1) Which of the following are Penetration testing methodology .docx
- 1. 1) Which of the following are Penetration testing methodology? A. White box model B. Black box model C. Gray box model D. All of the above 2) Which of the following skills are needed to be a security tester? A. Knowledge of network and computer technology B. Ability to communicate with management and IT personnel C. An understanding of the laws in your location and ability to use necessary tools D. All of the above 3) Which of the following are the district layer of TCP/IP? A. Network and Internet B. Transport and Application C. Network, Internet, Transport, Presentation D. A and B 4) Which of the followings are the TCP segment flags? A. SYN flag: synch flag , ACK flag: acknowledgment flag B. PSH flag: push flag, URG flag: urgent flag, STF flag: set test flag C. PSH flag: push flag, URG flag: urgent flag, RST flag: reset flag, FIN flag: finish flag D. A and C 5) Which of the following are properties of User Datagram Protocol (UDP)? A. Fast but unreliable delivery protocol and Operates on Transport layer B. Used for speed but Does not need to verify receiver is
- 2. listening or ready C. Depends on higher layers of TCP/IP stack handle problems and Referred to as a connectionless protocol D. All of the above 6) Distributed denial-of-service (DDoS) attack is: A. Attack on host from single servers or workstations and Network could be flooded with billions of packets that causes Loss of bandwidth and Degradation or loss of speed B. Attack on host from multiple servers or workstations and Network could be flooded with billions of packets that causes Loss of bandwidth and Degradation or loss of speed C. Attack on server from multiple host or workstations and Network could be flooded with billions of packets causes Loss of bandwidth and Degradation or loss of speed D. None of the above 7) Different categories of Attacks are: A. Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Buffer overflow B. Ping of Death, Session hijacking C. Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Buffer overflow, Ping of Death, Port High jacking (PoH) D. A and B 8) Which of the following are Social Engineering Tactics? A. Persuasion, Intimidation, Coercion B. Persuasion, Intimidation, Coercion, Extortion, blackmailing C. Persuasion, Intimidation, Coercion, Extortion, Urgency D. All of the above 9) Which of the following/s are types of Port Scans? A. ACK scan, FIN scan, UDP scan B. SYN scan, NULL scan, XMAS scan, C. ACK scan, FIN scan, UDP scan, SYN scan, NULL scan,
- 3. XMAC scan D. A and B 10) Enumeration extracts information about: A. Resources or shares on the network B. Usernames or groups assigned on the network C. User’s password and recent logon times D. All of the above 11) Which of the following are NetBIOS Enumeration Tools? A. Nbtstat command, Net view command, Net use command B. Nbtstat command, Net view command, Dumpsec command C. Nbtstat command, Net view command, Hyena command D. None of the above 12) Dumsec is an Enumeration tool for Windows systems that does the following/s: A. Allows user to connect to a server and “dump”, Permissions for shares, Permissions for printers B. Permissions for the Registry, Users in column or table format, Policies ,Rights, Services C. Allows user to connect to a server and “dump”, Permissions for shares, Permissions for printers and Permissions for the Registry, Users in column or table format D. A and B 13) Which of the following are Tools for enumerating Windows targets? A. Nbtstat, Net view, Net use B. Nbtstat, Net view, Net use and Other utilities C. Nbtstat, Net view, Net use, Nessus D. All of the above 14) Which of the following statements is more accurate about Windows OS? A. Many Windows OSs have serious vulnerabilities
- 4. B. None of the Windows OSs have any serious vulnerabilities C. A few Windows OSs have any serious vulnerabilities D. All of the Windows OSs have any serious vulnerabilities 15) Which of the following best describes Remote Procedure Call? A. Allows a program running on one host to run code on a remote host B. Allows a program running on one server to run code on another server C. Allows a program running any server to run code on a designated clinet D. None of the above 16) Buffer Overflows occurs when: A. Data is written to a buffer and corrupts data in memory next to allocated buffer B. Normally, occurs when copying strings of characters from one buffer to another C. Data is deleted from a buffer and corrupts data in memory next to deleted buffer D. A and B 17) Microsoft Baseline Security Analyzer (MBSA) is capable of checking which of the following/s? A. Patches, Security updates, Configuration errors B. Blank or weak passwords C. A and B D. None of the above 18) Which of the following/s are Vulnerabilities in Windows file systems? A. Lack of ACL support in FAT and Risk of malicious ADSs in NTFS B. RCP, NetBIOS, SMB, Null sessions C. Windows Web services and IIS
- 5. D. All of the above 19) An Embedded system is: A. Any computer system that is a general-purpose PC or server and they are in all networks and Perform essential functions B. Any computer system that isn’t a general-purpose PC or server and they are in all networks and Perform essential functions C. Any computer system that isn’t a server or client D. None of the above 20) Object Linking and Embedding Database are Set of interfaces that: A. Enable applications to access data stored in DBMS and relies on connection strings and allows application to access data stored on external device B. Enable applications to access data stored in a server and relies on connection tokens and allows application to access data stored on external device C. Enable applications to access data stored in flat files D. All of the above 21) ActiveX Data Objects are: A. Programming interface for connecting Web applications to a database B. Defines a set of technologies that allow desktop applications to interact with Web C. Network interface for connecting Web applications to a database D. A and B 22) Attackers controlling a Web server can do which of the following/s? A. Deface the Web site and destroy company’s database or sell contents B. Gain control of user accounts and perform secondary attacks
- 6. C. Gain root access to other application servers D. All of the above 23) Which of the following/s are Web application vulnerabilities? A. Cross-site scripting (XSS) flaws and Injection flaws and malicious file execution and Unsecured direct object reference B. Cross-site request forgery (CSRF) and Information leakage and incorrect error handling and Broken authentication and session management C. Unsecured cryptographic storage and Unsecured communication and Failure to restrict URL access D. All of the above 24) Which of the following statements best describes Wireless Hacking? A. Hacking a wireless network is different from hacking a wired Lan and Port scanning and Enumeration techniques can not be used. B. Hacking a wireless network is not much different from hacking a wired LAN and Port scanning and Enumeration techniques can be used. C. Hacking a wireless network is not much different from hacking a wired LAN and Port scanning technique can be used D. All of the above 25) Cryptography is: A. Process of converting plaintext into ciphertext B. Process of converting ciphertext into plaintext C. Process of converting plaintext into ciphertext and vise versa D. All of the above 26) Which of the following statements is true? A. Cryptography is a new technology B. Cryptography has been around for thousands of years
- 7. C. Cryptography has been around for hundreds of years D. None of the above 27) Which of the following best describes Hashing Algorithms? A. Takes a variable-length message and produces a fixed-length value (i.e., message digest), Like a fingerprint of the message B. Takes a variable-length message and produces a fixed-length value (i.e., message digest), Like a fingerprint of the message, If message is changed, hash value changes C. Takes a fixed-length message and produces a variable-length value (i.e., message digest), Like a fingerprint of the message, If message is changed, hash value changes D. B and C 1. Who’s responsible for the ad? Look for the logo, which is the symbol representing the brand. When you find it, ask yourself what you know about the brand. Do you like it? Does it have a good reputation? In this case, Zed is responsible for this ad. It’s the company that picked everything in the ad to convince you to buy its products. 2. What is the ad actually saying? Remember to look at more than words. Everything in an ad is a message to you: the pictures, the colors, the feel – and the words. In this ad, you could find a bunch of messages: if you wear Zed clothes, you’ll be hip; you can dress well for not a lot of money; if you buy these new, stylish clothes, you won’t feel guilty; if you wear these clothes; you’ll be happy and have cool friends; if you buy Zed, you’ll be cool like
- 8. these kids. Basically, whatever you think the ad is saying to you is right. 3. What does the ad want me to do? Buy clothes from Zed. 4. Who do you think this ad is for? Probably girls, maybe ages 12-20. 5. What do you see that makes you think that? The pictures of high school or college girls (though there are two guys, so they may sell guy’s clothes, too). And the logo has a kind of flowery pattern, which might be more for girls. Federal Trade Commission ftc.gov 1. Who’s responsible for this ad? 2. What is the ad actually saying? 3. What does the ad want me to do? 4. Who is the ad for? 5. What do you see that makes you think that? Now it’s your turn Answer these questions to deconstruct this ad: