Questions

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

1. What is the second step in the TCP three-way handshake?

A. SYN

B. ACK

C. SYN/ACK

D. ACK-SYN

E. FIN

2. You wish to perform a ping sweep of a subnet within your target organization. Which of the following nmap command lines is your best option?

A. nmap 192.168.1.0/24

B. nmap -sT 192.168.1.0/24

C. nmap –sP 192.168.1.0/24

D. nmap –P0 192.168.1.0/24

3. Which of the following TCP flags is used to reset a connection?

A. SYN

B. ACK

C. PSH

D. URG

E. FIN

F. RST

4. A pen test team member is attempting to enumerate a Windows machine and uses a tool called enum to enumerate user accounts on the device. Doubtful this can be done, a junior team member is shocked to see the local users enumerated. The output of his enum use is provided here:

The junior team member asks what type of connection is used by this tool to accomplish its task and is told it requires a “null session” to be established first. If the machine allows null connections, which of the following command strings will successfully connect?

A. net use "" /u: \192.169.5.12share ""

B. net use \192.168.5.12c$ /u:""

C. net use \192.168.5.12share "" /u:""

D. net use \192.168.5.12c$ /u:""

5. A colleague enters the following command:

What is being attempted here?

A. An ACK scan using hping3 on port 80 for a single address

B. An ACK scan using hping3 on port 80 for a group of addresses

C. Address validation using hping3 on port 80 for a single address

D. Address validation using hping3 on port 80 for a group of addresses

6. You are examining traffic between hosts and note the following exchange:

Which of the following statements are true regarding this traffic? (Choose all that apply.)

A. It appears to be part of an ACK scan.

B. It appears to be part of an XMAS scan.

C. It appears port 4083 is open.

D. It appears port 4083 is closed.

7. You are examining traffic and notice an ICMP type 3, code 13 response. What does this normally indicate?

A. The network is unreachable.

B. The host is unknown.

C. Congestion control is enacted for traffic to this host.

D. A firewall is prohibiting connection.

8. You have a zombie system ready and begin an IDLE scan. As the scan moves along, you notice that fragment identification numbers gleaned from the zombie machine are incrementing randomly. What does this mean?

A. Your IDLE scan results will not be useful to you.

B. The zombie system is a honeypot.

C. There is a misbehaving firewall between you and the zombie machine.

D. This is an expected result during an IDLE scan.

9. As a pen test on a major international business moves along, a colleague discovers an IIS server and a mail exchange server on a DMZ subnet. You review a ping sweep accomplished earlier in the day on that subnet and note neither machine responded to the ping. What is the most likely reason for the lack of response?

A. The hosts might be turned off or disconnected.

B. ICMP is being filtered.

C. The destination network might be down.

D. The servers are Linux based and do not respond to ping requests.

10. Which of the following tools is not a good choice for determining possible vulnerabilities on live targets you have identified?

A. SAINT

B. Nmap

C. Nessus

D. Retina

11. Which of the following tools can be used for operating system prediction? (Choose all that apply.)

A. Nmap

B. Whois

C. Queso

D. ToneLoc

E. MBSA

12. You are in training for your new pen test assignment. Your trainer enters the following command:

After typing the command, he hits ENTER a few times. What is being attempted?

A. A DoS attack against a web server

B. A zone transfer

C. Banner grabbing

D. Configuring a port to “listening” state

13. What is being attempted with the following command?

A. A full connect scan on ports 1–1024 for a single address

B. A full connect scan on ports 1–1024 for a subnet

C. A UDP port scan of ports 1–1024 on a single address

D. A UDP scan of ports 1–1024 on a subnet

14. You are told to monitor a packet capture for any attempted DNS zone transfer. Which port should you key your search on?

A. TCP 22

B. TCP 53

C. UDP 22

D. UDP 53

15. In the scanning and enumeration phase of your attack, you put tools such as ToneLoc, THC-Scan, and WarVox to use. What are you attempting to accomplish?

A. War dialing

B. War driving

C. Proxy discovery

D. Ping sweeping

16. Which of the following are SNMP enumeration tools? (Choose all that apply.)

A. Nmap

B. SNMPUtil

C. ToneLoc

D. OpUtils

E. Solar Winds

F. NSAuditor

17. The following results are from an nmap scan:

Which of the following is the best option to assist in identifying the operating system?

A. Attempt an ACK scan

B. Traceroute to the system

C. Run the same nmap scan with the -vv option

D. Attempt banner grabbing

18. You wish to run a scan against a target network. You’re concerned about it being a reliable scan, with legitimate results, but want to take steps to ensure it is as stealthy as possible. Which scan type is best in this situation?

A. nmap –sN targetIPaddress

B. nmap –sO targetIPaddress

C. nmap –sS targetIPaddress

D. nmap –sT targetIPaddress

19. Which of the following ports are not required for a null session connection? (Choose all that apply.)

A. 135

B. 137

C. 139

D. 161

E. 443

F. 445

20. You are enumerating a subnet. Examining message traffic, you discover SNMP is enabled on multiple targets. If you assume default settings in setting up enumeration tools to use SNMP, which community strings should you use?

A. Public (read-only) and Private (read/write)

B. Private (read-only) and Public (read/write)

C. Read (read-only) and Write (read/write)

D. Default (both read and read/write)

21. Nmap is a powerful scanning and enumeration tool. What does the following nmap command attempt to accomplish?

A. A serial, slow operating system discovery scan of a Class C subnet

B. A parallel, fast operating system discovery scan of a Class C subnet

C. A serial, slow ACK scan of a Class C subnet

D. A parallel, fast ACK scan of a Class C subnet

22. You are examining a packet capture of all traffic from a host on the subnet. The host sends a segment with the SYN flag set, in order to set up a TCP communications channel. The destination port is 80, and the sequence number is set to 10. Which of the following statements are not true regarding this communications channel? (Choose all that apply.)

A. The host will be attempting to retrieve an HTML file.

B. The source port field on this packet can be any number between 1023 and 65535.

C. The first packet from the destination in answer back to this host will have the SYN and ACK flags set.

D. The packet returned in answer to this SYN request will acknowledge the sequence number by returning “10.”

23. Which TCP flag instructs the recipient to ignore buffering constraints and immediately send all data?

A. URG

B. PSH

C. RST

D. BUF

24. You receive a RST-ACK from a port during a SYN scan. What is the state of the port?

A. Open

B. Closed

C. Filtered

D. Unknown

25. Which port-scanning method presents the most risk of discovery, but provides the most reliable results?

A. Full-connect

B. Half-open

C. Null scan

D. XMAS scan

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Questions

Create new playlist

Sign In

Sign Up

Table of Contents for
Questions