.

a. iFuntastic

b. iNdependence

c. iActivator

d. AppSnapp

View Feedback

Question 13

1 / 1 point

__________ is a tool for performing automated attacks against web-enabled applications.

a. cURL

b. dotDefender

c. Burp Intruder

d. AppScan

View Feedback

Question 14

1 / 1 point

A __________, also called a packet analyzer, is a software program that can capture, log, and analyze protocol traffic over the network and decode its contents.

a. sniffer

b. recorder

c. logger

d. tapper

View Feedback

Question 15

1 / 1 point

Null sessions require access to TCP port __________.

a. 139

b. 141

c. 345

d. 349

View Feedback

Question 16

1 / 1 point

A __________ is a trusted entity that signs certificates and can vouch for the identity of the user and the user’s public key.

a. verification authority

b. certification authority

c. validation authority

d. registration authority

View Feedback

Question 17

1 / 1 point

__________ is a command-line interface for Microsoft SQL Server that allows an attacker to execute commands on the underlying operating system, execute SQL queries, and upload files to a remote server.

a. SQLExec

b. Absinthe

c. Sqlninja

d. SQLSmack

View Feedback

Question 18

1 / 1 point

The __________ tool traces various application calls from Windows API functions to the Oracle Call Interface.

a. ASPRunner

b. FlexTracer

c. odbcping

d. SQL Query Analyzer

View Feedback

Question 19

1 / 1 point

The __________ command displays the ARP table and is used to modify it.

a. ifconfig -arp

b. arp-table

c. netstat -arp

d. arp

View Feedback

Question 20

1 / 1 point

Attackers can use a simple test to find out if an application is vulnerable to an OLE DB error. They can fill in the username and password fields with __________.

a. a pound sign

b. two dashes

c. a single quotation mark

d. double quotes

View Feedback

Question 21

1 / 1 point

RFID __________ collision occurs when an RFID tag reader energizes numerous tags and the tags’ respective signals are reflected back to the reader simultaneously.

a. tag

b. reader

c. token

d. signal

View Feedback

Question 22

1 / 1 point

__________ reconnaissance is a hacker’s attempt to scout for or survey potential targets and then investigate the target using publicly available information.

a. Active

b. Passive

c. Public

d. Open

View Feedback

Question 23

1 / 1 point

The __________ service is responsible for sending a response packet that contains connection details to clients who send a specially formed request.

a. SSRS

b. OSQL

c. ODBC

d. SQLP

View Feedback

Question 24

1 / 1 point

The Network News Transport Protocol service uses port __________.

a. 110

b. 119

c. 135

d. 139

View Feedback

Question 25

1 / 1 point

The information resource or asset that is being protected from attacks is usually called the __________.

a. key value

b. target of evaluation

c. main asset

d. target asset

View Feedback

Question 26

1 / 1 point

In Internet Explorer, the __________ zone is a security zone for sites that the user has designated as safe to visit.

a. user sites

b. legal sites

c. white list

d. trusted sites

View Feedback

Question 27

1 / 1 point

__________ is a type of computer architecture in which multiple processors share the same memory and are each assigned different tasks to perform.

a. Xcode

b. Multitasking

c. Cocoa

d. Symmetric multiprocessing

View Feedback

Question 28

1 / 1 point

What phase of attack uses social engineering and dumpster diving to find information about the target?

a. scanning

b. gaining access

c. reporting

d. reconnaissance

View Feedback

Question 29

1 / 1 point

Redirections for URLs are handled with the __________ URL handler, which can cause errors in older versions of Internet Explorer.

a. goto:

b. mdir:

c. mhtml:

d. redir:

View Feedback

Question 30

1 / 1 point

__________ gathering is the process of accumulating information from resources like the Internet that can later be analyzed as business intelligence.

a. Competitive intelligence

b. Tracerouting

c. Passive information

d. Footprinting

View Feedback

Question 31

1 / 1 point

A(n) __________ is a custom command in Linux that is a substitute for a formal command string.

a. user string

b. system link

c. alias

d. link

View Feedback

Question 32

1 / 1 point

Kaspersky is used as __________.

a. a hacking tool against PDAs

b. a hacking tool against IPHONEs

c. a hacking tool against IPODs

d. an antivirus for Windows Mobile

View Feedback

Question 33

1 / 1 point

The __________ method appends data in the URL field.

a. POST

b. GET

c. APPEND

d. URL

View Feedback

Question 34

1 / 1 point

A hacker has successfully used a tool to intercept communications between two entities and establish credentials with both sides of the connection. The two remote ends of the communication never notice that the attacker is relaying the information between the two. This is called a(n) __________ attack.

a. man-in-the-middle

b. interceptoring

c. MAC poisoning attack

d. firewalking

View Feedback

Question 35

1 / 1 point

A __________ attack adds numbers or symbols to a dictionary file’s contents to crack a password successfully.

a. brute-force

b. dictionary

c. hybrid

d. parameter manipulation

View Feedback

Question 36

1 / 1 point

__________ is a tool that combines web crawling with the capability of a personal proxy.

a. WebSleuth

b. BlackWidow

c. SiteScope

d. WSDigger

View Feedback

Question 37

1 / 1 point

__________ viruses search all drives and connected network shares to locate files with an EXE or SCR extension.

a. W32/Madang-Fam

b. W32/Hasnot-A

c. W32/Fujacks-AK

d. W32/Fujacks-E

View Feedback

Question 38

1 / 1 point

__________ is a small utility that lists all USB devices currently connected to a computer, as well as all previously used USB devices.

a. MyUSBOnly

b. USB Blocker

c. USB CopyNotify!

d. USBDeview

View Feedback

Question 39

1 / 1 point

__________ is usually employed when the attacker discerns that there is a low probability that these reconnaissance activities will be detected.

a. Social engineering

b. Direct information gathering

c. Active reconnaissance

d. Inactive reconnaissance

View Feedback

Question 40

1 / 1 point

__________ record the parts of the website visited and can contain identifying information.

a. Logs

b. Records

c. Cookies

d. Certificates

View Feedback

Question 41

1 / 1 point

_________ hijacking is a hacking technique that uses spoofed packets to take over a connection between a victim and a target machine.

a. ACK

b. Blind

c. TCP/IP

d. Network-level

View Feedback

Question 42

1 / 1 point

In the TCP/IP stack, the __________ layer is where applications and protocols, such as HTTP and Telnet, operate.

a. Internet

b. network

c. transport

d. application

View Feedback

Question 43

1 / 1 point

__________ is a portable, battery-powered device that mediates interactions between RFID readers and RFID tags.

a. RSA blocker tag

b. RFID Firewall

c. RFID Guardian

d. Kill switch

View Feedback

Question 44

1 / 1 point

__________ is a lightweight Knoppix version cut to 50 MB for a business-card-sized CD.

a. Gnoppix

b. GeeXboX

c. Morphix

d. Damn Small Linux

View Feedback

Question 45

1 / 1 point

The __________ file is used to determine which TTY devices the root user is allowed to log in to.

a. /usr/securetty

b. /etc/securetty

c. /var/securetty

d. /home/securetty

View Feedback

Question 46

1 / 1 point

__________ is a method in which a sniffer is used to track down a conversation between two users.

a. A man-in-the-middle (MITM) attack

b. Session hijacking

c. IP spoofing

d. Network tapping

View Feedback

Question 47

1 / 1 point

Which of the tools listed below can be used to execute code on remote Windows systems?

a. X.exe

b. PsExec

c. Rsync

d. Ghost

View Feedback

Question 48

1 / 1 point

__________ URLs, or intranets, are private links that only a company’s employees use.

a. Internal

b. Private

c. Organizational

d. Domain

View Feedback

Question 49

1 / 1 point

__________ is a method of gaining access to sensitive data in a Bluetooth-enabled device.

a. Bluebugging

b. Bluesnarfing

c. BTKeylogging

d. Blueprinting

View Feedback

Question 50

1 / 1 point

What privileges does an attacker have when running a shell after executing a successful buffer overflow against a default IIS installation on a Windows 2000 server?

a. LOCAL_SYSTEM

b. IUSR_COMPUTERNAME

c. root

d. remote-access account

View Feedback

Question 51

1 / 1 point

__________ occurs when hackers break into government or corporate computer systems as an act of protest.

a. Hacktivism

b. Cyber terrorism

c. Cybercrime

d. Suicide hacking

View Feedback

Question 52

1 / 1 point

The __________ script allows a remote user to view the code of server-side scripts.

a. Showlogin.asp

b. Showcode.asp

c. RemoteAccess.asp

d. Remotelogin.asp

View Feedback

Question 53

1 / 1 point

__________ is a modified version of the Cookie Manager built into the Firefox browser. It copies the Cookie Manager dialog and adds a simple protection system to it.

a. Cookie Explorer

b. CookieCuller

c. Cookie Viewer

d. Cookie Manager Pro

View Feedback

Question 54

1 / 1 point

Which of the following is not a Microsoft Internet Information Services vulnerability?

a. ::$DATA vulnerability

b. UFS integer overflow vulnerability

c. Showcode.asp vulnerability

d. WebDAV/RPC exploits

View Feedback

Question 55

1 / 1 point

__________ is a nonvoice service available with most GSM networks.

a. CDMA

b. EDO

c. EDVA

d. GPRS

View Feedback

Question 56

1 / 1 point

A(n) __________ is the logical, not physical, component of a TCP connection.

a. ISN

b. socket

c. port

d. SYN

View Feedback

Question 57

1 / 1 point

__________ is a virus targeted against mobile personal digital assistant devices.

a. Skulls

b. Brador

c. Doomboot.A

d. Podloso

View Feedback

Question 58

1 / 1 point

Which of the following selections lists the four phases of a penetration test?

a. planning, recon, hack, cleanup

b. recon, exploit, payload, loot

c. planning, preattack, attack, postattack

d. planning, recon, attack, cleanup

View Feedback

Question 59

1 / 1 point

__________ gathering is performed by obtaining details that are freely available on the Internet and using various other techniques, without coming into direct contact with the organization’s internal servers.

a. Competitive intelligence

b. Footprinting

c. Resource record

d. Passive information

View Feedback

Question 60

1 / 1 point

__________ is a worm for Windows XP that downloads and executes malicious files on the compromised computer and spreads through removable storage devices.

a. HTTP W32.Drom

b. W32/VBAut-B

c. W32/QQRob-ADN

d. W32/SillyFDC-BK

View Feedback

Question 61

1 / 1 point

__________ detects and monitors Bluetooth devices in a wireless network. It provides information about the features of each device and the services provided by it.

a. Bluetooth Network Scanner

b. BlueFire Mobile Security

c. BlueAuditor

d. BlueWatch

View Feedback

Question 62

1 / 1 point

__________ is an application that identifies all Bluetooth-enabled devices, their communications, and their connectivity within a given area.

a. BlueSweep

b. BlueWatch

c. BlueKey

d. BlueFire Mobile

View Feedback

Question 63

1 / 1 point

A __________ occurs when a connection between the target and host is in the established state, or in a stable state with no data transmission, or the server’s sequence number is not equal to the client’s acknowledgment number, or the client’s sequence number is not equal to the server’s acknowledgment number.

a. synchronization state

b. blind hijacking

c. source routing

d. desynchronization state

View Feedback

Question 64

1 / 1 point

__________ is an HTTP authentication brute-force program. It attempts to guess passwords for basic HTTP authentication by logging in to a web server.

a. Authforce

b. ObiWaN

c. Hydra

d. Cain & Abel

View Feedback

Question 65

1 / 1 point

__________ automatically scans a computer, looking for cookies created by Internet Explorer, Mozilla Firefox, and Netscape Navigator, and then displays the data stored in each one.

a. Cookie Viewer

b. Cookie Explorer

c. Cookie Browser

d. Cookie Manager

View Feedback

Question 66

1 / 1 point

The RFID __________ policy establishes the framework for many other security controls. It provides a vehicle for management to communicate its expectations regarding the RFID system and its security.

a. security

b. physical access

c. secure disposal

d. usage

View Feedback

Question 67

1 / 1 point

Firefox 2.0.0.11 cannot correctly interpret single quotation marks and spaces during authentication. This is called the __________ value of an authentication header.

a. registration

b. site

c. domain

d. realm

View Feedback

Question 68

1 / 1 point

The __________ utility tests the integrity of an ODBC data source.

a. odbcping

b. ASPRunner

c. FlexTracer

d. DbEncrypt

View Feedback

Question 69

1 / 1 point

The __________ vulnerability is a vulnerability present in some servers that can be exploited by hackers in the browser address window and cause commands to be run on the server.

a. malformed URL

b. URL injection

c. Unicode directory traversal

d. folder browsing

View Feedback

Question 70

1 / 1 point

When an ethical hacker uses nslookup, which protocol are they querying?

a. DNS

b. HTTPS

c. SMB

d. NTP

View Feedback

Question 71

1 / 1 point

__________ cryptography is the most common method on the Internet for authenticating a message sender or encrypting a message.

a. Symmetric

b. Hash-based

c. Private-key

d. Public-key

View Feedback

Question 72

1 / 1 point

Which of the following Microsoft authentication protocols is the least secure?

a. LAN Manager

b. SMB

c. NTLM v2

d. SQL

View Feedback

Question 73

1 / 1 point

__________ is a Microsoft-proprietary protocol that authenticates users and computers based on an authentication challenge and response.

a. LMLAN

b. Kerberos

c. NTLM

d. NTLAN

View Feedback

Question 74

1 / 1 point

The easiest way to find a Cisco router is to run __________ from a command shell.

a. Nessus

b. Netcat

c. Traceroute

d. Nmap

View Feedback

Question 75

1 / 1 point

__________ is an application that, when installed on a system, runs a background process that silently copies files from any USB flash drive connected to it.

a. USB Switchblade

b. USBDumper

c. USB Hacksaw

d. USB Copy ’em all

View Feedback

Question 76

1 / 1 point

Web applications have a three-layered architecture consisting of presentation, logic, and __________.

a. application

b. data layers

c. transport

d. HTTP

View Feedback

Question 77

1 / 1 point

__________ provides a complete view for monitoring and analyzing activity within USB host controllers, USB hubs, and USB devices.

a. USB PC Lock

b. USBlyzer

c. Advanced USB Monitor

d. Virus Chaser USB

View Feedback

Question 78

1 / 1 point

Which of the following attacks would you choose to seize control of a legitimate user’s web application session while the session is still in progress?

a. session hijacking

b. DOS attack

c. password sniffing

d. spoofing

View Feedback

Question 79

1 / 1 point

__________ are software applications that run automated tasks over the Internet.

a. Zombies

b. Spiders

c. Bots

d. Crawlers

View Feedback

Question 80

1 / 1 point

Which of the following definitions best describes a wrapper?

a. A wrapper is a packet-crafting technique used to perform stealthy port scans.

b. A wrapper is an encryption tool used to hide messages inside image files.

c. A wrapper is a method of hiding a virus inside an executable file.

d. A wrapper is a tool used to bind a Trojan to a legitimate file.

View Feedback

Question 81

1 / 1 point

Which type of penetration test is conducted with absolutely no prior knowledge of the target environment?

a. white-box testing

b. gray-box testing

c. red-hat testing

d. black-box testing

View Feedback

Question 82

1 / 1 point

Only __________ scan is valid while scanning a Windows system.

a. SYN

b. Null

c. FIN

d. Xmas

View Feedback

Question 83

1 / 1 point

__________ is a command-line TCP/IP packet assembler/analyzer.

a. Hping2

b. Firewalk

c. WUPS

d. Blaster Scan

View Feedback

Question 84

1 / 1 point

__________ is the unauthorized alteration of routing tables.

a. Route poisoning

b. Routing table spoofing

c. Routing table poisoning

d. Route spoofing

View Feedback

Question 85

1 / 1 point

This type of port scanning technique splits a TCP header into several packets so that the packet filters cannot detect what the packets intend to do.

a. UDP scanning

b. IP fragment scanning

c. inverse TCP flag scanning

d. ACK flag scanning

View Feedback

Question 86

1 / 1 point

What is the difference between online and offline password attacks?

a. Online attacks are conducted against people using the Internet, and offline attacks are conducted against people on private networks.

b. Online attacks target passwords or their representations as they traverse a network, and offline attacks focus on stored passwords.

c. Online attacks are used to gain access to systems, and offline attacks are used to knock systems off the network.

d. Offline attacks target passwords or their representations as they traverse a network, and online attacks focus on stored passwords.

View Feedback

Question 87

1 / 1 point

Private data stored by Firefox can be quickly deleted by selecting __________ in the Tools menu.

a. Clear History

b. Clear Private Data

c. Delete Private Data

d. Delete History

View Feedback

Question 88

1 / 1 point

In order for traffic to get back to the attacker during session hijacking, a process called __________ is used that allows the sender to specify a particular route for the IP packet to take to the destination.

a. desynchronization

b. source routing

c. spoofing

d. TCP routing

View Feedback

Question 89

1 / 1 point

Information on all Linux accounts is stored in the __________ and /etc/shadow files.

a. /etc/conf

b. /etc/passwd

c. /etc/password

d. /conf/passwd

View Feedback

Question 90

1 / 1 point

__________ is a short-range wireless communication technology intended to replace the cables connecting portable or fixed devices while maintaining high levels of security.

a. Wi-Fi

b. HID

c. Bluetooth

d. Piconet

View Feedback

Question 91

1 / 1 point

__________ synchronizes the information between a Palm device and a desktop PC.

a. HotSync

b. ActiveSync

c. PocketSync

d. PalmSync

View Feedback

Question 92

1 / 1 point

Which of the following types of password attacks is not an online attack?

a. sniffing

b. man-in-the-middle

c. hybrid

d. replay

View Feedback

Question 93

1 / 1 point

The ISAPI extension responsible for IPP is __________.

a. msisapi.dll

b. msw3prt.dll

c. msipp5i.dll

d. isapiipp.dll

View Feedback

Question 94

0 / 1 point

Which of the statements below correctly describes a dictionary attack against passwords?

a. It is an attack that tries every combination of characters until a correct password is identified.

b. It is an attack that uses a list of words to guess passwords until a correct password is identified.

c. It is an attack that uses a list of words and appends additional numbers or characters to each word until a correct password is identified.

d. It is an attack that uses precomputed values until a correct password is identified.

View Feedback

Question 95

1 / 1 point

__________ reconstructs a device’s Bluetooth PIN and link key from data sniffed during a pairing session.

a. Blooover

b. Hidattack

c. BTCrack

d. Cabir and Mabir

View Feedback

Question 96

1 / 1 point

A __________ is a set of related programs, usually located at a network gateway server, that protect the resources of a private network from other network users.

a. firewall

b. proxy

c. packet filter

d. router

View Feedback

Question 97

1 / 1 point

Mac OS X includes __________, a collection of frameworks, APIs, and accompanying runtimes that allows for a host of open-source web, database, scripting, and development technologies.

a. Cocoa

b. Coffee

c. Bean

d. Xcode

View Feedback

Question 98

1 / 1 point

Traceroute uses the __________ field in an IP packet to determine how long it takes to reach a target host and whether that host is reachable and active.

a. IHL

b. flags

c. TOS

d. TTL

View Feedback

Question 99

1 / 1 point

__________ is a cable modem hacking program. It performs the task of uncapping by incorporating all the uncapping steps into one program.

a. Yersinia

b. OneStep: ZUP

c. Zebra

d. Solar Winds MIB Browser

View Feedback

Question 100

1 / 1 point

__________ hackers are information security professionals who specialize in evaluating, and defending against, threats from attackers.

a. Gray-hat

b. Black-hat

c. Consulting

d. Ethical

View Feedback

Question 101

1 / 1 point

__________ is an application-layer protocol that runs on UDP and is used to maintain and manage routers, hubs, and switches on an IP network.

a. SMMP

b. SNMP

c. SMTP

d. SNTP

View Feedback

Question 102

1 / 1 point

__________ is a Linux security feature that enables a user to choose the directory that an application can access.

a. Chroot

b. Sandbox

c. Jailroot

d. Rootjail

View Feedback

Question 103

1 / 1 point

IT __________ are designed to evaluate an organization’s security policies and procedures.

a. ping sweeps

b. vulnerability assessments

c. penetration tests

d. security audits

View Feedback

Question 104

1 / 1 point

__________ is the exploitation of an organization’s telephone, dial, and private branch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources.

a. War driving

b. Line dialing

c. PBX driving

d. War dialing

View Feedback

Question 105

1 / 1 point

In __________-level hijacking, the attacker obtains the session IDs to get control of an existing session or to create a new, unauthorized session.

a. network

b. data link

c. transport

d. application

View Feedback

Question 106

1 / 1 point

SQL Server, like other databases, delimits queries with a __________.

a. colon

b. period

c. semicolon

d. comma

View Feedback

Question 107

1 / 1 point

__________ is a programming language that permits website designers to run applications on the user’s computer.

a. Java

b. Ruby

c. Python

d. Smalltalk

View Feedback

Question 108

1 / 1 point

__________ is a lightweight substitute for telnet that enables the execution of processes on other systems, eliminating the need for manual installation of client software.

a. PsExec

b. Alchemy Remote Executor

c. Emsa FlexInfo Pro

d. RemoteApp

View Feedback

Question 109

1 / 1 point

__________ allow attackers to pass malicious code to different systems via a web application.

a. SQL injection attacks

b. XSS vulnerabilities

c. Authentication hijacking attacks

d. Command injection flaws

View Feedback

Question 110

1 / 1 point

__________ is a unique 15- or 17-digit code used to identify a mobile station to a GSM network.

a. IMEI

b. SIMID

c. SIM

d. PhoneID

View Feedback

Question 111

1 / 1 point

With the __________ tool, you can ping multiple IP addresses simultaneously.

a. Fping

b. Nmap

c. Nessus

d. Unicornscan

View Feedback

Question 112

1 / 1 point

__________ is an automatic identification method that uses radio waves to identify an object.

a. BTID

b. Wi-Fi

c. Bluetooth

d. RFID

View Feedback

Question 113

1 / 1 point

Which of the following statements best describes the rules of engagement for a penetration test?

a. The rules of engagement are the systems that a tester can knock offline during a penetration test.

b. The rules of engagement are the agreed-upon guidelines for a penetration test, including desired code of conduct and procedures.

c. The rules of engagement define the service-level agreement and scope of a penetration test.

d. The rules of engagement include the insurance and risk management associated with third-party testing.

View Feedback

Question 114

1 / 1 point

__________ involves plotting the tables in the database.

a. Database enumeration

b. Database footprinting

c. Table footprinting

d. Table enumeration

View Feedback

Question 115

1 / 1 point

While conducting an ethical penetration test in Europe, which Regional Internet Registry (RIR) would you use?

a. APNIC

b. RIPE NCC

c. ARIN

d. LACNIR

View Feedback

Question 116

1 / 1 point

Which of the following password attacks is conducted using nontechnical means?

a. hybrid

b. brute force

c. social engineering

d. rainbow tables

View Feedback

Question 117

1 / 1 point

__________ is a tool that administrators can use to test the reliability of their critical systems and determine what actions they must take to fix any problems.

a. DbEncrypt

b. AppDetective

c. Selective Audit

d. AppRadar

View Feedback

Question 118

1 / 1 point

Which of the following statements best describes a penetration test?

a. A penetration test is using a password cracker to gain access to a system.

b. A penetration test is an attempt to simulate methods used by attackers to gain unauthorized access to a computer system.

c. A penetration test is the act of hacking computer systems; it is used by criminals to attack legitimate organizations.

d. A penetration test is an audit of an organization’s security policies and procedures.

View Feedback

Question 119

1 / 1 point

__________ is a simple form of attack aimed directly at the application’s business logic.

a. Authentication hijacking

b. Parameter tampering

c. Cookie poisoning

d. Session poisoning

View Feedback

Question 120

1 / 1 point

There are several aspects to security, and the owner of a system should have confidence that the system will behave according to its specifications. This is called __________.

a. confidentiality

b. reusability

c. accountability

d. assurance

View Feedback

Question 121

1 / 1 point

__________ is a collection of tools for network auditing and penetration testing.

a. Dsniff

b. Nmap

c. Hping2

d. Nemesis

View Feedback

Question 122

1 / 1 point

A good countermeasure against hijacking includes which of the following?

a. application of non-Internet protocols like http to secure sessions against hijacking

b. use of biometrics and access tokens

c. enforcement of a stronger password policy

d. unpredictable sequence numbers

View Feedback

Question 123

1 / 1 point

After gaining access, what is the attacker’s next goal?

a. Cover their tracks.

b. Start denial-of-service attacks.

c. Find ways to maintain access.

d. None of the above.

View Feedback

Question 124

1 / 1 point

Which of the following is not a category of security assessment?

a. security audit

b. rootkit detection

c. vulnerability assessment

d. penetration testing

View Feedback

Question 125

1 / 1 point

A common technique used to hide data within image files uses the __________ technique.

a. hex dump

b. injection

c. least-significant-bit

d. big endian

View Feedback

Attempt Score:

124 / 125 – 99.2 %

Overall Grade (highest attempt):

124 / 125 – 99.2 %