1.

In order to compromise or to hack a system or network the

hackers go through various phases of the hacking.

What is the first hacking phase that hackers perform to gather

information about a target prior to launching an attack?

Reconnaissance

Scanning

Gaining Access

Maintaining Access

Clearing Track

2. Defense-in-depth is a security strategy in which several

protection layers are placed throughout an information system. It
helps to prevent direct attacks against an information system and
data because a break in one layer only leads the attacker to the
next layer.

True

False

3. Penetration testing is a method of actively evaluating the security

of an information system or network by simulating an attack from
a malicious source.

Which of the following technique is used to simulate an attack

from someone who is unfamiliar with the system?

Black box pen testing

White box pen testing

Grey box pen testing

Maintaining Access

Announced pen testing

 4. Which of the following scanning technique attackers use to
bypass firewall rules, logging mechanism, and hide themselves
as usual network traffic?

Stealth scanning technique

TCP connect scanning technique

Xmas scanning technique

Maintaining Access

FIN scanning technique

5. Which of the following scan only works if operating systems

TCP/IP implementation is based on RFC 793?

NULL scan

IDLE scan

TCP connect scan

Maintaining Access

FTP bounce scan

6. OS fingerprinting is the method used to determine the operating

system running on a remote target system. It is an important
scanning method, as the attacker will have a greater probability
of success if he/she knows the OS. Active stack fingerprinting is
one of the types of OS fingerprinting.

Which of the following is true about active stack fingerprinting?

Uses password crackers to escalate system privileges

Is based on the fact that various vendors of OS implement

the TCP stack differently
TCP connect scan
 Uses sniffing techniques instead of the scanning
techniques
Is based on the differential implantation of the stack and the
various ways an OS responds to it

7. Proxy is a network computer that can serve as an intermediary

for connecting with other computers.

Which of the following sentence is true about a proxy?

Protects the local network from outside access

Does not allow the connection of a number of computers to

the Internet when having only one IP address
Allows attacker to view the desktop of users system

Cannot be used to filter out unwanted content

8. IP spoofing refers to the procedure of an attacker changing his or

her IP address so that he or she appears to be someone else.

Which of the following IP spoofing detection technique succeed

only when the attacker is in a different subnet?

Direct TTL probes technique

IP identification number technique

TCP flow control method

UDP flow control method

9. Enumeration is defined as the process of extracting user names,

machine names, network resources, shares, and services from a
system.

Which of the following enumeration an attacker uses to obtain list

of computers that belongs to a domain?
 Netbios enumeration

SNMP enumeration

NTP enumeration

SMTP enumeration

10. Network Time Protocol (NTP) is designed to synchronize

clocks of networked computers.

Which of the following port NTP uses as its primary means of

communication?

UDP port 123

UDP port 113

UDP port 161

UDP port 320

11.Rootkits are kernel programs having the ability to hide

themselves and cover up traces of activities. It replaces certain
operating system calls and utilities with its own modified
versions of those routines.

Which of the following rootkit modifies the boot sequence of the

machine to load themselves instead of the original virtual
machine monitor or operating system?

Hypervisor level rootkit

Kernel level rootkit

Boot loader level rootkit

Library level rootkits

12. Steganography is a technique of hiding a secret message

within an ordinary message and extracting it at the destination to
maintain confidentiality of data.
 Which of the following steganography technique embed secret
message in the frequency domain of a signal?

Substitution techniques

Transform domain techniques

Spread spectrum techniques

Domain distortion techniques

Cover generation techniques

13. A virus is a self-replicating program that produces its own

code by attaching copies of it into other executable codes.

Which of the following virus evade the anti-virus software by

intercepting its requests to the operating system?

Stealth/Tunneling virus

Cluster virus

Macro virus

System or boot sector virus

14. Lawful intercept is a process that enables a Law Enforcement

Agency (LEA) to perform electronic surveillance on a target as
authorized by a judicial or administrative order.

Which of the following statement is true for lawful intercept?

Affects the subscribers services on the router

Hides information about lawful intercepts from all but the

most privileged users
Does not allows multiple LEAs to run a lawful intercept on
the same target without each others knowledge
Allows wiretaps only for outgoing communication
 alters the traffic

15. Sniffer turns the NIC of a system to the promiscuous mode so

that it listens to all the data transmitted on its segment. It can
constantly read all information entering the computer through the
NIC by decoding the information encapsulated in the data packet.
Passive sniffing is one of the types of sniffing. Passive sniffing
refers to:

Sniffing through a hub

Sniffing through a router

Sniffing through a switch

Sniffing through a bridge

16. Address Resolution Protocol (ARP) is a protocol for mapping

an IP address to a physical machine address that is recognized in
the local network. ARP Spoofing involves constructing a large
number of forged ARP request and reply packets to overload:

Switch

Router

Hub

Bridge

17. Denial of Service (DoS) is an attack on a computer or network

that prevents legitimate use of its resources. In a DoS attack,
attackers flood a victim system with non-legitimate service
requests or traffic to overload its resources, which prevents it
from performing intended tasks.

Which of the following is a symptom of a DoS attack?

Unavailability of a particular website

Decrease in the amount of spam emails received

 Automatic increase in network bandwidth

Automatic increase in network performance

18. Session Hijacking refers to the exploitation of a valid computer

session where an attacker takes over a session between two
computers.

Which of the following factor contribute to a successful session

hijacking attack?

Account lockout for invalid session IDs

Definite session expiration time

Weak session ID generation algorithm

No clear text transmission

19. Buffer Overflow occurs when an application writes more data

to a block of memory, or buffer, than the buffer is allocated to
hold. Buffer overflow attacks allow an attacker to modify the
___________ in order to control the process execution, crash the
process and modify internal variables.

Target processs address space

Target remote access

Target rainbow table

Target SAM file

20. Which wireless standard has bandwidth up to 54 Mbps and

signals in a regulated frequency spectrum around 5 GHz?

802.11a

802.11b

802.11g

802.11i
 21. Which device in a wireless local area network (WLAN)
determines the next network point to which a packet should be
forwarded toward its destination?

Wireless modem

Antenna

Wireless router

Mobile station

22. Wireless antenna is an electrical device which converts

electric currents into radio waves, and vice versa.

Which of the following antenna used in wireless base stations

and provides a 360 degree horizontal radiation pattern?

Omnidirectional antenna

Parabolic grid antenna

Yagi antenna

Dipole antenna

23. Wi-Fi Protected Access (WPA) is a data encryption method for

WLANs based on 802.11 standards. It improves on the
authentication and encryption features of WEP (Wired Equivalent
Privacy). Temporal Key Integrity Protocol (TKIP) enhances WEP
by adding a rekeying mechanism to provide fresh encryption and
integrity keys. Temporal keys are changed for every ___________.

1,000 packets

5,000 packets

10,000 packets

15,000 packets
 24. Firewall is a set of related programs, located at a network
gateway server that protects the resources of a private network
from users from other networks. A firewall examines all traffic
routed between the two networks to see if it meets certain
criteria.
Packet filter is one of the categories of firewall.
Packet filtering firewall works at which of these layers of the OSI
model?

Network layer

Physical layer

Session layer

Application layer

25. Keystroke loggers are stealth software packages that are used
to monitor keyboard activities. Which is the best location to place
such keyloggers?

Keyboard hardware and the operating system

UPS and keyboard

Operating system and UPS

Monitor and keyboard software

26. You have invested millions of dollars for protecting your

corporate network. You have the best IDS, firewall with strict
rules and routers with no configuration errors.
Which of the following techniques practiced by an attacker
exploits human behavior to make your network vulnerable to
attacks?

Social Engineering

Buffer overflow

Denial of Service

SQL injection
 27. Firewalls are categorized into two; namely hardware firewall
and software firewall. Identify the correct statement for a software
firewall.

Software firewall is placed between the desktop and the

software components of the operating system
Software firewall is placed between the router and the
networking components of the operating system
Software firewall is placed between the anti-virus
application and the IDS components of the operating system
Software firewall is placed between the normal application
and the networking components of the operating system

28. Nmap is a free open source utility, which is designed to rapidly

scan large networks. Identify the Nmap Scan method that is often
referred to as half open scan because it does not open a full TCP
connection.

ACK Scan

SYN Stealth

Half open

Windows Scan

29. As a system administrator, you are responsible for maintaining

the website of your company which deals in online recharge of
mobile phone cards. One day to your surprise, you find the home
page of your companys website defaced. What is the reason for
webpage defacement?

Denial of Service attack

Session Hijacking

DNS attack through cache poisoning

Buffer overflow
 30. Which of the following protocols are susceptible to sniffing?

SNMP

FTP

NNTP

Telnet