19 Jan deadbolt locks

What type of testing procedure involves the tester(s) analyzing the company’s security policy and procedures, and reporting any vulnerabilities to management?

Question 1 options:

penetration test

security test

hacking test

ethical hacking test

Question 2

What term best describes a person who hacks computer systems for political or social reasons?

Question 2 options:

cracktivist

hacktivist

sniffer

script kiddy

Question 3

What security certification did the “The International Council of Electronic Commerce Consultants” (EC-Council) develop?

Question 3 options:

Security+

OSSTMM Professional Security Tester (OPST)

Certified Information Systems Security Professional (CISSP)

Certified Ethical Hacker (CEH)

Question 4

Penetration testers and security testers need technical skills to perform their duties effectively.

Question 4 options:

True

False

Question 5

If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals?

Question 5 options:

pen team

blue team

red team

security team

Question 6

Penetration testing can create ethical, technical, and privacy concerns for a company’s management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?

Question 6 options:

create a contractual agreement

create a lab demonstration

create a virtual demonstration

create a slide presentation

Question 7

What organization disseminates research documents on computer and network security worldwide at no cost?

Question 7 options:

EC-Council

SANS

ISECOM

ISC2

Question 8

Even though the Certified Information Systems Security Professional (CISSP) certification is not geared toward the technical IT professional, it has become one of the standards for many security professionals.

Question 8 options:

True

False

Question 9

Port scanning is a noninvasive, nondestructive, and legal testing procedure that is protected by federal law.

Question 9 options:

True

False

Question 10

What name is given to people who break into computer systems with the sole purpose to steal or destroy data?

Question 10 options:

packet monkeys

crackers

script kiddies

bots

Question 11

What penetration model should be used when a company’s management team does not wish to disclose that penetration testing is being conducted?

Question 11 options:

black box

white box

red box

silent box

Question 12

What type of laws should a penetration tester or student learning hacking techniques be aware of?

Question 12 options:

local

state

federal

all of the above

Question 13

What derogatory title do experienced hackers, who are skilled computer operators, give to inexperienced hackers?

Question 13 options:

script kiddies

repetition monkeys

packet sniffers

crackers

Question 14

In the TCP/IP stack, what layer is concerned with physically moving bits across the network’s medium?

Question 14 options:

Internet

Network

Transport

Application

Question 15

What layer, in the TCP/IP protocol stack, is responsible for encapsulating data into segments?

Question 15 options:

Transport layer

Internet layer

Application layer

Network layer

Question 16

In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?

Question 16 options:

Internet

Network

Transport

Application

Question 17

How many host computers can be assigned a valid IPv4 address when using a CIDR /24 prefix?

Question 17 options:

254

512

65,000

16 million

Question 18

What port does the Trivial File Transfer Protocol, or TFTP service use?

Question 18 options:

25

53

69

80

Question 19

What does the acronym TCP represent?

Question 19 options:

Transfer Control Protocol

Transmission Control Protocol

Transfer Congestion Protocol

The Control Protocol

Question 20

What port does the Hypertext Transfer Protocol, or HTTP service use?

Question 20 options:

25

53

69

80

Question 21

What type of network attack relies on guessing a TCP header’s initial sequence number, or ISN?

Question 21 options:

ARP spoofing

Session hijacking

DoS

Man-in-the-middle

Question 22

A hex number is written with two characters, each representing a byte.

Question 22 options:

True

False

Question 23

What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity?

Question 23 options:

ISN

IP

port

SYN

Question 24

In the TCP/IP stack, the Transport layer includes network services and client software.

Question 24 options:

True

False

Question 25

To retrieve e-mail from a mail server, you most likely access port 119.

Question 25 options:

True

False

Question 26

What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?

Question 26 options:

Internet

Network

Transport

Application

Question 27

Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?

Question 27 options:

signatures

heuristics

macros

bots

Question 28

The virus signature file is maintained by what type of software?

Question 28 options:

antivirus

keylogger

remote control

firewall

Question 29

When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?

Question 29 options:

viruses

zombies

macros

cyborgs

Question 30

What type of malicious program cannot stand on its own and can replicate itself through an executable program attached to an e-mail?

Question 30 options:

shell

virus

keylogger

rootkit

Question 31

What type of virus is used to lock a user’s system, or cloud accounts until the system’s owner complies by paying the attacker a monetary fee?

Question 31 options:

keylogger

rootkit

ransomware

macro

Question 32

The acronym IDS stands for which of the following?

Question 32 options:

Intrusion Detection System

Information Dissemination System

Information Destruction System

Intruder Dispersal System

Question 33

Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?

Question 33 options:

Host security

Server security

Computer security

Network security

Question 34

Which of the following physical security methods provides the ability to secure a company’s assets and document any individuals physical time of entry?

Question 34 options:

rotary locks

combination locks

card access

deadbolt locks

Question 35

Whitelisting allows only approved programs to run on a computer.

Question 35 options:

True

False

Question 36

What type of malicious procedure involves using sniffing tools to capture network communications to intercept confidential information or gather credentials that can be used to extend the attack?

Question 36 options:

eavesdropping

overflowing

injecting

capturing

Question 37

Which type of attack is being carried out when an attacker joins a TCP session and makes both parties think he or she is the other party?

Question 37 options:

A DoS attack

Ping of Death

A buffer overflow attack

Session hijacking

Question 38

A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?

Question 38 options:

virus

Trojan

worm

shell

Question 39

A computer hacker may use a phishing e-mail to lure a user into following a malicious link. What type of technique is being used by the computer hacker?

Question 39 options:

mail fraud

heuristics

ransoming

social engineering

Question 40

Which type of program can mitigate some risks associated with malware?

Question 40 options:

shells

bots

antivirus

rootkits