06 Jul 1) Which of the following are Penetration testing methodology?Â

1) Which of the following are Penetration testing methodology? A. White box modelB. Black box modelC. Gray box modelD. All of the above2) Which of the following skills are needed to be a security tester? A. Knowledge of network and computer technologyB. Ability to communicate with management and IT personnelC. An understanding of the laws in your location and ability to use necessary toolsD. All of the above3) Which of the following are the district layer of TCP/IP? A. Network and InternetB. Transport and ApplicationC. Network, Internet, Transport, PresentationD. A and B4) Which of the followings are the TCP segment flags? A. SYN flag: synch flag , ACK flag: acknowledgment flagB. PSH flag: push flag, URG flag: urgent flag, STF flag: set test flagC. PSH flag: push flag, URG flag: urgent flag, RST flag: reset flag, FIN flag: finish flagD. A and C5) Which of the following are properties of User Datagram Protocol (UDP)? A. Fast but unreliable delivery protocol and Operates on Transport layerB. Used for speed but Does not need to verify receiver is listening or readyC. Depends on higher layers of TCP/IP stack handle problems and Referred to as a connectionless protocolD. All of the above6) Distributed denial-of-service (DDoS) attack is: A. Attack on host from single servers or workstations and Network could be flooded with billions of packets that causes Loss of bandwidth and Degradation or loss of speedB. Attack on host from multiple servers or workstations and Network could be flooded with billions of packets that causes Loss of bandwidth and Degradation or loss of speedC. Attack on server from multiple host or workstations and Network could be flooded with billions of packets causes Loss of bandwidth and Degradation or loss of speedD. None of the above7) Different categories of Attacks are: A. Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Buffer overflowB. Ping of Death, Session hijackingC. Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Buffer overflow, Ping of Death, Port High jacking (PoH)D. A and B8) Which of the following are Social Engineering Tactics? A. Persuasion, Intimidation, CoercionB. Persuasion, Intimidation, Coercion, Extortion, blackmailingC. Persuasion, Intimidation, Coercion, Extortion, UrgencyD. All of the above9) Which of the following/s are types of Port Scans? A. ACK scan, FIN scan, UDP scanB. SYN scan, NULL scan, XMAS scan, C. ACK scan, FIN scan, UDP scan, SYN scan, NULL scan, XMAC scanD. A and B10) Enumeration extracts information about: A. Resources or shares on the networkB. Usernames or groups assigned on the networkC. User’s password and recent logon timesD. All of the above11) Which of the following are NetBIOS Enumeration Tools? A. Nbtstat command, Net view command, Net use commandB. Nbtstat command, Net view command, Dumpsec commandC. Nbtstat command, Net view command, Hyena commandD. None of the above12) Dumsec is an Enumeration tool for Windows systems that does the following/s: A. Allows user to connect to a server and “dump”, Permissions for shares, Permissions for printersB. Permissions for the Registry, Users in column or table format, Policies ,Rights, ServicesC. Allows user to connect to a server and “dump”, Permissions for shares, Permissions for printers and Permissions for the Registry, Users in column or table formatD. A and B13) Which of the following are Tools for enumerating Windows targets? A. Nbtstat, Net view, Net useB. Nbtstat, Net view, Net use and Other utilitiesC. Nbtstat, Net view, Net use, NessusD. All of the above14) Which of the following statements is more accurate about Windows OS? A. Many Windows OSs have serious vulnerabilitiesB. None of the Windows OSs have any serious vulnerabilitiesC. A few Windows OSs have any serious vulnerabilitiesD. All of the Windows OSs have any serious vulnerabilities15) Which of the following best describes Remote Procedure Call? A. Allows a program running on one host to run code on a remote hostB. Allows a program running on one server to run code on another serverC. Allows a program running any server to run code on a designated clinetD. None of the above16) Buffer Overflows occurs when: A. Data is written to a buffer and corrupts data in memory next to allocated bufferB. Normally, occurs when copying strings of characters from one buffer to anotherC. Data is deleted from  a buffer and corrupts data in memory next to deleted bufferD. A and B17) Microsoft Baseline Security Analyzer (MBSA) is capable of checking which of the following/s? A. Patches, Security updates, Configuration errorsB. Blank or weak passwordsC. A and BD. None of the above18) Which of the following/s are Vulnerabilities in Windows file systems?A. Lack of ACL support in FAT and Risk of malicious ADSs in NTFSB. RCP, NetBIOS, SMB, Null sessionsC. Windows Web services and IISD. All of the above19) An Embedded system is: A. Any computer system that is a general-purpose PC or server and they are in all networks and Perform essential functionsB. Any computer system that isn’t a general-purpose PC or server and they are in all networks and Perform essential functionsC. Any computer system that isn’t a server or clientD. None of the above20) Object Linking and Embedding Database are Set of interfaces that:  A. Enable applications to access data stored in DBMS and relies on connection strings and allows application to access data stored on external deviceB. Enable applications to access data stored in a server and relies on connection tokens and allows application to access data stored on external deviceC. Enable applications to access data stored in flat filesD. All of the above21) ActiveX Data Objects are: A. Programming interface for connecting Web applications to a databaseB. Defines a set of technologies that allow desktop applications to interact with WebC. Network interface for connecting Web applications to a databaseD. A and B22) Attackers controlling a Web server can do which of the following/s? A. Deface the Web site and destroy company’s database or sell contentsB. Gain control of user accounts and perform secondary attacks C. Gain root access to other application serversD. All of the above23) Which of the following/s are Web application vulnerabilities? A. Cross-site scripting (XSS) flaws and Injection flaws and malicious file execution and Unsecured direct object referenceB. Cross-site request forgery (CSRF) and Information leakage and incorrect error handling and Broken authentication and session managementC. Unsecured cryptographic storage and Unsecured communication and Failure to restrict URL accessD. All of the above24) Which of the following statements best describes Wireless Hacking? A. Hacking a wireless network is different from hacking a wired Lan and Port scanning and Enumeration techniques can not be used.B. Hacking a wireless network is not much different from hacking a wired LAN and Port scanning and Enumeration techniques can be used.C. Hacking a wireless network is not much different from hacking a wired LAN and Port scanning technique can be usedD. All of the above25) Cryptography is: A. Process of converting plaintext into ciphertextB. Process of converting ciphertext into plaintext C.  Process of converting plaintext into ciphertext and vise versaD. All of the above26) Which of the following statements is true? A. Cryptography is a new technologyB. Cryptography has been around for thousands of yearsC. Cryptography has been around for hundreds of yearsD. None of the above27) Which of the following best describes Hashing Algorithms? A. Takes a variable-length message and produces a fixed-length value (i.e., message digest), Like a fingerprint of the messageB. Takes a variable-length message and produces a fixed-length value (i.e., message digest), Like a fingerprint of the message, If message is changed, hash value changesC. Takes a fixed-length message and produces a variable-length value (i.e., message digest), Like a fingerprint of the message, If message is changed, hash value changesD. B and C