Malware
Social Engineering
TCP/UDP Ports
Auth, Access, Audit
Hack Attack
100

Malicious code activated by a specific event is called:

a. Backdoor

b. Logic bomb                    

c. Worm       

d. Trojan Horse  

b. Logic bomb                    


100

This type of social engineering tactic is used to gain information relating to a specific group or user:

a. Whaling

b. Phishing

c. Spear Phishing

d. Vishing

c. Spear Phishing

100

Port 80

HTTP

100

1.What is the difference between authorization and authentication?

Authorization means granting a user account configured on the computer system the right to make use of a resource (allocating the user privileges on the resource). Authentication protects the validity of the user account by testing that the person accessing that account is who s/he says s/he is.

100

What operating system is preferred by new Penetration testers and Hackers and come preinstalled with various PenTest tools and features?

Kali Linux

200

Which of the following answers refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?

a. Logic bomb

b. Trojan horse        

c. Rootkit        

d. Backdoor   

b. Backdoor    

200

A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as:

a. Spear phishing        

b. Tailgating        

c. Spoofing    

d. Shoulder Surfing

d. Shoulder Surfing

200

SSH?

22

200

True or false? An account requiring a password, PIN, and one-time password is an example of three-factor authentication.

False - three factor authentication would include a biometric or behavioral element.

200

What type of password attack:

Tries every possible combination, uses a large key to make passwords computationally difficult, and often requires multiple attempts to breach?

a. Brute Force

b. Dictionary 

c. Rainbow Tables

d. Shoulder surfing

a. Brute Force

300

Which of the terms listed below applies to a collection of intermediary compromised systems that are used as a platform for a DDoS attack?

a. Honeynet        

b. Botnet                    

c. Quarantine network        

d. Malware  

  b. Botnet

300

Jump in the trash and find corporate information can be categorized as . . . 

a. Adware

b. Bin bushing

c. Can Crashing

d. Dumpster Diving

d. Dumpster Diving

300

A protocol used to remote into a desktop environment. (Protocol and port #)

RDP - port 3389

300

What does OTP stand for?

a. One Task Protocol

b. On Time Password

c. One Time Protocol

d. One Tree Pass

b. One Time Password

300

Which of the following command-line tools is used for discovering hosts and services on a network?

  • Nmap                   
  • netcat        
  • Zenmap        
  • tcpdump    

Nmap

400

 Which of the following answers lists an example of spyware?

a. Keylogger               

b. Vulnerability scanner        

c. Computer worm        

d. Packet sniffer    

a. Keylogger

400

A social engineering technique whereby attackers under disguise of legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:        

a. Phishing                

b. Privilege escalation                

c. Backdoor access   

d. Shoulder surfing    

c. Backdoor access  

400

Which of the following answers refers to a TCP port used by FTP for session control?        

  • 20                

  • 22                

  • 21                

  • 19    

port 20

400

Which remote authentication protocol supports smart cards?

a. Kerberos

b. EAP

c. IKEv1

d. WLAN

b. EAP

400

Name one application-type password cracking software.

Cain and Abel

John the Ripper

THC Hydra

Aircrack

L0phtcrack

500

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called...

A worm
500

A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of: (Select 2 answers)        

  • Phishing                

  • Watering hole attack                

  • Social engineering                

  • Zero-day exploit                

  • Vishing    

  • Phishing                            

  • Social engineering                              

500

Which of the port numbers listed below are used by FTP over TLS/SSL (FTPS)? (Select 2 answers)        

  •  20                

  •  989                

  • 5060                

  •  21                

  • 990                

  • 5061    

989, 990

500

The company you work for has suffered numerous intrusions due to poor password management by employees. Given a significant budget to mitigate the problem, what type of security control would you use?

A multifactor authentication product would mitigate this type of problem by requiring users to authenticate with a smart card or biometric information as well as a password.

500

What is the name of a Linux command-line utility that can be used to display TCP/IP configuration settings?

ifconfig

M
e
n
u