Malware
Malicious code activated by a specific event is called:
a. Backdoor
b. Logic bomb
c. Worm
d. Trojan Horse
b. Logic bomb
This type of social engineering tactic is used to gain information relating to a specific group or user:
a. Whaling
b. Phishing
c. Spear Phishing
d. Vishing
c. Spear Phishing
Port 80
HTTP
1.What is the difference between authorization and authentication?
Authorization means granting a user account configured on the computer system the right to make use of a resource (allocating the user privileges on the resource). Authentication protects the validity of the user account by testing that the person accessing that account is who s/he says s/he is.
What operating system is preferred by new Penetration testers and Hackers and come preinstalled with various PenTest tools and features?
Kali Linux
Which of the following answers refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?
a. Logic bomb
b. Trojan horse
c. Rootkit
d. Backdoor
b. Backdoor
A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as:
a. Spear phishing
b. Tailgating
c. Spoofing
d. Shoulder Surfing
d. Shoulder Surfing
SSH?
22
True or false? An account requiring a password, PIN, and one-time password is an example of three-factor authentication.
False - three factor authentication would include a biometric or behavioral element.
What type of password attack:
Tries every possible combination, uses a large key to make passwords computationally difficult, and often requires multiple attempts to breach?
a. Brute Force
b. Dictionary
c. Rainbow Tables
d. Shoulder surfing
a. Brute Force
Which of the terms listed below applies to a collection of intermediary compromised systems that are used as a platform for a DDoS attack?
a. Honeynet
b. Botnet
c. Quarantine network
d. Malware
b. Botnet
Jump in the trash and find corporate information can be categorized as . . .
a. Adware
b. Bin bushing
c. Can Crashing
d. Dumpster Diving
d. Dumpster Diving
A protocol used to remote into a desktop environment. (Protocol and port #)
RDP - port 3389
What does OTP stand for?
a. One Task Protocol
b. On Time Password
c. One Time Protocol
d. One Tree Pass
b. One Time Password
Which of the following command-line tools is used for discovering hosts and services on a network?
Nmap
Which of the following answers lists an example of spyware?
a. Keylogger
b. Vulnerability scanner
c. Computer worm
d. Packet sniffer
a. Keylogger
A social engineering technique whereby attackers under disguise of legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:
a. Phishing
b. Privilege escalation
c. Backdoor access
d. Shoulder surfing
What is Backdoor access?
Which of the following answers refers to a TCP port used by FTP for session control?
20
22
21
19
What is port 21?
Which remote authentication protocol supports smart cards?
a. Kerberos
b. EAP
c. IKEv1
d. WLAN
b. EAP
Name one application-type password cracking software.
What is:
Cain and Abel
John the Ripper
THC Hydra
Aircrack
L0phtcrack
A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called...
What is a Worm?
A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of:
What is Phishing?
Which port number is used by FTP over TLS/SSL (FTPS)?
What is port 989 and 990?
The company you work for has suffered numerous intrusions due to poor password management by employees. Given a significant budget to mitigate the problem, what type of security control would you use?
What is Multi-factor Authentication?
What is the name of a Linux command-line utility that can be used to display TCP/IP configuration settings?
What is ifconfig?